The labyrinths of legalese have gone multinational. Cross-border transactions are now a staple of the tech services sector, forcing clients and vendors to traverse territory that is potentially treacherous from a legal standpoint.
From issues of compliance and property rights to employment relationships, transnational contracts are at a crossroads. In order to have a clearer picture of how clients and vendors handle cross-border contracts in Nearshore relationships, NSAM spoke with Adriana Sosa, General Counsel at Fullstack Labs. As a lawyer, Adriana has over 20 years of experience in the B2B tech services sector in North and South America.
The following interview covers Adriana’s own views on and experiences with the most relevant topics related to cross-border tech contracts: ESG, intellectual property and foreign exchange rates, to name just a few.
NSAM: How relevant is ESG compliance actually when it comes to cross-border contracts in tech?
Adriana Sosa: The portion of ESG that comes into play mostly in tech is probably the governance piece. As a vendor, do you have a code of conduct? Do you comply with anti-corruption laws such as FCPA or the UK Bribery Act? Even now, some countries in Latin America have enacted their own anti-corruption laws. Brazil has its own body of legislation.
If you’re doing a cross-border transaction, all the most sophisticated clients will have a set of policies that they hope you as a vendor have implemented. The challenge here is that the policies need to meet not only the standards of the country where the client is, but also the standards of the country where you are delivering the project from.
NSAM: Who are the “most sophisticated clients”?
Adriana Sosa: Usually big, public companies; Fortune 200 or 500 companies who have very established procurement processes and standards in their contracts. They would prefer that terms are dictated by their sourcing team. A lot of those templates unfortunately might not be exactly tailored to what you as a vendor would be providing to them.
But at the end of the day, from an ESG standpoint, that governance piece will show up in their template. They would want to know if you have a conflict of interest policy, if your code of conduct meets their standards or make sure that you will comply with their code. They would have some sophisticated language for compliance with extra-territorial law, not only US law.
There’s also privacy policies and having appropriate security controls that meet whatever regiment of privacy they believe should apply to the contract. A lot of the telco companies, for instance, used to have a subcontracting or diversity and inclusion initiative for you to comply with as a vendor. If you had subcontracting practices, they would want to know that you had a target to engage minority-owned businesses as well.
NSAM: These provisions, can they actually make or break a deal?
Adriana Sosa: If they come as a requirement. It’s a matter of setting expectations with the client. A lot of clients will want to standardize; they want 5% of all their vendor subcontracts to be with minority-owned businesses, for example.
Some vendors will have those programs in place, others may not. It’s a matter of making that clear when you’re negotiating the contract with the client and see what’s their appetite for either removing that requirement from the contract or having it trigger only after a certain threshold, let’s say of revenue or commitments that are made mutually, to justify the investment.
If you’re doing a cross-border transaction, all the most sophisticated clients will have a set of policies that they hope you as a vendor have implemented.
If you don’t have such a program, putting together one based on the requirements of a single client might be very costly for the company, and also inefficient. It’s not truly a program until your company actually believes in it. If you’re doing it just to satisfy a contract requirement, does that really change how you do business?
NSAM: I thought that it tended to be a one-sided affair.
Adriana Sosa: If the client is very adamant about the terms that they want to see, or the targets, a lot of times you can, depending on how the language is written, still comply with it. For example: if the client says that 5% of your subcontracts have to be with minority-owned businesses, but you don’t subcontract, then it might be OK signing up for that. If you leverage subcontractors extensively as a vendor, then you need to pay close attention and see how those clauses are written.
NSAM: How do clients track compliance with anti-corruption laws and other ESG-related issues before signing the contract?
Adriana Sosa: I can’t speak for how the clients necessarily track that, but I know that for you to have a compliance program that is considered effective and efficient, you need to have third-party vendor due diligence. Prior to even starting an agreement with your vendor, you would have them undertake third-party due diligence questionnaires, which would help your sourcing team assess the level of risk and maturity of that vendor to prevent or mitigate any of those scenarios. Does this vendor have an anti-corruption policy? Can we see their anti-corruption policy? Do they do business with the government?
Some things will escalate your risks and others will de-escalate it. Once due diligence is done, the client will have its own standards to determine if this is a minor risk vendor or a larger risk vendor; if it needs more information or if it is satisfied with the information. It also depends on the countries where you’re doing business in, because some are, unfortunately, more corrupt than others or have corruption that is more widely known.
