Welcome to the first edition of the Travers Smith Outsourcing Spotlight. This issue highlights a number of hot topics, including the impact of AI on outsourcing, changes to the UK's regimes for data protection and cybersecurity and proposed reforms to UK employment law, including TUPE. We also discuss pricing issues in the context of the current high inflation environment and a recent case which analyses multiple liability caps.

Listen to an overview from Technology & Commercial Transactions Partner, Richard Brown.

1371594a.jpg

1. Artificial intelligence and outsourcing: what are the risks?

For outsourcing service providers, AI offers major new opportunities to improve efficiency and profitability. For customers, meanwhile, outsourcing offers the possibility of accessing cutting- edge AI tools and expertise in deploying them, both of which may well be difficult to replicate in-house. But none of these benefits come without risk. In this section, we focus on 2 key questions:

  1. To what extent does AI raise new risks, compared with other software-based technologies?
  2. Where is the debate on regulation heading and how can businesses involved in outsourcing minimise their exposure to future regulatory risk?

New risks – or familiar risks but in a new context?

Many outsourcings rely heavily on technology – and both suppliers and customers will already be familiar with the key risks and how to mitigate them. Many of the same risks arise with the deployment of AI. Just as for other tech-enabled outsourcings, the provisions of the outsourcing contract dealing with intellectual property rights, data and data protection risks, liability, the commercial model and exit will continue to be key areas of focus for an AI-enabled outsourcing, but we've identified below some additional points to watch out for where AI tools are deployed.

Training data

Many uses of AI in an outsourcing context will involve putting data into the AI tool, either for training the AI or for processing purposes. It will be important to establish whether the customer is to provide the training data (but does it have the requisite dataset?) and/or whether the AI tool is to be trained on third party data, as well as who will own rights to improvements in the AI, which result from training data. There are various approaches here, ranging from a completely separate instance of the AI, where the customer owns all rights in improvements (so that other customers of the service provider, including the customer's competitors, do not benefit from them), to "AI as a service", where the customer contributes to a data lake and the service provider owns the AI and improvements – with more nuanced approaches in between to protect high value data.

Personal data

If the relevant data is personal data, it will be necessary to ensure compliance with data protection legislation. Again, this is not a new risk - but processing personal data using AI may require additional Data Protection Impact Assessments to be carried out and measures relating to transparency and the legal basis for processing (such as consent or legitimate interests) to be revisited, particularly if individuals might not expect their data to be processed using AI. Additional considerations will also apply if the AI involves automated decision-making that has a legal or similarly significant effect on individuals (e.g. AI screening CVs as part of an HR outsourcing).

Third party data

In response to the emergence of products such as ChatGPT, many businesses, particularly those whose business model relies heavily on the supply of data, are imposing new restrictions on whether their data can be processed by tools which use artificial intelligence – and in some cases, such usage is prohibited. Whilst this is unlikely to be an issue where the relevant data belongs to the customer, it may need to be addressed where the data is sourced partly or wholly from third parties.

Exit and data migration

As ever, it's crucial to prepare for the end of the relationship right at the beginning of it. On exit, there will be similar "lock-in" risks to those that apply for other proprietary software tools - the service provider may be unwilling to provide information or license its AI tool to a replacement provider – but there may be additional issues with data migration to consider in this context as well. It may not be possible to provide training data (e.g. belonging to third parties) to a replacement provider, nor to extract customer data that is held in a data lake. It will be important to mitigate these issues in the contract.

Accuracy and reliability

As with any software-based solution, AI poses risks if it does not produce accurate, reliable results – and there is sometimes a tendency to assume that computers are more reliable than is in fact the case (for an extreme example, see our briefing on the Post Office's reliance on data from its flawed Horizon computer system to prosecute sub-postmasters for alleged fraud). Once again, this is not a new risk – but it is arguably more acute with AI because even some AI vendors admit that they do not yet fully understand how their own technology produces the results that it does. Before relying on AI tools, businesses will want to know, for example:

  • whether the original data on which the AI was trained was itself reliable (which is not something that has typically needed to be considered with software in the past);
  • whether its outputs can be trusted;
  • whether there have been any independent evaluations of the tool's reliability and accuracy;
  • the extent to which the service provider is prepared to accept liability for errors caused by AI;
  • what remedies the service provider will offer if outputs are wrong, given that the workings of AI are often not transparent (and establishing a root cause for incidents could be difficult in such circumstances).

