Contributed By Maddocks
Outsourcing of ICT services is continuing to grow in popularity. Organisations are continuing to outsource ICT services to professional ICT companies so that they can focus on core business requirements.
This section discusses trends in ICT outsourcing, and how the market has shifted from traditional IT contractual models. Subsequent questions discuss the impact of new technology, such as artificial intelligence and blockchain, and the legal risks organisations face when implementing these types of technologies (and how to manage these risks).
The most prevalent modern trends in IT outsourcing contracts are:
As a consequence, there has been a shift to funding models that rely almost entirely on operational expenditure (opex), rather than a combination of upfront capital expenditure (capex) and ongoing opex.
The concept of "managed services" is extraordinarily broad, and it is used widely in IT contracts. The term "managed services" might be used to describe anything from services provided to manage the provision of a business function (such as document management), to services provided to manage complex end user services involving the provision of personal computers, business applications and support.
Before the inception of the term "managed services", traditional IT outsourcing contracts encompassed the following features:
A traditional outsourcing contract would therefore cover matters such as the following:
In summary, the focus of a traditional IT outsourcing contract is weighted towards inputs and technical performance standards, rather than looking at business needs more holistically.
Organisations now recognise that an overly prescriptive contract may not be suitable, and it may be more appropriate to draft a contract with a greater emphasis on outcomes and business-needs performance measures, with built in agility. As a result, modern managed services contracts are often directed towards the following:
Therefore, a modern managed services contract might have the following attributes:
Modern managed services contracts may also need to support digitised services, which means the contract may include provisions designed for automation in business processes (see 1.3 New Technology).
Emerging issues for managed services contracts include the following:
Cloud services products are increasingly being utilised to provide business functionality without the need for substantial infrastructure investment. 42% of businesses in Australia reported using a paid cloud service (APS 2019), which is likely to be due to the perception that cloud services provide substantial cost and efficiency benefits.
However, there are still major customer risks in utilising cloud services, and this is having an impact on uptake. These include:
Customer approaches to these issues may include:
This area of the market has not substantially changed from the perspective of identifying and describing the business process to be outsourced. Rather, BP outsourcing has evolved to incorporate new technology and services solutions, including managed services approaches. As a result of this evolution, the market is more competitive with fewer geographic limitations.
New technologies such as artificial intelligence (AI), robotics, blockchain and smart contracts, are enablers. Each of these forms of technology offer a new way of solving existing business needs. The standard ICT contract risks are all relevant to these new forms of technology. However, these risks manifest differently as a result of new technology. This section will address how these technologies are affecting the market, from increased efficiency to the increased risks inherent with new and innovative methods.
Automation and Autonomy
Each of these new technologies uses a degree of automation in its functionality. This leads to enterprise solutions that can interpret information automatically with fewer errors, resulting in enhanced productivity. This type of technology easily adapts to change, and is primarily used to increase efficiency, which is useful in emergency situations where a human response is too slow and possibly inefficient.
For example, the more information AI systems process, the more effective they become at analysing information and responding to requests. AI can use this ability to analyse and respond to information to formulate responses to mundane queries and tasks without the direct input of a human. This leaves the human time to focus on more strategic objectives.
In addition, the use of blockchain technologies may be beneficial to vendors with multiple data sources in a multi-vendor ICT environment because information is transparent, traceable, and allows users to interact directly without use of a "middle man". This is particularly useful where collaboration is a key element of the ICT environment.
In using automation and autonomous systems, organisations are faced with legal risks such as:
IT outsourcing businesses are able to use automation to do the following:
Traditionally, responsibility for performance (such as meeting service levels or other performance measures) lay with the service provider. However, suppliers providing ICT outsourcing services using new technologies are less likely to accept the same degree of responsibility for performance. This is because they provide the systems on an "as is" basis and may not guarantee a high standard of performance.
The risk for customers is that there is no assurance that the system will work in accordance with its specifications. Customers will, therefore, have to balance the risk of unreliability and unavailability against the commercial benefits of acquiring an automated system. However, even if accuracy is not guaranteed, these systems have often been shown to have a considerably higher level of accuracy (as well as operating much faster) than human equivalents.
