On June 3, 2015 the State Department's Directorate of Defense Trade Controls (DDTC) and the Commerce Department's Bureau of Industry and Security (BIS) published proposed regulations which would change the definition of the term "export" in each agency's regulations to allow cloud storage of information in servers located in foreign countries if the information is appropriately encrypted. These changes, if ultimately adopted, would substantially alleviate concerns that companies seeking to take advantage of the efficiencies of cloud computing could run afoul of export controls. However, it would still be important for cloud users and cloud storage providers to ensure that appropriate encryption is being used.
is the second of two postings that discuss SaaS pricing.In the earlier posting, we discussed the
underlying economics of SaaS solutions and their implications for how SaaS
services are priced.This posting
identifies some key considerations in negotiating pricing for SaaS services
that can help lower total subscription costs.
Committed Growth vs.
a general matter, the higher the volume you commit upfront to a SaaS provider
over the contract term, the higher the discount you can negotiate.However, this carries a risk that your
projected growth may not materialize and you'll wind up paying for a higher
volume of service than you need.As a
result, it is important to use the negotiation process to assess the level of upfront
commitment to future growth that achieves the optimal balance between high discount
levels and the risk of paying for more than you need.
addressing this issue, you will want to:
the committed growth over the contract term based on when you expect it to
materialize; that is, do not set volumes for contract year 1 based on where you
expect to be in contract year 5.
in unit rates for incremental purchases over the contract term.Some SaaS providers take the position that the
price of additional volumes will be negotiated at the time of purchase.This should be a non-starter since you may not
have as much leverage to negotiate price during the middle of the contract term.
large minimum purchase commitments on incremental purchases.SaaS providers often require a minimum block
of units be purchased.In concept, this
is reasonable in that it allows the supplier to avoid numerous tiny incremental
purchases throughout the year and thereby more effectively manage administrative
costs.In practice, however, SaaS
providers sometimes propose minimum purchase requirements that are excessive in
relation to the size of the deal.For
example, in a recent transaction, a SaaS provider proposed minimum purchase increments
of 500 units, which represented a 20% increase in the size of the deal.Any minimum purchase requirements should make
sense in light of the size of the deal.
noted in Part 1 of this posting, SaaS providers typically require that the full
subscription fee start at the time the service is first made available to
commence configuration and implementation efforts.There are some approaches that can help
mitigate the impact:
subscribing to multiple modules that will be implemented at different times, stagger
the subscription start dates to coincide with the commencement of
implementation efforts for those modules.
the go-live date for a SaaS service is expected to occur in a later
subscription period than the commencement of implementation efforts, SaaS
providers will sometimes agree to a nominal volume in the subscription metric
(e.g., users) during the subscription period preceding the go-live date.
your are subscribing to multiple SaaS modules with different metrics or the
volume of usage may vary by module, you should consider negotiating swap rights.
Swap rights permit you to trade in unused units of one module for additional
units of another module.This can help optimize
the value received for your subscription fees.
should pay close attention and understand how the SaaS provider defines the
volume metrics used to price the services.This will be important in developing the projections used for pricing
purposes.Lack of clarity on the metric
definitions can result in unpleasant surprises once you're in the deal.
particular, you should be alert to metrics that are not tied directly to the
number of users you specifically authorize to use the service.For example, the total number of employees in
your organization may be used to measure the volume of usage for some SaaS
services (e.g., recruiting or onboarding products in the HR space).This can be difficult to monitor on an
ongoing basis and may fluctuate throughout the year.
you may want to try to limit pricing adjustments to the number of employees at
the commencement of each subscription year without any adjustments during the
year.In addition, you may want to
negotiate the flexibility to carve out any subsidiaries or divisions of the
enterprise that will not be using the SaaS service.This can helpful in reducing costs in
connection with mergers and acquisitions by being able to avoid being tagged
with the employee count of the acquired company until you've moved it onto the
SaaS providers offer different levels of support (e.g., standard, premium,
platinum).While it may make sense to purchase
the highest level of support in the first couple years as you come up the
learning curve on the SaaS service, you may find that you do not need (and do
not want to pay for) such a high level of support thereafter.You should therefore consider negotiating an
option to change support plans at any time (or at least at the beginning of each
annual subscription period) with a corresponding adjustment in annual support
As long as the transition to an alternate solution is
not unusually difficult or costly, you will likely have leverage in negotiating
favorable pricing for renewal terms because of the strong incentive SaaS
providers have in retaining existing customers (rather than the bear the high
cost of attracting a new customer to offset the attrition).That said, it is still advisable to negotiate
renewal options upfront with caps on any price increases during the renewal
as a Service (SaaS) is growing rapidly as an alternative to licensing on-premises
software for corporate customers. As
reported by Forbes
earlier this year, analysts are forecasting that global SaaS revenues will
reach $10.6B in 2016, representing a 21% increase over projected 2015 spending
levels.By 2018, 27.8% of the worldwide
enterprise applications market is projected to be SaaS based.
solutions are attractive to customers because they substantially reduce the
upfront investment and risk associated with licensing and implementing
on-premises software and avoid the ongoing costs of maintaining the
infrastructure and implementing upgrades for the licensed software.In a SaaS solution, those costs and risks are
transferred to the supplier.
combines elements of software licensing, outsourcing and hosting into an
integrated solution. The pricing models for SaaS solutions have
certain distinct characteristics that are driven by the economics of those
solutions and differentiate SaaS pricing from pricing models for software
licensing, outsourcing and hosting services.
