Here at Waterfront, the Commercial/Technology team have helped a number of “Reg” Tech or compliance-as-a-service companies navigate the tricky waters of contracting with major banks and investment managers. We’ve compiled a short list of things to look out for based on our experiences helping these companies.
1. Third party data providers
If your product is heavily dependent on data from a third party, then your contract with that third party will be crucial. If you are just getting started, you may be keen to sign off on any contract that is presented to you, but try and think long term. The number one priority in your contract is ensuring your right to use the data is compatible with your intended use (both now and in the future). This will help avoid any tricky attempts at re-negotiation. Check the termination provisions in the proposed agreement to make sure there’s adequate lead time if the data provider wants to terminate or if you just find someone better.
2. Align your own customer contracts
Got that data provider sorted? Then onto your own contract with your customers and making sure this aligns with the terms agreed with your data providers. Don’t give assurances to your customers that you haven’t received from your providers. Make sure any terms required by the data provider are also reflected in your customer contract.
3. Beware the outsourcing guidelines
If your product is dealing with any kind of risk management to the financial services sector, then you are bound to run into the European Banking Authority (EBA) guidelines on outsourcing or even the Monetary Authority of Singapore’s own outsourcing guidelines, depending on the scope of the contract. If your product has been designated as critical or important by a customer subject to these guidelines, then it will probably have an impact on your contract. This is because the guidelines require those contracts caught under them to contain certain mandated clauses. Some of these are uncontroversial, but others are more impactful, so it is worth familiarising yourself with them and trying to ensure your contract covers off as many as possible in advance. This hopefully heads off any difficult conversations come negotiation.
4. Publicly available information
If your product presents customers with publicly accessible information (e.g. by scraping certain data from websites), this doesn’t necessarily mean the information is available for commercial use. Check any terms and conditions to make sure your use is not in breach, either by using the data outside of the permissions for use or by scraping the data in the first place.
5. InfoSec and Business Continuity
If you are dealing with a financial services institution, you will be asked about business continuity and you will be expected to have an information security policy. If you don’t have either, then you’ll be adding a lot of additional time reviewing and unpicking your customer’s own information security policy, much of which you may not need or be able to comply with. With the COIVD pandemic, business continuity is also under much more scrutiny, with customers wanting to make sure that BCDR plans cater for a range of scenarios, that they are frequently tested and customers can access the results. Making sure your contract covers this off will save a lot of time and money during the negotiation process.
Need help with your Reg Tech business? Given the Commercial/Technology team at Waterfront a call and we’ll be glad to assist in any way we can.
Get it in writing – Commercial Contracts
The new standard contractual clauses
Data Transfer Impact Assessments