Financial Technology, better known these days by its blended name ‘FinTech,’ describes innovative technology in the financial sector. Many FinTech companies are disrupters in the consumer area (think PayPal or Venmo), but recently, an array of FinTechs focused on business-to-business (B2B) transactions have emerged.1While these applications are not as widely known as their consumer counterparts, they have exploded in growth over the past few years2 with a focus on payments, electronic invoicing, cash flow management, blockchain and other operational processes.3
While FinTechs offer exciting new solutions, contractually engaging with them can be complicated. First, the FinTech industry is comprised of both startups and well-established companies, so there is no one-size-fits-all type of contract. In addition, the type of engagement with a FinTech spans a broad spectrum – it can be as simple as a license agreement or as complicated as a joint marketing agreement in which revenue generation is divided up among the two parties.
Furthermore, FinTechs work within a diverse demographic base and have unique access to sensitive information. Finally, the regulatory landscape for the industry is still in its infancy for many countries.4 Without clear guidance, it begs the question, “How prepared are you to negotiate a new contract?”
FinTechs, especially those in the B2B space, can be a valuable investment opportunity. But for the reasons listed above, FinTech contracts should take on a heightened sense of due diligence. To help provide clarity during these early stages, I’ve compiled five contract clauses to focus on when negotiating new FinTech agreements. While the list is not intended to be all-inclusive, it covers the five most important clauses that I believe carry the greatest impact.
While there are a multitude of specific actions you could request indemnity for, I want to focus on two: intellectual property (IP) infringement and violation of applicable laws.
FinTechs tend to release new technology with a focus on the speed to market, which has given rise to an uptick in IP infringement lawsuits.5 Two recent cases highlight this trend. In 2016, NASDAQ filed seven patent infringement lawsuits against IEX (aka Investors Exchange) for patent infringement over the use of online trading platforms.6 More recently, two major Japanese venture businesses were embroiled in a IP suit over the use of cloud-based accounting system containing artificial intelligence. Regardless of the outcomes of the suits, litigation is extremely costly and will most definitely have an impact on your return on investment.
Even though the contract may be a joint marketing venture, the development of the IP itself is irrelevant. If your company is directly marketing the solution, you could find yourself in the crosshairs of any pending litigation. Even in scenarios where you are just licensing the technology, you’ll still want to protect your investment by ensuring the company will indemnify you for any infringement-related actions brought about by your relationship with the FinTech.
Violation of Applicable Laws
As the landscape for FinTechs evolves, so will the laws and regulations these companies will be required to follow. Depending on where governing laws for these contracts reside, there could be a vast difference in regulatory approaches by various governments.4 While the industry evolves, and laws are consistently updated, ignorance to these changes will not stop enforcement and penalties in many areas. When engaging in a FinTech contract, it’s important to ensure indemnification for breaches to applicable laws that may be knowingly or unknowingly violated along the way.
- Limitation of Liability
In a perfect world, you can add data and confidentiality breaches, gross negligence and willful misconduct to the list above for items to be indemnified for and excluded from any cap on damages. In the real world, you may have to settle for negotiating these items in the limitation cap discussion. The limitation of liability clause is designed to limit the total amount of damages the third party is responsible for. With that in mind, it’s important to consider these companies may have very sensitive customer information.
Consider Moore & Associates v. Jones and Carter, a case that transpired under U.S. law. Moore and Associates, a design engineer firm, entered into a contract with Jones and Carter, a construction company, to execute design work on a large hotel project. A few years after the completion of the project, the hotel experienced extensive water damage. Moore and Associates filed a suit claiming poor design was responsible for the damage. The contract specified that damages would be capped at the total amount of fees paid, which in this case was $18,000. The damages, however, totaled approximately $200,000. The district court concluded that the firm’s liability was limited to the contractual amount, leaving Moore and Associates to assume liability for the remaining $182,000.7 The amounts for a data breach could result in significant liability to your organization.
It’s also important to include insurance coverage amounts in the contract. If the company is a startup, even uncapped liability may prevent you from recovering from your losses if the company becomes insolvent.
- Business Terms
There are two areas I want to focus on here: Business continuity, which is the planning a company undergoes to ensure their ability to recover in the event of a disaster, and implementation of technology into an existing infrastructure.
In 2016, a computer virus infected a network of hospitals in the United Kingdom.8 The virus was so severe that all planned operations and outpatient appointments were cancelled and systems at three separate hospitals were halted for five consecutive days. Unfortunately, the hospital failed to maintain a business continuity plan. If this technology is outsourced, you will want to ensure your vendor is maintaining a plan to restore coverage or at a minimum understand the costs and implications of being without service for an extended period.
