business & technology sourcing · mayer brown’s business & technology sourcing (bts)...

Issue 22 | Fall 2015

Business & Technology SourcingReview

1 SecuringtheBenefitofInnovationinOutsourcingArrangements

4 ServiceLevelsforSAAS

6 AlternativesforMonetizingTradePayables(orReceivables)

11 TheGeneralDataProtectionRegulation:TheStatusoftheNegotiationstoImplementaNewDataProtectionLawthroughoutEurope

15 InternetofThings:PromisesandPerilsforTraditionalProductMakers

18 VolumeUp,ValueDown:AGrowingTrendinSourcing

About Our Practice

Mayer Brown’s Business & Technology Sourcing (BTS) practice is one of the global industry leaders for Business Process and IT Outsourcing as ranked by Chambers & Partners, The Legal500 and the International Association of Outsourcing Professionals (IAOP). With more than 50 dedicated lawyers—many having previous experience with leading outsourcing providers and technology com-panies—the practice has advised on nearly 300 transactions worldwide with a total value of more than $100 billion.

mayer brown i

WelcometotheFall2015editionoftheMayerBrownBusiness & Technology Sourcing Review.

Ourgoalistobringyousmart,practicalsolutionstoyourcomplexsourcingmattersininformationtechnologyandbusinessprocesses.Wemonitorthesourcingand technologymarketonanongoingbasis,andthisReviewisourwayofkeepingyouinformedabouttrendsthatwillaffectyoursourcing strategiestodayandtomorrow.

Inthisissue,wecoverarangeoftopics,including:

• InnovationinOutsourcingArrangements

• ServiceLevelsforSAAS

• TradePayables(Receivables)MonetizationTechniques

• TheNewEUGeneralDataProtectionRegulation

• InternetofThings

• GrowingTrendsinSourcing

YoucandependonMayerBrowntoaddressyoursourcingmatterswith ourglobalplatform.Wehaveservedclientsinarangeofsourcingandtechnologyarrangementsacrossmultiplejurisdictionsformore thanadecade.

We’dliketohearfromyou.Ifyou haveanysuggestionsforfuture articlesorcommentsonourcurrentcompilation,orifyouwouldliketoreceiveaprintedversion,[email protected].

Ifyouwouldliketocontactanyoftheauthorsfeaturedinthispublicationwithquestionsorcomments,wewelcomeyourinteresttoreachout tothemdirectly.Ifyouarenot currentlyonourmailinglist,orwouldlikeacolleaguetoreceivethis publication,[email protected] fulldetails.

Editors’Note

Lei ShenChicago+1 312 701 [email protected]

Kevin A. RangChicago+1 312 701 [email protected]

Derek J. SchaffnerWashington DC+1 202 263 [email protected]

SecuringtheBenefitofInnovationinOutsourcingArrangements

Mark A. Prinsley Brad L. Peterson Derek J. Schaffner

Innovationisahigh-valuetopicnow.Insomesense,thecustomerinanoutsourcingarrangementisalwayslookingforinnovation.Inresponse,suppliersbothinnovateandadoptinnovationsmadebyothercompanies.Often,the“innovation”willbetheabilitytoprovidemoreeconomic,usefulorresilientservicethanwasoriginallypromised.Inexceptionalcases,innovationcreatesopportunitiestodeliverentirelynewinsights,productsorservices.

Cloudcomputinghasspawnedaburstofinnovationrelevanttooutsourcing.Forexample,cloudcomputingprovidestheprocessingpowerforinnovationssuchasbigdata,cognitivecomputing,roboticprocessautomation,theInternetofThingsand“asaService”products.Manyoftheinnovationsspawnedbycloudcomputingcanbeappliedtoimproveoutsourced functionsinwaysthatreducecost whileholdingsteadyorevenimprovingserviceperformance.Inaddition,increasingamountsofsecond-stageoutsourcingmeansthatcustomersareseekingproductivitygainsbeyondthosethatcaneasilybeanticipatedfromtheconsolidation,sourcingoroffshoringofafunction.

So,thequestionbecomes,howcancustomerssecurethebenefits ofinnovation?

Traditional Outsourcing Models Traditionaloutsourcingpricingmodelsdonotnaturallydrivethebenefitsofinnovationtocustomers.WherethecustomerpaysforinputssuchasFTEsormachines,thesupplierhasanincentivetoavoidinnovationsthatwouldreducethequantityofthoseinputs.Wherethecustomerpaysbasedonthenumberofactivitiesperformed,thesuppliercapturesallreductionsinitscostofperformance.Ineachcase,thereisachancethatthesuppliercouldimproveitsprofitabilitythroughinnovationsthatreduceitscostbutincreaserisksforcustomers.

Inaddition,thetraditionaloutsourcingmodeltendstoinvolveapromisetodeliverservicesatstandardsthatarebeingattainedorareclearlyattainableatthesigning.Thus,thesupplierhastheabilitytowinthelion’sshareofthebenefitofanyinnovationbyofferingimprovementsonlyatanadditionalcharge.Someoutsourcingagreementsincludeglidepathsorotherautomaticmechanisms,butthosegenerallyprovidecustomersonlywhatwasforeseeableinanearliercompetitivebiddingprocess,notwhatisdeliveredintheburstofinnovationthatweareseeingtoday.

Suppliersoftenclaimthatmarketforcesdrivethemtocontinuouslyinnovateandimprove.

Mark A. PrinsleyLondon+44 20 3130 [email protected]

Brad L. PetersonChicago+1 312 701 [email protected]

Derek J. SchaffnerWashington DC+1 202 263 [email protected]

mayer brown 1

2 Business & Technolog y Sourcing Review Issue 22 | Fall 2015

However,inthetraditionaloutsourcingmodel, earlyterminationfeescreatebarrierstoswitchingsuppliers.Thisreducestheincentiveforasupplier toprovideinnovationstoexistingcustomersonthetheorythatdoingsowouldcannibalizeexistingcommittedrevenue(althoughthesuppliermightofferinnovationstowinnewcustomers).

General Innovation CovenantsItisquitecommonforoutsourcingarrangementstoincludeanexpresscommitmentbythesuppliertodeliverinnovation.Similarly,customersoftenhaverightsto“roadmap”briefingsandtobeofferedachancetobeanearlyadopterofinnovations.Frequently,acustomerwillnegotiatetherighttoparticipateindevelopmentforumsandtheliketohelpinfluencedevelopmentsbythesupplierthatcouldbenefitthecustomer.

Whetherthesemechanismsensurethatthecustomergets“enough”innovationora“fair”shareofanyresultinginnovationissomethingofamystery. Thesuppliercertainlyacquiresknow-howfrom thecustomer(andothercustomers),andit developsitsskillsindeliveringitsservicesat thecustomer’sexpense.

Bespoke innovation reliably produces innovations that conform to agreed specifications. The challenge, however, is that the customer may share little or none of the value that the innovation brings to the supplier.

Quiteoften,thecustomermakesfurther, specificinvestmenttoparticipateinthesupplier’sdevelopmentprocess.Thecustomer’s“benefit”isingettingaservicethatmaybemorespecificallytailoredtoitsdevelopingneeds.Thecustomermayalso benefitfromhavingthesupplier’sinvestmentininnovationbeingspreadacrossitsentirecustomerbase.Intheabsenceofagain-sharingmethodology,though,itisnoteasytoseehowthecustomergetsa

directfinancialbenefitfromthegainsthesuppliermakesasaresultofinnovationreducingthecostofdeliveryofservicesinthetraditionalservicelevel andinput-basedchangingmodel.Thesegains mightwellbematerial.

Outcome-based pricing models work by aligning the interests of the customer and the supplier. If structured well, this model can incentivize a supplier to drive gains through innovation over an extended period.

Somewhatparadoxically,customersoftenseekashareofgainsfrominnovationthroughcovenantsthatprohibitinnovation.Forexample,outsourcingarrangementscommonlyprohibitsuppliersfromsubcontractingworkwithoutconsent.Whilethesecovenantscanreducetheriskthatcost-reducinginnovationsforthesupplierwillincreasecustomerrisk,theyalsoallowthecustomertonegotiateforsomeshareofthebenefitsofapprovedinnovations.Theroundaboutnatureoftheprotectionisunlikelytoprovideafullorfairshareofthebenefitsto thecustomer.

Bespoke InnovationTherearealsodifficultiesinassessingwhetherthecustomergetsafairshareofthegainthatthesupplierderivesfrombespokeinnovation,thatis,innovationmadespecificallyforanindividualcustomeratthatcustomer’scost.Bespokeinnovationreliablyproducesinnovationsthatconformtoagreedspecifications.Thechallenge,however,isthatthecustomermaysharelittleornoneofthevaluethattheinnovationbringsto the supplier.Often,thecustomercontributesnotonlyfundingbutagreatdealofmarket,technicalandoperationalinformation.

Thecustomerwilloftennegotiatesomeformofexclusivityinbespokeinnovations.Whilethe customerstillmaynotreceivemuchofthebenefit thatthesupplierreceives,theexclusivitycanprotect

thecustomerfromhavingcompetitorsbenefitfromcloningtheinnovationintheirownoperations.Itseemsunlikelythatthesupplierandthecustomerwillnegotiateadealatthetimetheinnovationisorderedthatfairlyreflectsthebenefiteachpartymightderivefromtheinnovation.Whilethisisacommonprobleminanyinnovationarrangement,thelong-term relationshipbetweenthecustomerandthesupplierdoesraisethequestionofwhetherthereare alternativemodelsthatmightrewardeachparty moreequitablyfortheirrespectiveinvestmentin theinnovationbyreferencingthebenefitinfactderivedfromtheinnovation.Onesuchalternativemodelisoutcome-basedpricing.

