Legal Issues of Global Servicing Contracts - PowerPoint PPT Presentation

1 / 37
About This Presentation
Title:

Legal Issues of Global Servicing Contracts

Description:

Global Outsourcing Extending Michigan's Enterprises. Michael S. Mensik ... Choicepoint $10 million fine. TJX. 45 million consumer cards compromised ... – PowerPoint PPT presentation

Number of Views:40
Avg rating:3.0/5.0
Slides: 38
Provided by: michael1072
Category:

less

Transcript and Presenter's Notes

Title: Legal Issues of Global Servicing Contracts


1
Legal Issues of Global Servicing Contracts
  • September 20, 2007
  • Dearborn, Michigan

2
Building Relationships
3
Managing the Extended Enterprise
4
Providers Extended Platform
5
Enterprise Imperatives
  • Monitor vendor performance
  • Continually improve process
  • Deepen cost savings
  • Adapt to change
  • Assess and mitigate risk

6
Compliance Risks
7
Security Common Denominator
  • Technical, physical and organizational security
    measures
  • Increasingly ubiquitous requirement
  • Extends beyond current state to business
    continuity
  • Few specific legal standards of adequacy
  • Evolving best practice

8
Believe It or Not
  • Suppliers today are increasingly comfortable
    about making future regulatory compliance a
    standard element of their contracts, meaning the
    supplier will ensure the client stays in line
    with regulatory standards as they evolve
  • Bravard Morgan, Smarter Outsourcing
    (2006), p. 119

9
Enough Said?
  • Customer and Service Provider will each comply
    with all applicable law

Break-Fix
Call Center
10
One Shoe Doesnt Fit All
  • Reach common understanding
  • Non-delegable duties
  • Evolving standards
  • Conflicting views
  • Allocate responsibilities and risk
  • Knowing
  • Doing
  • Monitoring
  • Remediating

11
Deeper Dive
  • Tax
  • Financial Reporting
  • Data Protection/ Privacy
  • Security Breach

12
Tax Cost
  • Elements
  • Tax burden
  • Cost of compliance
  • Consequences of non-compliance
  • Change in law or interpretation?
  • Duty non-delegable, but risk allocable

13
Key Issues
  • Permanent establishment
  • Tax treaties
  • Independent/dependent agent
  • Service PE
  • Transfer pricing
  • Third-party comparables
  • Withholding tax
  • Assessable?
  • Creditable?
  • Transactional tax
  • Sales and use tax
  • VAT/GST

14
Multi-Country Infrastructure Deal
US Provider
US Customer
Global Contract
Deskside Services
Subsidiary
Subsidiary A
Deskside Services
Subsidiary B
Subcontractor
15
Follow the Money
US Provider
US Customer



Subsidiary
Subsidiary A
Invoicing
Subsidiary B
Subcontractor


16
Identify the Taxes
US Provider
US Customer
Sales/Use Tax
GST
W/H
Subsidiary
Subsidiary A
Subsidiary B
Subcontractor
W/H
VAT
Transfer Pricing? Creditable Withholding
Tax?
Non-recovered VAT/GST?
17
Local Invoicing
US Provider
US Customer
Sales/Use Tax
GST
Subsidiary
Subsidiary A
VAT
Subcontractor
Subsidiary B
No Transfer Pricing No
Withholding Tax
VAT/GST Recovered
18
Companion Agreement?
  • Yes
  • Tax
  • Recover VAT/GST
  • Minimize withholding tax
  • Limit transfer pricing
  • Mitigate PE risk
  • Non-Tax
  • Local variation
  • Employee/asset transfers
  • Privity of contract
  • Channel-up disputes
  • No
  • Tax
  • No non-recoverable VAT/GST
  • Overriding global tax plan
  • Non-Tax
  • No provider presence
  • No invoicing capability
  • De minimis services
  • Cost gt benefit
  • Third-party subcontractor
  • No employee/asset transfers