The service provider, on the other hand, may look for a greater allocation of responsibility between the parties for the AI solution - for example, to be able to rely on "relief"/"excusing cause" provisions if the services are negatively impacted by customer-provided training data that is of a substandard quality.

Impact on commercial models and assessing value

AI can deliver efficiencies because it replaces people. Charging structures based on staff costs (which are fairly common in business process outsourcings) are likely to be replaced by alternative charging metrics - licence fees, volume-based transaction charges, gain-sharing mechanisms - all of which will need careful definition in the contract. While these charging mechanisms are familiar territory to many, as AI potentially severs the connection between the service provider's costs and the charges, there is likely to be increased focus on provisions in the contract that are intended to ensure that the customer receives value – financial reporting and benchmarking provisions for example. In determining the comparison sample for benchmarking purposes, which transactions can be considered comparable in an AI context?

New risks to consider

There are also some risks with AI which businesses have not typically had to devote much attention to in the past when evaluating other types of software tools. These include:

  • Bias and discrimination: Where AI is being used to assist in decision-making processes relating to individuals (e.g. when processing insurance claims or credit card applications), there is an increased risk compared with other types of software that it may exhibit bias. This in turn could give rise to breaches of the Equality Act 2010, such as its provisions prohibiting discrimination in the supply of goods or services.
  • Intellectual property: While the focus traditionally is around the ownership and licensing of IP in the software tool itself, for generative AI used in outsourcing, it will also be important to address IP rights in the AI's output. As with other types of software, customers will typically want some form of contractual protection against third parties claiming that their intellectual property is being infringed. However, in the past, that risk has come primarily from competing software vendors claiming that their technology has been copied in some way or utilised without permission. With AI, as we explain in this article, the more significant challenge may come from holders of copyright in the data on which the AI product has been trained – potentially "tainting" the outputs of the AI. Lastly, if AI is being used to interact with other third party software tools, check that third party licences support such use (e.g. if they are licensed on the basis of human users, additional licences may be required for use by AI).

Regulatory risk

To date, there has been little in the way of legislation which seeks to regulate the provision of software. However, governments worldwide are now looking seriously at how to regulate AI. A key emerging risk for businesses is how that regulation could affect their use of AI and what, if anything, they can do to prepare. So far, broadly speaking, two different approaches have emerged:

  • Build on existing regulatory frameworks: for example, the UK Government is proposing to rely on existing regulators and regulatory structures, rather than establishing broadly applicable AI-specific regulations or a dedicated AI regulator. Designed to encourage investment in AI in the UK, it aims to reduce the regulatory burden on businesses and follow a pro-innovation approach – although the Government acknowledges that, for the framework to be successful, there will need to be regulatory co-ordination, as well as central support from Government.
  • Create a new regulatory regime for AI: The UK is choosing to take a very different approach from the EU. The EU's approach (as set out in the EU's draft AI Act) is far more prescriptive and sets out a specific regulatory regime for the use of AI. This is seen by some as being less "innovation friendly" and likely to impose a higher regulatory burden - although the EU would probably argue that it offers greater protection for individuals against potential harms from this emerging technology and will be more likely to deter potential abuses.

Our briefing, The shifting sands of AI regulation, explains these approaches in more detail and looks at what businesses can realistically do now to prepare for increased regulation in future, despite the current uncertainty.

2. Pricing: coping with high inflation

With inflation at the highest level for many years, customers and service providers are likely to focus on how they deal with cost increases in new and existing outsourcing contracts. In this section, we look at some of the ways in which charging mechanisms in the context of an outsourcing can take account of increases in cost.

