A cardinal rule of any contract for services or products is to "know your vendor." Granted, the requisite knowledge will vary with the risk profile of the service or product, but information technology and business process outsourcing contracts invariably require close vendor scrutiny.

Examples for energy utilities include contracts involving automated meter reading and advanced metering infrastructure (AMR/AMI), meter data management systems (MDMS), customer information systems (CIS), and billing systems, to name a few. For such contracts, the risk profile is affected by whether the deal is an outsourcing or a system acquisition, but either way, "knowledge" of the vendor is fundamental to a successful relationship for the utility. Moreover, knowledge acquisition does not end when the contract is signed, and contractual protection is needed to assure that reality does not diverge from what the utility has come to know.

Areas of Concern for Utilities

A utility should seek detailed information on a vendor's reputation, experience, expertise, and commitment to the products and services offered. In addition, the vendor's financial strength and resources are key to its continued success and its ability to stand behind its promises. Another important concern is the vendor's dependency on others to perform under its contracts. The more the vendor relies on others, the greater the risk of non-performance.

Long-term outsourcing of mission-critical functions magnifies these concerns. The future is inherently uncertain — circumstances can and inevitably do change. The extended duration of many information technology and outsourcing agreements increases the risks associated with inevitable change.

System acquisition agreements present a lower risk profile because the utility typically operates and controls the system. Nonetheless, continued vendor maintenance and support can be critical to effective long-term successful use of an acquired technology.

Cautionary Examples

To illustrate the points above, take the example of Metavante Corp., a first-tier provider of outsourcing services and software solutions to the financial industry. In recent years, Metavante has developed products that serve the energy utility industry, particularly with respect to customer information and billing systems. Fifteen years ago, Metavante was simply a division of Marshall & Ilsley Corporation (M&I), a bank holding company. A few years ago, it was separately incorporated as a subsidiary of the bank holding company. Recently, M&I spun-off Metavante as a separate publicly traded company. Each of these structural changes created different risk profiles for Metavante's customers.

A more extreme example is Cellnet Technologies, a first-tier provider of AMR/AMI infrastructure and services to energy utilities. Throughout most of the 1990s, Cellnet was a NASDAQ-listed, publicly traded technology company. In late 1999, it filed for Chapter 11 bankruptcy protection, reaching its zenith on the risk meter. In 2000, Schlumberger Limited, the global oilfields service company, rescued Cellnet from bankruptcy and renamed it. Later that year, Schlumberger also acquired Sema, a French information technology services and consulting firm, through a merger with the successor to Cellnet, creating SchlumbergerSema. In 2003, however, Schlumberger sold SchlumbergerSema to Atos Origin, SA, successor to KPMG's technology consulting business in Europe. Shortly thereafter, "Cellnet" was acquired by a private equity firm in what was labeled by some as a management buyout. Then, in early 2007, Cellnet was acquired by the Bayard Group, a private company based in Australia that also controls Hunt Technologies and Landis + Gyr.

If not dizzying enough, the changes in Cellnet's ownership, structure, and name were compounded by an amoeba-like split up of the company in conjunction with the sale by Atos Origin to the private equity firm. The business previously conducted by Cellnet (however named) was divided into four separate corporations under a unique Pennsylvania law that allows for such divisions, with each separate company not legally responsible for the obligations of the other affiliated companies. "Cellnet", then a Delaware corporation, had to reincorporate in Pennsylvania in order to take advantage of the unique Pennsylvania law.

Most of these permutations of Cellnet were relatively seamless for Cellnet's performance under its contracts. Indeed, most observers would conclude that Cellnet's current ownership reflects an improvement in vendor stability and resources. However, without question, the risk profile for Cellnet's customers has been a rollercoaster.

Even today, Cellnet's structure is obscure to the casual observer. In fall 2007, Cellnet announced that Cellnet and Hunt Technologies had united, and Cellnet currently markets its services and systems as "Cellnet + Hunt." However, the corporate structure has not changed — Hunt Technologies is legally a separate entity and "Cellnet" continues as four distinct Pennsylvania corporations. Because these are separate corporations, each is not legally obligated to come to the aid of the others, without an additional binding agreement to do so.

