Outsourcing 2019 Second Edition

Last Updated October 28, 2019

UK

Law and Practice

Authors



Travers Smith LLP has a commercial, IP and technology department (which undertakes the majority of the firm's outsourcing work) that is made up of six partners and 15 associates. The wider outsourcing team also includes specialists from financial services, pensions, real estate, employment and tax who are experts in advising in relation to outsourcing activities and other commercial contracts with third-party providers. Lawyers at Travers Smith advise both customers and suppliers on a regular basis in relation to all types of outsourcings, including IT and business process outsourcing, together with a wide range of other activities which require a more tailored approach, often with an international dimension. The team regularly works across a wide range of sectors, including financial services, retail, warehousing and logistics, pensions, media and publishing and hotels and leisure.

The USD85 billion IT outsourcing industry is expected to continue to grow as digital innovations develop. Although the desire to reduce costs remains a key driver, a substantial (and increasing) proportion of transactions are motivated by other factors, such as allowing the customer to focus on its core business, improving service and gaining access to the latest expertise and technology. These are all indicators of the market becoming increasingly mature and sophisticated. Key growth areas include machine learning/AI, cloud computing and the outsourcing of IT security (with the latter becoming a particular focus for customers because of concerns over cloud computing and well publicised recent cases involving loss of data, such as the GBP183 million fine imposed on British Airways under the EU's General Data Protection Regulation).

Business process (BP) outsourcing has grown at a rapid rate in the last five years and is projected to continue to do so, with leading industry reports citing compound annual growth of 11% during the period of between 2017-23. There has been significant growth in the range of potential outsourcing destinations available to customers, notably in Eastern Europe, which has increased competition in the sector. Meanwhile, cost-cutting pressures on businesses, the shift from the traditional datacentre to a cloud-based service and the exploitation of new technologies such as robotic process automation and AI to replace or reduce human labour continue to drive growth in BP outsourcing. At the same time, as with IT outsourcing more generally, customer concerns about security are pushing BPO providers to improve their offering in this area.

Owing to the more "commoditised" nature of the service provided, the duration of BP outsourcing contracts is typically shorter than is the case with more complex, "bespoke" outsourcing arrangements (five years or less). Increasingly, rapid technology "refresh" cycles are also tending to lead to shorter durations for BP outsourcing contracts.

Robotic process automation and AI continue to have a major impact on the outsourcing sector. Despite high initial set-up costs, automation is being widely adopted by outsourcers to improve productivity, not least by reducing the cost of hiring, training and retaining employees as well as increasing employee satisfaction by removing repetitive day-to-day tasks.

With consumers becoming increasingly digital, interactions with service providers are changing to become more flexible, user-friendly and dynamic. Many BP outsourcers are now investing in dedicated social media service teams and analytics units to address this demand for multi-channel bilateral communications. Social media monitoring and business intelligence are being seen as increasingly effective ways of gathering and analysing the vast quantities of consumer data and feedback in the public domain.

As regards cloud computing, customers are now looking to apply it more widely in their businesses (having previously often only adopted partial cloud-based solutions) and are therefore investing in more ambitious outsourced arrangements, attracted by the potential for this model to reduce costs and improve efficiency. However, as outlined above, security concerns remain an issue and outsourcing providers are having to invest heavily in this area in order to provide appropriate levels of assurance to their customers.

Brexit

The UK is still a member of the EU at the time of writing (September 2019), however, the UK's potential departure has had an impact on certain types of outsourcing. For example, it has led some businesses to restructure their distribution arrangements in anticipation of the effect which Brexit may have on them, in particular those which have historically used the UK as a hub for distributing to the rest of the EU. This is primarily driven by a desire to avoid disruption at Channel ports which could be caused by the introduction of customs controls. Where those arrangements involved the outsourcing of distribution to logistics firms, this has sometimes resulted in a shift in the "centre of gravity" of those contracts away from the UK, with the establishment of alternative distribution hubs in mainland Europe. Meanwhile, other businesses and the public sector have held back from investing in new outsourcing projects because of the general level of uncertainty.

Other Key Market Trends

Although IT and BP outsourcing continue to account for a large proportion of outsourcing transactions in the UK (in particular, via an “as a service” model), in recent years there has been considerable growth in the outsourcing of other activities, including logistics/warehousing and financial services. Many businesses looking to focus on their core activities are increasingly willing to outsource major, business-critical activities to third-party suppliers. Such contracts typically require a more tailored approach than IT or BP transactions, reflecting the customer's particular needs and/or the regulatory environment in which they operate. They also typically involve longer contract durations, eg five to ten years (as opposed to five years or less).