is the first of two postings that addresses some of the key considerations
relating to SaaS pricing.This posting
discusses the underlying supplier-side economics of SaaS services and their
implications for how SaaS services are priced.The second posting will identify some key considerations in negotiating
pricing for SaaS services that can help lower subscription costs.
a supplier standpoint, the economics of SaaS solutions are very different than software
licensing.In a typical software
license, the supplier receives a large upfront payment in the form of one-time license
fees that help offset investments in sales,marketing and product development.In contrast, under a SaaS model those fees are spread over the contract
term (typically 1 - 5 years for SaaS offerings to corporate customers).
explains why established software licensors are taking significant hits to
earnings as their on-premises software revenue is being replaced by SaaS subscription
fees.For example, the Wall Street Journal reported recently that
SAP's first quarter net profit in 2015 fell 23% even though overall revenue
increased by 22% and cloud subscriptions and support jumped by more than 100%.
a supplier standpoint, the economics of SaaS solutions are also very different
than outsourcing and hosting services.Outsourcing or hosting is typically a "one-to-one" service that is
customized to meet the specific needs of a customer and in which the direct
cost of delivering service represents a substantial portion of, and is directly
correlated with, the supplier's charges for the service.In contrast, SaaS is a "one-to-many" service
that is not customized for individual clients and in which the direct cost of
service delivery represents only a modest portion of the supplier's fees.
understand the economics of SaaS solutions, it's helpful to look at the income
statements of some of the leading SaaS providers.The lion's share of costs is for sales and
marketing to acquire new customers.As
reflected in their 10-Ks, sales and marketing as a percentage of revenue for
salesforce.com, Workday and Netsuite ranged from 40 to 53%.Combined costs for product development
(R&D) and general and administrative (G&A) expenses accounted for
somewhere between 30 to 53% of revenue for these companies.The direct cost of delivering the SaaS
service is relatively low in relation to revenues, ranging from 17 to 19% of
of these companies had gross profit margins of over 80% on subscription
revenue, but had substantial net operating losses due to sales and marketing,
R&D and G&A costs.This is a
reflection of the high growth trajectory of these companies and the time it
takes to recover their investments in customer acquisition, R&D and the
assets required to deliver the service. The road to profitability depends on high
customer retention rates and expansion of business with existing customers.
economics have several implications for how SaaS services are priced:
·Size Matters (a lot) - while large
customers can always expect to receive higher discounts for IT services than
small customers, this dynamic is magnified for SaaS services.The lifetime value (LTV) of a customer in
relation to the cost to acquire a customer (CAC) is much higher for large
customers than small customers.At 80%+
gross profit margins on subscription revenue, the revenue stream from a large
customer has a much greater impact on the supplier's earnings than, say, a
large outsourcing or hosting customer (where gross profit margins are lower due
to higher direct costs of service delivery in relation to revenue).Even though it typically costs more to
acquire a large customer, these are one-time costs that are more than offset
over time by the revenue stream of a large customer.Large customers also have longer retention
rates for SaaS services.Therefore,
large customers should expect to receive substantially higher discounts on
subscription fees and considerably more flexibility on other pricing and
non-pricing related terms.In this
respect, SaaS pricing is analogous to pricing on software licenses where a
large client may pay half of what a small client pays on a per unit basis.
- the payback on the supplier's investment in acquiring a SaaS customer can
take many months (in some cases over a year) of subscription fees to break
even.Therefore, minimum revenue
commitments are particularly important for SaaS providers.A typical SaaS agreement will obligate the
customer to purchase a specified volume of SaaS services for a committed single
or multi-year term.Suppliers normally
attempt to avoid or limit termination for convenience rights and the ability of
customers to reduce volumes below baseline levels.Since the cost of service delivery is
relatively low in relation to subscription fee revenue (e.g., only 17 to 19%
for salesforce.com, Workday and NetSuite), there is very little opportunity for
the supplier to shed costs when a customer terminates or reduces volumes.As a result, the traditional outsourcing or
hosting services model - which generally provides a high degree of flexibility for
customers with respect to termination and volume reductions - does not
translate well to SaaS service offerings.
·Payments Start When the
Service is Made Available (not at "Go Live") - SaaS providers normally insist that the
full subscription fee commence on the date that the service is turned on for a
customer (i.e. made available to a customer to begin the configuration and
implementation work to be able to use the service).Customers often argue that they should not
have to pay the full subscription fee prior to their "go live" date in
production since the customer will be consuming fewer resources of the supplier
prior to that date.This is a legitimate
point.However, given the relatively low
cost of service delivery in relation to the subscription fee (e.g., typically
under 20%) with a substantial portion of those service delivery costs being
fixed infrastructure investments, there is likely only a modest amount of savings
to be achieved in pursuing this line of argument.
·Payments in Advance(not arrears) - many SaaS providers insist on payment in advance,
either annually or quarterly.This is to
help the supplier with cash flow issues associated with the upfront investments
in customer acquisition, R&D and service delivery infrastructure - which
can be particularly important for suppliers with rapid growth
trajectories.In addition, payment in
advance tends to make customers more invested in actually using the SaaS
products they purchased and working to overcome initial transition challenges.
SaaS pricing can be inflexible in some respects, one benefit to customers of
the economics of the SaaS model is that suppliers have a particularly strong
incentive to maintain competitiveness in pricing their products even after the
customer has subscribed to the service.Retention
and expansion of business with existing customers is critical to SaaS providers
in generating returns on their upfront investments.Since it is generally easier for customers to
change SaaS solutions than on-premises software (in which the customer may have
made substantial capital investments) or even outsourcing or hosting solutions,
SaaS providers cannot necessarily count on their customers becoming "captive"
to them in the same way that customers become captive to their major software
licensors or outsourcing providers.This
can provide leverage to customers in negotiating favorable pricing for expanded
business and renewals.