Linking prices to inflation

From the supplier's perspective, it may be attractive to link price rises directly to inflation through indexation clauses, with a view to ensuring that charges enable recovery of increasing costs – but which index should you use? Our short guide to indexation clauses looks at the possibilities in more detail but key takeaways include the following:

Linking prices to inflation: key points to watch

  • It may be better to use a specialised index, as opposed to a general measure such as RPI or CPI; for example, if the supplier's costs are mainly wage-related, the Average Weekly Earnings Index would be likely to provide a more accurate measure of actual cost increases than a general measure (such as CPI or RPI), which might at times be heavily influenced by say, energy costs.
  • Customers should consider carefully before accepting RPI, as it has been significantly higher than other measures such as CPI or CPIH (for example, whereas RPI peaked at over 16% in late 2022, the peak for CPI around the same period was just over 11%). The view of the Office for National Statistics is that measures such as CPI and CPIH (which includes housing costs) offer a more accurate reflection of what is happening to prices in the UK economy.

Open book vs closed book

Although closed book pricing has traditionally been considered to result in higher overall pricing, an inflationary environment may mean that suppliers prefer open book pricing, because the latter allows them to pass on the costs incurred, plus a margin. The main limit on this is the concept of "allowable" costs; as we explain in our detailed briefing on open book pricing, this needs careful consideration, particularly when it comes to apportioning costs which are shared with other customers.

From the customer's perspective, open book pricing can be attractive because it provides some degree of comfort that pricing is not excessive. However, the customer will need to implement a significant ongoing monitoring regime, ideally supported by an audit clause or similar verification rights. Other pros and cons from the customer's perspective are listed in the table below:

Pros Cons
Open Book

Charges are directly linked to costs incurred

Facilitates and encourages an open relationship between the parties, including providing customer with visibility of underlying costs

Encourages the parties to understand one another's commercial and operational performance drivers

Supports the use of effective change management governance and functions and an ability to vary the associated baseline costs where required

Supports the use of effective incentive mechanisms for the supplier when measuring real costs against estimates

Customer can end up paying for the supplier's failure to manage costs and manage efficiency

Transparency as to costs and operations can lead to supplier sensitivities

The customer needs to implement a significant ongoing monitoring regime

Can often be used as a 'weapon' by either side which can cause a relationship breakdown

Requires significant investment of time in establishing and agreeing ongoing forecasts and allowed costs deviations
Closed Book

Avoids the imposition of inflated supplier margins (i.e. the risk of over-charging)

Allows the customer to set pricing on day one which is based on its own historic data

Engenders a relationship of trust and the delivery of a satisfactory level of service

Far less oversight by the customer required than in an open book regime

Less exposure to price fluctuations caused by underlying costs such as energy prices (subject to what is agreed in the contract)

Traditionally considered to result in higher overall charges than open book pricing (i.e. more favourable to a supplier)

The use of incentive mechanisms for the supplier is trickier than with open book

Limited incentive for the supplier to invest in service improvements

Pricing needs to be adapted over time to reflect any external factors which alter the profitability (or unprofitability) to the supplier

Lack of visibility of underlying costs


Hybrid pricing models

We sometimes see clients opt for a hybrid approach combining aspects of both approaches. This usually involves pre-agreed unit charges being embedded into an open book system. For example, the cost for a particular operative could be fixed so as to reflect anticipated employment costs, whilst the costs for necessary equipment (e.g. vehicles in the case of an outsourced logistics service) would cover depreciation, finance charges and maintenance costs. Another hybrid approach could involve certain service lines/divisions operating on an open book basis, whilst others operate on a closed book basis.

3. Limiting liability: single cap or multiple caps?

Outsourcing contracts will often have different liability caps for different heads of loss – for example, it is now common to see separate caps for liability arising from breaches of data protection obligations. But whether or not you have several caps addressing different types of loss, you also need to consider whether each of those caps are designed to cover the entire duration of the contract - or whether they should effectively "reset", perhaps for each year of the contract or in relation to each separate incident giving rise to loss. If this is not clear, you run the risk of getting into disputes over how much is actually recoverable.