Although the UK regulates the employment aspects of most outsourcing and M&A transactions (see 5 HR), it does not have any other overarching legislation which seeks to regulate outsourcing transactions on a non-sector-specific basis. That said:

  • businesses should be mindful of regulations specific to their industry sector which might have an impact on the outsourced service and the way it is carried out, service levels and other contractual obligations (see 2.2 Industry Specific Restrictions);
  • public sector outsourcings can be subject to rules on public procurement (see 2.2 Industry Specific Restrictions); and
  • although relatively rare in practice, certain outsourcing arrangements may be subject to EU or UK merger control legislation. Please refer to the Chambers Global Practice Guide: Merger Control 2019 for further information in this regard.

The UK is still a member of the EU at the time of writing (September 2019), however, as noted in a number of cases below, the UK's anticipated departure from the EU may lead to changes in regulation, as the UK may decide to diverge from the EU in some areas. However, in the majority of cases, this is expected to be an evolutionary process which will take time to implement (requiring consultation with industry and the passing of new legislation). Much will depend on the nature of the UK's future relationship with the EU; the more distant it is, the greater the scope for changes in future.

Financial Services

Outsourcing transactions relating to financial services are subject to sector-specific regulation, as outlined below.

The majority of financial services firms in the UK are regulated by the Financial Conduct Authority (FCA). Some of those firms (such as banks, large investment firms, insurers, building societies and credit unions) are also subject to prudential supervision by the Prudential Regulation Authority (PRA). The FCA and the PRA have each published specific and detailed rules governing outsourcing arrangements entered into by regulated firms (which, in certain cases, also reflect mandatory requirements of EU legislation), although the provisions vary depending on the type of financial services business undertaken. Firms that are regulated only by the FCA will need to comply with the FCA outsourcing rules relevant to their type of firm, while firms that are regulated by both the FCA and PRA must also comply with the relevant PRA outsourcing rules. The UK is still a member of the EU at the time of writing (September 2019), however, note that since a number of rules in this area are derived from EU law, such provisions may be subject to future changes as a result of the UK's anticipated departure from the EU.

It is a key principle that a firm remains responsible for compliance with any applicable regulatory rules in connection with any outsourced services. This means that the firm will need to exercise proper oversight and monitor the performance of outsourced service providers so as to verify that any relevant regulatory requirements are being satisfied. Where the firm fails to do so, it may be subject to enforcement action. The FCA and PRA outsourcing rules typically require the firm to carry out due diligence on any proposed service provider to ensure that the provider has the capacity to provide the necessary services effectively. In addition, the firm will normally be required to ensure that the outsourcing contract contains certain mandatory provisions such as those relating to ongoing co-operation and/or enhanced termination rights. Additional requirements may apply in certain circumstances where services are outsourced to a service provider based outside the European Economic Area (EEA).

Where a firm proposes to enter into, or to make material changes to, an outsourcing arrangement which is considered critical or important (such that any failure in the performance of the outsourced services might materially impair the firm's compliance with regulatory rules or affect the continuity of its business), it is normally required to provide advance notification to the relevant regulator.

Public Sector Outsourcings

Depending on the nature of the contract and its value, a public-sector outsourcing can be subject to UK and EU public procurement rules (although these apply to a wide range of contracts, not just outsourcing transactions). For example, the awarding authority can be required to advertise the contract in the Official Journal of the EU, observe certain timings with regard to responses to tender etc and ensure that all bidders are treated equally and without discrimination. Public procurement rules are most likely to have a significant effect on the timing of the pre-contract procedure, the criteria for selection of successful tenderers, and the duration of the outsourcing contract.

The UK is still a member of the EU at the time of writing (September 2019), however, the public procurement rules may be affected by the UK leaving the EU, although it is unlikely that the UK will cease to regulate this area in future. In particular, the World Trade Organisation has approved the UK’s accession to the WTO General Procurement Agreement once it leaves the EU; this will require the UK to maintain at least some of the rules which currently apply to the award of contracts by the public sector.

Critical Infrastructure 

Organisations which supply critical national infrastructure (for example, in sectors such as electricity supply, oil and gas, water, transportation, healthcare and digital infrastructure, including cloud computing storage providers) and meet certain size thresholds are subject to the Network and Information Systems Regulations (the "NIS Regulations"). In brief, the NIS Regulations require them to take appropriate and proportionate technical and organisational measures to manage the security risks posed to them (eg by taking appropriate measures to protect against cyber-attacks).