Privacy is a particular issue for blockchain technology, including smart contracts, because altering and removing information is difficult. These technologies are designed to retain and analyse data, which may include metadata that can be linked to personal information.
Privacy is also an issue for automated systems. For example, this could be because their engagement with people does not allow for human intervention to control the disclosure of personal information.
Businesses will need to ensure that appropriate safeguards are in place to protect the information. Contracts should include risk mitigations, such as automated disclaimers, for these matters.
Liability is a legal risk for automatic and autonomous systems because it may be difficult to determine responsibility. For example, it may be difficult to ascertain how damage or injury was sustained as a result of malfunction of a robotic tool.
Organisations will have to ensure that contractual documents clearly specify the liability of each party, including any necessary allocation of liability in situations in which responsibility may be unclear.
Enforceability is a risk for smart contracts in Australia because their viability is yet to be addressed by Australian courts. Although a legally enforceable smart contract must still meet the traditional elements of a contract, its terms only exist in machine readable code. This means that, in the event of contractual dispute, interpretation can be difficult, particularly because the identity of the other party to the contract, and their capacity to enter into the contract, is usually unknown.
The fact that these contracts are written by coders who interpret instructions from lawyers provides an additional layer of risk.
Because nodes on a blockchain can be located anywhere in the world, the issue of jurisdiction may create a legal risk for organisations. This is because it may be difficult to determine the appropriate governing law if there is a dispute. In addition, it may be difficult to ascertain the location or identity of a user that has made a fraudulent transaction.
Organisations should therefore ensure that jurisdiction is clearly specified when using blockchain and smart contracts.
One trend to watch is the move towards engaging service providers to meet a defined business need, without reference to any technology or other inputs required to meet that business need. An example is a government agency that engages a provider to develop a system to provide certain services to the general public, on demand. The agency may enter into a contract by which it will fund the service fee charged to members of the public who receive the required government service, without any reference to the technology to be used.
Another emerging trend is the move towards service providers offering their own proprietary infrastructure and data sources and structures, without reference to the data sets and types in the customer’s existing systems (be they legacy systems or continuing systems). This creates additional proprietary data sets and has the effect of making transition-in, transition-out and future integrations more difficult.
Focus on data management, security, privacy and "ownership" are all key questions being asked by customers in the context of modern outsourcing solutions.
There is no overarching regulation of outsourcing in Australia.
Accordingly, the regulatory and legal framework applicable to the outsourcing will depend on the nature of the particular customer (eg, government or private sector), and the industry or other sector to which the outsourcing relates.
This section provides a high-level overview of some of the key legal, regulatory, and industry specific restrictions commonly applicable to ICT outsourcing in Australia, as an example drawn from the industry sector in which there is considerable outsourcing.
It also examines data security obligations and data processing restrictions in Australia, and some contractual protections commonly included in outsourcing contracts which concern privacy and data collection, storage and use.
There is no legislation in Australia which is expressed to apply generally to all outsourcing arrangements or which imposes restrictions on all outsourcing arrangements. Rather, outsourcing arrangements need to facilitate and ensure the outsourced service provider’s compliance with the following:
Each of these is considered in more detail below.
Legislative Frameworks Which Apply Because of the Nature of the Customer
Some legislative frameworks will only apply if the customer is a particular type of entity.
Public sector customers
Commonwealth public sector entities must comply with obligations under the Public Governance, Performance and Accountability Act 2013 (Cth) (PGPA Act), which establishes a system of governance and accountability for expenditure of public resources, including for outsourcing. All procurement must be conducted in accordance with the Commonwealth Procurement Rules (CPRs), made under the PGPA Act. The CPRs mean that Commonwealth public sector entities must carefully approach the market and (among other requirements) select an appropriate outsourcing service provider that provides the best value for money for the Commonwealth. This means that procurement for outsourcing by Commonwealth public sector customers will usually involve detailed specifications and evaluation processes.
Similarly, State and Territory public sector entities and local governments are also required to comply with similar legislation and regulations that apply to procurement by these entities, including outsourcing.
