Tech & Sourcing @ Morgan Lewis

In this blog post we explore build-operate-transfer (BOT) models in relation to businesses setting up offshore delivery centers, commonly becoming known as Global Capability Centers (GCCs).

Starting January 17, 2025, financial entities based in the European Union must have in place processes and policies, as well as mandatory contract provisions with their third-party technology vendors, that comply with the EU’s Digital Operational Resilience Act (DORA). Financial entities are currently at varying stages of updating their operational risk management frameworks and remediating contracts with technology vendors. For banks, the European Central Bank has signaled that resiliency will be a top priority on its supervisory agenda.

A significant number of legacy software solutions are now incorporating generative artificial intelligence (GenAI), and most new software solutions have some form of GenAI capabilities. This is true across the majority of, if not all, industries and, as such, it is not surprising that we are seeing a large increase in GenAI-related queries from businesses that use, or are procuring, software.

Beginning January 17, 2025, the European Union’s Digital Operational Resilience Act (DORA) will require financial entities to maintain and submit to EU regulators a comprehensive register of their contractual arrangements with third-party information and communication technology (ICT) service providers. Financial entities are being given the opportunity to sign up for a voluntary reporting exercise by May 31, 2024, running between July and August 2024, to help them prepare for one of the most challenging aspects of implementing DORA.

The Federal Trade Commission (FTC) approved a Final Rule on April 23, 2024 banning almost all worker noncompetes. Questions abound regarding the authority of the FTC to create such a rule and the potential implications of its implementation. To help create some clarity, Morgan Lewis lawyers have prepared answers to frequently asked questions (FAQs) related to the Final Rule’s applicability and anticipated impact as well as what businesses can do to prepare.

This blog is the finale to our Cracking AI and Outsourcing Conundrums series, a series in which we’ve discussed thought-provoking topics and set the stage for dynamic discussions with outsourcing customers and providers on the opportunities and risks of generative AI (GenAI) solutions in the outsourcing space. In this Part 4, we examine certain top-of-mind issues arising in connection with ownership and use rights when leveraging GenAI.

Welcome to Part 3 of our Cracking AI and Outsourcing Conundrums series. In Part 1, we discussed at a high level the challenges of requiring outsourcing providers to drive innovation through the use of generative AI (GenAI) while at the same time complying with an outsourcing customer’s AI policies. In Part 2, we dove into the conundrum of balancing a company’s need for enhanced quality checks with the desire (by the company and the outsourcing provider) to drive productivity and realize savings.

In Part 1 of our Cracking AI and Outsourcing Conundrums series, we discussed at a high level the challenges of requiring outsourcing providers to drive generative AI (GenAI) innovation while at the same time complying with companies’ AI policies. One of the challenges we identified was that many outsourcing agreements impose aggressive savings commitments, to be realized through the implementation of technology solutions that enable headcount or other cost reductions.

Innovation: all companies want their outsourcing providers to be at the forefront, whether accomplished by proposing ideas, implementing solutions as part of their business-as-usual services, or offering savings based on productivity commitments or other demonstrable business impact. Some outsourcing providers may even use innovation as a key differentiator during the sales cycle, putting real dollars at risk if innovation projects don’t realize promised savings. And what innovation is more top of mind presently than the use of artificial intelligence?

New ICT incident reporting requirements under Circular 24/847 (Circular) of the Commission de Surveillance du Secteur Financier (CSSF), Luxembourg’s financial regulator, will come into effect on April 1. This introduces a new ICT-related incident reporting framework and underscores the critical importance of proactive measures in safeguarding financial institutions against ICT and cyber threats.