Where organisations are outsourcing the provision, management or maintenance of any element of the systems on which they rely to provide such infrastructure, they will need to consider how to ensure that the outsourced activities continue to meet the standards required by the NIS Regulations.

Other Sectors 

The parties to an outsourcing will also need to consider any relevant sector-specific regulations, such as requirements for licences or authorisations. These are not normally intended to regulate outsourcing per se, but more to regulate the activity which is covered by the outsourcing. In the UK, the sectors listed below are subject to industry-specific regulation by the regulator listed in brackets:

  • aviation (Civil Aviation Authority);
  • consumer credit (Financial Conduct Authority);
  • education and childcare (Ofsted);
  • energy (Ofgem);
  • food (Food Standards Agency);
  • gambling (Gambling Commission);
  • health and social care (Care Quality Commission);
  • medicines and medical devices (Medicines and Healthcare Products Regulatory Agency);
  • pensions (Pensions Regulator);
  • premium-rate telephone services (Phone-paid Services Authority);
  • rail (Office of Rail and Road);
  • road transport (Driver and Vehicle Standards Agency);
  • security services (Security Industry Authority);
  • telecommunications, broadcasting and postal services (Ofcom); and
  • water and sewerage services (Ofwat).

This list is not exhaustive and the activities covered by the outsourcing may mean that there is a need for licences, permits or approvals from other bodies such as local authorities, the Health and Safety Executive or government departments (for example, certain defence or security-related activities may require Ministry of Defence approval).

The regulation of a number of the sectors listed above is likely to be affected by the UK's anticipated departure of the EU.

Data protection laws are likely to apply where the outsourced services require the supplier to process personal data on behalf of the customer. "Personal data" includes any data such as names, contact details, or other data which relates to an identified or identifiable natural person. In the UK, at the time of writing, the relevant laws are the EU General Data Protection Regulation (2016/679) (GDPR) supplemented by the Data Protection Act 2018 (Data Protection Laws).

Many outsourcing arrangements, in particular business process outsourcings and IT outsourcings, are likely to result in the handling by the supplier of personal data on behalf of and in respect of which the customer is the data controller – ie, the entity which determines the purposes and means of processing of such data. The supplier will be a processor in such situations, and where this is the case, as well as the supplier having a number of direct obligations to comply with under the Data Protection Laws, the customer must also be satisfied that the supplier will implement appropriate technical and organisational measures to ensure that the supplier's processing of such data will meet the requirements of the Data Protection Laws –in particular, to keep the data safe and secure. The customer must carry out due diligence on the supplier to be satisfied of this. In addition, the Data Protection Laws also stipulate that if the supplier is processing personal data on behalf of the customer and in its capacity as a data processor, the contract between the customer and the supplier must address certain issues (see 2.5 Contractual Protections on Data and Security), namely, requiring the supplier to keep the data safe and secure, and to help the customer with complying with its own obligations, for example, when data subjects seek to enforce their rights in respect of data held by the supplier on behalf of the customer. In some outsourcing arrangements, in particular some business process outsourcings such as pensions administration, it may well be the case that the nature and manner of the outsourced services requires the supplier to effectively act as a data controller in respect of any data it processes, and if this is the case, then the supplier will have to comply with obligations placed on it by Data Protection Laws in its capacity as a data controller.

Personal data which is exported for the supplier to process outside the EEA must be exported in a way which complies with the Data Protection Laws. This issue will need to be addressed, for example, where the outsourcing involves "offshoring" of service provision to a territory outside the EEA. The most commonly used mechanism to ensure compliant transfers to territories outside the EEA is to incorporate a set of 'model clauses' pre-approved by the European Commission into the outsourcing arrangement. These essentially require the supplier to put measures in place to make sure that they keep personal data safe. In some cases, alternative mechanisms may be available; for example, some non-EEA countries are regarded as 'safe destinations' for personal data because their own national law offers an equivalent level of protection to that available in the EEA. In other cases, suppliers may have obtained approval from European data protection regulators for binding corporate rules which allow them to export data to other group companies based outside the EEA, without the need for specific contractual arrangements governing the transfer.

