10 Pitfalls to Watch Out for When Outsourcing
Outsourcing is an effective way of conducting many non-core parts of your business, allowing you to concentrate on the key parts. The regulation of outsourcing transactions in Ireland depends less on the nature of the outsourced service (e.g. IT or business process) than on the sector in which the outsourcing takes place (e.g. financial services or the health sector). John Darby of Flynn O’Driscoll sets out the top 10 pitfalls to watch out for when outsourcing part of your business to another party.
1. Check to see whether the outsourcing will affect any of your employees
The European Communities (Protection of Employees on Transfer of Undertakings) Regulations 2003 give employees certain rights when the whole or part of an undertaking or business is transferred from one employer to another employer. The Regulations frequently apply when a business outsources a particular service or function and the outsourcing involves a transfer of assets or relates to a labour-intensive part of the business. The Regulations may also apply where a business changes its supplier or where a business terminates an outsourcing arrangement and brings back in-house services that were previously outsourced. In all of these scenarios, you may have notification obligations to your employees and your employees may have rights against you. Furthermore, upon applying for a tender, the Regulations may apply to you if you win the tender.
2. Make sure that adequate service levels are put in place
Service levels, key performance indicators (KPIs) and service credit schemes vary considerably from outsourcing to outsourcing, depending on the industry sector and the importance to the customer’s business of the outsourced services. Generally, where service levels are objectively measurable (e.g. availability or response times), these should be set out in detail in the agreement. Where they are not objectively measurable, more general service quality warranties should be included. In either case, it is important that your business has remedies where the outsourced service falls short of the service level that your business expects.
3. Make sure that you have step-in rights
Step-in rights enable the customer, or a third party acting on its behalf, to step into the supplier’s role at the supplier’s cost if the outsourced service falls short of the service level that your business expects.
4. Make sure that the outsourcing provides for regular reviews
Specific service levels are often combined with continuous improvement obligations. It is also common to seek requirements for regular reviews, at which service levels can be considered. Service credit schemes are commonly linked to service levels and can be approached in a variety of ways, including:
- Percentage or fixed amount credits for any service level failures
- Adoption of different levels of service credit depending on the criticality of the service level or the severity or length of a service level breach
- Balanced scorecard mechanisms.
5. Make sure that the outsourcing pricing structure is appropriate
Because of the nature and length of typical outsourcings, commercial, business process and technological change over the term inevitably impact on cost. Therefore, the pricing structure may not remain static for the duration of the outsourcing and cost review mechanisms are generally included. These should include pre-defined mechanisms to vary costs, which are designed to enable maintenance of price competitiveness over the term of the outsourcing. The mechanisms can include:
- Using pricing bands to address changes in the outsourcing’s scope
- Pre-agreed time and material rates
- Index-linked increases to cover general increases in the cost of doing business in line with the Consumer Price Index or appropriate equivalent
- Benchmarking the supplier’s charges for the outsourced services against other suppliers in the market
- Change control processes, to allow extra required services to be costed by the supplier or included in the existing price structures
6. Check to see if any sectoral regulations may be relevant for your outsourcing
In general, there is no specific regulation in Ireland for outsourcing transactions. However, outsourcing by regulated financial institutions is subject to specific rules. The primary regulatory source is Directive 2004/39/EC on markets in financial instruments (MiFID), which sets out specific rules relating to outsourcing in the context of investment-related financial services. MiFID includes specific rules relating to the notification of material outsourcings to the Central Bank of Ireland. In addition, other specific rules or requirements may apply in specific sectors such as healthcare, where the Health Information and Quality Authority (HIQA) can have an input.
7. Check to see whether data protection issues may arise
Data protection issues arise in a number of contexts in most outsourcing arrangements, including:
- Inherent data protection issues when transferring employees
- Where the outsourced services involve the processing of personal data
In such cases, the Data Protection Acts 1988 and 2003 require the customer, as the data controller, to put in place a written contract with the supplier, which includes contractual protections around security of, and access to, data and restrictions on processing without the controller’s consent. This is particularly relevant in the insurance sector.
8. Check to see that you have protection for the confidentiality of customer data
In any outsourcing arrangement, comprehensive confidentiality provisions should be included in the agreement to protect your business’s confidential information.
9. Make sure that you have appropriate audit rights
You should retain appropriate audit rights against the outsourcing service provider, both operational and financial.
10. Make sure that you have appropriate indemnity protection
Indemnity protection, while limited, often depends on the specific risks and issues identified during the negotiation of the outsourcing. There would usually be a full indemnity for:
- Third party intellectual property (IP) claims
- Employment-related claims and the costs arising in respect of the transfer
- Actions in relation to assigned contracts
- Breach of confidentiality and data protection obligations.
There has been a recent trend in outsourcing contracts for the customer to seek indemnity protection in respect of a broader range of issues, including in respect of:
- Liabilities that would traditionally not have been capped, but in respect of which indemnity protection would not have been granted, such as fraud
- Losses arising from a breach or default in respect of specific and identified service obligations, e.g. transaction processing errors.
Indemnities should be supported by appropriate insurance cover from the supplier.
Written by: John Darby, Consultant, Flynn O'Driscoll – Business Lawyers
- Social Media – How to Protect Your Business
- 5 Ways Employers Can Avoid Costly Mistakes
- 9 Reasons Some SMEs Hire the Wrong People
- Managing Absence in the Workplace
Please be aware that all of the views expressed in this Blog are purely the personal views of the authors and commentators (including those working for AIB as members of the AIB website team or in any other capacity) and are based on their personal experiences and knowledge at the time of writing.
Some of the links above bring you to external websites. Your use of an external website is subject to the terms of that site.
Allied Irish Banks, p.l.c. is regulated by the Central Bank of Ireland. Copyright Allied Irish Banks, p.l.c. 1995.