All customers (and service providers) that are “APP entities” must comply with the Privacy Act 1988 (Cth) (Privacy Act). Most Commonwealth public sector agencies and other private sector organisations are “APP entities” (there are some exemptions).
While the Privacy Act does not restrict outsourcing itself, its obligations in relation to the collection, use and disclosure of personal information may impact on the scope, methods and contractual obligations for an outsourcing arrangement.
Regulatory Frameworks Which Apply Because of the Customer’s Specific Industry
This section discusses applicable regulatory frameworks for three industries or sectors in Australia. There are, of course, many other sectors that have specific regulatory regimes.
Public sector customers
Public sector entities are, generally, responsible for the administration of a range of specific legislation, which can contain particular agency reporting obligations or restrictions on the use or disclosure of particular information collected or stored by that entity. These requirements or restrictions may apply directly to any outsourced service provider, or the relevant legislation may only permit the agency to disclose specific information to outsourced service providers in particular circumstances. If this is the case, an outsourcing arrangement would need to be consistent with those circumstances, which will generally require the inclusion of specific terms in the contract which regulate that aspect of the outsourcing arrangement.
Customers regulated by APRA
The Australian Prudential Regulation Authority (APRA), regulates entities which are often the customer in an outsourcing arrangement, including banks, authorised deposit-taking institutions, registered superannuation entities and general life and health insurers.
Entities regulated by APRA must comply with specific prudential standards and practice guides. These include the Prudential Standard CPS 231 Outsourcing, Prudential Standard HPS 231 Outsourcing and Prudential Standard SPS 231 Outsourcing, each of which sets out the rules and requirements for certain regulated entities to outsource a “material business activity”. A “material business activity” is one that has the potential, if disrupted, to have a significant impact on operations or the ability to manage risks effectively.
The Prudential Standards require:
Telecommunications sector customers
Telecommunications providers and internet service providers are regulated by a range of Australian legislation. For example, under the Telecommunications (Interception and Access) Act 1979 (Cth), customers are required to notify the Communications Access Co-ordinator of changes to a telecommunications service or system that are likely to have a material adverse effect on compliance with the legislative requirements. This expressly includes entering into certain outsourcing arrangements.
Government Policy Requirements
Commonwealth or State government policy requirements may also have an impact on outsourcing. The Digital Transformation Agency implements the Commonwealth’s ICT procurement policy, including through the Secure Cloud Strategy and some mandatory ICT panel arrangements.
The Commonwealth also requires consistency with PSPF and ISM security requirements (see 2.4 Penalties for Breach of Such Laws:"Commonwealth Security Policy Framework"). While these policy requirements do not directly affect a public sector customer’s ability to outsource, they can have an impact on the range of suppliers and the technologies that will be acceptable for use in outsourcing arrangements.
Similarly, some States and Territories have their own policy requirements and guidelines relevant to ICT outsourcing. For example, the Victorian Government has released its Information Technology Strategy, Victorian Government 2016-20, and a Cloud-based ICT Services Checklist Guideline. Similarly, the New South Wales Government has its Digital Government Strategy and NSW Government Cloud Policy.
Public sector customers are also required, by applicable government policies, to comply with many other requirements - from gender equality obligations, to encouragement of Australian industry participation, to strict access and audit requirements. While these policies principally apply to the customers themselves, some of them have an impact on service providers or on the way customers construct their contracts with service providers, ie, by contractually passing on the obligations so that the customer is able to meet legislative requirements that apply to it.
Most recently, the Commonwealth has implemented the Black Economy Procurement Connected Policy that applies to all non-corporate Commonwealth entities. Businesses tendering for contracts valued over AUD4 million (inclusive of GST) are required provide a statement from the Australian Taxation Office showing they have a satisfactory tax record. This policy affects large scale outsourcing projects and applies to both local and international providers.
Laws that Apply to Commercial Contracts Generally
Outsourcing arrangements are subject to a range of common law and Commonwealth and State and Territory laws that are applicable to commercial contracts generally (eg, laws restricting enforcement of unjust or unfair contracts and sale of goods and consumer protection laws.