FoxMeyer, a healthcare service company with $5 billion in sales, decided to implement a vendor Enterprise Resource Planning system with the goal of saving approximately $40 million per year. However, the implementation of the company-wide software didn’t work as anticipated – it resulted in $100 million dollars lost in sunk costs and very little to show for all the work that was involved.9 It was such a failure that the savings never materialized, and FoxMeyer filed for bankruptcy a few months later. This all could have been avoided with proper business terms in the contract detailing testing plans, clear project scope, timelines and milestone payments.
It’s worth noting, however, that not all examples of partnerships, especially in the FinTech world, end poorly. In fact, in many areas, they’re rapidly improving. For example, Deutsche Bank successfully implemented a new FinTech product in just four months – so with the correct controls and contracts in place, the future can be bright for FinTech partnerships.
- Internal Controls
To ensure the company has important security controls in place, I’d recommend including terms in the contracts that give you access to their yearly Service Organization Control Report (SOC)2 (which requires an audit by a CPA firm) if available, usually reserved for North American countries. For those outside of the United States, I’d recommend inquiring about ISO 27001, which specifies the requirements for establishing and maintaining information security best practices.9
There is an ever-increasing amount of financial data that is being stored online, and many FinTechs view this as an opportunity to sift through that data in order to identify new markets and products.10 If your company houses any customer data, you’d be wise to ensure this is protected in your confidentiality clauses that extends to the privacy and security of any customer sensitive information. There is also a likelihood that exposure of this sensitive customer information without consumer consent is a violation of applicable laws. Make sure you’ve put in language that guarantees either return of sensitive information or certified destruction of data that lives beyond the initial term of the agreement.
FinTech relationships can be immensely valuable but also complex. It’s imperative to fully understand how these contracts impact your organizational liability. Completing vendor due diligence and reference checks are the first line of defense in decreasing your overall risk exposure. The success in mitigating your contractual second line of defense and making the most of your investment depends heavily on your ability to negotiate these five clauses.
ABOUT THE AUTHOR
Andy Atkins is a professional commercial contract manager with a decade of experience negotiating and drafting complex financial, information technology and telecommunication agreements. He is an IACCM Certified Contract and Commercial Manager as well as a Certified Professional in Supply Management and Certified Professional in Supplier Diversity by the Institute for Supply Management (ISM). His broad array of industry experience has empowered him to become a subject matter expert in supplier management, including intricate multi-million-dollar transactional agreements.
- B2B Fintech Investment on The Rise, By Yizhu Wang and Karen Padley, Forbes. May 31, 2017 (https://www.forbes.com/sites/mergermarket/2017/05/31/b2b-fintech-investment-on-the-rise/)
- FinTech-Origins and Prognosis, By National Association of Certified Valuators and Analysts, July 26, 2017 (http://quickreadbuzz.com/2017/07/26/fintech-origins-prognosis/)
- The 5 most promising B2B fintech areas to watch for, By Netscribes, June 19, 2018 (https://www.netscribes.com/5-most-exciting-b2b-fintech-areas-to-watch-for/)
- The Complex Regulatory Landscape for FinTech An Uncertain Future for Small and Medium-Sized Enterprise Lending, By World Economic Forum, August 2016. (http://www3.weforum.org/docs/WEF_The_Complex_Regulatory_Landscape_for_FinTech_290816.pdf)
- Here’s why patents are innovation’s worst enemy, By Vivek Wadhwa, Washington Post, March 11, 2015. (https://www.washingtonpost.com/news/innovations/wp/2015/03/11/heres-why-patents-are-innovations-worst-enemy/?utm_term=.8162cbed62d5)
- Nasdaq files patent infringement lawsuit against IEX, By Antony Peyton, Banking Tech, March 2, 2018 (https://www.bankingtech.com/2018/03/nasdaq-files-patent-infringement-lawsuit-against-iex/)
- The Sky is Not the Limit: Limitation of Liability Clauses May Be the Solution to Cap Your Contractual Liability, By Sonya Smith and Lawrence Maxwell, Lorman, January 08, 2014. (http://www.lorman.com/resources/the-sky-is-not-the-limit-limitation-of-liability-clauses-may-be-the-solution-to-cap-your-contractual-liability-15452)
- Lincolnshire NHS trust restarts services following virus outbreak, By Graeme Burton, Computing, November 3, 2016. (https://www.computing.co.uk/ctg/news/2475950/lincolnshire-nhs-trust-restarts-services-following-virus-outbreak)
- 5 of the Biggest Information Technology Failures and Scares, By Walid Hamrouni, Exoplatform, August 1, 2017. (https://www.exoplatform.com/blog/2017/08/01/5-of-the-biggest-information-technology-failures-and-scares)
- Regulating Fintech: Addressing Challenges in Cybersecurity and Data Privacy, By Claudia Ng, Harvard Kennedy School Government Innovators Network, February 22, 2018 (https://www.innovations.harvard.edu/blog/regulating-fintech-addressing-challenges-cybersecurity-and-data-privacy)