Software License Reviews - Hidden Financial Risks | Global Banking & Finance Review | GBAF

Editorial & Advertiser disclosure

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Home > Videos > Unexpected damage: Software License Reviews trigger urgent financial liabilities

Unexpected damage: Software License Reviews trigger urgent financial liabilities

Published by Uma Rajagopal

Posted on September 14, 2018

5 min read

Last updated: January 21, 2026

Robin Fry, director, Cerno Professional Services

There is an increasingly prevalent threat facing large corporates around the world:the use by major software vendors of contractual audit rights to search out inadvertent under-licensing, triggering substantial and unexpected liabilities against their customers.

The exercise of ‘software license reviews’ or ‘software audits’, most notably by Oracle, SAP, IBM, Informatica and Microsoft, has increasingly become a revenue-generation mechanism for these vendors. Against the backdrop of a huge number of IT systems being moved to the cloud, with Amazon and Google establishing themselves as market leaders, the historically-dominant software vendors are urgently seeking additional revenue from elsewhere: their existing base of on-premise software customers.

The amounts sought – aggregating license fee shortfalls, back-support, penalties and audit costs – can be eye-watering: Diageo was found liable in the High Court last year for under-licensing when it opened up its ordering to customers by allowing the use of iPads rather than, as previously, utilising only a call center. The ‘indirect access’ claim by SAP totalled more than £58million.

ABN-InBev, the world’s largest brewer, was also impaled in another under-licensing claim by SAP for US$600m. The matter was settled in a New York arbitration late last year for an undisclosed amount.

These two claims represent only a tiny visible fraction of a new battleground, with hundreds of corporates receiving notification letters that have been ‘selected’ for such a license review by one of these major vendors. The customer is directed to the audit provision in the license terms and often, at least at this stage, content for the review to be carried out.

Robin Fry

Robin Fry

The process of the audit

Following the notification that a review is to be conducted, the process then follows a sequence under which an appointed auditor – usually a major accountancy firm such as EY, KPMG, Deloitte or PwC, or, for Oracle, often its own license management services division – carries out the technical analysis.

The analysis examines the actual usage of the software and compares this to license grant, initiating an ‘Effective License Position’; inevitably shortfalls are exposed. The process can take in excess of three months, with the auditor running scripts on the customer’s IT infrastructure and then searching out all recorded usage or installation of their proprietary software. There is only one aim: to identify any shortfalls on which invoices can be issued.

The vendor will then issue an executable quote, with payment required within 30 days. The shortfalls often derive from:

Installation of programs without use: generally, still licensable;
Use of virtualisation (typically VMware) where any processors that might run the programs also all need to be fully licensed;
Inadvertent triggering of management packs and options by the customer included (but not ordered) from when base technology is delivered by the vendor to the customer;
New remote usage – for example, by customers, suppliers or partners using new channels or APIs;
Robotic usage;
Older software being shelved but still technically subject to support and maintenance charges (generally 22% of purchase cost per year).

It is almost impossible for any successful corporate with constantly-shifting business needs – and therefore ever changing IT systems– to remain fully and at all times in compliance with license terms. Vendors often point to white papers, policies and website downloads to shore up opaque and ambiguous wording within contracts, invariably to the customer’s detriment. Oracle, for instance, derives very substantial revenues from insistence on compliance with its ‘Partitioning Policy’ despite it being declared to be ‘for educational purposes only’.

The result: a crippling and potentially embarrassing bill at full list prices, with multiple other penalties and costs. This claim will not have been provisioned for and can, on occasion, have a severe impact on the financial statements.

Seven key lessons:

Never assume that a long-standing relationship has any weight: this process is driven outside your account director and is simply a substantial revenue-generation opportunity mandated at the highest level within the vendor;
Unless you have completed such an audit within the last two years, do not assume any complacency: under-licensing (and over-licensing) is largely unavoidable even for the best-managed corporates;
Confront these issues in advance: commission your own audit using specialists and then ameliorate any under-licensing that is exposed;
If you receive an audit notification letter, delay and prepare;
Choose to fight every demand: often there are contractual, technical and commercial arguments that together can destabilise and substantially reduce any settlement payments that are demanded;
In any M&A situation, if acquiring, immediately commission your own audit to crystallise the (latent) liability and then lay off to the sellers under their warranties;
If selling a business or company, confront the possible hidden exposure: far better to remediate early and, if necessary, negotiate with the vendor on your terms in advance rather than receive an indemnity claim for an uncontrolled amount after the sale.

The risks around under-licensing are significant but rarely publicised – often falling between IT, legal, procurement and finance teams. The latency is dangerous given the potential for very high claims that could have been addressed earlier.

Never raised by the statutory auditors, this is a board issue where the risk(s) are often overlooked by both the audit committee and any separate board risk committee. This is wrong: software under-licensing is not an incidental administrative issue but one that properly falls to be managed by the audit committee under the FRC’s UK Corporate Governance Code (July 2018).

Corporates are highly dependent on database technology and applications to run their businesses. But this dependence means that, if the installed software cannot readily be shed, then neither can any corresponding financial liability to the software vendor.

Robin Fry is a software licensing lawyer and director at Cerno Professional Services, a firm specialised in challenging licensing demands.

Software License Reviews - Hidden Financial Risks | Global Banking & Finance Review | GBAF