Our recent briefing discusses two cases – Drax v Wipro (2023) and Royal Devon v ATOS (2017) where there was confusion over whether the contract was intended to operate with single or multiple caps. The key takeaways are as follows

Single vs multiple liability caps: some points to watch

  • All claims throughout contract or per year/per event basis? If – as will often be the case – you have different caps for different types of loss, make sure that these indicate clearly whether the cap in question is intended to apply to all claims over the life of the contract or whether it is on a "per year" or "per event" basis. See further the discussion of Drax v Wipro in our briefing.
  • Caps based on amounts payable: Many outsourcing service providers define caps by reference to the amounts payable in a set period (often 12 months) before the breach took place – see the discussion of Royal Devon v ATOS in our briefing. In effect, this results in multiple caps because the amount can vary depending on when the breach occurred. From a customer perspective, this can prove problematic because if a very damaging breach occurs before significant amounts have been paid, recovery may be severely limited. It is therefore worth inserting an alternative absolute figure e.g. "or £X million, whichever is higher". From the perspective of service providers, such an approach is likely to reduce the risk of a successful challenge to the clause based on the Unfair Contract Terms Act 1977 (see also our video briefing).

4. Cybersecurity: are you ready for changes to NIS?

Whilst cybersecurity is likely to be a concern in relation to almost any technology-driven outsourcing, certain sectors and activities are required by the Network and Information Systems (or NIS) regime to take specific measures to ensure the resilience of their operations. At present, these include:

  • Providers of essential services in the transport, energy, water, health and digital infrastructure sectors; and
  • Certain digital service providers, notably cloud computing services.

The current NIS regimes in the EU and the UK essentially require in-scope organisations to adopt appropriate security measures to protect against cyber threats, including monitoring, auditing and testing, together with specific procedures to report and respond to security breaches. But as we explain below, the scope of NIS is widening in both the EU and the UK – which is likely to bring more outsourcing operations into its ambit. Alongside this, the obligations on in-scope organisations are also expected to increase. This may have implications for costs and in some cases could require changes to service provision (e.g. introduction of 2 factor identification and other enhanced security measures when accessing services).

Who else is going to be in-scope?

The biggest change in relation to both the EU and UK regimes is the inclusion of managed service providers, which will be treated as an additional category of essential service – the EU refers to "ICT service management" and the UK has made it clear that non-IT services, such as business process outsourcing (e.g. HR and payroll) and traditional data centres (i.e. which are not cloud service providers) will be out of scope.

In the EU, the scope of the NIS regime is being expanded significantly and may therefore capture a wider range of outsourced operations (to add to energy, transport, banking, financial markets infrastructure, health, drinking water and digital infrastructure sectors already caught by the existing NIS regime). For example, the most notable additions to the "essential entities" category from an outsourcing perspective are "ICT service management" and (for public sector outsourcings) "public administration". An entirely new category of "important entities" will also be created which are subject to lesser oversight; these will include postal and courier services, waste management, manufacture, production and distribution of chemicals, food production, processing and distribution, manufacturing and research.

What new obligations will apply?

In the EU, the new NIS regime will require in-scope entities to implement "appropriate and proportionate technical and organisational measures to manage the risks posed to the security of network and information systems which those entities use in the provision of their services". These measures must be taken in connection with a list of specified matters, such as incident handling, business continuity, supply chain security, encryption, access control, the use of multi-factor authentication, and vulnerability handling and disclosure. The new regime will also impose responsibilities on "management bodies" of essential and important entities to approve cybersecurity measures and supervise their implementation; management may also be held liable (as well as temporarily banned) if the organisation does not comply with cybersecurity requirements.

By contrast, the UK – which has yet to publish the full detail of its proposed changes – is likely to take a more flexible, outcomes-focussed and risk-based approach. Competent authorities responsible for regulating each sector will continue to set the cybersecurity measures which regulated entities will have to implement. But both regimes contain measures designed to require in-scope entities to take more account of vulnerabilities in their supply chain – so even though an outsourced activity or outsourcing service provider may appear not to be in scope, it could be drawn into the net because of its position in a wider supply chain.