The UK is still a member of the EU at the time of writing (September 2019), and this section has been written on that basis. However, data protection is another area of law that will be affected by the UK leaving the EU. In the short term, it is likely that the UK will retain much of its existing regime for data protection. However, in the event of no deal with the EU on data protection, the UK will be treated by the EU as a 'third country'. As a result, where personal data is transferred from an EEA-based customer to a UK-based outsourcing supplier, this will need to be done using one of the non-EEA transfer gateways outlined above. The UK Government has to date stated that UK personal data can continue to flow freely to the EU post Brexit, so that no such additional measures would need to be put in place where, for example, a UK customer is transferring personal data to an EU based outsourcing supplier.

The Data Protection Laws also potentially have an impact at the point when an outsourcing contract is being negotiated, as personal data will be transferred in respect of employees who are transferring over from the customer to the supplier. In these circumstances, care needs to be taken to ensure that personal data is shared and transferred in a lawful manner, with a clear legal basis under the Data Protection Laws for such a transfer. Any personal data transferred outside the EEA will again need to be transferred using one of the transfer gateways outlined above.

As outlined in 2.2 Industry Specific Restrictions, organisations which supply critical national infrastructure (eg, electricity, oil and gas, water, transportation, healthcare and digital infrastructure, including cloud computing storage providers) and meet certain size thresholds are subject to the Network and Information Systems Regulations. These regulations may have an impact on the outsourcing of activities relevant to the provision of such infrastructure. For example, where handling of data is outsourced, even if it is not "personal data", the customer will be required to ensure that the supplier takes appropriate measures to protect against cyberattacks.

The UK Information Commissioner (IC) can impose civil fines of up to EUR20 million, or 4% of the breaching undertaking's annual worldwide turnover in the preceding year, for the most serious breaches of the Data Protection Laws. In the case of breach, the IC can also issue an enforcement notice against a business requiring it to take (or refrain from taking) specified steps in order to comply with the Data Protection Laws.

The Data Protection Laws contain a number of criminal offences, notably offences relating to the unlawful obtaining of personal data, and selling or offering to sell such data.

It should be noted that individuals can lodge complaints with the IC in respect of alleged breaches of the Data Protection Laws, and bring an action for damages against the relevant business. Fines may also be imposed for data breaches under sectoral regulatory regimes eg financial services firms have been fined substantial sums for failure to keep customer data secure.

The maximum penalty for breach of the Network and Information Systems Regulations is GBP17 million, again for the most serious breaches. As with the Data Protection Laws, competent authorities under the NIS Regulations can issue enforcement notices, and also have powers to investigate and audit compliance of organisations which fall within the scope of the regulations.

The Data Protection Laws require that certain prescribed provisions are included in contracts with suppliers which process personal data on behalf of the customer, to ensure that minimum security levels are met in respect of any personal data which is processed. These include requirements that the supplier only process data in accordance with instructions from the customer, to assist the customer with achieving compliance with its own obligations to take appropriate measures to ensure security of processing, and to back up its obligations with subcontractors to the extent that they process personal data. Following changes introduced by the GDPR, data processors are now directly liable for some infringements. As a result, we are now seeing provisions included in contracts to protect their position; also, given the far higher penalties which can now be imposed, specific liability apportionment for losses resulting from a breach of contractual provisions (and statutory obligations) is becoming more common.

In some cases, the supplier may be processing personal data as a standalone data controller rather than as a data processor on behalf of the customer (for example, in some contracts for the outsourcing of pension fund administration). In these situations, the contract will usually include clauses requiring the supplier to keep personal data safe and secure, and to comply with its obligations as a data controller under the Data Protection Laws, particularly in respect of any personal data that the customer may transfer to it or vice versa.

Outsourcing can take a number of forms in the UK. Although there is no 'standard' model, a direct outsourcing is the most common structure adopted by the parties. This allows a customer to streamline its operations to focus on its core activities, taking advantage of economies of scale available to the supplier as well as the supplier's expertise.

A direct outsourcing is the simplest of the outsourcing structures, with the contract(s) being directly between the customer and the supplier. However, the outsourcing will become more complex if the customer procures the outsourced services on behalf of itself and group companies. In this case, an 'agency' model is often adopted, or a third-party rights clause may enable group companies to have directly enforceable rights.

Direct outsourcings typically comprise a single contract (or sometimes multiple contracts) dealing with the core issues (eg, service standards, price, duration, limitations on liability and subcontracting) with schedules which set out (amongst other things) a description of the services provided, services levels, the consequences of failing to meet service levels, governance arrangements and any transferred assets and staff. If the supplier does not have sufficient assets to meet its contractual liabilities or is not the main trading entity in the group, the customer may require a parent company guarantee.