Traditional outsourcing models are not well-suited to delivering the benefits of innovation to customers. In this time of rapid innovation in technology that delivers outsourced services, customers who are willing to make the initial investment in structuring outcome-based pricing strategies can secure more of the benefits of an increased flow of innovations.

Outcome-based PricingInanoutcome-basedpricingmodel,thesupplierispaidbasedonthebenefitthatthecustomerderivesfromuseofthesupplier’sservices.Forexample,asupplierofaccountsreceivableadministrationservicesmightbepaidbasedonhowquicklyitcollectsamountsdue(thatis,ondayssalesoutstanding)insteadofonthenumberofFTEsadministeringreceivablesorthenumberofinvoicessent.Asupplierofprocurementservicesmightbepaida“gainshare”basedonashareofsavingsachieved.Asupplierofbespokeinnovationsmightbepaidashareoftherevenuesfromreuseoftheinnovation.

Outcome-basedpricingmodelsworkbyaligningtheinterestsofthecustomerandthesupplier.Thesuppliergetspaidbyreferencetogainsmadebythecustomer.Ifthesupplierismoreefficientatdeliveringtheoutsourcedservice,then,intheory,thecustomer’s

businesswouldbemoreprofitable.Ifstructuredwell,thismodelcanincentivizeasuppliertodrivegainsthroughinnovationoveranextendedperiod.Inaddition,iftheincentivesarewell-aligned,thecontractneedsfewerrestrictivecovenantsandrequireslesscontrol-orientedgovernance.

Outcome-basedpricingbenefitsgreatlyfrom aninitialinvestmentindealstructuring.Thisinvestmentislargerthanthatrequiredtomerelyreplaceonesetofinputswithanothersetofinputs.Thechallengeistodefinemeasurableoutcomesthatcanbeattributedtosuccessfulinnovation.Indoingso,thepartiesworktoexcludetheeffectsoffactorsoutsideofsupplier’scontrol.Forexample,acustomermightusedayssalesoutstandingcompared to an industry averageinsteadofthecustomer’shistoricaldayssalesoutstandingsothatthesupplier’s compensationisbasedonitsefforts,notchanges ingeneraleconomicconditionsorimprovement measuredfromaninefficientinternalmetric.

Thereare,ofcourse,risksinoutcome-basedpricing.Thesuppliermayimposeunanticipatedcostsandrisksonthecustomerasitpursuestheselectedoutcomesormaybecompensatedforluckyresultsinsteadofgenuineeffort.Thecustomer’sstrategiesmayshift,makingtheoutcomeslessvaluable.Thesupplier’sscopemightneedtobeexpandedtogivethesupplieradequatecontroloveranoutcome.However,balancedagainstalikelylackoffairnessinthedivisionofbenefitsfrominnovationinconventionalinput-basedpricing,therisksinoutcome-basedpricingforelementsofadealthatinvolveinnovationcommitmentsdonotlookinsurmountable.

ConclusionTraditionaloutsourcingmodelsarenotwell-suitedtodeliveringthebenefitsofinnovationtocustomers.Inthistimeofrapidinnovationintechnologythatdeliversoutsourcedservices,customerswhoarewillingtomaketheinitialinvestmentinstructuringoutcome-basedpricingstrategiescansecuremoreofthebenefitsofanincreasedflowofinnovations.

mayer brown 3


Customersarerapidlyincreasingtheiruseofsoftware-as-a-service(“SAAS”)solutionsandothercloudservicesaspartoftheirsourcingstrategy.Cloudsolutionsoffertheflexibilitytoquicklyrampservicesupanddown,withtypicallylittleornoexitcosts.However,cloudprovidersareabletoofferflexibleandcost-effectivesolutionsbecausetheirofferingsarestandardized.Accordingly,customersfindthatprovidersofSAASsolutionsarelesslikelythantraditionaloutsourceproviderstonegotiateserviceslevels (aswellasothercontractterms)tomeetthecustomer’sparticularbusinessneeds.Accordingly,customersshouldunderstandthelimitednegotiatingflexibilitywithcloudprovidersandhowtomitigatetheservicelevellimitations,wherepossible.

Inatraditionaloutsourcing transaction,acustomertypicallyhas theflexibilitytonegotiatetheservicelevelsitneedstomeetitsbusinessrequirements.Thecustomercan usuallynegotiateareasonablyexpansivesetofmetrics,withdesiredtargetperformancelevelswithinareasonablerange.Bycontrast,cloudproviderstypicallyhaveastandardsetofmetricsandperformancelevels,withlittlenegotiability.Typically,thenumber andtypeofservicelevelsofferedarequitelimited.Cloudprovidersmay offercustomersthechoiceofplatinum,goldorsilverservicelevels,butallare

baseduponpre-setstandards determinedbytheprovider.

Traditionaloutsourcingtransactionsincludeaservicelevelmethodologypursuanttowhichtheproviderwill putacertainpercentageofitsmonthlychargesatrisk,typicallyintherange of10to15percentofthemonthlycharges.Thecustomerhastheright toover-allocatetheat-riskamountacrossservicelevels,typicallyintherangeof150to200percent.Suchamethodologyallowsthecustomertoimposehighercreditsforindividualservicelevelfailures.

Cloud solutions offer the flexibility to quickly ramp services up and down, with typically little or no exit costs. However, cloud providers are able to offer flexible and cost-effective solutions because their offerings are standardized.

Further,intraditionaloutsourcing,thecustomercanaddanddeleteservicelevels,promotekeyperformanceindicatorstocriticalservicelevelsandreallocatethepercentagesoftheat-riskamountassignedtoindividualservicelevels.Often,creditsincreasefollowingaspecifiednumberofconsecutivefailuresofthesamecriticalservice leveltoincentivizetheprovidertoresolveunderlyingsystemicissues.Creditsarenotthesoleandexclusive

ServiceLevelsforSAAS

Linda L. Rhodes

Linda L. RhodesWashington DC+1 202 263 [email protected]

mayer brown 5

remedy,thusallowingthecustomertoseekdamagesandterminateformaterialservicelevelfailures.Thesetoolsallowthecustomertofocustheprovider’sattentiononthoseservicelevelsmostimportanttothecustomerandincentivizesupplierstoquicklyresolveperformancedeficiencies.

Bycontrast,thesetoolsaretypicallyunavailabletocustomersincloudtransactions.Cloudproviders givenominalcreditsforservicelevelfailures.Thecustomerhasnoflexibilitytoadd,deleteorpromoteservicelevelsorreallocatecredits.Providerswillpushhardtomakeservicelevelcreditstheexclusiveremedy.Inaddition,servicelevelsareoftensetforthinserviceofferingsthatareincorporatedbyreferenceintotheservicesagreement.Providersreservetherighttochangethetermsoftheirserviceofferingsfromtimetotimewithoutthecustomer’sconsent.

Intraditionalsourcingtransactions,servicelevelssetforthclearguidelinesastowhenaproviderisorisnotincompliancewithitsserviceobligations.Nevertheless,becauseservicelevelscannotpossiblycovereveryaspectofaprovider’sperformance,theoutsourcingagreementwillcontainadditionalrepresentationsandwarrantiesastothequality andperformanceoftheservices.Inpubliccloudagreements,servicesareoftendescribedatahighlevelwithlittledetail.Providersarereluctantto givegeneralperformancewarranties,whichlimit thecustomer’sabilitytobringclaimsfordamages fordeficientservices.

Whatisacustomertodo?First,bethoughtfulinselectingwhatservicesyouputonthecloud.Understandyourbusiness’sneedsandtheprovider’sabilitytomeetthoseneedsthroughitscloudoffering.Acustomercanoftenprotectitselfagainstdeficientperformancethroughitsrighttoterminatetheserviceswithlittletonoexitcosts.However,whetherornotaterminationrightisaneffectiveremedyfor

deficientperformancedependsinlargepartonhowcriticaltheservicesaretothecustomer’sbusinessandhowdisruptiveachangeinproviderswillbe.

Further,thelackofflexibilityincloudcontracttermsandconditionsdoesnotmeanaclientshouldnotpushforthetoolsavailableintraditionaloutsourcingtransactions.Cloudprovidershavedifferentlevelsofflexibility,dependinguponthesizeandnegotiatingleverageoftheprovider.Thecustomershould continuetopushfortheagreementtoprovide, amongotherthings,thatservicelevelcreditsarenotthesoleandexclusiveremedyforservicelevelfailures.

Cloud providers may offer customers the choice of platinum, gold or silver service levels, but all are based upon pre-set standards determined by the provider.

Includewarrantiesaboutgeneralperformancestandardsintheservicesagreement,atleastwithrespecttocorefeaturesandfunctionality.Then,iftheprovider’sservicesaredeficient,thecustomercanusethosewarrantiestoholdtheprovideraccountableforbreachofcontractincaseswherethereisnoserviceleveltocoverthedeficientperformance.Unilateralchangestoserviceofferingsbyprovidersshouldnothaveamateriallyadverseimpactoncustomers. Evenifservicelevelcreditsarethesoleandexclusiveremedy,itisimportanttomakeclearthatsuchcreditswillnotaffectanyrightofthecustomertoclaimdamagesarisingfromtheprovider’sfailuretomeet itsotherobligationsundertheagreement.