As more and more companies of all sizes ranging across a wide spectrum of industries have been exposed to network and data security breaches in recent years, the market for insurance products dedicated to cover cyber risks has grown just as fast. With policies sold under names like "cyberinsurance," "privacy breach insurance," "media liability insurance" and "network security insurance," the market for this coverage often seems chaotic, with premiums and terms varying dramatically from one insurer to the next.
15, 2015, the New York Department of Taxation and Finance determined in Advisory
Opinion TSB-A-15(2)S that the sale of certain cloud computing services
were not subject to New York State sales and use tax. The Advisory Opinion
is noteworthy because of the Department's position on the taxability of
licensing prewritten software.
1.The Opinion was based on the unique facts of the
The taxpayer ("Supplier") offered Software as a Service ("SaaS"). No
specific servers of the Supplier were dedicated to any particular customer, the
customers had no physical access to the servers, and the Supplier decided which
of its servers would be used for each customer. Customers were not
charged by the Supplier for operating system software, and all charges were
based on hourly rates and the amount of computing power consumed.
Customers were not charged any fixed fees for the service.
2.The SaaS at issue was primarily for the use of Supplier's
The Department considered how the Supplier advertised its offering to
determine the SaaS at issue was not a taxable license to use prewritten
software. Although the operating systems offered by the Supplier were the
type of pre-written software generally subject to tax, the Department found
that the Supplier's customers did not subscribe to the cloud computing service
for that purpose, but rather did so primarily to use Supplier's computing power
to run applications. Any transfer of the right to use operating system
software was found to be only incidental to the offering.
3.The Department did not address whether the Supplier's
offering was a taxable information service. Suppliers should
consider whether their offerings might be taxable information services, and review
the recent SunGard case from the Tax Appeals Tribunal in that regard.(See Matter
of SunGard Securities Fin. LLC, DTA No. 824336 (N.Y.S. Tax App. Trib., Mar.
SaaS under even slight different models might be treated differently.Suppliers offering SaaS in New York should
consult their tax advisors to consider the impact of the Advisory Opinion on
their particular SaaS offerings.
You've managed to agree the deal; all that's
left is to sign the documents.That's
the easy bit, correct?So you might
think, but it is important to be careful not to slip up at this final stage,
particularly when contracting with foreign entities and considering using electronic
law applies when contracting with overseas entities?
In the recent case of Integral
Petroleum SA v Scu-Finanz AG  EWCA Civ 144 the English Court of
Appeal considered whether a supply contract governed by English law and entered
into by two Swiss oil companies was binding.The defendant successfully argued that the contract was not binding as
it had been signed only by one representative of the Swiss company, rather than
two representatives, as required by Swiss law.
The judgment was surprising for many who may
have expected English law to have been applied pursuant to the Rome I
Regulation, which provides that the chosen governing law should determine
matters of "formal validity".The Court
dismissed this argument, however, on the basis that the issue was not one of
"formal validity", but rather one of capacity and so covered by common
law.This meant that the question of
capacity was therefore governed by the law of the country of incorporation of
the country, rather than English law.
This case highlights the importance of
checking the requirements of the law of the country of incorporation when
entering into contracts with overseas entities.
electronic signature sufficient?
Electronic signatures can take a wide range
of forms, such as:
signatory typing his/her name into an electronic document;
scanned handwritten signature;
an icon on a website to confirm an order;
signatures which use cryptography technology; or
signatures certified by a certification authority.
Whichever form the electronic signature
takes, to be effective under English law, it must demonstrate that the
signatory intended to be bound by the terms and to authenticate the document. It
is the function that is important, not the form of the signature; however, note
that the evidential weight given to a certified electronic signature is likely
to carry greater evidential weight than the signatory simply typing his/her
Although the general rule under English law
is that a contract does not need to be in a particular form to be binding, some
statutes require that, to be enforceable, certain types of contract must be
signed (e.g. guarantees, assignment of certain intellectual property rights and
transfer of certified shares) or entered into as a deed (e.g. leases, powers of
attorney and appointment of trustees).Is electronic signature sufficient for these, or is the old fashioned
pen and paper still required?
(Note also that in some circumstances a
document signed by hand might be required for the purposes of registration, for
example, registration of the transfer of land with the Land Registry.)
Electronic signature where there is a
statutory requirement for signature
English case law and an advisory paper of the
Commission appear to take the function over form approach, suggesting that
electronic signature would be sufficient where there is a statutory requirement
for a document to be signed, however, the English government's approach to
legislating in this area means there remains some uncertainty.The UK Electronic
Communications Act 2000 gave ministers the power to modify statutory
provisions to authorize the use of electronic signature (amongst other
things).The government has taken a
piecemeal approach to this, bringing in a number of statutory instruments which
apply only in certain situations.
Where there is a statutory requirement under
English law for signature, if in doubt as to effectiveness of electronic
signature, it remains safest to sign documents in the traditional way.
Electronic signature for deeds
Under English law, a deed must be:
that it is intended to be a deed;
The method often used for execution of deeds
is for parties print and sign the execution page of a deed by hand and then deliver
a PDF copy of the executed deed to the other side electronically.Whilst this method is widely accepted as creating
a validly executed deed, there is a lack of certainty around validity of electronic
execution of deeds that does not involve signing a hard copy by hand.