A key protection for customers, which cannot be excluded by contract, is the prohibition of "misleading and deceptive conduct" under s 18(1) of the Australian Consumer law which is contained in Schedule 2 to the Competition and Consumer Act 2010 (Cth). This is a broad provision that prevents entities from engaging in conduct that is misleading or deceptive or is likely to mislead or deceive. It has been very broadly interpreted by the courts in a very wide variety of factual circumstances.
This is addressed in the response to 2.2 Industry Specific Restrictions on Data Processing or Data Security and 2.4 Penalties for Breach of Such Laws, which set out key privacy legislation.
The Privacy Act is the main law in Australia governing how data is to be held and managed, but there are also State and Territory laws containing largely similar obligations. As discussed in 2.2 Industry Specific Regulations, compliance with the Privacy Act is mandatory for all APP entities, which may be both public and private sector bodies.
Under the Privacy Act, APP entities may only use personal information for the purpose for which that information was collected, unless the individual concerned has consented or one of a number of other specific exceptions apply. As there is no exception expressly permitting use or disclosure by an APP entity to another entity as part of an outsourcing arrangement, information flows, privacy notices and consent arrangements need to be carefully considered for any outsourcing transaction if the ICT service provider will be handling any personal information for the customer.
The Privacy Act also obliges APP entities to take steps, that are reasonable in the circumstances, to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. Accordingly, security arrangements for any outsourcing transaction need to be reasonable and should be clearly documented.
The Privacy Act includes a mandatory notifiable data breaches (NDB) scheme, which obliges APP entities to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm (including recommendations of the steps the individual should take in response to the breach). The Office of the Australian Information Commissioner (OAIC), which administers privacy policies and enforces the Privacy Act, must also be notified. ICT outsourcing contracts increasingly include processes for consultation before any notification is made under the NDB scheme.
Special provisions apply to a contracted service provider (including a subcontractor) handling personal information under a Commonwealth contract. For example, an agency entering into a Commonwealth contract must take contractual measures to ensure that the contracted service provider does not do an act, or engage in a practice, that could breach an Australian Privacy Principle (APP) if done or engaged in by the agency.
The Privacy Act also creates a framework for the cross-border disclosure of personal information. Before an APP entity discloses any personal information to an overseas recipient, it must take reasonable steps to ensure the recipient does not breach the APPs and the disclosing entity generally remains accountable for any breach by the overseas recipient, unless an exception applies (for example, the OAIC has provided guidance in relation to the provision of some cloud services where the Australian APP entity does not release the handling of the information from its effective control). Accordingly, outsourcing transactions typically include carefully considered obligations and protections if overseas disclosure of personal information is contemplated.
Additionally, some specific legislative regimes prohibit certain data from being taken outside of Australia (for example, the My Health Records Act 2012 (Cth) specifically prohibits contracted service providers from holding or taking particular health and medical information outside Australia or processing or handling the information outside Australia).
Commonwealth Security Policy Framework
Commonwealth entities are required to comply with a number of policies that impose restrictions on data processing and data security (and there are similar obligations which apply in the States and Territories), including:
Australian regulators are also becoming increasingly prescriptive on data and information security requirements (see APRA’s Prudential Standards, eg, CPG 235 managing data risk, which expressly deals with outsourcing of data management responsibilities, CPG 234 management of Security Risk in Information and Information Technology, and the Australian Securities and Investments Commission’s Report 429 Cyber resilience: Health Check). Customers may increasingly require outsourced ICT service providers to comply with these standards.
On 1 July 2019, APRA revised CPG 234 and CPS 234 and released both documents under CPG 234 Information Security and CPS 234 Information Security.
Penalties for Breach
There are a variety of penalties under various Australian and international legislation for breaches of privacy that may occur in Australia.
If the Australian Information Commissioner upholds a complaint regarding a breach of the Privacy Act, he or she may make a determination. This could be a determination that the party found to have committed the breach must perform acts to address any loss or damage resulting from the breach. A breach of the Privacy Act could also attract civil penalties of up to AUD2.1 million.
In addition to breaching the Commonwealth Privacy Act, a breach of privacy may also constitute a breach of State or Territory privacy legislation or of other Commonwealth, State or Territory legislation, such as health care, social security, education or national security legislation. A privacy breach in Australia may also constitute a breach of the European Union’s General Data Protection Regulation.