Implementation timetable

The EU's new NIS Directive, known as NIS2, came into force on 16 January 2023 and must be implemented by Member States by 17 October 2024. In the UK, the timeframe for changing the NIS Regulations, subject to the finding "a suitable legislative vehicle" to do so, is less clear and will be made "as soon as parliamentary time allows". An updated regime is unlikely to be in place before 2024. For more detail, see our briefing: Strengthening cybersecurity laws: changes to the EU's and the UK's NIS regimes.

5. Data protection: the proposed new UK regime and new guidance on overseas transfers

Changes to the UK data protection regime

What do the proposed changes to the UK's data protection regime mean for outsourcing arrangements? Expectations of significant change were raised by rhetoric from Government Ministers suggesting that the existing EU-derived regime, known as UK GDPR, would be replaced "with our own business and consumer-friendly, British data protection system". However, the Data Protection and Digital Information (no.2) Bill does not represent a dramatic departure from UK GDPR (and the basic framework of the current regime will largely be retained). The main reason for this is that if the UK diverged too much from the EU approach, it would risk losing the benefit of the European Commission's adequacy decision, which makes it substantially easier to transfer personal data between the UK and EEA Member States than would otherwise be the case.

Our briefing contains more detail on the proposed changes, but the key takeaways for those involved in outsourcing arrangements are as follows:

Data protection reform: key takeaways

  • In marked contrast to GDPR, which represented a major step change for many businesses, it should not be necessary to devote significant resources to upgrading your current processes to comply with the new UK regime.
  • That said, the new regime is intended to reduce administrative burdens and there may be some opportunities to explore new compliance efficiencies to save costs (although we remain sceptical that the savings will be as significant as some have claimed). However, if you also need to be compliant with EU GDPR, there is likely to be limited benefit in exploring these opportunities, as it will often be preferable to have one set of processes for all the data that you handle.

Offshoring: revised UK guidance for overseas transfers

Finally, outsourcing service providers which are reliant on processing operations outside the EEA should note the Information Commissioner's Office (ICO) revised guidance on international transfers of personal data. It has also introduced a new tool to undertake transfer risk assessments (TRA). A TRA is required where there is a restricted transfer of data outside the UK (not covered by UK "adequacy regulations") that relies upon an "appropriate safeguards" mechanism in Article 46 of the UK GDPR, such as standard contractual clauses.

The ICO's proportionate, risk-based approach to TRAs is welcome, and organisations, particularly those with an exclusively UK focus, may now choose to follow the ICO's approach over that of the European Data Protection Board. For more detail, see our briefing.

6. Changes to TUPE: how big a deal are they for outsourcing?

In May 2023, the UK Government announced that it was planning to make certain changes to TUPE – which is almost invariably a significant issue in relation to outsourcings, in-sourcing or changes of service provider. Under TUPE, the employees working wholly or predominately in the business or service which is transferred, or outsourced/insourced, automatically become employed by the buyer of the business, or the new supplier of the service, on their existing terms and conditions. Both the old and new employer have to provide information to their employees about the transfer and consult them about any measures they plan to take in connection with the transfer.

There are two areas in which TUPE transfers could be made easier in practice, relating to employee information and consultation and harmonising employment terms. The Government has announced that it will be making certain post Brexit changes in respect of employee information and consultation (see below) – but perhaps disappointingly from a business perspective, there is no indication it intends to make any changes in respect of harmonising terms.

Changes to information and consultation obligations

TUPE requires employers to inform and consult employees through trade union representatives or (where the employer does not recognise a trade union) through elected employee representatives. This is currently the case regardless of the number of employees involved. So if, for example, only five employees are transferring under TUPE, the employer still needs to arrange for employee representatives to be elected (if there is no trade union). The Government is proposing that employers will be able to consult employees directly where either the employer has fewer than 50 employees or where fewer than ten employees are affected by the TUPE transfer. These changes would be very helpful to employers, giving them more flexibility about how to consult employees in smaller businesses or transfers.