Other contractual models commonly used for outsourcing include indirect outsourcing, multi-sourcing, joint ventures or partnerships, outsourcing via a captive entity and build-operate-transfer structures.

Indirect Outsourcing

An indirect outsourcing is similar to a direct outsourcing, except that the customer appoints a supplier (which is usually domiciled in the UK) that immediately subcontracts the services to a different supplier (which is usually domiciled in a foreign jurisdiction). The principal reasons why a customer may choose this model is that it will wish to interface with, monitor, and enforce its rights against a UK-based supplier, rather than a foreign supplier.

Multi-Sourcing

Multi-sourcing is where the customer enters into contracts with different suppliers for separate elements of its service requirements. An advantage of this model (in addition to those achieved with a direct outsourcing) is to avoid being over-reliant on a single supplier, although this only applies where identical services are sourced from several different suppliers. However, maintaining an effective interfacing between the various suppliers to ensure a seamless overall service (ie "Service Integration and Management" or SIAM) can add additional cost and complexity. The outsourcing contract will typically impose contractual obligations on suppliers to co-operate with one another and to participate in a common governance process, involving regular meetings between all of the parties.

Joint Venture or Partnership

The setting up of a joint-venture company, contractual joint venture or partnership to provide services enables the customer to maintain a greater degree of control than the other legal outsourcing structures, to benefit from the supplier's expertise and to share in the profits generated by the third-party business of the joint venture. Joint ventures can take many forms and are usually complicated (and expensive) to set up and maintain.

Captive Entity

A captive entity model is where the customer outsources its processes to a wholly owned subsidiary to provide the outsourced services exclusively to it, and takes advice from local suppliers on a consultancy basis. This model is sometimes known as a 'shared services division' if the captive entity is servicing different divisions of the same conglomerate company. Whilst this structure will give the customer greater operational control, possible tax benefits and integration with the supplier/group company, the customer will not be passing the risk of performing the services to a third-party provider, and the upfront set-up costs and ongoing costs are likely to be significant.

Build Operate Transfer

A build-operate-transfer model of outsourcing is where the customer contracts a third-party supplier to build and operate a facility, which is then transferred to the customer. It is possible that the customer may ask the supplier to operate the facility for the longer term. Whilst this model is low-risk, it can be expensive.

In our experience, there has been a trend away from customers, particularly in the financial services sector, setting up new captive entities or shared service centres, in favour of a direct or multi-sourcing model (notably, in respect of IT and BP outsourcing). There has also been a recent trend for captive or shared service centres to be sold to a third party in order to recoup investment, divest a non-core operation and to achieve competitive pricing.

Common protections for the customer in an outsourcing contract include service levels agreements (SLAs) or key performance indicators (KPIs) in relation to the standard of performance of the services. These are typically set out either in the outsourcing contract itself or in a separate "service level contract" appended to the contract. They will generally be linked to obligations on the supplier in respect of monitoring and reporting on service levels, often combined with audit rights for the customer.

If the supplier does not meet the specified service levels set out in the contract, the contract may provide that the customer is entitled to financial compensation in the form of service credits or liquidated damages. From the customer's perspective, the effectiveness of a service credits/liquidated damages regime depends on two main factors. Firstly, the customer must ensure that the SLAs/KPIs measure those aspects of performance which it is most concerned about – otherwise it may have no meaningful remedy at all under the service credits/liquidated damages regime. Secondly, the SLAs/KPIs need to reflect a satisfactory standard of performance; if they can still be met even when the practical outcomes, from the customer's perspective, are sub-standard, then they will not provide a meaningful level of contractual protection.

Given the potential weaknesses in any service credits/liquidated damages regime, customers will usually want to consider additional forms of contractual protection. These will typically include warranties given by the supplier, including a warranty that it will provide the services with reasonable care and skill, in accordance with good industry practice and all applicable laws and regulations. The supplier could also be required to warrant the accuracy of information provided by it as part of the tender process, that it has particular accreditations or that it operates in accordance with a particular quality assurance system. If these warranties are breached by the supplier, the customer would then be entitled to pursue a claim for damages.

The customer could also seek indemnities from the supplier in respect of specified loss, such as loss suffered by the customer as a result of the supplier's breach of applicable laws, or against future liability in respect of employees transferred to the supplier as part of the outsourcing (see 5 HR). Additionally, the customer may require a supplier of outsourced services to hold certain insurance, including in respect of damage to persons or property, and to note the customer's interest on its policy. It is also important for obligations to be imposed on the supplier to maintain a "business continuity plan" and make adequate back-up and disaster recovery arrangements.

