Tech & Sourcing @ Morgan Lewis


As part of our Spotlight series, we speak with Simon White, one of the most senior and experienced technology lawyers in the UK market, who has held roles including deputy counsel, Chief Privacy Officer, and GC EMEA LATAM at Cognizant, one of the largest multinational IT services companies in the world with over 300,000 personnel spanning across five continents. Prior to joining Cognizant nearly 15 years ago, Simon White was a corporate associate at Morgan Lewis.

In the context of cross-border outsourcings, what issues do country barriers represent, given technology is often country-agnostic?

Geographical country barriers have the potential to destroy a business case. Not only in respect of the added complexity of the outsourcing itself from a contractual and operational perspective, but there are concerns regarding the profitability and success of a cross-border business. Moreover, while the often country-agnostic nature of technology presents itself as a global business solution, it is not necessarily a panacea for a disparate and dispersed organization, (which itself may not operate as a fully joined-up cross-border business).

One of the key issues is that legal and regulatory requirements vary from country to country (not forgetting that they sometimes vary region to region or state to state), which drives complexity and the need for localization of the relevant technology solution. As well as adding to the potential overall cost of the outsourcing, this often leads to extensive additional governance requirements in need of sign-off from different departments within the business. Even regulations purporting to have a cross-border reach, such as GDPR or Solvency II, are only superficially cross-border, in that there are often country-specific requirements regarding implementation or enforcement that must be reflected in the contract and/or the technology solution. Legal and regulatory requirements can also dictate the fundamental financial and contracting structure of a cross-border deal. For example, the tax treatment of invoices from a vendor can vary radically depending on the geographic locations of the entities which contract, invoice, or pay and receive revenue under the outsourcing agreement.

However, legal and regulatory requirements are not the only obstacles created by country barriers in cross-border technology outsourcings.

When we think of technology, we often immediately think of the virtual; it is all too easy to forget that there is always a physical element to any technology delivery. For example, we have to consider the physical security requirements, and what the risks are from a logical and cybersecurity perspective of having a logical link into the IT infrastructure in certain countries or regions.

Another crucial physical consideration is the human factor: do we need to get people in-country (and if so, within every in-scope country)? Can we get the necessary visas for everyone? Do people actually want to go where there is a business need? Whether by design or by default, outsourcing typically leads to organizational culture change, both for good and for bad. While top-down culture change can define the look and feel of an international organization, it is nearly impossible to build a true “mono-culture.” This cultural impact is felt much more keenly in a cross-border outsourcing, and so we have to consider any cultural differences and difficulties that may be faced and how to prepare for this operationally (and potentially contractually).

How do you manage these barriers and risks (a) with the business and (b) in the contract?

Without proper thought and attention, the need to address both global and local requirements can lead to overly complex negotiations and drafting, resulting in unworkable or undeliverable contracts.

To try to mitigate against these risks, the first question must always be: what is the business trying to achieve? While the driver for many is cost optimization and quality improvement, there may be wider strategic considerations to take into account. The broader purpose needs to be considered against the unexpected or passive consequences of entering into the outsourcing arrangement, and any gaps or risks adequately reflected in the agreement. And while the above is true for any outsourcing, the risk is multiplied many-fold in a multi-country outsourcing, meaning that the scale for any potential success (or failure) is huge.

Once we understand this context, then we can drill down into how that business is run, how the end users are organized and managed, what the existing governance is and what it should be moving forwards, so that we can properly reflect this in the contract.

Additionally, it is vital to ensure that all appropriate stakeholders across all parties are involved in what is being negotiated. The wider the geographical remit of the agreement, potentially the more people are required, but equally the broader risk analyses need to be, with more issues compounding. Try to understand upfront who these stakeholders are, and ensure they are informed and involved throughout the process.

How do you manage the challenges that appear after go-live in a multi-jurisdiction outsourcing?

Some of the key considerations are:

  1. Start by negotiating with a win-win attitude and draft for success, and carry that mindset into execution and ongoing management of the outsourcing;
  2. Monitoring (including clear reporting requirements) how the contract is being performed and any internal or external factors affecting performance;
  3. Ensuring that service boundaries are clearly defined and managing the evolution of the project, or scope creep, depending on your perspective, through the change control process;
  4. Enforcing discipline in the process, accuracy, and timing of invoices;
  5. Being consistent in the approach to preparation and agreement of statements of work, call-offs, change control notes, and any other documentation that is prepared under the contract;
  6. Balancing collaborative governance with the more combative dispute resolution procedures; and
  7. Striving for honest and open communication between all of the relevant parties at every level of the business.