Youcansuccessfullyusecloudsolutionsifyoumakeinformeddecisionsabouttheservicesyoudecidetoplaceonthecloudandthecloudsolutionselectedandifyouseektominimizethelimitationsofcloudcontracttermstotheextentpossible.


Here’showtodistinguishbetween thethreeprimaryapproachesto supplychainfinance—andwhentoleverageeachone.

Asanyonewhoregularlydealswithsupplychainissuesknows,buyers andsuppliersofgoodsandservicesusuallyhaveconflictinginterests.Supplychainmanagersatmost companiesareunderpressuretoimprovethecompany’scashefficiency,usuallybyextendingpaymenttermstotheirsuppliers.Butmanysupplierslackthefinancialstrengthorflexibilitytoadjusttolongerpaymentterms.Forexample,ifasupplieralreadyhasahighlyleveragedbalancesheet, increasingbankborrowingtofinanceshort-termworkingcapitalmaybeprohibitivelyexpensive.Extendedpaymenttermsmayalsoexposesupplierstoincreasedcommodity orforeignexchangerisk.

Whenalarge,well-capitalized companyisbuyinggoodsorservicesfromasmallorhighlyleveragedsupplier,itmaybeinapositiontouseitsownbalancesheettosupportthesupplier.Anumberofstrategieshaveemergedinrecentyearstohelpbuyersandsuppliersleveragethebuyer’sstrongerfinancialpositiontohelpthesupplieraccesslower-costliquidity,oftensothatthesuppliercanthenoffer

thebuyerextendedpaymentterms.Mostofthesestrategiesinvolve monetizationofthesupplier’stradeaccountsreceivable.

A negotiable-instrument–based program is similar in many respects to an open-account program. However, the supplier or buyer also creates a “draft,” a “bill of exchange,” a “negotiable promissory note,” or another form of negotiable instrument.

Themostcommonformsoftradereceivablesmonetizationincludeopen-account–basedsupplychainfinanceandnegotiable-instrument–basedsupplychainfinance.Together,thesetwostrategiesareoftenreferredtoas“structuredvendor-payablesfinance”or“reversefactoring.”Athird,relatedstrategyisnon-recourse receivablespurchase,whichisoftenincorrectlyreferredtoas“factoring.”

How Open-Account Supply Chain Finance WorksAnopen-accountstructured vendor-payablesprograminvolves thesaleofreceivablesownedbyvarioussuppliersandowedbyoneparticularbuyer.Thesupplierssignupto negotiateandselltheirreceivables

AlternativesforMonetizingTradePayables(orReceivables)

Massimo Capretta

Massimo CaprettaChicago+1 312 701 [email protected]


This article was published previously in Treasury & Risk Magazine.

mayer brown 7

toinvestorsviaabankoranothercompanyrunninganInternet-basedplatform.Tomaximizeeconomiesofscale,abuyerusuallywantstohaveanumberofsupplierstakingpartinitsopen-accountprogram.

A number of strategies have emerged in recent years to help buyers and suppliers leverage the buyer’s stronger financial position to help the supplier access lower-cost liquidity, often so that the supplier can then offer the buyer extended payment terms. Most of these strategies involve monetization of the supplier’s trade accounts receivable.

Dependingonthesizeofthesupplierbase,theinvestorspurchasingthereceivablesgenerallyconsistofasinglebankorasmallgroupofbanks,althoughreceivablesaresometimessoldonablindtradingplatform,inwhichcasetheymaybepurchasedbyanynumberofinvestors.Theuniverseofpossibleinves-torsisusuallymadeupoftherelationshipbanksofthebuyer,butthisisnotalwaysthecase.Inrecent years,anumberofalternativeinvestorssuchas hedgefundsandinsurancecompanieshavealsoappearedinthemarket.

Theplatformsonwhichreceivablesaresubmitted,approved,andsoldtendtobesimilaracrossmostopen-accountstructuredvendor-payablesprograms.Asupplierwillsellgoodsorservicestothebuyer,generatinganinvoicethatitpostsonthesupply chainfinanceplatformforthebuyer’sconfirmation.Oncethebuyerconfirmstheinvoiceasvalid,therelatedreceivablebecomeseligibleforpurchasebyaninvestor.Onlyconfirmedinvoicesareeligibleforpurchase,soaspecifictransactioncanbesoldonlyifboththesupplierandthebuyeragreetohaveitsold.

Inconfirmingtheinvoice,theoriginaltransaction’sbuyeragreesthatitwillpaytheinvestorthefullamountoftheinvoiceonitsduedatewithoutanyclaim,abatement,deduction,reduction,oroffsetofanykind.Thisconfirmationenablestheinvestorto

lookdirectlytothebuyerforpayment.Thebuyermaystillrequestdeductionsandmakesimilarclaimsagainstthesupplier,withthoseoffsetspotentiallyapplyingtofutureinvoices,butthebuyerwillnotbepermittedtochallengetheamountowedonthereceivablesoldtotheinvestor.

Theinvestor’sagreementwiththesuppliersetsoutaformulafordeterminingthepurchasepriceonallofferedinvoices.Typicallythepriceisequaltothefacevalueoftheinvoiceminusadiscountcalculatedbasedonthecreditprofileofthebuyer—notthesupplier—aswellasthenumberofdaystomaturityofthereceivable.Ifthesupplierandinvestorelectto consummatethesaleofaparticularinvoice,then thereceivablerepresentedbytheinvoiceissoldonanon-recoursebasistotheinvestorinalegal“truesale.”Byutilizingatruesale,theinvestorcangenerallyfocusitsunderwritingontheunderlyingcreditprofileofthebuyerandignorethecredit ofthesupplier.

Whenthesaleofareceivablecloses,thebuyerwillbenotified.Thenonthescheduledmaturitydateoftheinvoice,thebuyerwillowetheinvestorthefullfaceamountoftheinvoice.Thedifferencebetweenthebuyer’spaymenttotheinvestorandtheinvestor’sdiscountedpaymenttothesupplierconstitutestheinvestor’sfeeforparticipatinginthetransaction.Thisisoftentheonlyfeethattheinvestorcharges;thebuyerusuallypaysnofeeonthistypeoftransaction.Also,iftheinvestoristhebuyer’scashmanagementbank,thebuyermaynothavetomodifyitscashdisbursementoperationstopaytheinvestorratherthanthesupplier.Inmanycases,theinvestorsimplydebitsapre-agreedbankaccountfortheamountofeachsoldreceivableontheinvoicematuritydate.

An open-account structured vendor-payables program involves the sale of receivables owned by various suppliers and owed by one particular buyer.


Using Negotiable Instruments Instead of ReceivablesAnopen-accountvendor-payablesprogramisnottheidealsupplychainfinancesolutionforeverybuyer.Open-accountprogramsrelyonthesaleofaccountsreceivableunderArticle9oftheUniformCommercialCode(UCC).TheUCCprovidesaneasyand predictablewaytofinanceorsellintangibleassets likereceivablesintheUnitedStates.However,insomenon-U.S.jurisdictions,sellingintangiblescan becumbersomeandmayexposetheinvestortoadditionallegalrisks,suchasrisksassociatedwithfraudandinsolvency.

EvenintheUnitedStates,aninvestorpurchasingareceivableneedstorecordthatpurchaseundertheUCCfilingsysteminoneormorestates.Dependingonthesupplier’sexistingcreditarrangements,theinvestormayalsoneedtoobtainlienreleasesfromthesupplier’slendersbeforethereceivablecanbesold.

Tobypassthesechallenges,buyerssometimesopttoimplementanalternativestructurethatutilizesnegotiableinstrumentsinsteadofaccountsreceivable.Anegotiable-instrument–basedprogramissimilarinmanyrespectstoanopen-accountprogram.Thesuppliersubmitsinvoices,whichthebuyerapproves.However,thesupplierorbuyeralsocreatesa“draft,” a“billofexchange,”a“negotiablepromissorynote,” oranotherformofnegotiableinstrument.TheseinstrumentsaregovernedbyU.S.law.

Oncecreated,theinstrumentisthensoldbythesuppliertoaninvestorusingaprocesssimilartothatofopen-accountreceivablessales,butitusuallyinvolvesaphysicalembodimentofthenegotiableinstrument.Theinvestortakesphysicalpossession oftheinstrumentuponpurchase,thenpresentstheinstrumenttothebuyerforpaymentontheinvoicematuritydate.Insomecases,thecreation, acceptance,assignment,andpresentmentoftheinstrumentarehandledentirelybytheinvestor, withnoneedforthesupplierandbuyertoexchange aphysicaldocument.

BecausetheseinstrumentsaregovernedbyU.S. lawandowedbyaU.S.buyer,theyarefreeofmostforeign-lawconstraints,evenifthesupplierisanon-U.S.company.Thus,negotiableinstrumentsallowaninvestorworkingwithaU.S.-based buyertopurchasereceivablesfromawider universeofsuppliersthanitcouldunderan open-accountprogram.

Theotherkeyadvantageofaninstrument-basedprogramiswhat’sknownasthe“holderinduecourse”doctrine.Section3-302oftheUCCdefinesa“holderinduecourse”asonewhotakesaninstrument forvalueingoodfaith,absentanynoticethatitisoverdue,hasbeendishonored,orissubjecttoanydefenseagainstitorclaimtoitbyanyotherperson. Ifthepurchaserofanegotiableinstrumentisaholderinduecourse,thepurchasermaynotbesubjecttomanyofthedefensesavailabletocreditorsunderArticle9oftheUCC.Thismeansthat,unlikewithopen-accountprograms,invoicessoldasnegotiableinstrumentswillgivetheinvestorpriorityagainstclaimsofthesupplier’sothercreditors,includinginabankruptcyproceeding.Investorsshouldtakenote,however,thatwhiletheseprogramsarebuiltonsolidlegalfoundations,thereislittleornocaselawontheissueofwhetheraninvestorinthistypeofsupplychainprogramwouldqualifyasaholderinduecourse.Inaddition,investorsoftendonotneedtodealwiththeUCCrecordingsystemwhen purchasingnegotiableinstruments.