A breach of the PSPF would not attract monetary penalties, however, there would be internal consequences for any Commonwealth entity that failed to comply with the PSPF.
Increasingly strong contractual protections for customers in relation to data and security are being included in Australian outsourcing contracts. For example, contracts may now contain:
There is no standard supplier customer model in Australia for outsourcing contracts. There are several common outsourcing contract models that customers and suppliers use. These include:
The form of the customer-supplier contract may be proposed by either the customer or the supplier and is likely to be negotiated in some cases. Although there is no standard contracting model, contracts may be based on the customer’s or supplier’s existing template or they may involve the creation of a bespoke contract which has been drafted for the specific services being outsourced.
Many public sector entities have established contracting templates for use when procuring ICT services. These include the Procure IT Framework which must be used by New South Wales Government agencies, the Queensland Information Technology Contracting (QITC) framework, and the Commonwealth government’s SourceIT contract suite. Further, some contracting templates are mandatory for use by certain public sector entities (eg, Commonwealth government agencies must purchase certain goods and services using mandatory whole-of-government arrangements).
Private sector entities often also maintain their own contracting templates for procurement.
Some models that have generally been used in Australia for outsourcing include:
Captives and shared services centres are common across both the public and private sector in Australia for the provision of ICT and other common back-office services. Australian governments are increasingly establishing shared services centres for various back-office services.
Recent trends in relation to captives and shared service centres (according to the Deloitte Global Shared Services: 2019 Survey Report) include the following:
Outsourcing arrangements are also increasingly concerned with appropriately allocating risk in respect of data security and privacy risks and compliance (including to ensure compliance with the Privacy Act, including the recent notifiable data breach notification requirements, the European Union’s General Data Protection Regulation and State and Territory based privacy regimes). For example, major global ICT providers have been establishing more on-shore data centres in Australia to meet customer demand and requirements for local infrastructure and storage of data (eg, to be able to satisfy government security and privacy requirements for government customers).
There are two main categories of customer protections and remedies that can be included in outsourcing contracts, being financial and non-financial.
Financial protections and remedies include the following:
Non-financial protections and remedies include:
Under legislation, the most commonly used and effective protection of customers is the prohibition of "misleading and deceptive conduct" under s 18(1) of the Australian Consumer law which is contained in the Schedule to the Competition and Consumer Act 2010 (Cth). It has been very broadly interpreted by the courts in a very wide variety of factual circumstances. The remedies available to an aggrieved customer under this section include financial damages and an injunction to prevent or compel certain types of conduct.
Under the common law, an aggrieved customer may terminate a contract when there has been a material breach of the contract.
Otherwise, when a contract can be terminated is governed by the terms of the contract itself. There will generally be a right for the customer to terminate for material breaches. The detail of what constitutes a material breach is generally specified in the contract. It is common for some breaches to allow immediate termination and others to require the customer to give the supplier a notice of breach and opportunity to cure the breach.
There is generally either no right for the supplier to terminate the contract, or a right which will only arise if the customer has not paid an undisputed sum despite receiving a demand to do so. In some cases, there is also a right to terminate on provision of significant notice, so as to enable the customer to transition out.
In Government contracts in Australia, in which the government agency is almost always the customer, it is generally expected that the agency will have a right to terminate (or reduce the scope of) the contract "for convenience", eg, without there being a default by the supplier. This right has been derived from the doctrine of "executive necessity". It is, however, expected that the agency will exercise this right "in good faith" (eg, not just to move to a cheaper supplier) and will be liable to pay compensation, as specified in the contract, to the supplier.
Termination for convenience is rare in private sector contracts.
Both the supplier and customer can always terminate the contract by mutual agreement.
In both the public and private sectors, the following types of losses are generally recoverable:
In the last decade, there has been less of a distinction drawn between direct and indirect loss in Australia. Instead, contracts (particularly major outsourcing contracts) are generally drafted in such a way that specific heads of loss are excluded or included.
