What should an enterprise customer do to protect itself from a grand financial fraud by senior manager(s) of a globally respected IT or BPO outsourcing company?
This astounding question arises from the reported confession on January 7, 2009, by B Ramalinga Raju, founder and CEO of Satyam Computer Services, India’s fourth largest IT and outsourcing firm. Raju reportedly confessed to an abuse of trust involving understating assets and income and overstating liabilities, about a month after he made a failed proposal to engage in quasi-insider trading by using Satyam to acquire some real estate companies owned by his sons. The shockwaves from the confession sent the Mumbai stock market down 7.2% in a day on January 8, 2008.
The Raju / Satyam Shock Wave. More likely, further shock waves will usher in a new era of global regulation covering securities issued by ITO and BPO service providers, auditing standards, conflicts of interest and thoughtful contractual precautions in outsourcing contracts for global services. I call will call it the Raju / Satyam Shock Wave. The Raju / Satyam Shock Wave will forever change the landscape for supply chain management, the global services industry and outsourcing contracts. We can expect globalization of new regulations, procedures, contractual provisions and software for corporate governance, risk management and compliance (“GRC”).
Restoring Confidence. Like auditors, consultants and advisors, lawyers play a role in creating a legal framework of trust, transparency and accountability in global services economy. Any such abuse of trust refocuses attention on tools for escaping from similar abuses in the future. So, what does the global services community need to do to restore confidence?
There are the inescapable lessons that came after the massive Enron fraud in early 2000’s, in which a few individuals inside the company and in the auditing firm were responsible for the collapse of both the company and the auditing firm and the loss of value by investors, employees, retirees and suppliers. In the U.S., the lessons learned were encapsulated and promulgated in the massive Sarbanes-Oxley Act of 2002.
A New Discipline. In its visceral response, Nasscom hit the nail on the head: it’s time to install more discipline into corporate governance of BPO service providers in India. This begs the question: why not a more global, holistic approach to governance, risk and compliance? Many other questions arise too.
What Losses Have Been Suffered? If Satyam’s reputation is damaged, what loss has Satyam’s clientele suffered? Is such loss compensable? What other rights do the clients have? This line of inquiry suggests a number of possible solutions.
New Contractual Clauses. Outsourcing contracts contain several standard clauses designed to protect against financial frauds by service providers.
New Audit Rights. These contracts generally involve technical and operational audits, but not broad financial audits, of the service provider. Enterprise customers of BPO services generally rely upon the service provider’s corporate auditors to ensure the financial statements are not fraudulent.
Rights of Customers against Auditors. This is not new. Already, the Institute of Chartered Accountants of India (“ICAI”) reportedly filed a show-cause notice under its internal rules demanding that PricewaterhouseCoopers, Satyam’s auditors, face discipline. What rights do customers have against auditors?
New Representations and Warranties. Purchasers of goods and services from foreign suppliers generally do not ask for representations or warranties that the financial statements of the supplier are true, accurate and complete in all material respects. But major investors, banks and other lenders ask for such assurances. Should enterprise customers ask for such assurances? How can suppliers deal with these concerns? What should be the remedies for a breach? Termination rights? Partial termination? Change in pricing? Damages? Injunctive relief? Release from non-hire and non-solicitation covenants? It will be some time before new “best practices” are adopted to rebalance the risks of a huge financial fraud.
Choice of Applicable Law. Must the foreign service provider meet the local laws of the service recipient’s country? Or should there be differences, just like wage differences for “wage arbitrage,” where service recipients can shop based on “legal system arbitrage”?
New Termination Rights. What rights can an enterprise customer legitimately ask for to protect against the risk a global services provider will implode? Implosions can come from disasters, unsustainable business operations, lack of redundancy, securities fraud and violations of applicable law by the CEO or by the enterprise. Termination rights might now include clauses taken from other industries, such as Hollywood (and maybe now Bollywood):
- “Morals” Clause. This clause allows termination of a contract if the “star” is caught up on scandal. It’s only a question of definition, and who decides when a scandal has occurred.
- A Special “Raju / Satyam” Clause. I’d like to know if anyone thinks a special clause is needed to protect against future frauds.
- Cross-Defaults. Bankers, famous for lending you an umbrella on a sunny day, understand implosion. They use cross-default clauses. Of course, such clauses are self-fulfilling prophecies, since any single default could trigger bankruptcy, hurting all customers.
- Code of Conduct. A breach of a code of conduct could be an omnibus termination right. But most Codes of Conduct are vague, and might be so vague as to be ineffectual against some frauds.
New Internal Controls. Happily, “governance, risk and compliance” software is now available from ERP vendors. Oracle touts its suite as complete, integrated business intelligence and analytics for GRC. Enterprise customers will now want to know more about those internal controls at their service providers.
New Auditing Principles. India’s auditors will face the same music that American auditors did after the Enron debacle. Any conflicts of interest between giving consulting advice and auditing should be shut down.
New Corporate Governance Rules. India’s securities laws for the protection of investors are nowhere near as stringent and pervasive as the American securities laws. The Raju/Satyam debacle has already inspired Nasscom and others to call for a sea change in regulation of BPO service providers. New Sarbanes-Oxley-type regulations will likely follow those that were adopted in the United States following the Enron debacle. So we can expect globalization of regulation of BPO service providers:
- Separation of Roles of CEO and Chairman.
- Development of a culture of corporate compliance (as a factor in the rules for
determining whether a criminal offense was aggravated and thus merits harsher punishment of white collar crime.
- Personal certification by CEO and CFO of quarterly financial statements.
- Internal reporting rules for “up the line” responsibility from each person in a managerial or financial role.
- Imposition of protections for whistleblowers, and designation of in-house attorneys as the whisteblower.
New National Legal Regimes. All this boils down to one conclusion. Legislators in countries promoting local outsourcing service providers need to play by new emerging global rules for restoring trust through corporate governance, risk management and compliance frameworks. In short, it’s also time to understand that differences in legal regimes constitute real economic risks. And harmonization of investor-protection laws can restore trust locally and globally.
New Headquarters. Many Indian, Chinese, Russian and other outsourcing companies have incorporated in other jurisdictions to establish trust in their corporate governance regimes. The Raju / Satyam Shock Wave will tilt the selection process to favor such truly global companies who select predictable, “secure,” transparent and democratic legal regimes for their place of incorporation.
Developing New Strategies. These are issues for discussion with strategic lawyers who understand the outsourcing process, the role of outsourcing in corporate operations and risk management. Everyone in the sourcing industry should take advice on practical and legal solutions and strategies.. It’s never too early to review your rights, remedies, roles and responsibilities or to develop new strategies in response.