Introduction

Part one of this briefing series looked at the use of technology and outsourcing as a business strategy for asset managers to address questions of cost and competitiveness (see Strategic Use of Technology and Outsourcing to Address Cost Pressures and Enhance Market Position). Part two of this briefing series examines key risk allocations and liability profiles in relation to asset management outsourcings and technology sourcing projects.

A key factor in any decision by an asset manager to (i) source technology, or (ii) procure an outsourced solution is to determine what level of risk it is exposed to by the inscope process(es) and how best to manage that risk in terms of the supplier contract or by other means. Both strategies involve buying in the technology or the outsourced service from a third party supplier. An asset manager, as the customer, will wish to transfer the risk of failures in relation to the technology or outsourced services on to the supplier, while the supplier will seek to ensure that its liability for such failures is kept to a minimum. Where neither strategy is adopted (that is, there is neither a technology procurement nor an outsourcing), the risk of failures will continue to remain with the asset manager.

An asset manager and a supplier of technology or outsourced services will each want to achieve a fair balance (from its own perspective) of risk transfer relative to (i) the price that is being paid for the sourced technology or outsourced services, and (ii) what is permitted in the context of the regulatory regime. While that balance is usually the subject of some negotiation, the liability profile for both types of procurement will generally follow certain norms. These reflect legal and regulatory considerations as well as wider market trends.

This briefing highlights why and how a typical liability profile for a sourced technology solution differs from an outsourced solution for asset managers. It also considers, within an outsourcing context, the impact of the regulatory framework on the liability profile of the supplier and asset manager.

Sourcing a technology solution

Within the asset management industry there is a range of technology platforms available for use by an asset manager. These include straight-through processing (STP) systems (linking distributors and fund providers in the wealth management chain), technology systems for supporting wealth management and administration services (including for investment wrappers and managed funds), and administration platforms for retirement savings (both corporate and personal plans), pensions and loans (including structured products).

In each case an asset manager is seeking to reduce operational risk and lower its costs by buying the functionality of the technology platform in order to replace its current legacy system or to migrate from an inferior third party system to a new platform. It will generally retain its staff engaged in providing asset management services to its customers, with the exception of any headcount efficiencies that it can make from the new technology.

The result of deploying such technology is that the end-to-end service provided by an asset manager to its customers is made up of, internally, a combination of third party systems supporting the service, the asset manager’s own technology, and the services of its own staff. Given such an operational profile, suppliers typically resist accepting responsibility for failures in the end-to-end service that result from components over which they may have no control (such as errors made by the asset manager’s staff or by its own technology).

Responsibility (and liability) in technology contracts therefore tends to be allocated between the asset manager and the supplier based on failures in the technology itself (as opposed to failures in the end-to-end service). Such technology contracts are characterised, in terms of a liability profile, as inputs-based contracts. Supplier performance under them is generally measured by reference to supplier inputs, rather than by reference to the outputs made up of the end-to-end service (of which the supplier inputs form only part).

Asset managers sourcing technology are naturally keen to ensure that the technology does what it is supposed to do as a measurable input. Ideally they would have their suppliers guarantee the functionality of the system for the term of the contract. Conversely, suppliers are conscious that technology is rarely fault free and that errors often arise when a system is used in a live operating environment.

While the early life of a technology deployment may reveal a number of operating faults in a live operating environment, it is not necessarily the case that the effluxion of time will result in fewer faults in the technology. This is because software within the technology may well be required to process more and more new scenarios against which it has never been tested.

For this reason risk averse suppliers (particularly those operating in US markets) typically attempt to transfer the risk of the software containing faults (whether known or unknown) to the asset manager by requiring the asset manager to accept in the contract that the software:

  • is taken ‘as is’, without a performance warranty linked to a functional or technical specification
  • will not operate ‘uninterrupted or error-free’.

Subject to the remuneration they receive reflecting the additional risk, some suppliers are prepared to accept responsibility for a supplied system performing in accordance with its functional or technical specification. Often this is only for a short warranty period of between 30 to 90 days. After that time, a supplier will usually only assume responsibility contractually to correct errors as part of a paid service to support or maintain the system on an ongoing basis.

During the warranty period and any subsequent support or maintenance period, a supplier will usually exclude responsibility for various heads of loss. For example, in a recent survey of 150 sourcing contracts conducted by Norton Rose Fulbright’s Global Sourcing Team (see Liability Schemes in Sourcing Contracts), contracts in the financial services sector were found to exclude the following heads of loss with the frequency shown below:

Click here to view chart.

Suppliers argue that the risk of a technology solution not working should predominately be borne by an asset manager customer because the asset manager (rather than the supplier) is best placed to:

  • know its own business needs; and
  • test the software properly to ensure it functions as required.