Other TUPE changes the Government could consider: changing employment terms

As noted above, another aspect of TUPE which often causes difficulty in an outsourcing context relates to harmonising employment terms. This issue is not covered by the current TUPE consultation and the Government has not given any indication that it is considering this. However, if it were looking to make further changes to the detail of TUPE (as it is now free to do following Brexit), then harmonisation of terms would in our view be worth exploring. The issue is as follows:

Employers will frequently want to harmonise employees' terms post-transfer, for various reasons including employee relations and simplifying administration. However, any change in terms by reason of the TUPE transfer will be void, even if the employee agrees to the change. An exception applies for certain changes (for economic, technical or organisational reasons) but only if the changes involve a change in employee headcount or roles, which harmonisation rarely does. If employers had greater scope to agree changes post TUPE transfer, including changing terms solely for harmonisation, then this would be highly beneficial for businesses which inherit employees on a change of service provider or an insourcing.

7. Other employment law changes

After several years of relative quiet in terms of employment law legislative proposals, the UK Government has now put forward a number of changes which may have significant implications for outsourcing arrangements:

Harassment: new duties on the way

The Government plans to introduce a new positive duty on employers to take reasonable steps to prevent workplace sexual harassment. The duty will be enforceable by the Equality and Human Rights Commission, under its existing powers, and will be backed up with a statutory code of practice detailing the steps employers should take. Employers who fail to take reasonable steps to prevent sexual harassment could also face an uplift in compensation if an employee brings a successful claim.

Originally the new legislation on sexual harassment included a new duty on employers to prevent all forms of harassment of staff by third parties, but this was removed as the legislation progressed through Parliament. This duty would have applied to all types of harassment, not just sexual harassment. In an outsourcing context, this would have made customers liable for harassment of their employees by outsourced service providers; meanwhile, service providers would have been liable for harassment of their employees by their customer. Although this new duty now seems unlikely to come in, it may still prompt businesses to consider whether they wish to address this issue in contracts in any event, for two reasons:

  • First, even without the new third party harassment laws there are still circumstances in which employers may be liable if their staff is harassed by someone outside the organisation.
  • Second, employers are increasingly seeking to improve the measures they have in place to protect their staff, given the increasing focus on ESG and high profile harassment cases recently in the media.

Fire and rehire

The Government recently consulted on a draft statutory Code of Practice on the use of "fire and rehire" to change terms of employment. "Fire and rehire" is a tactic used to implement changes when employees do not agree to them - the employer dismisses the employee and then offers re-employment on a new contract with the revised terms. However, parties to outsourcing arrangements should note that this tactic should not be used where TUPE applies (see section 5 above) because the dismissals will be automatically unfair.

The draft Code emphasises that "fire and rehire" should only be used as a last resort, after the employer has engaged in meaningful consultation and explored all alternatives. Where an employer unreasonably fails to follow the Code, the Employment Tribunal will have the power to increase compensation awarded for any relevant claim by up to 25%.

Zero hours, casuals and short-term workers

The Government is introducing a new right for certain workers to request a more predictable working pattern. This will apply where:

  • the worker has at least 26 weeks' service and there is lack certainty in terms of the hours, days, or times of work, or
  • they are on a fixed contract of 12 months or less.

In these cases, the worker could make an application to their employer to vary their terms and conditions to provide more certainty.

Employers would have to follow a set procedure when considering such requests and only reject a request on specified business grounds (similar to a flexible working request). In practice, the new right will capture many casuals and zero hours workers, as well as agency workers and those on short fixed-term contracts. The proposal is contained in the Workers (Predictable Terms and Conditions) Act, but there is no date for implementation yet.

Non-competes: duration to be limited to 3 months

On 10 May 2023, the UK Government announced plans to legislate to limit the length of non-compete restrictions in an employment context to three months. This will be a significant change, as it is relatively common for more senior staff in particular to be subject to longer restrictions (e.g. 6-12 months). Once the 3 month limit is made law, employers will be unable to enforce these longer lasting non-compete provisions. See our briefing for more detail.

In an outsourcing context, this is primarily of relevance to outsourcing service providers looking to make it more difficult for staff to move to a competing provider. If customers are concerned about losing staff to their outsourced service provider, imposing a no poach obligation on the latter is likely to be a better approach than reliance on a non-compete in employees' contracts (and the same applies in reverse to service providers which are concerned about their own staff being poached by customers).