Whilst these contractual protections will allow the customer to seek compensation from the supplier for failure to comply with the contract, they do not specifically address under-performance. As a result, it is not uncommon for a customer to seek "step-in" rights, allowing it to take over the management of an under-performing service or to appoint a third party to manage the service on its behalf. Less serious problems with under-performance can sometimes be resolved through use of contract management and governance provisions, which typically require the supplier to appoint a contract manager who will meet regularly with the customer's representative to discuss and seek to resolve issues. These provisions may also include a right for the customer to veto proposals from the supplier to dispose of key assets or re-deploy key staff involved in the provision of the services – thereby preventing any deterioration in performance that might be caused by such disposal/re-deployment.

Rights of termination in a variety of circumstances should also be included to protect the customer (see 4.2 Termination). In addition, customers should ensure that, in the event of termination, the supplier remains under an obligation to provide assistance to the customer in migrating the service to a new provider. As part of this, the supplier should be required to draw up an "exit plan" at the outset of the contract and update it on a regular basis (at least annually) in consultation with the customer.

Under English law, parties have considerable freedom to decide in what circumstances a contract can be terminated. For example, a customer may seek a right to terminate a long-term outsourcing contract on notice prior to expiry of its term without any compensation being payable (often called a termination for convenience). However, the supplier may not be prepared to grant such a termination right, or may insist on financial compensation being payable by the customer in the event of early termination for convenience (which will be enforceable provided that the level of compensation is not out of proportion to the supplier's loss arising from early termination, rather than a contractual penalty).

In most outsourcing contracts, both parties will have express contractual rights to terminate the contract if the other party commits a material breach of its terms (typically after the expiry of a cure period) or undergoes an insolvency-related event. The contract may also contain termination rights in circumstances where a party is prevented from carrying out its obligations under the contract for a specified period due to a "force majeure" event.

The customer may also seek to include a right to terminate where the supplier commits specified service failures, and may insist that such termination rights can be exercised in respect of the affected services only, or in respect of the contract as a whole. Another termination right commonly requested by the customer is a right for the customer to terminate upon a change of control or ownership of the supplier.

In addition to the express termination rights set out in the contract, under English common law, an innocent party will normally have a right to terminate a contract for "repudiatory breach", where the other party breaches a condition of a contract. A condition of a contract is a term that goes to the essence of the contract – whether or not a term is to be categorised as a condition will be a matter of contractual interpretation in each case.

Under English law, only loss which was in the reasonable contemplation of the parties at the time the contract was entered into (as a probable result of a breach of it) is recoverable. Outsourcing contracts will typically distinguish between direct loss, which means any loss arising naturally and directly from the breach, and indirect loss, which refers to loss that was only in the contemplation of the parties because of special circumstances made known at the time of entering into the contract.

If a supplier breaches the terms of an outsourcing contract and the breach directly results in loss to the customer (including loss of business or profits), or if the customer incurs expenses in remedying the breach or obtaining replacement services, such loss is likely to be recoverable by the customer as direct loss. If, however, the supplier's breach results in the customer incurring liability towards a third party under a separate contract, the terms of which were brought specifically to the supplier's attention during a tender process or during pre-contractual negotiations (but which would not otherwise have been in the reasonable contemplation of the supplier upon entering into the contract), the loss incurred by the customer under the third-party contract is likely to be categorised as indirect loss.

Whether a loss is a direct loss or an indirect loss is ultimately a question of fact which has important implications for both customers and suppliers, as set out below.

The customer in an outsourcing arrangement will usually try to ensure that it is able, under the contract, to recover all direct loss incurred by it (including direct loss of profit, business and revenue). It is often sensible expressly to set out particular heads of loss that are recoverable, to evidence that these are agreed to constitute direct loss.

The supplier, on the other hand, will usually seek to exclude liability for indirect, special or consequential loss, and for loss of business, profit or revenue (including where these constitute a direct loss). Market practice by suppliers is to list specific types of loss which are wholly excluded, with the most common being loss of revenue, loss of actual or anticipated profit and loss of reputation or goodwill.

It is important to note that loss of profits (together with the other categories of loss discussed above) can amount to a direct or indirect loss. Therefore, if a contract excludes the right to recover indirect, special or consequential loss, the innocent party may still be entitled to recover loss of profits that arise naturally and directly from the breach (ie, direct loss). As such, if a supplier wishes to exclude its liability for loss of profits, this should be done expressly and separately from any exclusion of indirect, special or consequential loss.