To be validly executed, the signature must be
witnessed by an individual who attests the signature as part of the same
physical document, or alternatively, in the case of a company, signed by two
authorized signatories on, it is considered by some, the same counterpart.It is not yet clear from statute or case law
whether under English law deeds can be validly executed electronically and, in
any event, parties may face practical difficulties satisfying the attestation
requirement or having both authorized signatories signing the same electronic
The remaining uncertainty around the validity
of execution of deeds electronically as well as the practicalities mean that it
remains preferable to execute deeds by hand in the traditional way.
As the range of technology employed by
the UK's leading banks widens, the balance between cost-effectiveness and
manageability of solutions becomes increasingly difficult to strike. Mike
Pierides (Partner) and Rich Jones (Associate) from law firm Pillsbury examine
some of the challenges banks face in sourcing the technology they need to stay
banking sector in the UK has grown significantly through acquisition and
amalgamation. The result is a market dominated by banking groups, which have
not yet had the time, finances or inclination to set about harmonising the
underlying IT infrastructure of their respective component parts. The table
below highlights some of the key retail bank elements of the UK's major
clearing banks, alongside which it is necessary to consider the various
additional investment bank, private client, credit card and other major business
unit components that sit within the same group.
of the legacy systems still used in UK banks are decades old, were set up for batch-based
branch banking, and may generally not be fit for purpose in the 24-hour roles
that they are now required to fulfil. For a number of reasons, including recent
global economic conditions, there has understandably been little appetite on
the part of banks to break structures down and build new, holistic systems. Arguably,
the 'cobbling together' of old parts and the addition of new, has been the
cause of a number of high profile failures in customer-facing systems in recent
situation also makes troubleshooting a more difficult process when things do go
wrong, as the patchwork of programming languages, hardware and fixes mean the
specialisms and requisite knowledge of systems amongst technical staff to
address issues, are as nebulous as the range of issues to which they are
seeking to remedy this situation and avoid the adverse publicity-generating
outages that have made front page news in recent years, one option is to
migrate services onto third party systems, including the cloud. The key for
banks is in determining what functionality they are good at, or see as 'core' -
and so still want to manage themselves; and splitting that which can
effectively be outsourced to drive efficiency through scalability, cost savings
and service improvement.
decision can be made as part of a wider strategic review: greater automation,
broader functionality and better performance can be achieved through a third
party outsourcing, but key parts of the estate that give a bank its competitive
advantage may be best kept closer to home.
there are risks when shifting activities to third parties. The regulator's own
view of what constitutes a 'material' outsourcing for a financial institution
has also developed as the critical nature of IT services becomes better
understood, such that hosting or desktop services that may have been 'non
material' five or ten years ago may be 'material' today. Contractual levers to
incentivise performance and 'punish' shortcomings are essential, given the application
of the Systems and Controls (SYSC) 8 requirements in the FCA Handbook, under
which critical or important outsourced functions are still fully the
responsibility of the outsourcing financial institution in question.
of the key considerations to have in mind are:
·Data protection - the proposed General
Data Protection Regulation may see a substantial increase in potential fine
levels for data breaches, and reputational damage can be very serious. As a
result, it is common to see unlimited indemnities given by service providers
for data breaches.
·FCA and other
regulatory breaches - though,
as above, under the SYSC rules banks may not be able to absolve themselves of
responsibility, any regulatory fines should be covered on an indemnity basis,
where they are incurred as a result of failures by a service provider.
·Reputational damage - reputational damage
can be difficult to establish and quantify, though it is one of the most
damaging parts of a service outage, as such incidents seldom fail to make
front-page news. As a result, banks should consider a means of benchmarking
reputational impact, and using a scale whereby service credits or damages are
awarded for negative impacts, and potentially money goes the other way where a
bank's reputation for the service provided tangibly improves.
·Service continuity - since there is no
'quiet time' for banks, continuity of service is one of the most important
metrics in a hosting agreement. These should be properly documented in service
levels, and audit rights, disaster recovery services, exit assistance and so on
should be built around it to ensure that loss of profits and reputational
damage is not incurred as a result of outages.
need also to consider transformation of their legacy estate. Since this may
involve the elements of the business seen as 'core', the risk of such transformation
could be perceived as being equally high or higher than the third party
outsourcing of the non-core elements, and so transformation will also involve
specialist third party input.
report by Capgemini found that 53% of financial services IT budgets now focus
on new application development initiatives, with little left over for a 'big
bang' transformation of legacy back-end infrastructure onto a more suitable
platform. Chronic underinvestment in back-end systems (as a result of squeezed
budgets) and a focus on 'sexier technologies' such as mobile app functionality,
have arguably led to a patching and layering approach and a reluctance to make
a large investment for a medium- or long-term gain.
Ultimately, significant cost savings and performance
gains may be achieved through transformation. Contracting with a third party,
appropriately incentivised to successfully achieve the transformation of
existing systems, is a potential option in order to reduce the cost, risk and
time required in achieving such transformation, that will support a bank in its
business mission of operating safely and successfully with the 24/7 demands
that are placed upon it.
