Industry is gravely concerned about government's attempts to transfer risks which it is not able to manage - the Crown Commercial Service issued a policy note on this problem in December 2016, although it failed to acknowledge the seriousness of the problem.27 Risk transfer was mentioned more often than anything else by survey participants as they sought to describe the current state of the market.
Again, in seeking to understand the nature of this practice, it is important to understand that it is not a recent phenomenon. It was raised in April 2004, for example, at meeting of the chief executives of leading ICT providers with the new head of the Office of Government Commerce, where they complained that there was too much emphasis on avoiding risk and laying blame. Government's insistence on unlimited liability was of particular concern. The divisional head of a large provider said that their lawyers had identified five provisions that they argued about with the government in each new contract. Each new negotiation started afresh, as if the discussions in previous conversations had never taken place.
But again, this problem seems to have become much worse in the past couple of years. Several of the larger providers said that this was a significant reason why they were now qualifying out of more procurements. One chief executive said that they had withdrawn from an entire market sector because of a shift to unlimited liability.
Contrary to the longstanding policy of government, restated in the 'Government Commercial Operating Standards', that 'risks are allocated to the parties best placed to manage risk'28, the experience of recent years has been that procurement teams are aggressively seeking to maximise risk transfer:
They say that risk should lie with the organisation best able to bear it, but that does not translate into practice.
As recently as August 2015, the Ministry of Defence introduced a new policy relating to limitations on contractors' liability which was inconsistent with the policy restated by the CCS in December 2016. This document starts with the legal position under the Sale of Goods Act, with the underlying assumption that all of the risk lies with the supplier. While the policy does acknowledge the longstanding principle that risk should be allocated to the party best able to manage it, and recognises that there is scope for accepting liability based on a value-for-money assessment, the overall tone of the document is clear.
Procurement teams are advised that suppliers primarily seek to shift risk in order to protect profitability: 'Contractors seek a Limitation of Contractor's Liability as it is a mechanism for them to pass financial liability for risks they hold to the MOD'.29 The policy assumes that the limits of contractor liability should be set by the law on damages for breach of contract, and 'the MOD should only offer a Limitation of Contractor's Liability in very limited circumstances.'30
A leading defence contractor explained that this document represented a marked departure from the department's longstanding approach to the allocation of risk (inconsistent though it had been in its application), and combined with an onerous approvals process for obtaining a limitation on liability, it had contributed to a much more aggressive attitude to risk transfer amongst less experienced staff.
Since the Crown Commercial Service did not object to this policy when it was released, it was reasonable to conclude that it reflected government policy at the time.
Excessive risk transfer has assumed a variety of different forms:
• Data risk: 'They are trying to transfer risk that government itself hasn't bottomed out'. Survey participants gave examples where they had been obliged to rely on data from government that either didn't exist or was of such poor quality that activity levels and workflow used as the basis for pricing did not eventuate.
The chief executive of a major company said that they were increasingly dealing with unknowns: 'They don't know internal costs or volumes, and they throw the risk on these things across the table'. A senior executive of another company spoke of a facilities management contract for an NHS Trust, where there was the potential for significant liabilities because of the poor quality of the estate (including an asbestos problem). The contractor was expected to accept liability for the existing buildings without a detailed survey, which they were not prepared to do. However, one of their competitors was.
The CCS specifically refers to poor quality data in its December 2016 policy note on onerous procurement practices, and recommends that departments and agencies engage with their suppliers on such matters before going to market.
• State-Aid Risk: One survey participant said that they had been asked to take on state-aid risk, which could have been more easily mitigated by the customer since they were an agency of government.
• Policy Risk: Providers have been asked to assume the risk of legal and policy changes, which are wholly beyond their ability to manage.
• Coordination Risk: Examples were given of services which rely on the cooperation of other departments and agencies, or local authorities for improved delivery, where the provider was expected to take on responsibilities for collaboration that government itself was either unwilling or unable to manage.
• Capital Risk: In the NHS, companies are being asked to take on the responsibility for significant capital investments with short contract durations of 2-5 years. Customers are insensitive to the risks this creates, and contractors have been told that they are their responsibility.
• Unlimited Liability: Companies are frequently expected to accept unlimited liability - the commercial director of one large provider said that 'the standard contract these days has unlimited liability'. He gave the example of a contract worth only £300,000, where the customer was insisting on unlimited liability, a parent company guarantee, all consequential costs and no variations. The global head of a service sector for one large corporation (and a former public servant) insisted that there had to be a number if risk was to be priced, even if it was a high one.
Another example was that of a contract where the company was competing with an in-house team. Bidders were required to accept unlimited liability, which the company refused to do. Their bid was treated as non-compliant and was not even considered, with the result that the contract was awarded to the public-sector provider and thus the state was not relieved of any liability.
Among other things, the pursuit of unlimited liability (and parent company guarantees) has been criticised for the impact which it has on SMEs, but the problem persists.31 A number of survey participants acknowledged that the position has improved somewhat through the intervention of the commercial directors operating under the government's Chief Commercial Officer.
• Excessive Performance Bonds: the example was given of a £500,000 performance bond on a £1m contract. The CCS has now specifically recommended that deeds of guarantee and performance bonds only be employed in specific circumstances 'where the contract is judged to be at high risk of supplier or performance failure'.
• Others: Providers have also been asked to accept responsibility for break clauses without costs, all consequential losses and uninsured relief events. In the latter example, the customer could not identify what this might involve but insisted nonetheless.
There have been vigorous exchanges over these matters - 'the commercial guys negotiated on it until they were blue in the face'; 'the attempt to maximise risk transfer continues - conversations are going nowhere' - but for the past few years, experienced providers were prepared to accept risks that they were not able to manage.