Legally speaking: what not to do when outsourcing operations

Published: 4 Nov 2022
Type: Insight

First published in The Royal Gazette, Legally Speaking, November 2022

In the course of my career, I have drafted, negotiated or otherwise provided commercial and legal advice concerning well more than 300 outsourcing contracts of all types.

Whether as inter-company shared service contracts among affiliates or with commercial outsourcing service providers, there are several important contracting mistakes that are pervasive but easily avoided.

When pricing an inter-company outsourcing service agreement with an affiliate, whether as a domestic or cross-border transaction, many clients forget that fair market value pricing is fundamentally premised on a comparison with arms-length commercial outsourcing agreements.

Service pricing is always a function of both the services to be performed and all the contractual obligations that the parties assume. Commercially normal terms and conditions will include a wide range of standard risk management terms, performance warranties, comprehensive and detailed performance specifications, allocation of risk and liability, and professional service quality provisions.

Commercial outsourcing service agreements are routinely, almost without exception, more than 100 pages long, including performance appendices. So, if your inter-company outsourcing agreement is not a pillar of commercial market comparison — at worst, written on the back of a napkin — then you may want to reassess whether the transfer pricing is truly on-market for that particular quality of agreement.

Second, every customer is subject to a plethora of third-party confidentiality, data protection, cybersecurity, operational governance, information integrity and privacy-related obligations, laws and regulations.

Whether those are imposed by your trading partners, your auditors, by stock exchanges, one or more regulators or by statutes of general application, your company will remain directly responsible and liable for compliance with all of those duties, obligations and requirements regardless of who operates what aspects of your enterprise.

Even though you can outsource parts, or all, of your operations to downstream third-party service providers, you cannot delegate any of your upstream compliance accountability to your outsourcing service providers. Therefore, the only way for your enterprise to avoid being caught in the middle between satisfying those upstream obligations and your service provider’s conduct is by ensuring that all upstream third-party, legal and regulatory obligations are completely flowed down to the service provider via express contractual obligations, duties and requirements.

As examples: how can a highly regulated enterprise possibly comply with its obligations to notify its regulators of a cybersecurity breach if its outsourcing service provider isn’t contractually required to disclose those incidents when they occur; and, how can you ensure that a service provider will permit a service quality inspection by one of your regulators if the contract doesn’t require that assistance?

Perhaps the leading cause of dispute and litigation across all forms of outsourcing transactions arises due to the failure of the parties to stipulate comprehensive, detailed and clear operational, technical and functional service quality and performance requirements, including those that arise as legal compliance requirements.

Indeed, regulatory requirements can create a large inventory of required outsourcing services that must be performed. The more objectively and empirically those service performance requirements are stated in the service contract, the less likelihood there will be for service performance misunderstanding.

Although that contracting mistake may be more prevalent in affiliated company service arrangements, it is a rampant deficiency across far too many commercial outsourcing transactions.

Operational activities of many enterprises, such as banks and insurance companies, can be highly complex and depend upon detailed operational processes.

Therefore, properly articulated outsourcing service performance requirements may reasonably reach well more than many dozens of pages in length, often due to the insistence of the commercial service provider who seeks to minimise service misunderstandings as well as facilitate the calculation of reasonable service pricing.

Lastly, parties who outsource any part of their operations, whether IT or otherwise, are very well advised to on-board all services with acceptance testing processes, service quality verification, and with ongoing performance quality monitoring – which may include inspection and auditing – that are tied to contractual rights for service performance correction and improvement as needed.

Share
More publications
Bermuda-1024x576-1
1 Jul 2026

A Forest for the Future

A first since the blight, the airport cedar forest is growing tall and standing strong.

Appleby-Website-Regulatory-Practice
1 Jul 2026

Complied out of business

Firms are complying themselves out of business because compliance no longer matches the evolving sophistication of the Bermuda Monetary Authority (BMA).

Appleby-Website-Insurance-and-Reinsurance
1 Jul 2026

The long game: how Bermuda became the world’s life reinsurance capital

Ask a life insurer in New York, London or Tokyo where the liabilities behind their book ultimately sit and there is an increasingly good chance the answer is a 21-square-mile island in the North Atlantic.

Appleby-Website-Insurance-and-Reinsurance
1 Jul 2026

Record H1’26 Cat Bond Issuance Driven by Rising Sponsor Comfort and Diversified Risk

With H1 2026 officially breaking the record for the most catastrophe bond deals to come to market and settle in the first six months of the year, a key trend driving this momentum is how comfortable sponsors have become with the mechanics of the overall cat bond space. This familiarity has ultimately encouraged a wave of new sponsors to enter the market, according to Brad Adderley, Managing Partner at law firm Appleby.

Appleby-Website-Employment-and-Immigration
12 Jun 2026

The Cost of Getting Employee Departures Wrong: Five Common Pitfalls for Bermuda Employers

Employee departures are an inevitable part of running a business, but the way they are managed can have significant legal, financial and operational consequences. In Bermuda, employers who approach terminations without adequate preparation may expose themselves to unnecessary disputes, regulatory issues, and reputational harm. Whether an employee is being dismissed for performance reasons, made redundant or departing as part of a negotiated exit, by recognizing the following common mistakes and taking a proactive approach, organizations can manage departures more effectively and reduce risk.

Appleby-Website-Privacy-and-Data-Protection
8 Jun 2026

It’s time to bridge Pipa compliance gap

A review of 200 publicly available privacy notices of companies in Bermuda has revealed that just one in nine are fully compliant with the Personal Information Protection Act 2016.

Appleby-Website-Privacy-and-Data-Protection
26 May 2026

Transparency is a legal requirement under Pipa

Major companies across the European Union have faced substantial fines between 2019 and 2024, estimated at a total of €930 million (about $1.08 billion), not only for cyberattacks or data breaches, but also for issues such as noncompliant privacy notices. A common theme in many cases has been a lack of transparency.

Appleby-Website-Insurance-and-Reinsurance
8 May 2026

Outsourcing considerations for Bermuda insurers

As Bermuda insurers engage with third-party service providers to support their business functions, the Bermuda Monetary Authority has clarified its regulatory expectations surrounding outsourcing arrangements and operational resilience.

Economic Substance
27 Apr 2026

Economic substance regime now falls under Cita

Recent amendments to Bermuda’s economic substance regime have transferred regulatory responsibility from the Registrar of Companies to the Corporate Income Tax Agency.

Appleby-Website-Private-Client-and-Trusts-Practice
22 Apr 2026

Regulation, Regulation, Regulation

The article discusses updates to global trust guidance and regulation, as well as beneficial ownership and the regulatory burden on trustees that comes with increased transparency.