Part 2: How are Limits of Liability Evolving, with Respect to the Issue of Data Breaches?
years ago, most "buyers/customers" expected their suppliers to absorb
unlimited contractual liability if the supplier was responsible for a
breach affecting the customer's data. Today, while customers may
continue to insist upon such a position at the beginning of
negotiations, they frequently expect that market-leading suppliers will
ask for some sort of limit to the supplier's potential liability for
When customers are forced to negotiate a liability
cap applicable to breaches of data (including PII and PHI), they usually
insist that such liability cap be an amount that is greater than the
"standard" limit of liability under the Agreement (i.e., greater than
the standard financial cap applicable other contract breaches).
negotiating what that "higher cap" should be for data breaches,
customers should not necessarily tie that higher cap to the total fees
(or total annual fees) payable under the Agreement (for example, a
liability cap for data breaches equal to 3 times the annual fees under
the Agreement), unless those total fees (or total annual fees) will be
so large that having a cap equal to a multiple of the contractual fees
will provide adequate protection to the customer for a data breach.
customers should focus on the question of "What is the potential amount
of damages that I could suffer, if my supplier's actions (or inactions)
lead to a data breach?" And the customer is, then, basing the higher
liability cap for data breaches, on that potential damage amount. In
other words, customers should insist that the higher financial cap for
data breaches BE A DISCRETE AMOUNT OF MONEY (such as, for example, $5
million or $10 million or $50 million or $75 million). This should not
impact the "standard" limit of liability for other breach of the
agreement, which generally continues to be a multiple of the annual fees
(such as 12 months' trailing fees, or 18 months or 24 months depending
on the transaction).
How can a customer determine the potential
damage that might be suffered if a data breach occurs? We encourage
customers to utilize industry analysis to drive their consideration of
their own total potential damages due to a data breach. There are
several industry reports that track (a) the average cost of a data
breach and (b) the average "cost per record breached" (see, for example,
the annual report prepared by the Ponemon Institute on the average cost
of data breaches. The most recent version of the report is available
for download, by registering at: http://www-935.ibm.com/services/us/en/it-services/security-services/cost-of-data-breach/). Based on this analysis, customers can come up with an informed estimate of how expensive a data breach could be to them.
considering what the appropriate higher liability cap might be for data
breaches, customers should appreciate that large/market leading
suppliers that regularly have access to customer data usually have
adequate insurance in order to cover potential data breach damages (or
they are self-insured for such coverage). This is very important: most
large/market leading suppliers are now covered for tens of millions (if
not hundreds of millions) of dollars of insurance coverage for data
breaches. So, when suppliers are negotiating to limit their liability
for data breaches, they frequently are doing so purely from a risk
avoidance perspective, and not because they are unable to cover the cost
of such damages through insurance. If a supplier responds that it does
not have adequate insurance or cannot obtain necessary coverage for data
breaches, that is a huge red flag, and the customer should ask itself
why it would allow such an under-insured supplier to have access to the
Of course, the final limit of liability
applicable to data breaches is subject to negotiation, and in some
cases, a supplier may be unwilling to contractually commit to covering
the customer's total potential damage due to a data breach. In such
cases, if the customer still wants to execute an agreement with the
supplier, the customer should make sure that its own insurance policies
contain enough coverage (in terms of insurance policy limits and
applicable exclusions) to cover the delta between (i) its total
potential damages due to a data breach and (ii) the supplier's
contractual liability cap for data breaches.
Part 1: Contractual Protections With Respect to Data Breaches
Given the unrelenting, it seems, news reports of cyber attacks and data breaches affecting customer records and data,
the issue of what are the appropriate contractual provisions that
should govern data breaches in a contract between customers and
suppliers remains timely, sticky, and constantly-evolving. Below are
several observations regarding contractual language and protections with
respect to data breaches, where a supplier has access to and/or could
cause or allow a customer's data to be breached.
continue to insist upon strict terms and conditions requiring their
suppliers to protect the customer's confidential information, including
with respect to the customer's (i) data (i.e., information stored in
equipment and software), (ii) Personally Identifiable Information (PII),
and (iii) Protected Health Information (PHI).
cases, customers are requiring their suppliers to agree contractually to
separate security and/or privacy exhibits as part of their Customer
Agreement. These generally go above and beyond the general "Confidential
Information" terms and conditions, and focus on the specific tools,
equipment, software, processes, procedures, encryption, and
physical/logical security that must be instituted and complied with by
the suppliers. If you are a customer and concerned about how your
suppliers treat your data, you may want to consider creating a (or
bulking up your existing) standard set of security and/or privacy terms
that can be attached to your supplier agreements. These exhibits often
are prepared by the Corporate Security, Risk or CIO department, and may
be applicable to some deals but not others (for instance, it would not
be applicable if the scope of the deal does not involve the supplier
having access to the customer's data). As an aside, these exhibits can
also cause problems from a deal negotiation perspective, if they
incorporate a "kitchen sink" approach, as negotiation of "one size fits
all" security terms can lead to lengthy contracting delays. To speed the
negotiation process, consider tailoring such a security and/or privacy
exhibit, as appropriate for the scope of your particular deal.
frequently require that their suppliers have adequate Error &
Omissions (E&O) insurance and Cyber Breach insurance policies, so
that the supplier is adequately protected (financially) if the supplier
causes a data breach.
Additionally, many customers are
(themselves) making sure that they have sufficient E&O and Cyber
Breach insurance policies to cover damages resulting from data breaches
(especially if the customer is not successful in passing the
responsibility for that liability to the supplier, or in order to cover
potential damages that may be in addition to applicable limits of
liability within the customer's supplier agreements).
should insist on indemnification protection, requiring suppliers to
indemnify and defend the customer for a breach of the supplier's
obligations with respect to Confidential Information (again, including
with respect to data, PII and PHI).
There is increasing
focus on defining, within supplier agreements, the types of damages
that are reimbursable by the supplier as "direct damages", to the extent
resulting from a data breach. For example, potential costs might
include: (i) the notification costs/letters to affected customers
informing them of the data breach; (ii) establishment of a call
center/1-800 number to provide information to affected customers; (iii)
costs for credit monitoring services; (iv) costs of identity restoration
services or fraud resolution services; (v) costs of identity theft
insurance provided for the benefit of affected customers; (vi)
reimbursement for credit freezes; and (vii) fees/expenses associated
with investigating and responding to a data breach.
a supplier has access to a customer's data, there are frequently
hard-fought negotiations regarding the total amount of damages that the
supplier is willing to absorb, if the supplier is the cause of a data
breach. We will discuss this further in Part 2 of this Post.