In practice, the types of loss recoverable under the contract will typically be a matter for negotiation between the parties.

Under English law, a contract (including any outsourcing contract) will consist of the express terms agreed between the parties together with any terms that are deemed to be implied, either by usage or custom, the parties' previous course of dealings, common law or by statute.

The most relevant statutory implied terms in relation to outsourcing contracts are those set out in the Supply of Goods and Services Act 1982. These include an implied obligation on a supplier of services to carry out such services with reasonable care and skill, an implied term that the supplier will carry out the service within a reasonable time and an implied term that the party contracting with the supplier will pay a reasonable charge (where the contract is silent on such matters or timing/charges are left to be determined by the parties). However, the outsourcing contract often specifically excludes these terms and replaces them with specific provisions, with the intention that all relevant obligations are set out expressly in the written contract.

Where assets are being transferred, a term will be implied by statute that the party transferring the asset has title to it and is able to transfer it. Where the outsourcing involves supply of goods (eg, an IT outsourcing which includes the supply of hardware to the customer), then terms will be implied that the goods are of satisfactory quality and fit for their purpose. 

Implied terms as to title to assets cannot be excluded or restricted. Those relating to satisfactory quality, fitness for purpose and certain other matters can only be restricted where this meets the reasonableness requirement set out in the Unfair Contract Terms Act 1977. Typically, however, most suppliers will seek to exclude these terms and substitute their own, alternative warranties.

Beyond these statutory terms, it is comparatively rare for terms to be implied into outsourcing contracts. This is because they are generally documented in a reasonable level of detail and the English courts will therefore have regard primarily to the express terms of the contract. However, there are circumstances in which additional terms could still be implied. The most common of these is where the parties have failed to address certain issues in their written contract; a term may be implied where it is necessary to give the contract "business efficacy". Such interventions tend to be used sparingly by the English courts, which are generally reluctant to be drawn into "writing the parties' contract for them".

It is also possible for terms to be implied based on "custom and usage", ie, normal market practice or where there has been previous course of dealing between the parties. However, these would typically only be relevant where the express terms of the contract do not address the relevant issue in sufficient detail. For example, if an outsourcing contract had expired, but the parties continued to deal with one another without having agreed a new contract, an English court might imply terms similar to those which were contained in the expired contract (based on the parties' previous course of dealing).

Impact of Brexit on English Contract Law

The UK is still a member of the EU at the time of writing (September 2019). Although the UK's anticipated departure from the EU will bring about material change in many regulatory areas (see 2 Regulatory and Legal Environment), English contract law is expected to remain largely unaffected. This is mainly because the EU has made relatively few inroads into the area of national contract law. 

That said, Brexit may make it somewhat more difficult to enforce certain provisions of contracts governed by English law (such as exclusive jurisdiction clauses) in the courts of other EU member states. Similarly, Brexit may make it more difficult to enforce judgments obtained from UK courts in the national courts of the EU. It is possible that these developments may make some parties to outsourcing contracts elect to have their contracts governed by the law of other jurisdictions. However, the use of English law for international contracts is well established and it is likely to remain a popular choice as a governing law. Similarly, the English courts are likely to remain a popular choice of forum, based on their long-established reputation for fairness and extensive experience of handling complex disputes.

In the UK, most arrangements are governed by the Transfer of Undertakings (Protection of Employment) Regulations 2006 (the "TUPE regulations"). The effect of the TUPE regulations is that employees who are wholly or mainly assigned to the services being outsourced automatically transfer by operation of law to the new provider of the services.

The TUPE regulations apply to an initial outsourcing, where the customer's employees that are wholly or mainly assigned to the activity being outsourced will transfer to the supplier. They will also apply on a change in supplier, where employees of the outgoing supplier which are wholly or mainly assigned to the services will automatically transfer to the incoming supplier. The TUPE regulations also apply to an insourcing, where the outsourcing is terminated and the activities are brought back in-house. In this situation, the relevant employees would transfer from the incumbent supplier back to the customer.

Where the TUPE regulations apply, the relevant employees will transfer on their existing terms and conditions, with continuity of employment preserved. All accrued employment rights and historic liabilities in connection with the transferring employees will also transfer.