However, such a risk allocation ignores the reality that asset managers often look to their suppliers to deliver the required business functionality though the supplied technology (and an asset manager may not have the internal resources or technical expertise to specify its own technical requirements against which a system must deliver).

Similarly, an asset manager may have insufficient time or internal resources to undertake comprehensive user acceptance testing. Conversely, the supplier will argue that, while the customer has the opportunity to carry out some acceptance tests, the supplier’s ability to test is also limited as it is not in a position to test in a live environment (only a test environment).

When acceptance testing might not reveal the risk of an error occurring

It may be difficult to ensure that the technology properly calculates the net asset value (NAV) of funds. Investors make investment decisions based on the fund’s NAV, and if the NAV is incorrect the redemption and subscription prices will be inaccurate. For example, if there is a material pricing error, and the reported NAV is higher than it should be, then the fund will suffer a loss in relation to higher redemption payments made to a fund investor in circumstances where the difference cannot be recovered from the investor. Equally, there could be loss of interest payable or foregone by a fund as a result of the technology incorrectly recording the cash position of a fund and the fund trading against that position. There may also be dealing or other transaction costs payable by the fund as a result of having to reverse a trade made on the basis of the technology incorrectly recording the cash position of a fund.

Outsourcing

Unlike a technology solution, an outsourced solution involves a complete transfer of a function of the asset manager’s business to the supplier. The supplier will be providing the technology (as an input) that underpins the end-to-end service (as an output), as well as its own staff.

Asset management outsourcings can encompass a number of services. These can include:

  • custody;
  • depositary services; and
  • fund administration.

As a technical legal matter, the outsourcing concept really captures functions which lie, prima facie, with the asset manager and are then delegated to others. The depositary function, for example, by its nature does not really sit in this category – it is a third party oversight function and is not therefore the asset manager’s to delegate. However, this briefing discusses these roles under the broad ‘outsourcing’ umbrella as many in the industry are now increasingly looking to the approach taken in pure outsourcing contracts for lessons in contracting for these types of arrangements.

Components of fund administration

Fund administration covers various middle office services including Fund Accounting, Client Reporting, Portfolio Administration, Dealing, Pre/Post Trade Compliance, Transition Management, Performance Management, Transaction Management, Data Management, Attribution Analysis, Investment Analysis, Pricing Investment Instruments, Reconciliations Fails Management, Corporate Actions/Proxy Voting, Tax Reclaims, Regulatory Reporting, Shareholders Services/ Transfer Agency, and Derivatives Processing.

Because such outsourcings generally involve the provision of an end-to-end solution (that is, one delivering outputs):The liability profile differs depending on the outsourced asset management service at issue. However, risks of the type considered above (in relation to sourcing technology solutions) are relevant to the liability profile for any outsourced solution, regardless of the type of service outsourced.

  • The supplier may be more comfortable in committing to contractual performance targets applicable to the outputs (when compared with an inputs-based technology solution).
  • Given the focus on outputs, the supplier may resist attempts to regulate or control what inputs it uses to deliver the outputs (for example, technology components or solutions), arguing that its obligation is to deliver to a service description and service levels (which measure outputs), and that it should not to be fettered in what methods it chooses to do this.

The freedom that suppliers demand in outputs-based outsourcings can be problematic for asset managers. Sometimes control over what inputs are used by a supplier (for example, a type of system, technology or process) can manage (or reduce) the risk that the outputs will contain errors. An asset manager may want the comfort that the supplier is using a known or industry-accepted technology, and that its inputs are sufficiently resilient and robust to reliably deliver the required outputs every time. Suppliers will usually resist this, especially where the technology chosen by the asset manager is not robust or proven in the industry.

When will an asset manager want to control the technology used in an outsourcing?

Certain types of technology, such as order routing, could cause significant losses should errors occur. Order routing systems automate funds transactions between the fund provider and distributor. If a distributor uses the technology to buy funds, it relies on the order routing system in order to transmit the order to the fund provider as a buy. If the technology incorrectly records the order as a sell, then the trade will need to be reversed.

The same is true if the order is for an incorrect number of units. There may be dealing costs in reversing the trade, but of more concern will be an adverse market movement prior to reversing the trade. The cost to reverse trades in adverse market conditions could result in a significant loss.

Orders may be routed to the wrong recipient, which might reveal confidential investment strategies to a competitor, leading to a loss of market advantage.

All of these risks may lead an asset manager to wish to have the right to control what order routing systems (or inputs) the supplier chooses to use in delivering an end-to-end solution (of which order routing forms part).

Allocating liability for errors and faults

Whether or not an asset manager is successful in being able to control the technologies a supplier uses in delivering an end-to-end service, if well-advised, it will in any event want the outsourcing contract to address risk allocation in relation to errors more generally.

