United States: Compliance With Law In Hedge Fund Outsourcings

Keywords
compliance, hedge fund outsourcing, unregulated, outsourcing contracts, regulatory, data safeguarding, data protection

Originally published May 2007

Hedge funds face a complex set of legal and quasi-legal requirements that have significant impact on their operations, despite the conventional wisdom that they operate in a relatively "unregulated" environment. These requirements must be addressed with care in outsourcing contracts in order to properly allocate compliance responsibilities between service providers and the funds. This is true whether the outsourced services involve information technology or business processes.

Some legal requirements apply to any outsourcing, irrespective of the services being outsourced or the customer’s industry. These requirements include laws generally applicable to the services themselves as well as laws specifically applicable to the service provider. With regard to laws applicable to the outsourced services themselves, information technology outsourcings have historically operated in a relatively light regulatory environment. Business process outsourcings services, on the other hand (such as those involving finance and accounting or human resources services), often involve more significant legal and regulatory considerations and heightened regulatory scrutiny. With regard to laws applicable to the service provider, compliance requirements range from licensing and authority-to-do-business issues to those directly impacting service performance, such as health and safety and environmental regulations and data safeguarding requirements.

Beyond those legal requirements generally applicable to any outsourcing, many outsourcing customers face legal obligations resulting from their particular industry and their own unique characteristics. Hedge funds (despite their noted "unregulated" nature) certainly face direct legal obligations. Further, and even more significantly, hedge funds must deal with many compliance requirements that are applicable to other parties that are part of the fund’s operating environment. An example of such indirectly applicable requirements is the compliance obligations faced by the fund’s investment advisor, its broker-dealers, and its clearing banks. These parties face distinct, and often significant, legal and regulatory requirements that necessarily impact the fund’s operations. In addition, the demands of fund investors, as well as other business environment realities, result in a variety of selfimposed operational requirements that function effectively as (and in some cases may actually become — through fraud claims, for example) legal requirements.

These legal issues place significant demands on the outsourcing contract. The contract must provide mechanisms to allow the hedge fund operator to monitor and confirm compliance, and to address instances of compliance failure.

Contract provisions governing compliance with law matters must balance the requirements of the customer and the capabilities of the service provider. These provisions carry financial and business ramifications extending far beyond price and scope of the outsourced services. The potential risk to the customer of failed compliance is tremendous, and may include significant liability, as well as disruption of services essential to the customer’s business. These contract provisions must address the parties’ respective duties and responsibilities, while affording the customer the necessary assurances, visibility, and control to allow it to undertake the outsourcing engagement.

The following checklist identifies major considerations associated with compliance with law in the outsourcing context:

• Identification and definition of applicable laws

• Service provider’s obligation to comply with applicable laws

• Customer’s contractual commitment to comply with applicable laws

• Service provider’s obligation with respect to changes in applicable laws

• Parties’ obligations to identify and notify the other of laws applicable to performance of services and receipt and use of services

• Interpretation of laws

• Scope of the service provider’s responsibility for fines, penalties associated with failed compliance.

Compliance Issues

Identification and Definition of Applicable Laws
One of the main difficulties when drafting the compliance provisions of an outsourcing contract is identifying and defining the applicable legal requirements. The unique challenge in hedge fund compliance is to effectively capture the indirectly applicable laws as well as those that, while not statutory, do have legal implications for hedge fund operations. Thus, from a contract drafting perspective, the contract should couch the service provider’s compliance commitment with reference to specific requirements rather than merely a general commitment referencing "all applicable laws."

A robust contractual definition of "laws" for any outsourcing should encompass all federal, state, provincial, regional, territorial and local laws, ordinances, regulations, rules, executive orders, supervisory requirements, directives, circulars, opinions, interpretive letters, codes of practice issued by relevant regulatory bodies, and other official releases of or by any government, or any authority, department, or agency thereof. Beyond this general scope, the definition should incorporate references to specific legal and regulatory requirements applicable in the hedge fund environment, including those applicable to the fund’s investment advisors and other operational business partners. For example, the definition of laws should reference specifically relevant regulatory bodies, such as:

• The Securities and Exchange Commission;

• The Federal Trade Commission;

• The Commodity Futures Trading Commission; and

• The Public Company Accounting Oversight Board.

The definition of laws should be tailored to reference specifically relevant laws and associated regulations, by name or category, such as:

• Data protection and privacy laws;

• Gramm-Leach-Bliley Act (and its implementing regulations);

• Anti-money laundering requirements under the Patriot Act; and

• Foreign Corrupt Practices Act.

Finally, the definition of laws should reference appropriate quasi- or extra-legal authorities or practices, including those of self-regulatory organizations, that should be treated equivalently to laws for purposes of the service provider’s contractual performance. Examples of these may include:

• The Rules of the National Futures Association;

• Generally accepted accounting principles (GAAP), as such principles and standards may be modified during the contract term by the Public Company Accounting Oversight Board or other applicable authorities; and

• Elected performance measurements, such as the Global Investment Performance Standards.

Fundamentally, the service provider’s obligation to comply with all applicable laws must be clearly and unequivocally expressed in the contract. Often, outsourcing contracts position this obligation by simple reference to "applicable laws." In the case of a hedge fund outsourcing, it is particularly important that the contract clearly define applicable laws to include those of indirect applicability to the fund.

