Fintech companies in the Middle East region are growing continuously, thus gaining a balancing power when dealing with their material suppliers. Nonetheless, the correlation with international markets helps forecasting the needs and expected changes of fintech companies. In practice, tech startups, and in particular, fintech companies, have been inconsistent with the principles that they adopt in their contracts with material providers. These principles have direct impact on finances, revenue recognition, governance and other material areas that make those fintech companies exposed to higher risks, which in turn impact valuation, insurability and ease of doing business.

Two focal points worth highlighting are the impact that contract drafting may have on a company's financial stability and the extent to which regulatory developments shape policies covering procurement of technological solutions.

In the last couple of years, case law in the technology sector has increasingly addressed disputes arisen from uncarefully drafted key clauses, such as limitation of liability clauses. This resulted, for example, in a service provider being ordered to pay £78m in wasted expenditures to its client as it did not expressly exclude "wasted expenditure" from its limitation of liability clause, relying on a broad wording that often times is mistakenly believed to be all-encompassing.

Also, regulation specifically addressing the crossed paths of finance and technology is rapidly catching on. A token of this trend is the European Digital Operational Resilience Act (DORA) which strengthens the financial sector's resilience to ICT-related incidents not only in Europe but, with its magnitude, it will have repercussions also in the Middle East. The guidance laid down with DORA, including the specific and prescriptive requirements regarding internal policies and procedures covering the engagement of ICT providers, will rapidly be adopted as a standard across the industry, due to the strong ties that interlace the financial sector globally. With such focus, we address in this practical article certain contractual principles that are being handled inconsistently in the market as well as by the same one company depending on the urgency of its needs.

A. Customer-centric contractual terms: SLAs vs XLAs

As a product of the consumer-centric economy, fintech companies are increasingly paying attention to Experience Level Agreements (XLAs) in addition to Service Level Agreements (SLAs). SLAs are to the objective performance of the services what XLAs are to the subjective perception of quality of the services. For example, SLAs would measure resolution times from the provider's perspective, while XLAs would measure satisfaction on receipt of services from the customer perspective.

In essence:

1. SLAs

The purpose of an SLA is to set out standard terms and benchmarks that need to be complied with during the provision of services. For the SLA to come full circle, they need to serve as a complementary remedy in case of breach before contractual termination is exercised due to the seriousness of the breach. Service credits act as an incentive for the service provider not to breach the agreement.

Among others, key matters to consider are:

  1. nominating escalation points and contacts for both parties;
  2. establishing the monitoring tools, units and related reporting mechanisms;
  3. having clearly defined criticality events;
  4. determining fair amounts for the service credits;
  5. establishing procedure for claiming service credits;
  6. including reasonable response and resolution times; and
  7. detailing exceptions (e.g., planned downtime).

2. XLAs

The purpose of the XLA is, in short, to ensure that customers receive high quality services from their own perspective. While they have been around for a few years, XLAs are becoming more relevant by the day. Businesses' new mainstream approach of being "customer obsessed" quickly gave rise to seeking an alternative whenever the SLAs' purely numerical approach does not fully fulfil -or exceeds- expectations. XLAs are a powerful response, however clear, bespoke drafting is required to warrant their effectiveness. Some core terms to consider are:

  1. determining customers' interaction and feedback mechanisms;
  2. mechanisms to measure the likeliness to recommend the service;
  3. Key Performance Indicators (KPIs) (including for customer satisfaction);
  4. penalties and rewards for the provider and customer (?).

The bottom line: XLAs are not here to replace SLAs, but rather to either act as a supplement or to be used as standalone agreements when SLAs are not the ideal measurement of success. However, if XLAs introduce new risks that procurers (and providers) need to evaluate their impact and whether they have sufficient insurance covers for such risks. Moreover, performing SLAs and XLAs involves different dependencies and the parties should be aware of their roles in the delivery of an SLA and an XLA.

B. Interim measures assuring continuity of a service: Step-in rights

Advanced regulators of fintech businesses often require that the terms on which a material solution or service is procured should include principles that assure the continuity of the service or solution in instances when the provider is temporarily not able to provide the same. While the requirement is significant, the greyness of the specific required principle allows various possibilities. It is our view however that terms of step-in rights adequately cover the risks that regulators (and the practical needs) require.

In general, step-in rights are a temporary measure that gives a customer the right to "step in" and take control of services being provided, either directly (i.e., taking them in-house) or through a third-party (i.e., hiring another service provider).

Although sometimes controversial, step-in rights are an effective method of guaranteeing the continuity of the provision of services, rather than relying on termination as the only way of solving controversies. Typical nuances that need to be considered when including step-in terms into an agreement are:

1. Triggering events.

Triggering events will work as a condition precedent for customers to activate step-in terms. Defining specific and relevant circumstances may prove to be challenging for each and every engagement, as it is difficult to anticipate all possible issues. However, material breaches of the agreement by the provider and regulators' requests should be generally included. Other cases can be included depending on the industry and the applicable service.