For example:

  • The contract may characterise certain types of errors as leading to losses that are recoverable by the asset manager, regardless of whether a court would otherwise regard them as direct (recoverable) or indirect/consequential (irrecoverable) losses. Current market practice is for the contract to prescribe such a list of losses in respect of which the supplier will be liable.
  • It is common to incentivise suppliers to respond to faults and resolve them (or use reasonable endeavours to do so) within specified timeframes. An outsourcing contract will usually provide that failure to meet these timeframes (known as service levels) results in a supplier having to pay a service credit. This is an amount of money (sometimes offset against invoices due) that is generally capped at around 10 to 15 per cent of the monthly fees payable under the contract.

It is often the case that the losses suffered by an asset manager as a result of an error or fault (when the supplier fails to fix it in time) will be significantly greater than the service credit payable by the supplier. For example, a failure by an outsourced solution to generate accurate reports could, in certain circumstances, prevent the asset manager from carrying out trades, causing it significant losses.

How do well-advised asset managers address this risk? There are a number of options:

  • It is common practice for the contract to state that service credits are simply a price adjustment for poor service (or a refund for the value of services not received), and that they are not the asset manager’s sole or exclusive remedy under the contract or at law. This leaves open the possibility that an asset manager could recover its other losses (over and above the value of the service credit) at law, such as losses to the fund. Suppliers typically try to resist this.
  • Alternatively, an asset manager may be prepared to concede that service credits are its sole and exclusive financial remedy. This is not ideal from the asset manger’s perspective, but it means that it is still open to it to terminate the contract (if the breach is sufficiently serious to justify termination). However, depending on the actual wording used, this mechanism may preclude an asset manager from recovering its other losses should it decide to terminate the contract (which considerably weakens the appeal of this particular risk allocation).
  • A compromise position may be to provide that service credits are an asset manager’s sole and exclusive remedy (perhaps just a sole and exclusive financial remedy) for a particular failure, but only up to a specified accrual of service credits. When that level is reached, the asset manager can then have all rights and remedies available to it, including the right to sue for damages for its additional losses, such as losses to the fund and (if there is a sufficiently serious breach) the right to terminate the contract.

Standard of liability in asset management outsourcings

Aspects of the liability profile for certain types of asset management outsourcings are prescribed (to some degree) by regulation. In particular, the ‘standard of liability’ may be provided for in regulation, depending on the outsourced services at issue.

The standard of liability refers to contract defaults in respect of which an asset manager is required (by regulation) to require a supplier to agree (under the outsourcing contract):

  • unlimited liability; or
  • a certain threshold for establishing liability.

Regulation may affect the standard of liability because the supplier is providing a regulated service (such as custody), and regulatory rules applicable to the outsourced service affect the supplier’s liability profile when providing it. The UK Financial Services Authority (FCA), for example, prohibits FCA-regulated suppliers from excluding or restricting any duty or liability it may have to a client under the UK regulatory system and also requires custodians to accept liability for any nominees they control and through which custody assets are held.

Alternatively, an asset manager may itself be subject to regulation that directly or indirectly governs the liability standard of its suppliers.

For example, asset managers who manage funds (as opposed to segregated portfolios) in the EU may be subject to the EU’s Alternative Investment Fund Managers Directive (the AIFMD). The AIFMD indirectly imposes liability on depositaries of EU funds for certain losses. Depositaries are subject to a form of ‘strict’ liability (that is, liability not dependent on establishing fault) to return any financial instruments held in custody which are lost. They are also liable for ‘all other losses’ suffered by them as a result of their negligent or intentional failure to perform their obligations.

The AIFMD is still new law, and market practice continues to develop in relation to the impact of these regulatory standards on contracts. While the AIFMD would seem to preclude depositaries of EU funds from capping their liability, there may be scope for the parties to negotiate around the precise contractual language used. Service recipients may wish to see regulatory liabilities reflected in the contract, and regulatory obligations assumed as contractual obligations of the supplier. Suppliers will often resist this (i) on the basis that regulatory and contractual liabilities are distinct, and (ii) in order avoid different liability outcomes and potentially double recovery.

Where liabilities or obligations are reflected in the contract, depositaries (for example) will often wish to stick closely to the terminology of the AIFMD, but either party may wish to incorporate more granular language to address liability for particular forms of breach.

A slightly different standard of liability currently applies to depositaries of UCITS funds. UCITS funds are a type of EU fund that meets the requirements of the EU’s UCITS Directive, and often has a retail investor base. Their depositaries are currently required by the UCITS Directive to be liable for ‘any loss suffered ... as a result of [the depositary’s] unjustifiable failure to perform its obligations or its improper performance of them’. Changes to the UCITS Directive that come into force in March 2016 will bring the rules for UCITS depositaries into alignment with those currently applicable under the AIFMD.