Ontheotherhand,thistypeofprogramismorecumbersomethananopen-accountprogramand maybeunfamiliartomanyU.S.suppliers.

Key Considerations in Structured Vendor-Payables ProgramsBuyersconsideringimplementingastructuredvendor-payablesprogramwillwanttoconsiderafewkeyissues.Thefirst,andperhapsthemostobvious,isthattheseprogramsrequireclosecoordinationamongthebuyer’streasury,legal,andpurchasingfunctions.

mayer brown 9

Theinitialnegotiationwithprospectiveinvestorsisusuallyledbyacompany’streasuryandlegalteams,butthepurchasingfunctionisgenerallyresponsibleforon-boardingsuppliersandmaintainingtheprogram.Alackofcoordinationamongthese departmentscaneasilyleadtoimplementationofasuboptimalprogramandunderutilizationoftheprogrambythecompany’ssuppliers.

Thesecondkeyissueconcernstheaccounting treatmentofastructuredvendor-payablesprogram.Forthebuyer,thechiefaccountingpriorityisusuallytoavoidhavingtoreclassifytheaffectedpayablesasshort-termindebtednessonitsbalancesheet.Suchreclassificationisusuallyunfavorablebecauseitincreasesthecompany’sbalancesheetleverage,whichmayaffectfinancialcovenantsandratioscontained inloanagreements,indentures,andemployee compensationagreements,amongothercontracts.

These programs require close coordination among the buyer’s treasury, legal, and purchasing functions. A lack of coordination among these departments can easily lead to implementation of a suboptimal program and underutilization of the program by the company’s suppliers.

Unfortunately,nospecificU.S.GAAPguidanceaddressestheaccountingforstructured vendor-payablesarrangements.In2003and 2004,SecuritiesandExchangeCommission(SEC)staffmadeconferencepresentationsoutlininggeneralguidanceforcompaniesthatreporttotheSEC1. Theynotedthatinspecificsituations,certain characteristicsofstructuredvendor-payables arrangementsmaycausesupplierpayablestobereclassifiedonthebalancesheetofthebuyerasshort-termindebtedness.LackingspecificGAAPguidance,mostauditorsusethesecommentsasaguideinmakingdeterminationsregardingbalancesheettreatment.

Auditorsaremorelikelytorequireindebtednesstreatmentwhenastructuredvendor-payablesarrangementhasanyofthefollowingcharacteristics:

• Theeconomictermsandcharacterofthe obligationsowedtotheinvestoraredifferent fromtheobligationsthebuyerpreviouslyowed tothesupplier.

• Thebuyeragreestocoverthesupplier’sfinancingcostsorotherobligationstotheinvestor.

• Supplierparticipationintheprogram ismandatory.

• Thebuyerhasexcessivecontrolinthenegotiationofdocumentationbetweenthesupplierand theinvestor.

Mostlegaldocumentationusedbysophisticatedinvestorsinstructuredvendor-payablesprogramsisdesignedtoaddresstheseconcerns.However,buyersshouldbesuretodiscusstheimplementationofanysupplychainfinancesolutionwiththeirinternal andexternalauditorswellbeforetheystartrolling outaprogram.

1. SEC Staff Speeches: 2003 and 2004 AICPA National Conference on Current SEC and PCAOB Developments. Robert Comerford: “Classification and disclosure of certain trade accounts payable transactions involving an intermediary.”

An Alternative: Non-Recourse Receivables PurchaseAcloserelativeofstructuredvendor-payables programsisanon-recoursereceivables-purchasesolution.Thisisoftendescribedasa“factoring”arrangement,butthat’samisleadingdesignationbecausethesefacilitieshavelittleincommonwiththesmall-scalefinancingmechanismtraditionallyprovidedbyfactoringcompaniesintheUnitedStates.

Muchlikeanopen-accountpayablestransaction,areceivables-purchasefacilityentailsasuppliersellingoneormoreinvestorsitsrightstocertainaccountsreceivableowedbyaparticularbuyer.Abigdifference


isthatthebuyer’sinvolvementisminimalbeyondintroducingtheinvestortoitssupplierbase.Thebuyerdoesnothavetoconfirmeachinvoicebeforethereceivablecanbesold.Infact,aninvestormightprovidethesetypesoffacilitiestosupplierswithoutthebuyerevenknowingaboutit.Anotherbenefitforthebuyeristhatareceivables-purchasefacilitygenerallydoesnothaveanyaccountingcomplicationsforthebuyer.

A close relative of structured vendor-payables programs is a non-recourse receivables-purchase solution. This is often described as a “factoring” arrangement.

Forsuppliers,thesefacilitiescanprovidemuch higheradvanceratesandloweroverallcosts comparedwithmoretraditionalasset-basedloanfacilities.Theycanalsoassistsuppliersinmonetizingexcesscustomerconcentrationsthatwouldbeexcludedbytheborrowing-basefundingformulasfoundinmostasset-basedloan(ABL)agreementsoraccountsreceivablesecuritizations.TraditionalABLandsecuritizationfacilitieswilloftencontainstrictconcentrationlimitsonthepercentageofreceivablesofaparticularobligorwhichmaybeusedtogeneratefundingavailability.Theselimitscanoftenbeaslowasafewpercentagepoints.Formanysupplierstoindustrieswithasmallnumberofdominantbuyers(e.g.,retail,auto)theselimitationscanresultinthesupplierbeingunabletomonetizealargepercentageofitsoutstandingreceivables.

Finally,unlikeastructuredvendor-payablesprogram,whichwillusuallyrequireagreatdealofworkatthebuyertoimplementandrolloutamongitssupplierbase,thesetypesoftransactionscanbeexecutedquicklyandsometimesevenonaone-offbasis.

Thedownsideofthesefacilitiesfortheinvestoristhatthereisnodirectconfirmationfromthebuyerthatitwillpaytheinvestor.Thus,investorsinthesefacilitiesareverykeentomakesurethatwhattheyare acquiringfromthesupplierisavalidandenforceableclaimagainstthebuyer.Theinvestorusuallyconductssignificantlymoreduediligenceonsuppliersbeforeenteringthesetransactions,anditpayscloseattentiontomakingsurethatthesupplieristransferringthereceivablesviaalegaltruesale.

The Future of Trade Receivables MonetizationAllthreeofthesetypesofarrangementshelp suppliersaccessimprovedliquidity,whetherornottheirbuyerislookingforextendedpaymentterms.Mostofthesestrategiescanbeimplementedwithfew,ifany,directexpensestothebuyer.

Tradereceivablesmonetizationisparticularly popularintheconsumerretail,automotiveand othermanufacturing,chemical,andpharmaceuticalsectors.Buyersintheseindustriestendtohaveextensivesupplychainsthatareglobalinscope,andgenerallythebuyersarelarger,withamorefavorablecreditprofile,thanmostoftheirsuppliers.However,thebenefitsofmonetizingtradereceivablesaren’tlimitedtoafewbusinesssectors.Thesestrategiesmaybeutilizedbyanybuyerwithasolidcreditratingandadiversesupplierbase,orbyanysupplierwhosebuyershavehighcreditquality.

Alotishappeninginsupplychainfinance,anditseemslikelythattherecentgrowthinpopularityoftheseprogramswillcontinuewellintothefuture.BasedonourownpipelineofprojectsatMayerBrown,weexpecttobetalkingaboutstructuredtradereceivablessolutionsforalongtime.Staytuned.

mayer brown 11

TheGeneralDataProtectionRegulation:TheStatusoftheNegotiationstoImplementaNewDataProtectionLawthroughoutEurope

Oliver Yaros

SignificantprogresshasbeenmadetofinalizetheEuropeanCommission’s2012proposaltocompletelyreformtheEuropeanUnion’sdataprotectionlaws—thenewGeneralDataProtectionRegulation(GDPRorRegulation).ThecurrentEUdataprotectionregime,theEUDataProtectionDirective95/46,iswidelyconsideredtobeinadequateinlight ofadvancesintechnologythatrelyontheuseofpersonaldatasuchasbigdataanalytics.Reformisneededto“future-proof”dataprotectionlawwhilesimultaneouslyprotectingtherightsofindividualsandallowingbusinessestoutilisepersonaldata.

TheproposalisalsoanopportunitytoharmonisedataprotectionlawacrosstheEuropeanUnion.AsthecurrentEUdataprotectionregimewasdraftedasaDirective,eachMemberStateenactedtherulesinitsownway;theendresultbeingapatchworkofdataprotectionregimesthroughoutEuropethatsometimesconflictwitheachother.TheGDPRwillbedirectlyapplicableinthesameforminallMemberStatesandwill,hopefully,reducetheneedforspecificlocaladviceineachMemberState.