There is no shortage of commentary on why mergers and acquisitions fail or do not live up to their projected potential. The percentage of failed or underachieving deals is astounding with some placing the failure rate over eighty percent.The reasons for this dismal outlook range from ill-advised strategic vision, misaligned expectations and poor execution to cultural clashes, fumbled integration, and (some would say) misguided management objectives.
Over the past decade I've observed another factor that contributes to these suboptimal results: poorly planned, constructed and executed transition services, especially in connection with divestitures and carve-outs. The two main factors contributing to deficient transition service arrangements fall into two general categories: (1) a flawed perspective on the importance of transition services; and (2) errant development and execution of the transition service regime. Let's explore each of these factors both in terms of how they arise and how they can be avoided, focusing first on what I refer to as the flawed perspective.
I can sum up the misconception about the importance of transition services in two statements:
These are short term arrangements of less importance: Since transition services are only temporary (and hopefully very short in duration), they really are of less importance. Our focus is really on the long term success of the business.
They pretty much relate to the back-office (and we need to focus on our customers and revenue drivers): Transition services mostly involve back-office operations, which don't drive valuations or contribute to the bottom line. We need to focus on revenue growth and our customers.
While at first glance these statements seem reasonable, they in fact underlie a host of conceptual shortfalls that drive behaviors which, at best, dilute the effectiveness of the post-closing enterprise and, in the worst case, result in unmitigated risks that can result in lost business, reduced revenues, or unanticipated liabilities.
With regard to the "short term" mindset, while these services generally are in place on for an interim period, they serve as a bridge to the broader (and longer term) integration of enterprise operations (both back office and front line). The thought that "we can fix things later" after the closing dust settles is a misstep that can lead to day-one business continuity issues (like interruptions in employee access to key systems), inefficiencies, (like additional license costs for unaccounted for but needed software), and employee dissatisfaction that can tug at the cultural fabric of the company. Not surprisingly, issues of this nature can (and often do) impact the customer and potentially the bottom line. This leads to my second point.
That is, what happens when the run of the mill business operations you've come to take for granted don't work (or are degraded or interrupted)? Setting aside the consternation of your own people, in some cases this can have a direct impact on your customers and hence your revenues. In the heat of deal negotiations, these subjects are often relegated to the back burner as they are viewed as lower priorities and are not "sexy" in the minds of the deal team. In an interview I conducted a few years ago at a M&A event with Argyle Executive Forum, the following exchange brought to light the hazards of this mindset:
In the context of overlooking the back-office (and the resulting inadvertent business interruptions), I posed a question along the following lines:
"...if all of a sudden we're having problems with the network and we can't email or data centers are having down time and someone in the field on the sales force can't get their tablet to record a sale, that's going to have a direct impact on business. Have you experienced that at all?"
The response was telling:
"We acquired a business in the U.S. and shame on us but we didn't put enough emphasis on the back office and it was certainly a learning process. On day one, the sales reps are going, 'Where are my reports?' And we ended up sending them paper copies until we got our act together. Shame on us, but I'm sure we're not alone. It was a detail that was overlooked, because it's not, as you said before, the 'sexy' part of the deal. But it gets real sexy when your customer says, 'You mean to tell me you didn't think about this?'"
The Right Perspective - The Value Imperative
Perhaps the best way to approach a transition services effort is to focus on what I'll call the value imperative for these services. From my perspective, the transitional aspects of a merger, acquisition, spin-off or divestiture must help achieve the following:
Ensuring a Competitive Edge & Risk Avoidance - In the new economy (characterized by rapid change, innovation being seen more like "table stakes" than a differentiator, technology-driven efficiency gains, increasing cyber/security risks and globalized competition), the transition services must position the post-closing enterprise to be even more competitive while at the same time appropriately protecting against business continuity risk;
Preserving Valuations - The transition services and related terms must at least preserve (and potentially enhance) valuations; and
Exploiting the Mission - The transition service regime must enable each impacted enterprise to better exploit the target synergies that drove the transaction in the first place.
Put another way, whether market-driven, opportunistic or as part of a broader strategy, what management (and the shareholders) really care about is exploiting the intended synergies to drive value. If there are transition services, they should be aligned with these objectives.
In the second installment on this topic, I will focus on the perils of poor planning, inadequate diligence and incomplete execution in transition service arrangements, and how these perils can be avoided through a disciplined and efficient process leveraging the right terms, tools and templates.
News of Alibaba's cloud investment and a recent software park tour indicate that China's IT services industry is evolving in its own way.
Alibaba Invades Silicon Valley The "Amazon of China" is following Amazon's playbook yet again with their investment in the cloud. Aliyun, Alibaba's technology arm, already operates five Chinese data centers supporting 1.4 million customers. They cite high performance specs, such as the ability to process 80,000 orders per second during peak shopping season, and a successful defense against the largest recorded DDoS attack in China, which lasted 14 hours with a peak onslaught of 453.8 gigabytes per second. Even with this performance, competing on Amazon's home turf will be no small task. Aliyun will initially pursue the growing number of US-bound Chinese companies. "We know well what Chinese clients need," explains Sicheng Yu, Aliyun's head of international; "now it's time for us to learn what U.S. clients need."