Moreover, case law indicates that a contract can no longer expressly exclude all "indirect loss" or "consequential loss". Accordingly, it is common to see liability for the following types of losses being expressly excluded:
Further, most contracts contain clauses in relation to:
In addition, liability in outsourcing contracts may be capped or uncapped. The supplier’s liability in respect of some heads of damages is often capped.
It is common to see uncapped liability for losses incurred by the customer arising from the supplier beaching obligations in relation to fundamental matters such as work health and safety, security, data protection and intellectual property rights breaches.
Finally, it is important to note that in the public sector context, a non-corporate Commonwealth entity cannot grant an indemnity, guarantee or warranty without the consent of the Finance Minister. Similar rules apply to government agencies in a number of the Australian States and Territories.
Within public sector outsourcing contracts, there is generally an implied term of good faith imposed on the customer.
In the Commonwealth, officials are required to "exercise his or her powers, perform his or her functions and discharge his or her duties honestly, in good faith and for a proper purpose", in accordance with s 26 of the PGPA Act. Essentially, this means that Commonwealth officials should act in good faith when entering into or administering an outsourcing contract.
There are similar requirements that apply to government officials in a number of the Australian States and Territories.
In the private sector, an implied term of good faith will always be applied (Vodafone Pacific Limited v Mobile Innovations Limited  NSWCA 15). However, the courts have shown that they may be willing to accept that:
With respect to other implied terms, under the common law, the following terms are often implied:
The various implied terms arising from sale of goods legislation and consumer protection legislation will generally not be applicable to outsourcing contracts.
Any transfer of employees between their old and new employers arising in the context of an outsourcing will involve the termination of their employment with the old employer and the offer and acceptance of employment with their new employer.
Coverage of the Fair Work Act 2009
Australian employers and employees are subject to a mix of Federal and State laws. The principal Federal statute, the Fair Work Act 2009 (Cth) (FW Act), does not apply to every employment relationship and, in particular, to certain employees employed within the State public sectors.
The principles in the FW Act, insofar as they are relevant to outsourcing, apply to "national system employees" and "national system employers". A "national system employee" is an "individual employed (or usually employed) by a national system employer, other than on a vocational placement" (s 13 FW Act). A "national system employer" is in turn defined (in s 14(1) FW Act) as any of the following entities:
Application to State employees
The coverage of the FW Act also extends to employment relationships in States that referred their industrial relations power to the Commonwealth (all States except Western Australia have referred, to a greater or lesser extent, their power to the Commonwealth) and operates subject to any carve out within the FW Act that preserves the application of State legislation (this includes, relevantly for these purposes, each State’s long service leave legislation (per s 27(2)(g) FW Act) – see further below).
There are specific limitations to this reference of power in Victoria. The FW Act has a broad application to the exclusion of mainly judicial officers and senior State executives or office-holders.
By contrast, the referral statutes in other States contain more substantial exceptions. For example, New South Wales, Queensland, South Australia and Tasmania each, in various ways, exclude their public sector workers, including, for example, law enforcement officers, from being treated as "national system employees". New South Wales, Queensland and South Australia do the same for their local government employees.
When an outsourcing is likely to have an impact upon non-national system employees, the laws of the relevant State or Territory should be addressed to determine the rules governing employee transfers within each specific jurisdiction.
Employee transfers under the FW Act
When there is an outsourcing involving the transfer of "national system employees", the transfer of business provisions in the FW Act may be enlivened. This can include an intra-group outsourcing.
A "transfer of business" occurs if the following conditions are satisfied (s 311(1) FW Act):
An employee who satisfies the above criteria is classified as a "transferring employee".
Same, or substantially the same work
The work performed by an employee in the business of the old and new employer must be the same or similar for the transfer of business provisions to be enlivened.
Essentially, the employees terminated by the old employer must, within three months of the termination of their employment, be employed by the new employer to continue to perform work that is substantially the same as what they did previously in connection with the outsourced activities. This is a fact specific analysis and will vary on a case by case basis.
Connection between the old employer and the new employer
There will be a connection between the old employer and the new employer if, among other things, the transferring work is performed by one or more transferring employees, as employees of the new employer, because the old employer or an associated entity of the old employer, has outsourced the transferring work to the new employer or an associated entity of the new employer (s 311(1) FW Act).
