When entering into an outsourcing contract, a sensible customer will take steps to protect itself. These include carrying out proper due diligence on the supplier to ensure that the supplier complies with local laws and good business practices and asking the supplier to warrant (i.e. contractually promise) that it will continue to do so. The customer can also get some degree of comfort that the supplier is behaving as it should by requiring the supplier to report regularly to the customer and by agreeing that the customer has the right to audit the supplier’s activities from time to time, or following a specific trigger.
However, even if the customer has been diligent in investigating the supplier and monitoring its activities, the customer does not have total control over the supplier’s actions. There may come a day when the customer suffers a loss due to the wrongful conduct of the supplier. For example, a third party (perhaps an aggrieved employee, a regulator or someone else) might sue the customer on the basis of something the supplier has done or failed to do.
The customer must think through all the scenarios that it would want covered by the indemnity to ensure that nothing falls through the gaps due to poor drafting.
For this reason, it is common for customers to insist on an indemnity provision in the outsourcing agreement, so that the customer can make sure it is not left out of pocket as a result of the supplier’s negligence or misconduct.
Given the importance of the indemnity clause, it can sometimes be one of the most heavily negotiated parts of an outsourcing agreement. From the customer’s point of view, the drafting of the indemnity clause certainly requires careful attention to ensure it provides the protections that the customer needs.
When negotiating and drafting an indemnity clause, the customer will want to consider the following questions:
Who should be indemnified?
When thinking about what parties should be indemnified, the customer should consider what parties could be the subject of civil or criminal action arising from the wrongful acts of the supplier. For example, a third party might decide to pursue the customer’s directors in their personal capacity for something that the supplier did. As such, the customer should consider asking for the indemnity to be extended to cover its directors, officers, agents, and employees, and it may want to consider including its affiliates on the list as well.
What is the indemnity for?
It is common for a customer to request a broad indemnity that has two aspects. First, it should establish that the customer is not liable for the supplier’s acts or omissions. Second, it should protect the customer (and the other indemnified parties) in the event that a third party decides to pursue it in a civil or criminal action because of something the supplier has done or failed to do.
While this broad indemnity is a good starting point, it is important to think through the specific scenarios where the customer might be exposed. Only then will the customer be able to satisfy itself that the wording of the indemnity protects it against all likely losses.
For example, an indemnity may be expressed as applying to “all amounts paid by way of damages to a third party claimant as awarded by a Court of competent jurisdiction.” However, what if there were good reasons to settle the claim with the third party? The current drafting would not cover amounts the customer pays in settlement of the claim. It would also not cover damages paid following an arbitral award, fines imposed by a regulator, the customer’s own legal fees in defending an action, or any court order for the customer to pay the third party’s legal fees.
Also, what about internal loss suffered by the customer? What if, for example, the claim is for infringement of intellectual property? It may be that the bigger cost to the customer is not the amount it has to pay to the third party, but rather the customer’s own internal costs in dealing with the claim (for example the cost of replacing the systems that infringed the third party’s IP.) Again, the drafting above would not cover those costs.
As the above highlights, the customer must think through all the scenarios that it would want covered by the indemnity to ensure that nothing falls through the gaps due to poor drafting.
For this reason, the customer should also consider asking for specific indemnities for certain scenarios, such as IP infringement, loss or damage to property, or data breaches.
Do the exclusions and limitations of liability apply to the indemnities?
Naturally, the supplier will want to limit the scope of its liability under a contract, and one common way to do that is with exclusions or limitations of liability. For example, it is not uncommon for suppliers to want to exclude loss of profit or limit their overall liability to a specific figure, which is sometimes calculated by reference to the value of the contract (or a multiple of it).
Often these limitations are supposed to apply to claims between the parties, such as breach of contract claims, and are not intended to limit the scope of the indemnities. However, it is purely a matter of contract drafting as to whether the limits of liability apply to indemnified losses as well as other claims under the contract. The customer should therefore pay very careful attention to ensure that it does not unwittingly agree to a limit of liability or exclusion clause elsewhere in the contract which impacts how much it can claim under the indemnity.
Can the supplier pay the indemnity?
If the supplier does not have the financial means to pay the indemnified losses, then the indemnity, no matter how carefully drafted, is meaningless. If there are concerns about the supplier’s financial ability to meet an indemnity, it may be worthwhile seeking a guarantee from a related or parent company. Alternatively, the customer could oblige the supplier to take out and maintain insurance so that the insurer would meet any indemnity claim.
The above provides an overview of some of the issues that a customer should think about when requesting an indemnity from its suppliers. However, it is not an exhaustive list. Also, the supplier will often request an indemnity from the customer, which brings with it a whole series of different considerations that are outside the scope of this article.
While properly drafted and robust indemnities provide the customer with a high level of comfort that it will be protected and insulated should the supplier make mistakes, they are no substitute for proper due diligence and monitoring of the supplier. That way, issues can be caught before they escalate into claims or other kinds of losses. As the old adage goes, prevention is always better than a cure.