Wednesday, March 10, 2004

Legal Compliance in Outsourcing

When is the Service Provider Liable for its Customer's Compliance with Laws, including Payment of Fines and Penalties for Non-Compliance? When is the service provider liable for its customer's compliance with laws, including payment of fines and penalties for non-compliance? Most outsourcing agreements require each party to comply with applicable laws. However, as business process outsourcing ("BPO") services move up the value chain, legal compliance obligations can get somewhat tricky. Consider the scenario where the service provider's services substitute for the enterprise customer's normal compliance with laws governing the enterprise customer's operations. If you are a candidate for public office, your consultant might just be liable for your compliance, fines and penalties. If you stay out of politics, you can still learn about a critical BPO contracting issue that played out in a New York City election campaign.

Context: Compliance with Election Laws. If you are a candidate for public office, your consultant might just be liable for your compliance, fines and penalties. While laws vary, it is instructive to consider the liability of a political consultant. The consultant's client, a New York City political candidate, failed to timely respond to the Campaign Finance Board's draft audit report and filed late four disclosure statements. The consultant acknowledged its office failures. It offered two excuses. First, its failures were due to its own disorganization (and not its client's). Second, the candidate's records were on a computer affected by a computer virus. This is hardly a case involving the usual due diligence, site visits and other critical infrastructure offered by the usual "big ticket" outsourcing. But the case illustrates what happens in case of "worst practices."

Statutory Liability. The particular statute imposes liability on "agents" as well as the political candidates. Under the New York City Administrative Code, §3-711(1), an "agent" includes individuals and entities who have undertaken the responsibility for campaign law compliance.

The Service Agreement. The political consultant claimed that it had developed computerized systems designed to keep its clients' political campaigns in compliance with the campaign finance regulations. The agreement provided that the service provider would complete all filings with the regulatory agency and explain to the candidate and monitor all rules and regulations applicable to the political campaign.

The Course of Dealing. The political consultant actually performed as promised, at least to the degree sufficient to be designated as an "agent" liable under the regulations for compliance. The candidate's Candidate Certification listed the service provider as the mailing address for notices from the regulatory agency. The service provider's employee represented to the regulatory agency that she represented the committee for the candidate's election with respect to compliance. The candidate's disclosure statements were generally delivered by hand by the service provider's messenger. The service provider's contacts with the regulators outnumbered those of other representatives of the candidate's election committee.

Implications for Enforcement of Other Types of Regulatory Legislation. This decision represents an enforcement action by the governmental agency responsible for administering a regulatory law. The regulators targeted enforcement action directly against the "BPO service provider" by reason of its contractual undertakings, its actions for compliance and its direct communications with the agency. The same analysis might not apply to non-delegable compliance duties, such as these of the CEO and the CFO under the Sarbanes-Oxley Act of 2002.

Equitable Estoppel. In this case, the court, without setting forth a theory of law, concluded that it would be inappropriate to allow a service provider to act as agent and not have the liability of an agent.

To allow any entity, that has agreed to fulfill the compliance requirements of behalf of a candidate to shoulder the blame for a candidate's non-compliance, and then to allow that same entity to escape liability because it claims it is not an "agent" of the candidate, would not serve the purpose of the Campaign Finance Act. To accept [the service provider's] argument would defeat the policy behind the Campaign Finance Act.

As a result, the court found that it was not "arbitrary and capricious" to impose the candidate's penalty on the consultant, and that such an imposition did not lack a rational basis.

Lessons Learned. By assuring compliance with laws, the service provider agrees to guarantee the result. Unlike a commitment to use "best efforts" or some other type of "efforts," a BPO service provider's guarantee of results implies an agreement to shoulder the fines and penalties imposed on the service provider's customer by reason of any failure to comply.

By:Bierce & Kenerson, P.C.