The term "outsource" is not defined further in the FW Act, but is intended to have a broad application to any situation where the old employer decides that it no longer wishes to perform work of a particular type, or no longer wishes to perform as much work of a particular type, and so engages a third party to perform that work instead and that third party engages employees of the old employer to continue performing that work.
Implications of a Transfer of Business Under the FW Act
If a transfer of business occurs under the FW Act, the new employer will be bound by any ‘transferable instruments’ covering the transferring employees.
Under the FW Act, "transferable instruments" include any enterprise agreements that have been approved by the Fair Work Commission, as well as any individual flexibility arrangements made between the old employer and any transferring employee under the applicable enterprise agreement (s 312 FW Act).
Modern awards will also continue to cover the transferring employees for as long as they perform work which is covered by the modern award.
The FW Act does not prevent a transferable instrument from covering a new employer simply because the new employer cannot offer some of the terms and conditions included in the instrument or can only do so with some additional impost. This means that:
The new employer must also recognise transferring employees' period of service with the old employer (s 22.5 FW Act). The effect of this is that, for the purpose of some service-based entitlements, such as leave benefits, the transferring employees will continue to be entitled to the entitlements that accrued to them based on their period of service with the old employer, less any amount of those entitlements for which the transferring employee has already enjoyed the benefit (s 22.6 FW Act).
This means that (subject to the exceptions discussed below), the new employer is required to recognise, in respect of each transferring employee:
There are three exceptions under the FW Act to the requirement that the new employer must recognise the transferring employees’ service with the old employer. The first relates to annual leave (s 91.1 FW Act), the second relates to redundancy pay (s 122.1 FW Act) and the third relates to determining when the minimum period of employment ends (s 384(2)(b) FW Act). The effect of the exceptions is that:
The consequences for the old employer, should the new employer make any of the elections referred to above, are as follows:
As set out above, employees’ long service leave entitlements are governed by the long service leave legislation of the State within which the employees work (or predominantly work). Therefore, the implications for transferring employees’ long service leave entitlements in an outsourcing will be determined by the relevant State legislation.
There are no specific legislative requirements to inform or consult employee representatives in relation to outsourcing. However, outsourcing obligations may arise under an applicable industrial instrument (ie, a modern award or enterprise agreement).
Industrial instruments can (and typically do) require consultation when decisions are taken that could have a "significant effect, or impact" on employees. A "significant effect" usually includes any termination of employees’ employment by reason of the outsourcing.
Failure to comply with information and/or consultation obligations in an applicable industrial instrument gives rise to a right for affected employees (or their trade union) to apply for remedies including compensation, reinstatement or an injunction. Penalties may also be imposed.
Additionally, if the old employer proposes to make 15 or more employees redundant as a result of the outsourcing, then certain statutory information and consultation obligations will apply. Further, there are statutory notifications containing information about the dismissals that must also be filed with the relevant Federal Government authority.
As described above, the mechanism by which employees are transferred upon an outsourcing is by operation of the termination of their employment with the old employer and re-employment by the new employer (ie, there is no concept of an "automatic transfer" in Australia).
Although there is no statutory obligation to consult upon a "transfer" of employment, it is best practice, when there is an outsourcing involving the termination and re-engagement of transferring employees, to consult with employees and/or their representatives ahead of the relevant transfer to ensure that the offer and acceptance process runs smoothly and the new terms and conditions of employment with the new employer are adequately communicated to the transferring employees.
The nature, duration and conduct of the consultation process will vary depending on the nature of the outsourcing transaction and existing employee relations.
In both the public and private sectors, there are no general terms about the transfer of assets; these terms are entirely transaction specific. An outsourcing contract involving the transfer of assets would generally include terms relating to the following types of matters:
More generally, prior to entering into an outsourcing contract involving the transfer of assets, both parties will usually:
An important issue for contracts involving the transfer of assets is ensuring that the transfer of ownership and the transfer of risk in respect of the asset occur at the appropriate time. It may not always be appropriate for the transfer of ownership and transfer of risk to occur at the same time, depending on the nature of the transaction.