InMarch2014,theEuropeanParliamentpublisheditsproposedtext

oftheRegulationfollowingextensiveamendmentstotheCommission’soriginaldraft.TheEuropeanCouncilofMinistersthenpublisheditsfulldraftoftheRegulationonJune15,2015,havingdebatedtheParliament’sdraftinapiecemealfashionsinceMarch2014.Whileagreeingonsomekey dataprotectionproposals,theParliamentandtheCouncilareindisagreementoverothers.TheParliament’sprescriptiveapproachreflectstheconcernoverdata protectionraisedbytheSnowdenrevelationsduringtheParliament’sreview.TheCouncil,composedofgovernmentrepresentativesforeachMemberState,hasadoptedamore“riskbased”approach,whichallowsorganisationstojudgetheimpactoftheirdataprocessingactivitiesforthemselves.TheEUinstitutionsarecontinuingnegotiationstodecideuponafinaldraftwhichishopedtobeapprovedbytheendofthisyear.

Significant progress has been made to finalize the European Commission’s 2012 proposal to completely reform the European Union’s data protection laws—the new General Data Protection Regulation (GDPR or Regulation).

Oliver YarosLondon+44 20 3130 [email protected]


ThisarticlehighlightsanumberofkeychangesproposedbythevariousdraftsoftheRegulation,boththosechangeswheretheCouncilandtheParliamenthaveadoptedasimilarapproachandthosewherethereisahighdegreeofdiscrepancybetweentheEUinstitutions,allofwhichwillaffectorganisationswhichprocesspersonaldata.

The Regulation introduces the concept of “privacy by design,” whereby appropriate levels of security are built into an organisation’s data processing procedure.

Privacy by DesignTheRegulationintroducestheconceptof“privacybydesign,”wherebyappropriatelevelsofsecurityarebuiltintoanorganisation’sdataprocessingprocedure.Datacontrollersarerequiredtotakeaproactiveapproach,ensuringthatanappropriatestandardofdataprotectionisthedefaultpositionforalldatacontrollerstotake.

TheParliament’sdraftdetailstheobligationsoforganisationsheretoagreaterextentthantheCommission’sdraft,forexample,byrequiringcontrollerstotakeaccountofthestateofcurrenttechnicalknowledgeandinternationalbest practicewhenimplementingtechnicaland organisationalmeasures.TheParliamenttextextendstheobligationtodataprocessors.TheCouncil’sdraftisclosertotheCommission’sapproach,whichallowsthecontrollertotakeaccountofthecostofimplementingtherequiredmeasures.TheCouncil’sdraftrequirescontrollerstoconsidertherisksposedtoindividualsbytheprocessinginsteadofsettingprecisebenchmarksforcompliance,andmakessuggestionsabout howtominimiserisk,forexamplebyencryptingpersonaldataorusingpseudonymisation.

ThecurrentThecurrentDirectivehasno equivalentconceptofprivacybydesign,soa

legalrequirementfororganisationstochange theiroverallapproachtodataprocessingwouldbeafundamentaladjustmentforcontrollers.

GovernanceUndertheGDPR,datacontrollerscouldberequiredtoappointaDataProtectionOfficer(DPO)tocarryoutrelevantassessmentsofanorganisation’sdataprocessing,althoughthisproposalhasbeenthetopicofmuchdebate amongtheEUinstitutions.ThedraftsproposedbyboththeCommissionandtheParliamentwouldobligatedatacontrollerstodesignateaDPOwhentheirprocessingreachescertainthresholds.However,theappointmentofaDPOisnot mandatoryundertheCouncil’sdraft(unlessotherwiserequiredbynationallaw).

The Regulation introduces an express obligation for controllers to notify breaches of security relating to personal data to the relevant data authority where the breach is likely to cause a degree of risk to the data subject.

Datacontrollerswillberequiredtoundertakeimpactassessmentsforhigher-riskprocessing.Theseassessmentswouldgenerallyincludeanevaluationoftheriskposedtothedatasubjectaswellasthemeasuresenvisagedtoaddresstherisk.TheCouncil’sdraftsuggeststhatonly“high-risk”situationswouldnecessitateamandatoryimpactassessment,whereasa“specificrisk”wouldtriggeranassessmentintheParliament’stext.TheParliamentalsosuggestscarryingoutgeneralimpactassessmentsinrelationtotheprocessingofdataprotectiononceeverytwoyears.

Itremainstobeseenwhetherorganisationswill beabletocarryouttheserelevantassessmentswithoutthedesignationofaDPO,whethersuchappointmentismandatoryornot.

mayer brown 13

Processor LiabilityProcessorswillhavedirectobligationstocomplywiththeGDPRundercertaincircumstances.TheyalsowillbeliabletosanctionsforbreachingtheGDPR,whereasundercurrentlegislation(atleastintheUK),allresponsibilitytocomplywiththelawfallsonthedatacontroller.TheexactobligationsareyettobeagreeduponbytheParliamentandtheCouncil,butitisclearthatprocessorswillbeheldaccountablefortheirownlevelofappropriatesecurityandmustdocumenttheirprocessingtothesameextentrequiredbycontrollersunderthenewRegulation.Processorsmustobtainthepriorconsentofthecontrollertoemploysub-processors,whilecontrollersmustonlyuseprocessorswhichprovidesufficientguaranteestoimplementappropriatemeasurestomeettherequirementsoftheRegulation.

Contractswiththirdpartieswillneedtobeamendedtoaddresstheshiftinresponsibilitiesforprocessors.

Notification ObligationsTheRegulationintroducesanexpressobligationforcontrollerstonotifybreachesofsecurityrelatingtopersonaldatatotherelevantdataauthoritywherethebreachislikelytocauseadegreeofrisktothedatasubject.TheCouncil’sandtheParliament’sdraftsrequireadetailednotificationtobemadetothedataauthoritypromptly.Datacontrollersmustnotifytheauthoritywithin72hoursofthebreachandproces-sorsmustnotifytherelevantdatacontrollerofthesamewithoutunduedelay.Controllersmustalsocommunicatethefactthattherehasbeenapersonaldatabreachtothedatasubjectpromptlywherethereisahighrisktotheindividual’srightsandfreedoms.

Policiesofcontrollersandprocessorsthatrelatetorespondingtosecuritybreacheswillneedtobeamendedandtestedaheadoftheimplementation oftheRegulation.

The Data Subject’s RightsIndividualswillhavetherighttohavetheirpersonaldataremovedfromacontrollerorprocessor’ssystemoronlinecontent(the“righttobeforgotten”).TheCouncilhasclarifiedthatthisrightisnotabsoluteandwillalwaysbesubjecttothelegitimateinterestsofthepublic.Controllerswillneedtojudgewhether freedomofexpressionandinformationprevails overtheprotectionofpersonaldata.

Datasubjects’righttodataportability(theright haveaperson’sdatatransferredtoanotherserviceprovider)hasbeenendorsedbytheCouncil.However,theCouncilhasrestrictedtheapplicationofthisrighttopersonaldataprovidedbytheindividual.

Processors will have direct obligations to comply with the GDPR under certain circumstances. They also will be liable to sanctions for breaching the GDPR, whereas under current legislation (at least in the UK), all responsibility to comply with the law falls on the data controller.

Individualswillalsohavetherightnottobesubject toautomateddataprofiling(wherethiswould producea“legaleffect”).TheCouncil’sdraftallowsprofilinginspecificcircumstances(suchastaxevasionmonitoring)andwheredatasubjectshaveprovidedexplicitconsent.Thepracticaldifficulties ofobtainingthisconsenttocarryout“bigdata”analyticsprojectsmaybedifficulttoachieve andprofilingmaybehardtojustifyunder alternativegrounds.

International Application of the RegulationTheCouncilhasretainedtheextendedterritorialscopeoftheGDPR,withthelegislationapplyingdependingonthetypeofdataprocessingbeingundertaken,notwherethatprocessingisbeing


carriedout.Datacontrollerslocatedoutside theEuropeanUnionthatprocesspersonaldatainrelationtoofferinggoodsorservicestoindividualswithintheEuropeanUnion,orasaresultof monitoringindividualswithintheEuropean Union,willbesubjecttotheRegulation.Non-EUorganisationswillneedtoconsiderwhethertheiractivitiesarecaughtbytheRegulationandwhethertheymustappointaEuropeanrepresentativetotakeresponsibilityfortheiractions.

Individuals will have the right to have their personal data removed from a controller or processor’s system or online content (the “right to be forgotten”).

HarmonisationTheCommissionandtheParliamentoriginallyenvisagedthattheGDPRwouldensurethatonedataprotectionlawwouldbeapplicabletoallEUMemberStatesunderthebannerof“OneContinent,OneLaw.”However,theCouncil’sdraftprovidesmorethan40exceptionstotheapplicationoftheGDPR,which aredependentuponadditionalfactors—largelythenationallawsoftheMemberStates.Ifthese exceptionssurvivetothefinaldraft,therewill continuetobeadiscrepancyinthenationaldataprotectionlawsthroughouttheEuropeanUnion andlocaladviceondataprotectionlawswillstillberequiredonanumberofissues.

Furthermore,theCommission’sproposalfor anynationaldataprotectionauthoritytoactasa“one-stop-shop”foranorganisation’scompliancewithdataprotectionlawthroughoutEuropehasbeensignificantlydiluted.TheCouncil’sdraftstill requiresorganisationstoliaisewiththesupervisoryauthoritiesfromdifferentMemberStateswherethereisaninternationaldataprotectionissueasopposed todealingwithjustoneauthorityasproposedby

theCommissionandtheParliament.Ifthispositionremains,theGDPRwillbeseenasamissed opportunitytoharmoniseEuropeandata protectionlaws.