2. Broad vs narrow scope.

Correctly designing the scope of the step-in rights is essential to ensure that if it becomes necessary to exercise the rights, rules are clear and stepping-in occurs smoothly. Depending on each service and the risk allocation, customers may require access to documents, information, premises or facilities, while providers will wish to simply limit the scope.

Critical thinking from both sides is necessary to understand what concessions can be made. For instance, off-shore services that are not required for the core business may not need stringent provisions. Whereas, usually in regulated industries (e.g., fintech), the scope may be determined on the basis of what is core to the business.

The bottom line: If you are a customer, step-in rights will allow you to have better control on the services and another remedy that is less stringent than simply terminating the agreement.

If you are a service provider (whether regulated or unregulated), the usual position will be to either not have step-in rights at all or limit the scope of the step-in rights to what is strictly necessary. While it may seem logical at first (no one wants to give away control of the services they provide), step-in right will allow you to guarantee continuity of business, which, in turn, may have a better risk-reward outcome than simply relying on termination.

C. Financially-impacting provisions

There are two key types of contractual provisions materially impacting the finances of fintech companies: (i) provisions addressing financial exposure and (ii) provisions addressing the e-stores and marketplace functionalities offered by the fintech company.

1. Provisions addressing financial exposure.

Contractual clauses that often times fall short of due consideration and customization are representation and warranties. This is mostly due to standardization of templates across different industries that fail to capture the actual risks underpinning a contract.

When procuring technological solutions, a broad statement that reads "having acknowledged all risk, contingencies and circumstances regarding performance of the agreement", might be interpreted as a warranty that the provider made all appropriate inquiries and obtained all appropriate professional and technical advice required for the performance of the agreement. As a consequence, the provider might be in breach of warranty if it did not appropriately vet the specific circumstances (e.g., that the software licensed was fit for the purpose).

Other frequently overlooked terms are clauses governing the implementation phases, acceptance tests and the relevant milestones. These are particularly relevant if the payment of fees is attached to the achievement of a particular milestone. Conditioning the achievement of a milestone to the client's acceptance is key in ensuring that the customer can successfully defend itself in a claim for the payment of the fees initiated by the provider where the deliverables did not meet the customer's needs or expectations.

2. Provisions addressing the e-stores and marketplace functionalities.

In the resale of goods, where the fintech company is placing terms for e-stores and marketplaces, a key point to address is the principal-agent dichotomy: that is whether the company is acting as the principal or agent in the offering.

What is the difference?

  1. Principals retain control over the product before its transfer to customers and recognise gross revenue (i.e., the full price of the product). This usually (but not always) is a manufacturer or developer of software.
  2. Agents are intermediaries between the customers and principals and recognise net revenue (i.e., the commission or the difference between the full price of the product and the resale price of the product). For example, a software reseller with no direct involvement other than offering the product.

Who is who?

Under usual International Financial Reporting Standards (IFRS) understanding, the control test requires judgement of the actual business relationship.

This test requires considering whether the company (i) is primarily responsible for delivering the product, (ii) has the "inventory risk" (i.e., if it can be liable for the loss or rejection of the product), and (iii) if it can freely determine the pricing structure. In short, three clear-cut yesses mean that the company is the principal and not an agent.

The bottom line: Principals and agents are subject to a different set of standards, not only from the revenue recognition perspective, but also from a legal standpoint: the liability of the principal and of the agent vis-à-vis customers differs. Clear contractual terms will ensure that revenue recognition expectations of the business are fulfilled, and that legal risks are proactively identified (and dealt with).

D. Ethics and conflicts of interest

When regulation sets out strict risk management rules for the company, negotiations vary, and the terms of the agreement need to reflect such obligations.

In the fintech industry, for example, a few technology providers gained significant traction -especially during the COVID-19 period- and their digitally transforming solution became widespread and relied upon by various market players. Such providers offering services to various competing fintech companies tend to worry about having a "conflict of interest" (COI) clause.

A COI clause is usually introduced to ensure that proper ethics and sane approach to governance is implemented by the parties of the contract. Erroneously, providers of a solution that is favoured by the fintech companies tend to confuse this term as being an exclusivity clause such that they cannot offer their services to competitors. Due to the fast-moving elements in the fintech business, parties eventually agree to move forward carving out conflicts of interest, yet COI clauses should not be overlooked as an effective method to ensure appropriate governance rules are in place.

The bottom line: there are untold stories of issues faced by fintech companies relating to fidelity of personnel and other aspects relating to the construction of their contracts. It is our view that the sensitivity of this topic requires regulatory intervention and clarity to ensure that ethics and sane governance should be expressly adopted in contracts of certain materiality to avoid leaving fintech companies to struggle with risks that are forced on them by dominating suppliers.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.