A Recent IT Industry Tour in Beijing Nope, China is still not "the next India." In spite of the hype that surfaces every few years, China is not becoming "the next India." India's unique path cannot be replicated. Yet, a recent tour of Beijing's Zhongguancun Software Park, where many new large buildings are bustling with bright-eyed, Starbucks-fuled youth, reveals that something is going on in China.
A few buildings housed familiar foreign brands (Oracle, IBM and Tata are there), though many belong to large Chinese IT service providers such as Neusoft, Pactera, and Beyondsoft.
If China is not the next India, what are all of these young workers doing?
Asian Roots; Global Ambition - The vast majority of China's IT outsourcing companies still serve Chinese, Japanese, and other East Asian customers - not insignificant markets. However, Chinese firms are expanding globally (1) by servicing Chinese branches of large multinational firms, and (2) by following existing Chinese customers abroad, as Aliyun is doing in the cloud space. The real value of these engagements is in providing a toehold for even deeper expansion.
Narrow Industry & Technology Focus - Chinese IT service providers tend to have deep technical strengths in narrow areas, often related to their legacy. For example, Aliyun was built to support Alibaba's online marketplace. As a result, Chinese firms may be most competitive when servicing discrete projects or components, rather than acting in a broader role as, for example, an IT Service Management (ITSM) provider.
Leveraging Hardware & Manufacturing Enterprise - China's manufacturing dominance has been successfully leveraged by some firms to create software and IT service offerings. For example, Neusoft, China's largest IT service provider, developed an expertise in telemedicine and medical imaging, in part through their role in producing both hardware and software for MRIs. They also opened a Detroit office in 2013 to focus on integrated automotive software.
While Chinese IT service providers cannot yet compete with the largest one-stop global IT shops, for an increasing range of geographies, industries, and service categories, they are providing unique value.
Internet of Things (IoT), whereby miniature computers are embedded into objects
and devices and connected via the internet using wireless technology, offers many advantages, such as smart thermostats which have the ability to
remotely monitor and adjust your heating at home, and medical devices / apps which
are used by patients to enable remote monitoring (e.g. a dangerous change in a
patient's insulin levels).
recently at CES 2015, Las Vegas' annual hi-tech trade show, the chair of the US
Federal Trade Commission, Edith Ramirez, warned of a future where smart
interconnected devices enable technology firms to build a "deeply personal" and increasingly detailed and granular picture of consumers
that will subject consumers to highly targeted advertising of products and
services, as well as leaving them vulnerable to data attack.Ms. Ramirez said that smart devices could
potentially collect data such as an individual's health, religious and other
lifestyle preferences, and asked "will
this information be used to paint a picture of you that you won't see but that
others will?" Data should only be
gathered for a specific purpose, said Ms. Ramirez..."I question the notion that we must put sensitive
consumer data at risk on the off-chance a company might someday discover a
valuable use for the information".
around the world are increasingly concerned to ensure that security and privacy
issues are taken seriously by device manufacturers.For example, the Article 29 Working Party (the independent
European advisory body on data protection and privacy) issued
an Opinion in September last year which reviewed the IoT and the specific
data protection and privacy challenges raised by it, assessed the state of the
applicable law (in Europe) and made a number of recommendations applicable to
relevant IoT stakeholders. These include a call for IoT device, O/S and
application manufacturers, and developers to apply the principles of Privacy by
Design and Privacy by Default and to undertake Privacy Impact Assessments
(PIAs) before any new application is launched in the IoT.
We can expect the
IoT to be increasingly subject to regulatory (and judicial) scrutiny over the
next few years.And for good reason. Last
study by HP found that the average IoT
device has at least 25 security flaws, and there have been an increasingly
number of disturbing real
life events reported, including attempts to hack web-connected baby
monitors as well as numerous hacks demonstrated by security experts and
researchers, including internet routers, smart TVs, connected fridges and
is the second of two postings that outline key pricing protections you should consider
negotiating with licensors of ERP software to provide flexibility and
predictability in managing the ongoing license and maintenance costs associated
with the software.In the earlier
posting, we discussed future option discounts, exchange rights, and maintenance
locks and caps.In this posting, we focus
on shelving and termination rights, acquisitions and divestitures, and
Shelving / Termination
and termination rights provide the ability to reduce annual maintenance spend
on unused licenses by either "putting them on the shelf" until needed or
terminating unneeded licenses altogether.There are three basic approaches to shelving and termination
rights.In descending order of
desirability, they are:
Shelving - which
allows you to shelve and later reinstate licenses subject to paying a
reinstatement fee (typically based on the maintenance fees that would
have been payable on the shelved licenses during the shelving period);
- which allows you to terminate unneeded licenses to reduce maintenance
fees, but does not allow reinstatement of the licenses (i.e., you would
need to purchase replacement licenses if you later have a need for
Termination Tied to New Buys - which allows
you to terminate unneeded licenses only to offset maintenance fees on a
contemporaneous new purchase of additional software from the licensor.
often strongly resist shelving rights and they can be difficult to obtain in
the absence of considerable negotiating leverage.As a result, termination rights may be the
only viable option on some transactions.
licensors take the position that termination is an all-or-nothing proposition;
that is, the client must terminate every license to every licensed product in
order to terminate even a single licensed unit of a product.This is an outrageous position, particularly
given the broad scope of products and functionality in ERP software.At a minimum, you should push hard for the
right to terminate either individual licenses or logical groupings of licenses
without having to terminate all other licenses.
implemented, you can expect to use ERP software for many years.During this period, there is a good chance
that you may acquire another company or sell off one of your business units.