SanctionsTheGDPRwillseefinesimposedonorganisationsthatbreachEUdataprotectionlawrisewellabovethecurrentmaximumfinethatcouldbeimposedbytheInformationCommissionerOfficeintheUnitedKingdom(currently£500,000),for example.TheCouncil’sdraftsupportstheCommission’sproposaltolimitmaximumfines forabreachoftheGDPRto2percentofan enterprise’sworldwideturnover,or€1million,whicheverishigher.TheselevelsaresignificantlylowerthantheParliament’ssuggestedmaximumfinesofupto€100millionor5percentoftheentity’sturnover.

What Next?Thethreeinstitutionshavenowenteredacloseddoorseriesofnegotiationstoagreetothe finaltext.Giventheinformalnatureofthesenegotiations,thereisnocleardeadlineforthepartiestocometoaconsensusonthefinalversionoftheGDPR.ToughnegotiationswillberequiredtobridgethedisparitiesbetweentheParliamentandtheCouncil,soafinaldraftisunlikelytobeconcludedbeforetheendofthisyear.

Oncethelegislationisfinalised,thereislikelytobeatwo-yeartransitionperiodtoadheretothenewrules.Therefore,theGDPRcouldbeinforcethroughouttheEuropeanUnionbytheendof2017.Organisations(bothinsideandoutsideEurope)shouldexaminethenewrulesverycarefullytoidentifythechangesthattheyneedtomaketoensurethattheyarecompliantwiththeGDPRbeforeitcomesintoforce,particularlyinlightoftheenhancedsanctions.

mayer brown 15

Accordingtosomereports,theInternetofThingsoriginatedin1982,whencomputerscientistsatCarnegieMellonUniversityaddedsensorstoacampusCokemachineandconnectedittothelocalnetworksotheycouldcheckhowmanyCokeswereleftwithoutleavingtheirworkstations.Primitivethoughitwas,that experimentofferedaglimpseoftheefficienciesthataworldofsimilarlyconnecteddevices—anInternetofThings(IoT)—mightsomedaybring.Today,theworld’seconomiesarebrimmingwithInternet-connecteddevices,some5to10billionofthem,growingtowardapredictedtotalof40billionbytheyear2020.Atscaleslikethese,thepromiseofIoTcomesintosharpfocus:Combiningmassiveconnectivitywiththebigdatathatf lowsfromit,thosebillionsof connecteddevicesaresending constantupdatesontheiruse,andtheirusers,backtobusinessesforanalysis,withthepotentialforvastsavingsandprofitstoresult.

The FTC outlined three main categories of measures that businesses should take to protect against privacy and security risks in connected devices: (i) security by design, (ii) data minimization and (iii) notice and consent.

Inshort,theInternetofThingsisnotjustforcomputerscientistsanymore.Nor,forthatmatter,isitjustfortechnologycompanies.Ifanything,theIoTholdsitsgreatestpromise forbusinessessellingthekindsofrelativelylow-techproducts— automobiles,manufacturingtools,homeappliances,hospitality services—thataremostlikelyto betransformedbyaninjectionofsmart,connectedtechnology.But iftheInternetofThingsisa particularlycompellingpropositionforthesetypesofbusinesses,it alsoexposesthemtoapeculiar setofrisks.

Generallyspeaking,theperilsofInternetofThingstechnologystemfromthesamecoreissuesthatcreateitspromise:connectivityanddata.Connecteddevicescanberemotelyhackedandturnedagainsttheirlegitimateusers.Additionally,themassivecollectionofdatainvitesmisuseofthatdata,bothbyhackersandbythebusinessesthatcollectit.Whilethesethreatsfaceany businessthatchoosestoadoptIoTtechnology,themakersoftraditional,mass-producedgoodsareinsomewaysparticularlyvulnerabletothem.Foronething,suchbusinessesaretypicallylargerandmoreestablishedthantechcompanies,withhigh

TheInternetofThings:PromisesandPerilsforTraditionalProductMakers

Paul J. N. Roy Julian Dibbell

Paul J. N. RoyChicago+1 312 701 [email protected]

Julian M. DibbellChicago+1 312 701 [email protected]


profilesandbroadconsumerbasesthatmake themespeciallyattractivetargetsforhackers.Atthesametime,however,theytypicallylackthetechcompanies’nativecapacitytoassessanddefendagainstcybersecurityanddatarisksandlackexperiencedealingdirectlywithconsumerswho normallypurchasetheirproductsthroughthirdparties.Borrowingsomeofthatexpertise,whetherbypartneringwithorhiringtechnologyvendors,willoftenmakesenseforaconventionalproductmakerventuringintoIoT.Butdoingthatinturncreatesthepotentialforcomplications—culturalfrictions,misallocatedrisks—thatcomeswithanysuchrelationship.

NoneofwhichistosaythatconventionalproductmakersshouldresistexploringtheInternetofThings.Buttomakethemostofitspromise,theyshouldtakecaretounderstanditsperils—andhowbesttoguardagainstthem.

Knowing the RisksConnectingproductstotheInternetof Thingscreatesanarrayoflegalrisks,includingenforcementactionsbyregulatorsliketheFederalTradeCommission(FTC),lawsuitsbyother businessesandclassactionsbyconsumers.Asvariedastheserisksmaybe,however,theyallessentiallyrevolvearoundthetwocoreissuesofconnectivityanddata.

ConneCtivit y Risks

ThechiefriskcreatedbyconnectingaproducttotheInternetisthatathirdparty—neithertheauthorizeduserofthedevicenorthebusinessthatproducedandstillcommunicateswiththedevice—willusethatconnectiontogainunauthorizedaccesstothedevice.

Theconsequencesofsuchanattackcanbedrastic.Theintrudermaygainnotjustaccessbutcontroloftheproduct,inwhichcasethepotentialdamagetolifeandpropertymaybelimitedonlybythenatureoftheproduct.Amongthreatstoconsumers,vulnerabilitiesinconnectedautomobileshavelatelymadedramaticheadlines,focusingontheabilityofhackersto

remotelycutthebrakesorthepoweronsome late-modelcars.Butthereisevidencetosuggestthatthethreatstobusinessandmanufacturing(wheremorethan40percentofconnecteddevicesaredeployed)areatleastasformidable.Famously,forexample,thefirstcyberattacktophysicallydamageaconnecteddevicewastheIsraeligovernment’sallegeddeploymentoftheso-calledStuxnetcomputerwormtoincapacitateanIraniannuclearreactor.Andlastyear,hackersmanagedtogaincontrolofaGermansteelplant’sblastfurnace,doingseriousdamagetoitintheprocess.

Generally speaking, the perils of Internet of Things technology stem from the same core issues that create its promise: connectivity and data. Connected devices can be remotely hacked and turned against their legitimate users.

Moreover,physicaldamageisnottheonlykindofdamageacyberattackonaconnecteddevicecaninflict.Sensitivepersonaldatacanbestolendirectlyfromconnecteddevicesusedbyconsumers.Tradesecretsandothersensitivecommercialdatacanbeliftedfromdevicesusedbybusinesses.

Nordoesthedamagehavetobedonebythirdparties,orevenwithintenttodoharm.Manufacturedproductshavealwaysbeensubjecttodangerousmalfunctions.Inconnecteddevices,thecomplexity ofembeddedsoftwarecreatesanaddedlayerofsusceptibilitytomalfunction.Thefactthatsuchsoftwarecanbeupdatedremotelycreatesfurtheropportunitiesforthingstogounintentionallywrong.

Data Risks

Seekingtomaximizethevalueofthepersonalorcommercialdatacollectedfromconnecteddevices,businessesmaycollectkindsoramountsofdatathatthedatasubjectsdidnotconsenttoshare,ordidnotexpecttosharegiventhevaguenessorgeneralityofthelanguagetheydidconsentto.Businessesmayalsoputthecollecteddatatousesthedatasubjectsdonot

mayer brown 17

believetheyagreedto.Oversteppingtheboundsofconsentinanyofthesewayscangiverisetoprivacyviolations(forpersonaldata)ortobreachesoftradesecrecyorconfidentiality(forcommercialdata).

Conversely,ifdatacollectedbyabusinessshowswaystoimprovethesafetyorreliabilityoftheproduct, andthebusinessfailstoperceiveortoactonthatevidence,thatfailurecouldbeheldagainstitina laterproductliabilitysuit.

Mitigating the RisksInarecentreportontheInternetofThings,theFTCoutlinedthreemaincategoriesofmeasuresthatbusinessesshouldtaketoprotectagainstprivacy andsecurityrisksinconnecteddevices:(i)security bydesign,(ii)dataminimizationand(iii)noticeandconsent.Takingeffectivemeasuresacrossallthreecategoriesshouldweighinabusiness’sfavorinanyenforcementactionbytheFTC.Itmayalsocutshortanyprivateclaimsbroughtforbreachesofprivacy or security.

seCuRit y by Design

Businessesshouldensurethatsecuritymeasuresarebuiltintothedevicefromtheoutset,andthatanyoutsidevendorshiredforthepurposecananddobuildthemin.

The chief risk created by connecting a product to the Internet is that a third party—neither the authorized user of the device nor the business that produced and still communicates with the device—will use that connection to gain unauthorized access to the device.

