The next installment in our Vendor Contracts 101 series digs deeper into the topic of service level agreements – or SLAs. These key provisions in contracts not only help the parties establish clear performance expectations for products and services, but also set forth a methodology for determining remedies in the event the vendor fails to meet certain prescribed standards. While not always present in the first draft of a contract, most vendors worth their salt will provide at least a basic SLA if requested.
What is Covered?
SLAs are typically associated with software contracts, and the most common type of SLA concerns availability of the services – or “uptime” as it is often called. That said, uptime is not the only important measurement involved in many contracts. When thinking about an SLA, take a step back and consider what the services actually do. Are the services just an available software platform? Do the services involve production of certain deliverables (e.g., statements), or the completion of specific tasks (e.g., payment processing)? SLAs should apply to key aspects of provided services, such as accuracy, fulfillment, or processing time.
What is Carved Out?
An SLA may sound great, but do not forget to take a close look at the definitions and the applicable carveouts. Typical SLAs will not consider downtime or errors caused by natural disasters, acts of god, terrorist attacks, or other force majeure-type events when determining whether the performance goals have been missed; this is not necessarily unreasonable. But the line inches closer when an SLA attempts to carve out malfunctions or interruptions due to issues with a vendor’s direct third parties, and the line is crossed when the carve-outs extend to failures within the vendor’s own control or reasonable mitigation (e.g., security breaches, vendor-operated network failures, or equipment malfunctions). Take careful stock of defined terms like “unplanned downtime” or “emergency maintenance,” and make sure that such carve-outs do not render the SLA effectively meaningless.
That said, the definition of “planned downtime” is also important. Most SLAs provide a window of time during which the services are permitted to be offline to allow the vendor to perform routine maintenance. This is perfectly reasonable in theory, but the bank should confirm that the hours of the planned downtime will not interfere with normal business operation. For example, it is unlikely the services will be in high demand at 1:00 a.m.- 5:00 a.m. on a Sunday morning, but a maintenance window of 10:00 p.m.- 6:00 a.m. on Tuesdays and Thursdays might impact customers performing routine online banking before bedtime or bank employees or systems completing tasks with early morning deadlines. Here again, think about what the services actually do and when they reasonably will be needed.
What are the Remedies?
SLA remedies in bank contracts generally come in two flavors: billing credits and termination rights. An SLA that includes neither is essentially toothless. Ideally, the vendor will monitor its own performance and provide the bank with regular reporting to prove it is meeting expectations. In the event it falls below the established standards, the vendor should automatically add a credit to the bank’s account – typically an amount equal to a small percentage of the bank’s monthly billings. Some contracts fail to address the mechanisms for monitoring performance and delivering credits, and others put the onus for monitoring and requesting credits on the bank. Be sure to carefully review (and negotiate) billing credit provisions to confirm you understand and are comfortable with the procedures.
Equally important are termination rights. No amount of billing credits may be satisfactory if the bank is stuck with services that routinely fail to perform (particularly if it is impacting your customers’ experience), and the bank will have to fight the uphill battle of proving the service failures constitute a material breach of the agreement. Good SLAs will include a right for the bank to terminate the contract in the event the vendor falls below the performance standards a certain number of times – generally X times in Y time period or X consecutive times. And remember, any such termination right should come without penalty to the bank or payment of early termination fees.
How do I know what is "Commercially Reasonable?"
Some of the “commercially reasonable” determination is market-driven – what are other similar vendors offering? But some of it is more subjective based on the services or needs involved – how critical is this service for the bank’s operations? How much of the service and its support functions does the vendor directly or indirectly control? Some SLAs are limited by the operational realities of the vendor, but do not be afraid to bring it up in negotiations and push for the best protections for the bank.