- To address future acquisitions, you should make sure that the license
covers all existing and future affiliates of the legal entity that
executes the license agreement.
Divestitures - To address
divestitures, the license agreement should permit you to use the
software to provide transition services to a divested business unit at
no additional license or maintenance fees (other than fees associated
with increased usage of the products). The transition period should
extend for a minimum of 12 months and desirably longer.
time to time, licensors will discontinue products and incorporate functionality
from the discontinued products into new products.This forces you to either migrate to the
licensor's successor product or look for an alternative in the market.Given the cost and criticality of ERP
software, you should negotiate the right to obtain successor products without
additional license or maintenance fees when they are released by the licensor
(and in any event at such time as the licensor announces it will cease to
provide mainstream maintenance on the product).Licensors will often condition this right on you're not using any new
functionality of the successor product.However,
the design of the successor product may make it impossible to avoid using new
functionality and there should be an exception that permits your use of new
functionality to the extent it cannot reasonably be avoided.
licensing and implementation of ERP software is a major long-term investment
for any company.In addition to
negotiating favorable upfront pricing for the software, it is important to build
in pricing mechanisms that provide flexibility and predictability in managing
the ongoing license and maintenance costs associated with the software.This is the first of two postings that
outline key pricing protections that you should consider negotiating with
licensors of ERP software.
Future Option Discount
future option discount provides a right to purchase additional software licenses
at a specified price or at a specified discount off the licensor's then current
list price.This right has a number of
It provides predictability in licensing
costs due to business growth and assures that the licensor cannot take
advantage of you on future purchases when you may have little or no
leverage in negotiating price.
It may enable you to reduce the
initial buy, thereby lowering maintenance costs during the period in
which the software is being implemented. However, you need to strike the
right balance here. Reducing the size of the initial buy may impact the
discount level the licensor is willing to offer. As a result, you
should seek to achieve the optimal balance between (1) high discount
levels on the initial buy, and (2) savings on maintenance fees by
deferring purchases until licenses are needed.
In negotiating future options discounts, you should seek the following:
The option price should be the same or very close to the discount level as the initial buy.
The option period should be at least 3 years and desirably longer given the long-term nature of the investment in ERP software.
option should apply both to the license of (1) additional units of
previously licensed software and (2) existing and future software
products of the licensor that are not part of the initial buy.
initial buy of ERP software is usually based on a forecast of current and
future demand for the relevant license metrics (e.g., named users, cores,
annual revenue, etc.).However, demand
forecasts rarely prove to be 100% accurate.Exchange rights provide the ability to swap licenses for which you have purchased
too many units for licenses for which you have purchased too few units.
negotiating exchange rights, you should seek the following:
The ability to exercise exchanges across as many licensed products as possible.
The ability to exercise exchange rights at least annually and desirably on a more frequent basis (e.g., quarterly).
A period of at least 3 years and desirably longer in which to exercise exchange rights.
Maintenance Locks & Caps
- the "gift that keeps on giving" for licensors - is a significant cost
in software licensing. For example, if maintenance fees are set at 22%
of net license fees (which is the current standard among major licensors
of ERP software), you are effectively paying the cost of a new license
about every 4.5 years in the form of maintenance fees. The licensor
should be willing to commit to a multi-year period - desirably at least
4-6 years - in which annual maintenance fees may not be increased and
thereafter to some form of cap or limitation on subsequent annual
increases, such as capped annual inflation adjustments.
In our next posting, we will focus on shelving and termination rights, acquisitions and divestitures, and successor products.
As a thin guy, I used to subscribe to the
philosophy of wearing large clothes to look bigger than I was.What I actually looked like was a scrawny guy
in ill-fitting clothes that were not overly comfortable.
Sourcing of IT and associated services may be
falling into a similar trap.Rather than
using agreements that are the right shape or size, purchasing organizations are
developing and rolling out standard templates that are supposedly broad enough
to cover everything--unfortunately, they often do not cover any particularly
purchase properly.Specifically, we are
seeing a proliferation of master service agreements (MSAs) that, largely
speaking, come from an IT development context.These are then begin applied to software licensing, professional
services; and cloud services agreements--all of which are different transactions
with different needs.
To illustrate, let's review the application
of an MSA to a Software as a Service (SAAS) offering.As a threshold, the MSA contemplates project
style initiatives, whereas the SAAS offering is by its nature on ongoing,
recurring offering over a specified term.Under an MSA, the buyer typically attempts to assert ownership of all
developments; this is antithetical to the SAAS model where the supplier
contributes IP to continually improve its offering.Under the MSA, the buyer heavily negotiates
the service levels; in SAAS, the service levels are the same for all like
buyers--without such consistency, there is no shared offering and no cost
benefit of the SAAS model.We could go
on, but the point is clear--a customer MSA is not likely to be a good fit for a
The MSA is not a bad document and it may well
be suited for certain purchase.In
addition, there are many ways in which a template MSA may be used to the
benefit of other types of purchases.In
fact, it may well be advised to review an MSA to identify gaps in another form
of agreement, as long as one does so with an eye toward keeping out elements
that do not really apply (I now have relatively broad shoulders, so shoulder
pads are no longer a good fit).That
said, there are also strong benefits to using a properly tailored contract; not
only will it streamline negotiation, it may actually much better fit the
specific needs of the transaction at hand.
Pillsbury Global Sourcing advises buyers on all aspects of outsourcing and complex technology acquisitions. We have architected and negotiated deals worth over a half a trillion dollars on behalf of Fortune 500 clients. Blog content taps the insight of our people based in London, New York, Austin, San Francisco, and Washington, DC.