Aspartofsuchbuilt-insecuritymeasures,businessesshouldalsoensurethatthedevice’ssoftwarecanberemotelyupdatedforsecuritypurposes,andshouldsecureanyend-userconsentsrequiredtodothatlawfullythroughoutthelifecycleofthedevice.Thatsaid,however,businessesshouldrecognizetheuniquechallengesinvolvedinimplementingremoteupdatesofconnecteddevices.Comparedtomoreconventional

computingdevices,suchasdesktopandlaptopcomputersorsmartphones,IoTdevicesmaybeconnectedtotheInternetsporadically.Forconnecteddevicesthatareparticularlydurablegoods—tractorswithproductlivesof20years,forexample—thesoftwareorassociatedhardwareembeddedinthedevicemayeventuallybecomesoobsoletethatitcannotbeupdatedatall.(Similarly,anyoutsidevendorhiredtomanagethedevice’ssecurity maybecomeunavailablebeforethedevicegoes outofservice.)

Forthesereasons,businessesshouldnotrelyentirelyontheabilitytoupdatedevices.Rathertheyshouldensurethatadevice’son-boardsecurityisasrobustasitcanbebeforeshipping,andanticipatetheneedtooffercomponentretrofitstoenablecontinuedupdates.

Data MiniMization

Incollectingdatathroughconnecteddevices, businessesshouldcollectandretainonlyasmuchofitasthebusinesshasanimmediateusefor.Minimizingtheamountofdataretainedwillminimizeanyrisksassociatedwithdataretention,includingdatatheft,misuseofdata,andfailuretoactondata.

notiCe anD Consent

Businessesshouldensurethataconnecteddevice’sendusershaveadequatenoticeoftheusestheirdatawillbeputtoandthattheyconsenttothatuse.

Thismaybeeasiertodowheretheendusersareotherbusinessesratherthanconsumers.Foronething,consumerswillbemorelikelytolookforanyrelevantnoticeonthedeviceitself,which,fordeviceswithoutconventionalinterfaces,maynotbeanopportuneplaceforit.Businesses,ontheotherhand,willtend tobemoreattentivetoandsophisticatedaboutanytermsofusepresented.Moreover,totheextent thatthetermsappeartoclaimrightsnotnormallyretainedbythemanufacturerofaconventionalconsumerproduct,suchnoticemaycreate reputationalcostsforthebusiness.Thus,for consumer-facingproducts,businessesshouldrelymoreondataminimizationthanonnoticetooffsettheriskofexceedingthedatasubject’sconsent.


Thesecondquarterof2015sawa recordhighinthenumberofsourcingdeals,globally.But,whilevolumesareincreasingandthemarketappearstobegrowing,theannualcontractvalueanddurationofthesetransactionscontinuestodecline.

RecentlyreleaseddatafromISG,aglobaltechnologyinsights,marketintelligenceandadvisoryservicescompany,showedarecordhighof451outsourcingcontractssignedinQ2,andatotalof754agreementsinthefirsthalfof2015.However,theISGOutsourcingIndex,whichprovides aquarterlyreviewofsourcingindustrydata,alsoshowedthatduringQ1 of2015theannualcontractvalue wasdown14percentfromthe previousyear.

Whyareweseeingthisincreaseindealactivitybutadecreaseincontractvalue?Isitsolelythemovetowardautomationandgreaterdigitizationcausingadecreaseinprice?Orarethereotherfactorstoconsider?Doesthistrendhavethecapacitytofundamentallychangethewaycustomerscontractfor third-partyservicesandifso,what cancustomersexpect?

Migration from Traditional SourcingWhileagreaternumberofsmallerdealsinthemarketplaceisnotanewtrendfor2015,wealsohaveseengreatermigrationawayfromthetraditional,tower-centricsolutionsanddedicateddatacenters.Instead,morecustomersareoptingfor application-centricsolutionsandshareddatacenterswherespecializedservicesareprovidedbysmaller,nicheproviders.Thismigrationhasmeantadefiniteshiftawayfromsole-sourceenvironmentswherelarge,globalsuppliershaveafunction-wide scope,providingtheend-to-endenvironmentincludingmanagementandmaintenanceofassets.Instead,customersarenowseparatingassetpurchasesfromservicesandchoosingsuppliersbyservicescoperatherthanbyfunction,leadingtoamulti-sourcedenvironmentwithinagivenfunction.

The“as-a-service”approachtoservicedeliveryisfacilitatingthemovementfromtraditionalmethodsofservicedeliverywithspecialistproviderscapableofofferingXaaS(everythingasaservice).Traditionalhardwareand

VolumeUp,ValueDown:AGrowingTrendinSourcing

Peter Dickinson Megan Paul

Megan PaulLondon+44 20 3130 [email protected]

Peter DickinsonLondon+44 20 3130 [email protected]

mayer brown 19

softwareofferingsnolongerallowenterprises sufficientflexibilitytoevolveandkeeppacewithtechnologicaladvancement,dataanalyticsanddatastorageandintelligentcostcontrol.

New TechnologiesPerhapsmostrelevantintheITandBPOmarkets,customersareseekingopportunitiestocapitalizeontechnologicaladvancement.Smallersuppliers,withdistinctcapabilitiesindisruptivetechnologies,arereadywithspecializedexpertisetomakethat expectationareality.Thepaceofchangeisincreasing,andcustomersneedtorecognizetheimportance ofrationalizingtheirsourcingportfoliostotakeadvantageofgreaterautomationanddigitization.

While a greater number of smaller deals in the marketplace is not a new trend for 2015, we also have seen greater migration away from the traditional, tower-centric solutions and dedicated data centers.

Realizingthisneedwillbeakeycomponenttoacustomer’ssourcingstrategy.Itwillgivecustomers theopportunitytoassesstheircurrentsourcingenvironmentandthescopeoftheirexisting agreementsandtounderstandwheretechnology canstreamlineprocesses.Thiswillfacilitate processefficienciesandcostreduction.

But What Does This Mean for the Marketplace?Customersexpectsupplierstoknowhowtotakeadvantageofthetechnologicaladvancementstostreamlineandrefineprocessesandsignificantly drivedownpricing.Asaresult,amorecompetitivemarketplacewithgreaterimportanceontechnologyandintelligentcostcontrolisemerging.Suppliersarebeingforcedtoadapt,anddifferentiationiskey—in

respectofbothpricingandserviceoffering.However,it’snotallbadnewsforsuppliers.Asaresultofthemoveawayfromthetraditionalservicedeliverymodel,thereislikelytobegreateropportunityinthemarketplaceforthesmalltomediumsuppliers,providingtheyhaveauniqueskillsettooffer.

Suppliersmayalsobenefitfromtheimpactthistrendishavingonthecontractingprocess.Intheabsenceofaverysophisticatedcustomer,wearelikelytoseeanincreaseintransactionsdoneonsuppliertermsandconditionswithlimitedbespoketailoringasamorestandardizedapproachtocontractingisadopted;reflectiveperhapsofamorestandardizedas-a-servicesolution.

Thisincreaseinthenumberoflower-valuedealsislikelytoimpacthowcustomersviewthecontractingprocessaswellasthecostandtimededicatedto eachtransaction.Supplierselectionmaybecome moreofachallengewhencontractingonsuppliertermsascomparisonsmaybemoreopaque.Amorestreamlinedapproachtotenderingwillsurelyneedtobeadoptedtoallowatruelike-for-likecomparisonbeforeanintelligentsupplierselectioncanbemade.ComprehensiveRFPsarelikelytobecomeless commonasthedemandincreasesforamoreagile,immediateformofpre-contractingtokeeppace withemergingtechnologiesandchanging businessrequirements.

Asaresult,thecontractingprocessislikelyto becomemorestreamlinedwithagreaterappetite forautomateddocumentationanda“lighttouch”approachtolegalinputwhereservicesare standardizedandcontractsarelowerinvalue.However,legalcounselshouldbemindfuloftheoperationalandlegalrisksassociatedwiththesecomplexrelationshipsandrecognizethatcontractswithalowervalue(usuallybecauseofamore nichescope)areneitherlowrisknoroflowstrategic


importancetothebusinessorITinfrastructure. Costsassociatedwiththecontractingprocessshouldbekeptundercontrol,buttheyshouldnotbea mainconsiderationduringsupplierselectionwhenoutsourcingcriticalservicesorwhenreviewing therisksassociatedwithcontractingonsupplier termsandconditions.

The “as-a-service” approach to service delivery is facilitating the movement from traditional methods of service delivery with specialist providers capable of offering XaaS (everything as a service).

Governance Will Be KeyServiceintegrationandhigherlevelsofgovernancewillbecomeevermoreimportantasthemulti-sourcemodelbecomesmoreprevalentandthecomplexityoftherelationshipbetweenmultiplesuppliersandretainedorganizationsandfunctionsincrease. Amulti-sourceenvironmentwithincreasedITinterfaces,competitiveforcesandacomplexityofrolesandresponsibilitiessoundslikeagovernancedisasterwaitingtohappen.However,complexityassociatedwithmulti-sourcingismitigatedand,infact,capitalizeduponbysuppliersbroadening theirservicemanagementcapabilitiestopromotegovernanceasacorecompetency.

However,notalltheteamsplaynicelytogetheranditwillbethosesuppliersthatrecognizethebenefitofprovidingaspecialistserviceintegrationofferingthatwillultimatelysucceedinthisevolvingmarketplace.

Wheresuchmanagementcapabilityisnotoffered asaservicebyasupplier,acustomerwillhaveto

decidewhetheritiscapable(bothoperationallyandfinancially)ofprovidingthisimportantgovernancefunctionitself.Intheinstanceswhereitisnot,there islikelytobeanincreasedopportunityforanewcategoryofITservicesprofessional:theservicebroker.Theservicebrokermightdesign,source andprovideacompletemanagedservicewith centralizedgovernanceandaheavyemphasison dataanalyticstoeffectivelymanageamulti-sourcedenvironmentasastand-alonespecialistserviceoffering.Thesecontractscanraisetheirown uniquechallengesandthecomplexityofthe sourcingrelationshipwillincreaseforthecustomerorganization.However,contractswithaserviceintegrationspecialistshouldprovidethecustomeropportunitytotransfermuchofthesechallengesandassociatedrisktotheserviceintegrationspecialist.

