Since the outbreak of the COVID-19 pandemic, organisations have been grappling with the application and enforcement of force majeure provisions in their commercial contracts, on which see our past alert.
Whether or not service providers seek to rely on force majeure provisions to excuse non-performance, customers will be well-served in familiarising themselves with and using other contractual tools available to them in order to (i) manage the ongoing provision of services which remain unaffected or less affected by COVID-19, (ii) mitigate the effects of COVID-19 on those services which are affected and (iii) safeguard their contractual position. Where these tools are not available customers should consider updating templates and procurement procedures.
In particular, customers should seek to ensure the following:
- Governance mechanisms are used. Ongoing attendance at contract governance meetings and provision by service providers of associated reports should be maintained where possible. Such meetings and reports are often neglected, but can provide important opportunities to ensure service delivery is being monitored, information is shared between the parties and issues in service delivery caused by COVID-19 are identified and proactively managed (on which see more below). Any such meetings should of course be held remotely wherever possible.
- Risk logs are maintained. Many contracts provide for the adoption and implementation by service providers of risk management policies and procedures addressing risk assessment, risk reporting, risk mitigation and associated controls. A service provider may be required, for example, to maintain risk logs detailing "key risks" (which could include contractual breaches caused by COVID-19 likely to have a material impact on the performance of the services) and the development of a risk response plan to mitigate the effects of such risks, including the implementation of workarounds where available. Customers should ensure that service providers are reminded of these obligations and that any such plans are reviewed (via governance meetings where appropriate) and implemented. Where possible, such plans should also consider steps to be taken to mitigate against the recurrence of such risks and should factor in possible ramping up and ramping down of service provision as the government response to COVID-19 develops.
- Changes to service provision are documented. Changes to service provision necessitated by COVID-19, and agreed by the customer, should be recorded, regardless of whether formal change control procedures can be followed. In doing so, customers should ensure that waivers of rights are not given unintentionally and commercial or operational teams should involve legal teams in relevant communications where necessary. Customers should also check whether formal change control procedures permit "mandatory" or "emergency" changes to be forced through where such changes are necessary to mitigate against adverse impacts to the customer or where necessary to enforce changes to policies (on which see below). Customers should also check to see whether "compliance with law" changes must be implemented by the service provider with favourable cost impact on the customer.
- Service providers are notified of updates to policies. Customers should ensure that service providers are notified of updated or new customer policies necessitated by COVID-19. These could span a range of issues including, for example, changes to invoicing policies and processes to address increased fraud risk, changes to logical security policies to address heightened security issues associated with remote working (in particular where service providers have remote access to customer systems, networks and data) and changes to health and safety policies to address social distancing requirements where service providers are required to work onsite at customer premises.
- Cooperation obligations are used. In multi-party operating models, customers should ensure service providers are working together where touchpoints exist, including by sharing information where appropriate, to enable continuity of service across the organisation and a joined-up approach to risk management.
- Business continuity plans are implemented. It will be important to ensure that service providers adhere to their obligations to implement business continuity plans, both in respect of their own organisations and in respect of continuity of service, and that these plans are adapted as necessary to meet changing requirements as the government response to COVID-19 evolves. Whilst force majeure provisions are likely to override the majority of a supplier's other obligations under an agreement, carve outs may have been put in place to ensure continuity of a minimum level of service notwithstanding the occurrence of a force majeure event, and customers should ensure these are adhered to.
- Escalation procedures are operated flexibly. It will be important to ensure that contractual mechanisms for escalating issues that arise as a result of COVID-19 are followed where possible, but these should not be operated inflexibly or used to prevent issues from being resolved at the most appropriate level as quickly as possible.
Inevitably, enforcing the terms of commercial contracts to their letter is likely to be challenging at best and maintaining continuity of service will necessitate flexibility and innovation on both sides. However, where contractual tools cannot be implemented as envisaged and yet some level of service provision can be maintained, customers will benefit from referring to these tools in seeking to shape the approach to service delivery during COVID-19.