8. Financial services: regulating providers of outsourced services

To date, outsourcing in the financial services sector has mainly been regulated through the imposition of obligations on regulated financial services providers, which are typically the customers in an outsourcing relationship. Such firms are required to notify regulators of material outsourcings and ensure that appropriate practical and contractual safeguards are in place. However, as a general rule, businesses actually providing the outsourced services have not so far been regulated in the UK (unless they themselves required authorisation for the activities they were performing).

Under the framework of the Financial Services and Markets Act 2023, the Treasury – in consultation with financial services regulators – has the ability to designate certain third party providers of services to the financial sector as "critical" and therefore subject to certain regulatory requirements. A discussion paper was issued in 2022 with a consultation expected later this year. For more detail, see our briefing.

What does this mean in practice?

It may well be that in practice, only a small number of service providers will be designated in this way. It is likely that the Government and regulators have in mind very large cloud-based computing and IT infrastructure firms, such as Amazon, Google and Microsoft. That said, the power is not limited in scope and any business which could be regarded as providing critical services to the financial sector (whether IT-based or not), should consider whether it is likely to be caught.

Any direct regulation could also prompt some service providers to make changes to their arrangements with financial sector customers to reflect increased compliance costs and a perceived increase in regulatory risk.

9. Our outsourcing experience

We regularly advise both customers and suppliers on outsourcing transactions in a broad range of sectors. Recent examples include:

  • PAYMENT SYSTEMS: Advised Pay.UK on critical IT outsourcing arrangements relating to the UK's payment systems infrastructure responsible for processing £19.2 billion per day
  • IT TRANSFORMATION: Advised Rathbone Brothers PLC, a FTSE-250 listed provider of wealth management services, on outsourcing arrangements with Charles River and Investcloud to overhaul core aspects of its business-critical IT infrastructure
  • FINANCIAL SERVICES: Advised Target Group, a division of Tech Mahindra, on outsourcings relating to multi-million pound asset portfolios for customers including Goldman Sachs, Shawbrook Bank and the BBC
  • PENSIONS: Advised the pension funds of several major corporates on large scale outsourcings of scheme administration activities, including offshoring to service centres in Europe and Asia
  • MEDIA: Advised Channel 4 on the negotiation of its business-critical outsourced playout arrangements with providers Red Bee Media and Prime Focus Technologies
  • REAL ESTATE: Advised ZPG, owners of leading property website Zoopla, on a complex, technology-led outsourcing of customer support services
  • HOTELS AND CATERING: Advised AJ Capital Partners on key outsourcing arrangements relating to management and catering operations at its portfolio of UK hotels
  • ENERGY: Advised Xoserve on a long term, large scale and highly complex outsourcing relating to critical infrastructure in the energy sector
  • BPO/CUSTOMER SERVICES: Advised Monzo Bank on a large-scale business-critical near-shore outsourcing with Sykes Enterprises Eastern Europe, relating to customer services for all of its 4.9 million account holders
  • TECHNOLOGY OUTSOURCING: Advised Fundsmith, the largest active mutual fund in the UK, on its IT outsourcing arrangements for transfer agency services
  • FOOD & DRINK: Advised Burger King on a major outsourcing relating to provision of information and communications technology services by Timico, the managed service provider, within Burger King restaurants
  • ENTERTAINMENT: Advised Ambassador Theatre Group on the outsourcing of the entirety of its UK logistics arrangements in relation to food, drink and hygiene products across all of its 30+ UK-wide theatre portfolio
  • MANUFACTURING: Advised Volta Trucks on complex, cross-border outsourced manufacturing arrangements for the launch of the Volta Zero, the world's first purpose-built 16-tonne electric truck
  • ASSET MANAGEMENT: Advised leading investment manager Brooks McDonald (with £13.7 billion in funds under management) on a highly complex exit from an existing outsourcing arrangement and migration to a new managed services technology platform

10. Stay connected

For more information and the latest on outsourcing hot topics, visit our Outsourcing Spotlight series page.

Register to be notified of content as it becomes available here.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.