19
Tax Review
  • Compliance risk
  • Invoicing structure
  • Implemented?
  • Optimized?
  • Charge-backs
  • Transfer pricing?
  • Withholding tax?
  • Permanent establishment
  • Changed landscape
  • Services
  • Organizational
  • Legal
  • Accounting
  • FIN 48
  • Potential Savings

20
Financial Reporting
  • Objective reliability
  • More accurate financial reporting
  • Key requirement 404
  • Design, operate and test controls
  • Negotiation focus
  • Yesterday reports
  • Today controls

21
Key Requirements
  • Controls
  • At provider over its activities
  • At customer over providers output
  • Operational effectiveness
  • Testing
  • SAS 70 Type II report
  • Additional audits

22
Subsequent Developments
  • Material weakness due to insufficient evidence
    from service provider
  • Magna Entertainment
  • Churchill Downs
  • New SEC and PCAOB guidance
  • Auditing Standard No. 5

23
Prior Focus
  • Require SAS 70 Type II
  • Preserve right to audit
  • Negotiate cost allocation
  • SAS 70 report
  • Additional audit support
  • Remediation
  • Cost and utility issues

24
Emerging Approach
  • Focus controls
  • Common
  • Specific
  • Customer controls over outsourced activities?
  • Existing provider controls across client base?
  • Economies of scale

25
Common Controls
  • Examples
  • Physical security
  • Logical security
  • Hiring and training
  • Provider defines underlying policies
  • Customer validates control objectives and
    activities
  • Provider provides common SAS 70 at no charge

26
Specific Controls
  • Examples
  • Clear unallocated balances
  • Segregate certain duties
  • Dual factor authentication
  • Customer defines control objectives and
    activities
  • Customer and its external auditor test controls
  • Provider may provide tailored SAS 70 at
    additional charge

27
Financial Reporting Review
  • Compliance risk
  • Timely testing and reporting?
  • Changed landscape
  • Functions outsourced?
  • More providers?
  • Potential savings
  • Common SAS reports?

28
Data Protection/Privacy
  • Objective accountability
  • Control over collection, use and disclosure of
    personally identifiable information
  • Key concepts
  • Data controller versus processor
  • Substantive versus formal obligations

29
Challenges Legal
  • Scope of law
  • Omnibus (EU Directive)
  • Contextual (GLB, HIPAA)
  • Specificity of requirements
  • U.S. reasonable security
  • Spanish encryption rules
  • Shifting interpretation
  • Employee consent
  • Legislative activity
  • Proposed Indian law

30
Challenges Factual
US Provider
US Customer
India Center
German Sub
HR Data
Argentine Sub
Philippine DP
31
What is to be done?
  • Due diligence
  • Internal data flows
  • Data flows with providers
  • Substantive obligations
  • Technical, physical and organizational security
    measures
  • Interplay with financial reporting controls
  • Formal obligations
  • Downstream
  • Model contracts
  • Safe harbor principles
  • Upstream
  • Notices
  • Consents
  • Filings

32
Data Protection Review
  • Compliance risk
  • Internal?
  • Providers?
  • Changed landscape
  • New data flows?
  • New law/interpretation?
  • Potential savings
  • Leverage financial reporting controls?

33
Security Breach
  • Hot numbers
  • Social security, credit/debit card, bank account,
    driver license and other
  • Recent slips
  • Choicepoint
  • TJX
  • Evolving rules
  • Risk allocation

34
Recent Slips
  • Choicepoint
  • 10 million fine
  • TJX
  • 45 million consumer cards compromised
  • Class action lawsuits in 7 states
  • Multiple government investigations
  • Over 17 million in costs

35
Evolving Rules
  • Existing notification laws
  • Over 2/3rds states
  • Emerging damage recovery right
  • Negligence theories
  • New statutes
  • Federal pre-emption?
  • Foreign activity

36
Risk Allocation
  • Current agreements
  • Change in law
  • Consequential damages
  • Liability caps
  • Future agreements?
  • Limitations on liability
  • Exclusive indemnities
  • Avoiding the root cause
  • Security measures

37
Michael S. MensikTel 312 861-8941
  • Questions?
Write a Comment
User Comments (0)
About PowerShow.com