During the last year, we have seen a significant shift to “as a service” models and cloud solutions, as well as heightened attention on outsourcing as a strategic business tool to enable scalability, improved service, and accelerated access to in-demand technology and resources. This increased reliance on vendor performance to enable business operations has underscored the importance of implementing a solid service level methodology in order to: establish performance metrics that align with the customer’s expectations and business requirements; measure, monitor, and report performance against the metrics; set out the remedies for service level defaults, including service level credits and termination rights; and agree to events that may excuse performance resulting in missed service levels.
Tech & Sourcing @ Morgan Lewis
TECHNOLOGY TRANSACTIONS, OUTSOURCING, AND COMMERCIAL CONTRACTS NEWS FOR LAWYERS AND SOURCING PROFESSIONALS
Over the last year, companies implemented new digital technology solutions at record levels, looking to implement emerging technologies, improve the user digital experience, leverage cloud solutions to store the massive amounts of data being generated, and test the waters on how to transact using digital assets. And we don’t see things slowing down.
We recently highlighted the Morgan Lewis financial services team’s overview of proposed guidance released by the three federal banking agencies with respect to third-party relationships within the fintech industry. The federal banking agencies, though, are not alone when it comes to guidance on third-party vendors.
As further guidance and regulations are proposed and begin to take shape with respect to relationships between banking organizations and third parties, including those in the fintech industry, our multidisciplinary teams here at Morgan Lewis are tracking each development. In July, shortly after the three federal banking agencies (the Federal Reserve Board, the Federal Deposit Insurance Corporation, and the Office of the Comptroller of the Currency) released their proposed risk management guidance regarding third-party relationships, our banking and financial services team provided a general overview highlighting the key takeaways from the proposal. If you have any specific questions, please reach out to your Morgan Lewis team for assistance.
Through legislation, Connecticut has incentivized businesses to conform to one or more industry recognized cybersecurity frameworks. As we recently discussed, cybersecurity incidents and risks are taking centerstage. Under Connecticut’s recently enacted Public Act No. 21-119, An Act Incentivizing the Adoption of Cybersecurity Standards for Business (the Act), as further described below, a business that implements a qualifying cybersecurity program is shielded from punitive damages in connection with any data breach-related tort claim that is brought in, or under the laws of, Connecticut.
With the recent onslaught of ransomware attacks, it’s time to revisit force majeure clauses (again). Earlier in the pandemic, we reviewed how COVID-19 could impact force majeure provisions. Since then, there has been a flurry of analyzing, renegotiating, and testing contractual language, as parties work through, or anticipate, pandemic-related difficulties. While contracting parties focus on striking a balance of when, and to what extent, a party’s performance will be excused due to pandemic-related circumstances, a different threat could follow a similar trajectory.
Planning for major service disruptions and disasters, such as prolonged power failures, fires, flooding, and other extreme weather events, is an important element of strategic technology and service agreements.
As discussed in a post from last month, annual spending worldwide on cloud services continues to rise with an expected increase up to $332 billion by the end of 2021, which is an increase from $270 billion in 2020. While the private sector is marching forward with increased reliance on hosted services, US government organizations have followed suit by increasing spending in cloud-based solutions allowing them to capitalize on the cost-savings and innovation gained by SaaS offerings.
The European Cloud User Coalition (ECUC) published a paper (the Position Paper) on May 17 recommending, among other matters, the adoption of “model clauses” for the long-term compliant use of cloud technologies.
The European Securities and Markets Authority (ESMA) on May 10 published final guidelines on outsourcing to cloud service providers (ESMA Guidelines) to help firms and competent authorities identify, address, and monitor the risks and challenges arising from cloud outsourcing arrangements. Subject to a few clarifications, the ESMA Guidelines are broadly consistent with the draft guidelines.