Typically, clients also have automatic termination triggers if they find out or suspect that the vendor might be violating any laws. And they might also tie the contract to auditing rights. Once you are fulfilling that contract, that’s how they will have a mechanism to have access to your books or to supporting documentation that will show if you are walking the walk.
NSAM: How are third-party risks handled on paper?
Adriana Sosa: As I said, it’s a set of representations and warranties that the vendor needs to give to the client. Those are typically tied to auditing rights for the vendor, to termination rights; some form of indemnity if there is a government or an agency investigating. In that case, the client will want to be indemnified and seek the vendor’s full cooperation to provide whatever information is required by the investigative authority.
Last but not least, you need to see how that’s going to tie to limitation of liabilities in the contract. Will clients see that as something that merits putting a cap on how much in damages they can receive from you? Or would that be something they want to leave outside of the cap so they have unlimited access to your resources in the event that they find themselves in a situation involving a violation of a body of law that is very important and which might cause reputational damage?
I think it’s the industries that lead the heavy-handedness of compliance sections in a contract. Highly regulated industries such as financial services will have more robust contracts in terms of those regulations
All contracts with US clients will have a limitation of liability clause, but this clause typically limits the parties’ mutual liability to what one would call regular breaches. But when you have breached something that is so sensitive to clients, such as privacy, security or anti-corruption laws, maybe export-control laws, then the clients are less willing to let those matters be part of a limitation of liability construct.
NSAM: Are European clients stricter in matters of compliance?
Adriana Sosa: I think the level of maturity of regulators in Europe is very high. Regulators in Europe are very attentive to market monopolization, privacy, etc., and you’ll see that reflected in contracts. But above all, between the US and Europe, I think it’s the industries that lead the heavy-handedness of compliance sections in a contract. Highly regulated industries such as financial services will have more robust contracts in terms of those regulations.
Traditionally, some industries also have very regimented sourcing practices, so their sourcing departments play a very big role for those clients. Automotive is one of them, as well as telco and healthcare, of course.
NSAM: How do you navigate risks related to transactions involving technology that isn’t as well-regulated yet or that isn’t regulated at all? I’m thinking specifically of AI.
Adriana Sosa: That has yet to be determined. There’s a lot of moving pieces. For sure, the main concerns of the clients when it comes to AI are around confidentiality and intellectual property. In general, I think everyone is still learning.
NSAM: But they still have to put things on paper, don’t they?
Adriana Sosa: Yes. They put things on paper around matters of privacy, IP and confidentiality. That’s how most of them are currently handling AI.
If you think about it, AI is a third-party software. A lot of clients already have in their terms restrictions of use of third party software in their projects. They either want the right to approve it or don’t want vendors to use it at all. In the case of generative AI, at the very least, the clients will have that sort of protection, but they might want to consider other areas, and there’s where I think IP comes in, as well as privacy and confidentiality.
If you think about it, AI is a third-party software. A lot of clients already have in their terms restrictions of use of third party software in their projects.
NSAM: How do cross-border contracts usually handle IP rights? In the case of, say, the sale of custom-made software for a client, who owns the code?
Adriana Sosa: That’s entirely up to the parties to have provisions around that, so it’s hard for me to give you a straight answer.
It all depends on the terms of the contract. If the terms of engagement are that the client owns that software, then you should be able to deliver code that is free and clear to the client so that they can exercise their ownership of that software.
NSAM: So there’s no industry standard at the moment?
Adriana Sosa: No. Most clients will want to own everything they paid for, but a lot of tech companies, particularly those which are based on products, you’re not going to get ownership rights to their software. Typically, that software is related to an underlying product of those companies. You may get a license to use that software in some capacity, but not full ownership rights.
NSAM: Any issues that vendors and clients should look out for in the immediate future in relation to cross-border contracts?
Adriana Sosa: Foreign exchange is a recurring topic, as well as taxes. I’m not a tax expert, so I can’t really go into that topic, but it does come up constantly in cross-border transactions.
Foreign exchange is a particularly relevant area in countries with volatile markets.
NSAM: How do the parties handle forex risks in contracts?
Adriana Sosa: It depends. Some companies will include that risk in their price. They will calculate using their own historical data and mark up accordingly. Other companies might have a clause that addresses forex establishing that, if there is a fluctuation of more than X percentage, price will be adjusted automatically or revisited.
Add comment