Legal counsel should be mindful of the operational and legal risks associated with these complex relationships and recognize that contracts with a lower value (usually because of a more niche scope) are neither low risk nor of low strategic importance to the business or IT infrastructure.

ConclusionRegardlessofthesizeorvalueofthecontractsinplace,itiscriticalthatcustomersproperlyconsiderthecontractualandoperationalrisksassociatedwithamulti-sourcedenvironment.Evenwithincreaseinlowervaluecontracts,theymustimplementarobustgovernancemodeltoaddressthegrowingcomplexity oftheirthird-partyrelationships.

mayer brown 21

MassiMo CapRettaCounsel

Massimo CaprettaiscounselinMayerBrown’sChicagoofficeandamemberoftheBanking&Financepractice.Massimo’stransactionalpracticefocusesonrepresentingbothfinancialinstitutionsandcompaniesacrossabroadspectrumofdomesticandinternationalfinancingtransactions.Massimohasparticularexperiencewithdomesticand cross-bordertradereceivablessecuritization, asset-basedfinance,factoring,supplychain/vendorfinance,tradefinanceandotherreceivables monetizationstrategies.Heregularlyadvises clientsonthecreationandmanagementofbespokereceivablesfinancetransactions.Massimohasbeenaspeakerandpanelistonanumberofpresentationstoindustryparticipantsontopicsincludingreceivablesfinance,asset-basedlendingandcross-borderfinance.

Julian M. DibbellAssociate

Julian DibbellisanassociateinMayerBrown’sChicagoofficeandamemberoftheBusiness&TechnologySourcingpractice.BeforejoiningMayerBrownin2014,JulianworkedasajournalistandauthorcoveringtheInternetandotherdigital technologies.JulianreceivedhisJDdegreein2014fromtheUniversityofChicagoLawSchool,where hewasastaffmemberoftheUniversityofChicagoLawReviewandco-founderoftheLawandTechnology Society.

peteR DiCkinsonPartner

Peter Dickinson istheCo-headofMayerBrown’sGlobalBusinessTechnologyandSourcingpractice.Peter’spracticefocusesonmergersandacquisitions,jointventuresandothersignificantcommercialtransactionsincluding,inparticular,largescalemulti-jurisdictionaloutsourcingprojects.

Megan paulSenior Associate

Megan PaulisaseniorassociateintheCorporate&SecuritiespracticeoftheLondonoffice.Sheundertakesabroadspectrumoftransactionalcorporateandcommercialwork,focusingprimarilyoninternationalanddomesticoutsourcingtransactions,venturecapitaltransactionsandprivatemergersandacquisitions.Meganhasrepresentedclientsinmulti-jurisdictionalanddomesticsourcingtransactionsacrossavarietyofindustrysectorsincludinginformationtechnology,telecommunications,customerrelationshipandcallcentres,humanresources,cloudcomputingand facilitiesmanagement.Meganalsohasexperience withre-negotiatingsourcingtransactions,both domesticandinternational.

bR aD peteRson Partner

Brad Peterson,apartnerintheChicagooffice,focusesonoutsourcing,jointventures,strategicalliancesandinformationtechnologytransactions.Bradhasrepresentedcustomersindozensoflargeoutsourcingagreements,includingoutsourcingfinanceandaccounting,procurement,humanresources,ITinfrastructure,applications developmentandmaintenanceandotherfunctions.Bradhasalsorepresentedinformationtechnologybuyersinhundredsoftechnologytransactions,includingcloudcomputing,softwarelicensing,softwaredevelopmentagreements,hostedservicesagreements,andERPimplementationagreements.WithabackgroundintheITindustry,anMBAfromtheUniversityofChicagoandaJDfromHarvardLawSchool,heprovidespractical,business-orientedadviceoncontractingfortechnologyandservices.

mayer brown 21


MaRk a . pRinsley Partner

Mark PrinsleyisapartnerintheLondonoffice andtheheadoftheIP/IT,outsourcingandprivacypracticeinLondon.Hispracticeisfocusedon complexITandbusinessprocesstransactionswhicharefrequentlymultijurisdictionalandofteninvolveissuesrelatingtopersonaldata.Hispracticeinvolvesactingforcustomersatallstagesofoutsourcingtransactions,particularlyinthefinancial servicessector.

linDa RhoDesPartner

Linda Rhodes,partnerintheWashington,D.C.office,focusesherpracticeoncomplexcommercialtransactions,withaprimaryfocusonbusinessandtechnologysourcing.Shehasrepresentedawidespectrumofclients,includinglargemultinationalcorporations,inavarietyofindustries,suchasinformationtechnology,telecommunications, pharmaceuticals,healthcare,financialservices,insurance,energy,chemicalsandconsumerproducts.Shehassubstantialexperienceinleadingcontractnegotiations,bringingcomplextransactionstosuccessfulclosureandeffectivelymanagingtheinternationalaspectsofglobaltransactions.

paul J.n. RoyPartner

Paul J.N. RoyisapartnerintheBusiness&TechnologySourcingpracticeinChicagoand representsclientsinabroadrangeofinformationtechnologytransactions,includingtechnology development,implementation,support.Healsoregularlyadvisesclientswithoutsourcing transactions,includingoutsourcingofIT infrastructure,applicationdevelopmentand maintenance,andnetworkmanagementfunctions,andoutsourcingofbusinessprocessfunctions,includingfinancialservices,securities, andfinanceandaccounting,HR/employee servicesandCRMservices,amongother businessprocessfunctions.

DeRek sChaffneRCounsel

Derek J. SchaffneriscounselinMayerBrown’sWashingtonDCofficeandamemberoftheBusiness&TechnologySourcingpractice.Herepresentsclientsinawidevarietyofinformationtechnologyandbusinessprocessoutsourcingtransactionsandotherinformationtechnologylicensinganddevelopmenttransactions.Derek’srepresentativeinformationtechnologytransactionsincludetheoutsourcingof ITinfrastructureservicesandsupport,managednetworkservices,networksecurityservices, applicationdevelopment&maintenance, telecommunicationsservices,andcloudhostingservices.Hisrepresentativebusinessprocess sourcingtransactionsincludeERPdeployments, theoutsourcingoffinance&accountingfunctions,humanresource/employeeservices,andinternationalemployeerelocationservices.

oliveR yaRosSenior Associate

Oliver YarosisaseniorassociateintheIntellectualProperty&ITgroupoftheLondonoffice,havingjoinedMayerBrownasatraineein2004and admittedtopracticein2006.HeadvisesclientsonTMT,outsourcing,IT,dataprotection,privacy,e-commerceandIPissues.Oliveractsonglobalfinancialindustryutilityprojects,ITandbusinessprocessoutsourcingprojectsandITsystems procurementtransactionsaswellasadvisingarangeofclientsonmanye-commerceanddataprotectionissuessuchashowtocomplywithdataprotectionlawsthroughoutEurope,thechangeinthelawoncookies,theexportofpersonaldatafromtheEEA,conflictsbetweenprivacycomplianceanddisclosurerequirementsunderforeignlaw,theftorlossofdataandtheappropriateorganizationalandtechnicalmeasurestotaketoprotectdata.


About Mayer Brown Mayer Brown is a global legal services provider advising clients across the Americas, Asia and Europe. Our geographic strength means we can offer local market knowledge combined with global reach.

We are noted for our commitment to client service and our ability to assist clients with their most complex and demanding legal and business challenges worldwide. We serve many of the world’s largest companies, including a significant proportion of the Fortune 100, FTSE 100, DAX and Hang Seng Index companies and more than half of the world’s largest banks. We provide legal services in areas such as banking and finance; corporate and securities; litigation and dispute resolution; antitrust and competition; US Supreme Court and appellate matters; employment and benefits; environmental; financial services regulatory and enforcement; government and global trade; intellectual property; real estate; tax; restructuring, bankruptcy and insolvency; and wealth management.

Please visit www.mayerbrown.com for comprehensive contact information for all Mayer Brown offices.

Mayer Brown comprises legal practices that are separate entities (the “Mayer Brown Practices”). The Mayer Brown Practices are: Mayer Brown LLP and Mayer Brown Europe-Brussels LLP, both limited liability partnerships established in Illinois USA; Mayer Brown International LLP, a limited liability partnership incorporated in England and Wales (authorized and regulated by the Solicitors Regulation Authority and registered in England and Wales number OC 303359); Mayer Brown, a SELAS established in France; Mayer Brown Mexico, S.C., a sociedad civil formed under the laws of the State of Durango, Mexico; Mayer Brown JSM, a Hong Kong partnership and its associated legal practices in Asia; and Tauil & Chequer Advogados, a Brazilian law partnership with which Mayer Brown is associated. Mayer Brown Consulting (Singapore) Pte. Ltd and its subsidiary, which are affiliated with Mayer Brown, provide customs and trade advisory and consultancy services, not legal services.

“Mayer Brown” and the Mayer Brown logo are the trademarks of the Mayer Brown Practices in their respective jurisdictions.

© 2015 The Mayer Brown Practices. All rights reserved.

Attorney advertising

1015

Americas | Asia | Europe | www.mayerbrown.com

business & technology sourcing · mayer brown’s business & technology sourcing (bts)...

Documents