Where the TUPE regulations apply, the outgoing employer (the "transferor") must inform and consult with employee representatives about the transfer. Where the employer recognises a trade union, the appropriate employee representatives will be trade union representatives. If no trade union is recognised, the employer must either arrange for the election of representatives from the affected employees or consult with existing employee representatives where these are in place, for example, where there is a works' council or other employee forum.

The transferor must inform the employee representatives about the fact of the transfer, its timing, the reasons for it and the consequences for employees. Where the outgoing employer envisages taking any "measures", it must also consult the employee representatives about those measures. The term "measures" covers any changes to employees' day-to-day working lives, including changes to terms and conditions or working practices, or plans to make redundancies.

To assist with the transferor's consultation duty, if the transferee proposes any measures that would affect the transferred employees after the transfer, it must notify the transferor of the measures before the transfer. If any of the transferee's existing employees will be affected by the transfer, the transferee must also consult employee representatives of its own workforce.

The TUPE regulations apply by operation of law and it is not possible to contract out of them. However, in practice, the parties to an outsourcing arrangement will typically allocate the employment risks through warranties and indemnities in the outsourcing contract. It is usual for the parties to allocate the risks on both entry and exit. It is often market practice for the indemnities on entry to mirror those on exit so that, for example, if the supplier has been indemnified for employment risks on entry into the outsourcing, they will agree to indemnify an incoming supplier against the same risks on exit. It is also very common for the outsourcing contract to include provisions regarding matters relating to employees during the term of the contract, including any restrictions on changes to terms by the supplier, requirements to provide a list of employees working on the services, and restrictions on changing the personnel assigned to the services.

Where assets are being transferred to the outsourcing provider, the latter will typically seek warranties and/or indemnities designed to provide contractual protections relating to the transferor's ownership and ability to transfer the asset, together with the quality and condition of the asset. The extent of such protections will be a matter for negotiation. Transfers of assets may also have tax implications, which the parties may wish to address in the outsourcing contract. In the case of the various assets listed below, certain formalities must also be complied with if the transfer is to be valid, which may be reflected in the terms of the outsourcing contract. In a number of these cases, the consent of third parties may also be required.

Premises etc

The transfer of ownership of premises in England and Wales must be in writing. It is usually effected by deed and will also normally require registration at the Land Registry. The same requirements apply to the transfer of a lease of premises where, additionally, the consent of the landlord is likely to be required.

IP Rights and Licences

The transfer of ownership of UK intellectual property (IP) rights must also be in writing. In the case of registered rights, such as UK trade marks, the transfer will also require registration at the UK Intellectual Property Office. IP licences can normally be transferred subject to obtaining the written consent of the licensor. It should be noted that IP is an area of law that may be affected by the UK leaving the EU.

Moveable Property, eg, Plant and Equipment

The transfer of ownership of moveable property such as plant and equipment is not generally subject to any formalities but a written assignment is advisable for evidential purposes. Where assets have been leased or charged, the counterparty's and/or lender's consent to the transfer may be required.

Key Contracts

Rights under key contracts can normally be assigned provided the contract is in writing and signed by the assignor (although some contracts contain an express prohibition on assignment and others may require the counterparty's consent). The other party (or parties) to the contract must also be given notice of the assignment. However, it is only possible to assign rights under a contract, not obligations. If the parties wish to transfer the obligations under the contract effectively, a novation of the relevant contract is required under which the counterparty to the contract being transferred is a party to the relevant novation, to give its consent to the release of the transferring party from its obligations and to the transfer of those obligations to the transferee.

Travers Smith LLP

10 Snow Hill
London
EC1A 2AL

+44 020 7295 3000

Commercial@TraversSmith.com www.traverssmith.com
Author Business Card

Law and Practice

Authors



Travers Smith LLP has a commercial, IP and technology department (which undertakes the majority of the firm's outsourcing work) that is made up of six partners and 15 associates. The wider outsourcing team also includes specialists from financial services, pensions, real estate, employment and tax who are experts in advising in relation to outsourcing activities and other commercial contracts with third-party providers. Lawyers at Travers Smith advise both customers and suppliers on a regular basis in relation to all types of outsourcings, including IT and business process outsourcing, together with a wide range of other activities which require a more tailored approach, often with an international dimension. The team regularly works across a wide range of sectors, including financial services, retail, warehousing and logistics, pensions, media and publishing and hotels and leisure.

Compare law and practice by selecting locations and topic(s)

{{searchBoxHeader}}

Select Topic(s)

loading ...
{{topic.title}}

Please select at least one chapter and one topic to use the compare functionality.