Failure of the service provider to comply with applicable laws may carry the risk of penalties, fines, or even interruption of business services. Further, in the case of an indirectly applicable law, the service provider’s failure can adversely impact the fund’s supporting organizations. In view of the fundamental significance of these risks, the outsourcing customer is often reluctant to leave this obligation subject to broader contractual defenses and so this commitment by the service provider is typically expressed to include a "warranty" commitment.

Two clarifications or qualifications to this service provider warranty are sometimes raised. First, the service provider may insist that its compliance warranty be subject to some level of duty on the customer’s part to identify the particular laws applicable to the customer’s business or industry. This is especially relevant with hedge fund customers because of the complex tangle of regulatory considerations involved in that business. Second, in the event of an actual dispute between the parties respecting interpretation of a legal requirement, the service provider may seek relief from its warranty if the service provider disputes a customer-required interpretation that is ultimately determined to be wrong.

The service provider sometimes requests a reciprocal compliance with law commitment from the customer. Although not actually a reciprocal issue in this context, the customer often is willing to negotiate such an assurance as it is a trade carrying relatively limited risk.

Laws change, and the outsourcing contract must address the service provider’s obligation to appropriately modify the services prior to applicable deadlines for new and changed laws. The required service modifications may appropriately involve additional costs and expenses, and the contract should provide a mechanism for allocating them between the parties. Typically, to the extent the changes in law are within the scope of the service provider’s responsibility, the service provider will be financially responsible. Where the changes are more appropriately within the customer’s responsibility, the customer’s financial responsibility for requisite service changes can typically be handled through the same analysis otherwise applicable to new (out of scope) services under the contract or general revisions to the services.

The outsourcing contract should address the parties’ obligations with respect to identification and interpretation of applicable laws. Service providers often possess (and tout — especially during sales efforts) significant experience with particular industries, and the performance of services for customers operating in those industries. Such experience may enable the service provider to accept some responsibility for identifying and interpreting laws applicable to the services within the context of the customer’s business. Such ability can represent a significant added value to the service offering.

In any event, the customer will reasonably expect the service provider to commit to maintain at least a reasonable level of familiarity with the legal and regulatory environment applicable to the customer’s business(es) and bring additional or changed legal or quasilegal requirements to the customer’s attention as they become known. A valuable source of such knowledge in this area is often other service provider engagements, subject, of course, to applicable non-disclosure obligations.

Even where laws have been appropriately identified, questions may arise with respect to proper interpretation, and the outsourcing contract should address this. First and foremost, the parties should commit to work together in good faith to interpret and determine the impact of such laws on the services. While this should adequately handle most situations, the customer will almost certainly need to retain the ultimate right, in its sole discretion, to determine the impact of applicable laws on the provision and use of the services.

The service provider’s ability and willingness to assist the customer in identifying and interpreting applicable laws can be a source of unique benefit for its customers. Of course, such obligations must be appropriately tempered by limitations on the unauthorized practice of law, but opportunity clearly remains for the service provider to bring practical day-to-day value to the customer in this area. Ultimately, this is an area of important collaboration and close cooperation between the customer and service provider. The success of this collaboration and cooperation may well be the determining factor in the overall success of the compliance effort.

The outsourcing contract should specifically address the possibility of fines, penalties, sanctions, and other claims resulting from the service provider’s failure to meet its compliance obligations. Often, the customer will require some level of indemnification from the service provider with respect to such a failure, with the indemnity excluded from general liability limitation, or else subject to a specifically defined liability scope that adequately accounts for the risks and exposures. Additionally, the customer may seek an express acknowledgement in the contract that such claims constitute direct damages and are therefore not excluded by any indirect damages exclusion. In each case, the service provider’s liability is defined within the context of the parties’ respective obligations and responsibilities related to compliance with law.

In addition to the foregoing issues, the outsourcing contract should address a number of related considerations, including:

• service provider support for the customer’s general legal compliance efforts, such as regulatory filings, audits, and even investigations;

• specific compliance descriptions (as services or activities) addressing specifically applicable laws (for example, known privacy and data protection law requirements, export control requirements, labor laws, tax laws, and laws applicable to offshore outsourcings); and

• participation of service provider personnel in appropriate customer provided or facilitated compliance training programs.

Finally, the contract must provide the customer with flexible rights and effective mechanisms to manage the service provider’s support in meeting the requirements of current and future laws, as, and in the manner that, the customer deems appropriate and necessary. These rights and mechanisms should be reflected throughout the contract, from the service level methodology, to the ability to reprioritize the services and activities of the service provider, to the availability and viability of new services and ultimately to the ability to terminate the contract if and to the extent deemed appropriate.

Issues related to compliance with law are serious and challenging and must be effectively addressed in any hedge fund outsourcing arrangement. Through careful analysis and negotiation, customers and service providers can resolve these issues in a balanced and responsible manner. Such resolution is critical to a successful outsourcing relationship.

Copyright © 2007, Mayer Brown LLP and/or Mayer Brown International LLP. This Mayer Brown article provides information and comments on legal issues and developments of interest. The foregoing is not a comprehensive treatment of the subject matter covered and is not intended to provide legal advice. Readers should seek specific legal advice before taking any action with respect to the matters discussed herein.

Mayer Brown is a combination of two limited liability partnerships: one named Mayer Brown LLP, established in Illinois, USA; and one named Mayer Brown International LLP, incorporated in England.