- Reviewing contracts to determine at what point COVID-19-triggered “force majeure events” are deemed to have ended under the applicable contract terms.
- Interpreting how supplier obligations to use “commercially reasonable efforts” to restore the original services as quickly as possible are to be applied as governments ease their quarantine and stay-at-home mandates and guidance.
- Planning for social distancing and other restrictions in the workplace following the return to facilities-based work, including if, and to what extent, such restrictions will affect supplier personnel and then modifying facility rules as applied to suppliers.
- Negotiating contract terms governing the return of supplier personnel to supplier or customer facilities, including scaling back accommodations under WFH waivers, limiting use by supplier personnel of shared spaces in customer facilities, and establishing the timing and priority of the return of the supplier work force.
- Preparing for WFH as a standard process, particularly refining positions on WFH data security and performance deficiencies arising out of home technology environments.
Reimagining Global Sourcing Strategies
In the wake of the pandemic, we expect our clients to re-examine their corporate sourcing strategies for outsourcing and other technology-based services to reduce the risk and impact associated with pandemics and other global challenges. The pandemic has been a “wake-up call,” and there will be a new emphasis on resilience and mitigating large-scale risks. Sourcing strategy and supply chain management have vaulted from back-office functions to C-level concerns.
The measures to be considered may include:
- Increasing the focus on supplier resiliency and redundancy, including, for example, through enhanced vendor risk management programs, redundant sources of supply, and reimagined technical architectures.
- Geographically realigning the service delivery model to reduce the risks associated with individual countries or regions, perhaps by moving certain critical services to in-country or in-region suppliers.
- Building work-from-home strategies and capabilities into the day-to-day service delivery model so that security and other challenges can be addressed in advance and the organizational disruption associated with future events can be minimized.
- Updating business continuity/disaster recovery planning to address contingencies, such as global pandemics, that are not covered by the traditional focus on relocating services to back-up facilities at different locations.
- Leveraging artificial intelligence, robotic process automation, software-as-a-service, and other digital technologies to decrease reliance on human resources, ideally creating end-to-end digital capabilities that can continue operations when humans are unavailable.
- Selectively in-sourcing critical functions as a means to increase control and decrease risk that critical resources are diverted by suppliers to other clients.
Financial institutions and other regulated companies will have to be particularly diligent in dealing with what we expect to be great pressure on and by regulators to reduce the risk of future pandemics and other global challenges. Regulated companies must be prepared to track and respond to regulatory concerns and proposals both to comply and to help shape the best regulatory response. As regulatory responses appear, regulated companies will have to bring their existing sourcing strategies and critical vendor relationships into compliance.
Revising Contracting Forms and Practices
We anticipate that these new strategic plans will change how businesses contract for information technology and business process services. Businesses will seek to be ready for the next pandemic-like event and to adjust for the “next normal” with social distancing restrictions that greatly reduce the capacity of buildings and transportation networks. For example, we expect:
- A move away from contracting for excusing performance based on force majeure to contracting for a services offering with protections against low-probability events and circumstances that could have a material adverse effect on performance.
- New attention to specific, effective, auditable, enforceable business continuity and disaster recovery (BC/DR) provisions. In addition to revealing the flaw in BC/DR being “seats” in another building, the pandemic has exposed the thin levels of contract commitment in BC/DR provisions and the lack of “stress testing” by customers.
- To facilitate “work from anywhere,” a re-thinking of data security standards away from “clean rooms” and other physical security measures and more towards multi-factor authentication, access controls, electronic surveillance, virtual private networks (VPNs), virtual desktop environments (VDIs), and other logical security measures.
- Increasing amounts of scenario-based financial analysis of sourcing transactions, including considering low-likelihood but high-impact contingencies.
- Re-thinking of provisions requiring or allowing supplier personnel to work in customer facilities or meet in person with customer personnel.
- Increasing attention to contractual commitments as to how services will be performed to allow customers to better manage the risk in their services supply chains.
All of these changes—a smart return to shared facilities, strategic planning, and improved contracts—can help businesses survive the COVID-19 crisis and thrive in the “next normal.” Just as the financial crisis led to a more resilient financial system, the COVID-19 crisis can lead to a more resilient global services supply chain. We hope that this Legal Update helps you to seize this opportunity to emerge out of this crisis stronger and more resilient.
If you wish to receive regular updates on the range of the complex issues confronting businesses in the face of the novel coronavirus, please subscribe to our COVID-19 “Special Interest” mailing list.
And for any legal questions related to this pandemic, please contact the authors of this Legal Update or Mayer Brown’s COVID-19 Core Response Team at FW-SIG-COVID-19-Core-Response-Team@mayerbrown.com