The AIFMD restricts the ability of suppliers appointed to perform ‘external valuations’ for funds to limit their liability for this service. The AIFMD provides that an external valuer to a fund will have unlimited liability for losses arising as a result of its negligence or intentional failure in performing its task as external valuer. Merely calculating and disclosing NAV would not make a supplier an ‘external valuer’ for these purposes – the role is more one of valuing the portfolio assets of a fund (including exercising subjective judgement on the valuation of individual assets). Suppliers will want to be clear that their scope of service either does not involve them acting as an external valuer or, if it does, may seek in the contract to clarify and qualify their responsibilities as such in detail.

The AIFMD is not prescriptive in relation to the standard of liability for other fund administration services. Accordingly, the standard of liability for fund administration is usually the breach standard linked to a cap operating by reference to fees. This means that:

  • damages are recoverable for any breach of a contractual obligation
  • liability can be capped and excluded by the supplier.

Many suppliers seek to avoid liability by applying a negligence standard to fund administration services (rather than the typical breach standard). This means that:

  • to be liable in contract for damages, the supplier must first have breached a duty of care owed to the asset manager
  • if there is no negligence by the supplier, then it is not liable for damages in contract.

Breach of the negligence standard of liability can be more difficult for an asset manager to establish when compared with the normal breach standard. Moreover, some suppliers seek to get even more protection than this by only accepting liability under the outsourcing contract if they are guilty of wilful default or gross negligence. It is common for an asset manager to accept the supplier’s position in this regard only if the supplier accepts that it will have uncapped liability if there has been such wilful default and/or wilful misconduct or gross negligence.

Standard of liability for managed benefits

In agreeing the allocation of risk and a contractual liability scheme for an outsourcing contract with a supplier, a well-advised asset manager should be aware that the negligence standard of liability is not appropriate for certain supplier contractual commitments, which should continue to be assessed by reference to the standard of liability for contractual breach. In other words, the negligence standard should not apply across the board to all the supplier’s contractual commitments, but it may be appropriate or be required for some of the contractual commitments.

For instance, in the case of middle office outsourced services, obligations of confidentiality, intellectual property rights provisions, exit commitments, security obligations, business continuity plans, and service level commitments should be subject to the standard of liability for contractual breach, with a remedy in contract for breach if they are not adhered to.

Established market practice is to group such provisions together in the contract. They are often referred to as ‘managed benefits’ and apply:

  • in relation to any custody services
  • where the supplier has adopted a negligence standard of liability in relation to fund administration services.

This approach means that breach of a managed benefit by a supplier will give rise to a contractual remedy of damages, which is recoverable by an asset manager subject to any liability caps and exclusions in the outsourcing contract.

Problems can arise when applying managed benefits within a framework agreement to services other than middle office outsourced services such as custody, depositary and off-shore services as these do not lend themselves to a managed benefits scheme.

Indemnities

Asset managers should also be aware that it is an established market practice in asset management outsourcings for suppliers to request a trio of indemnities (as a minimum) from their asset manager customers:

Fines or sanction

The first indemnity is in relation to fines or sanctions imposed by a regulator as a consequence of any inadequacy in the completeness of anti-money laundering records and any costs incurred by the supplier in remedying the breach. A supplier generally requires such an indemnity on the basis that it ought to be entitled to assume that the asset manager has carried out sufficient money laundering checks in respect of the investors. As a regulated organisation, the supplier will be subject to the same requirements, and will therefore potentially be in breach of its own regulatory responsibilities if there are any deficiencies in relation to such checks.

Asset manager’s instructions

The second indemnity is in relation to the supplier’s compliance (in accordance with the outsourcing contract) with an asset manager’s instructions. For instance, where the supplier acts as a custodian, it will be responsible for acting on instructions to process corporate actions or to settle transactions for the fund or portfolio.

Supplier’s proper performance

The third indemnity is in relation to the supplier’s proper performance of its obligations under the outsourcing contract (otherwise known as a ‘no-fault’ indemnity). The main purpose of this indemnity is to act as a shield from third party claims where an investor makes a claim against the supplier instead of (or in addition to) a claim against the customer. However, if the scope of this indemnity is drafted widely enough, it could replace the first two indemnities. In essence the supplier is saying that, if it incurs any unanticipated third party costs in relation to proper performance of the services, then the customer will pick these up (whether they are charge-backs, fines, penalties, third party investor claims etc.) because the supplier has only incurred those liabilities by virtue of its appointment and not because of any fault on its part.

Wider commercial considerations

While aspects of the liability profile of an asset management outsourcing follow market practice or are prescribed by regulation, ultimately a supplier’s appetite for assuming risk is determined by the relationship between its risk and reward.

Extracting the lowest price from a supplier may not be the best strategy if, operationally, the supplier is then incentivised to claw back costs in what it delivers. Price is as much an issue of risk management as the contractual liability regime. It follows that creative solutions in pricing and contractual governance ought to augment an asset manager’s risk management strategy in relation to its outsourcings.