The changes at Metavante and Cellnet are just two examples drawn from many similar situations. Nothing in these histories means that Metavante or Cellnet, as enterprises, present greater risks compared to competing vendors. Indeed, by most accounts, both enjoy deserved first-rate reputations as first-tier service and system providers to utilities and others. Nonetheless, risk profiles for their customers have clearly changed over time.

Recommendations

So how does a utility address these risks of the vendor's reputation, expertise, commitment, and financial resources, and then maintain continued assurances through the term of its relationship?

Available approaches include effective pre-contract due diligence supplemented by contractual provisions designed both to elicit helpful information and to minimize surprises. In addition, contractual restrictions on future activities and changes can be key to ensuring stable risk profiles over extended timeframes.

When it comes to due diligence, one area occasionally overlooked in contract negotiations is the true corporate identity of the vendor. For example, a utility may engage in extensive negotiations and due diligence with a particular vendor, only to find a contract proposed with a corporate subsidiary or affiliate. Instead of "IBM," for example, the contractual party is "IBM Solutions (Midwest)." However, these entities are legally separate and distinct, carrying ramifications for the utility's risk profile. The financial statements, resources, and even prospects of these entities may be very different. While moral obligations (and reliance on business self-interest) have merit, continued support from the corporate parent may evaporate in the face of changed circumstances without a legal obligation to provide that support. One important thing to remember about a subsidiary is that its interests may be subserved (and sacrificed) to the interests of the parent shareholder, often with impunity, unless effective contractual protections are in place.

Obviously, the service recipient or licensee needs to know the resources of the specific vendor/contractor that signs on the dotted line. A financial statement of a publicly traded parent company reveals very little about the resources of a subsidiary that signs the contract. Approaches to this problem may vary, but include changing the contracting party and obtaining parental or affiliate guarantees of performance or of sufficient financial resources.

While getting things right at the beginning is critical, it is only the "beginning.". The financial, competitive, and business fortunes of any company can and do change over time. The associated risks are magnified in contracts of extended duration. Such risks can be addressed with affirmative and negative covenants and periodic reporting designed to provide early warnings to the service recipient/licensee, to protect itself before deterioration or developments reach extreme status. Examples might be found in provisions commonly contained in term "debt" agreements with banks or other financial institutions (e.g., net worth or other financial covenants).

A related issue is the range of remedies or solutions contractually available to the utility should vendor deterioration occur. Possibilities include termination (without penalty or with reduced buyout amounts), pricing adjustments, full or partial withholding of payments to build a performance reserve, step-in rights, and others. Too often such concepts are not raised because they are difficult and time consuming to address; however, the alternative is an "all or nothing" approach that materially increases risk.

Other forms of "credit enhancements" also should be considered in appropriate circumstances. These may include requirements of minimum insurance coverage for the vendor. Performance bonds also may be considered, particularly for portions of a vendor's agreement that include construction of facilities.

A related but different concern is the change in risk profile due to changes in the identity or ownership of the vendor. Examples include: an assignment of the contract to another vendor, a business combination (or separation), or a change in ownership of the vendor. Consider the situation where a vendor (or the contract itself) is acquired by a utility's competitor, by a company with a reputation for cutting corners or heavy-handed practices, or where the vendor becomes financially less secure due to a business combination or divestiture. Many technology contracts say little, if anything, about ownership of the vendor, and "assignment" is often addressed only as an afterthought in boilerplate that the vendor provides. Certainly, the vendor has a legitimate interest in avoiding repudiation of a contract when there is no material adverse change to the utility's risk; however, the utility also deserves protection when the risk profile materially deteriorates. Knowing a vendor includes reasonable assurances that what is known cannot suddenly turn into something worse.

Far too often, technology contracts do not address the above subjects or they are covered only by the vendor's standard terms. Admittedly, discussion and fair resolution of these risks can be somewhat painful. Just as utilities have interests in minimizing risks, vendors have legitimate reasons to avoid contracts that tie their hands in pursuing mergers and acquisitions perceived as advantageous. Finding and expressing the proper balance is not always easy, but doing so is essential to risk management for major long term technology contracts — and in particular for assuring that a utility's vendor does not change in adverse ways.

The admonition to "know thy vendor" is both obvious and subtle. Comprehensive pre-contract due diligence, while critical, is only the beginning. For major long-term technology contracts or systems, the contract with the vendor must address ongoing "knowledge" and effective tools to ensure that reality does not stray from what is "known."

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.