Robin Fry, director, Cerno Professional Services
There is an increasingly prevalent threat facing large corporates around the world:the use by major software vendors of contractual audit rights to search out inadvertent under-licensing, triggering substantial and unexpected liabilities against their customers.
The exercise of ‘software license reviews’ or ‘software audits’, most notably by Oracle, SAP, IBM, Informatica and Microsoft, has increasingly become a revenue-generation mechanism for these vendors. Against the backdrop of a huge number of IT systems being moved to the cloud, with Amazon and Google establishing themselves as market leaders, the historically-dominant software vendors are urgently seeking additional revenue from elsewhere: their existing base of on-premise software customers.
The amounts sought – aggregating license fee shortfalls, back-support, penalties and audit costs – can be eye-watering: Diageo was found liable in the High Court last year for under-licensing when it opened up its ordering to customers by allowing the use of iPads rather than, as previously, utilising only a call center. The ‘indirect access’ claim by SAP totalled more than £58million.
ABN-InBev, the world’s largest brewer, was also impaled in another under-licensing claim by SAP for US$600m. The matter was settled in a New York arbitration late last year for an undisclosed amount.
These two claims represent only a tiny visible fraction of a new battleground, with hundreds of corporates receiving notification letters that have been ‘selected’ for such a license review by one of these major vendors. The customer is directed to the audit provision in the license terms and often, at least at this stage, content for the review to be carried out.
The process of the audit
Following the notification that a review is to be conducted, the process then follows a sequence under which an appointed auditor – usually a major accountancy firm such as EY, KPMG, Deloitte or PwC, or, for Oracle, often its own license management services division – carries out the technical analysis.
The analysis examines the actual usage of the software and compares this to license grant, initiating an ‘Effective License Position’; inevitably shortfalls are exposed. The process can take in excess of three months, with the auditor running scripts on the customer’s IT infrastructure and then searching out all recorded usage or installation of their proprietary software. There is only one aim: to identify any shortfalls on which invoices can be issued.
The vendor will then issue an executable quote, with payment required within 30 days. The shortfalls often derive from:
- Installation of programs without use: generally, still licensable;
- Use of virtualisation (typically VMware) where any processors that might run the programs also all need to be fully licensed;
- Inadvertent triggering of management packs and options by the customer included (but not ordered) from when base technology is delivered by the vendor to the customer;
- New remote usage – for example, by customers, suppliers or partners using new channels or APIs;
- Robotic usage;
- Older software being shelved but still technically subject to support and maintenance charges (generally 22% of purchase cost per year).
It is almost impossible for any successful corporate with constantly-shifting business needs – and therefore ever changing IT systems– to remain fully and at all times in compliance with license terms. Vendors often point to white papers, policies and website downloads to shore up opaque and ambiguous wording within contracts, invariably to the customer’s detriment. Oracle, for instance, derives very substantial revenues from insistence on compliance with its ‘Partitioning Policy’ despite it being declared to be ‘for educational purposes only’.
The result: a crippling and potentially embarrassing bill at full list prices, with multiple other penalties and costs. This claim will not have been provisioned for and can, on occasion, have a severe impact on the financial statements.
Seven key lessons:
- Never assume that a long-standing relationship has any weight: this process is driven outside your account director and is simply a substantial revenue-generation opportunity mandated at the highest level within the vendor;
- Unless you have completed such an audit within the last two years, do not assume any complacency: under-licensing (and over-licensing) is largely unavoidable even for the best-managed corporates;
- Confront these issues in advance: commission your own audit using specialists and then ameliorate any under-licensing that is exposed;
- If you receive an audit notification letter, delay and prepare;
- Choose to fight every demand: often there are contractual, technical and commercial arguments that together can destabilise and substantially reduce any settlement payments that are demanded;
- In any M&A situation, if acquiring, immediately commission your own audit to crystallise the (latent) liability and then lay off to the sellers under their warranties;
- If selling a business or company, confront the possible hidden exposure: far better to remediate early and, if necessary, negotiate with the vendor on your terms in advance rather than receive an indemnity claim for an uncontrolled amount after the sale.
The risks around under-licensing are significant but rarely publicised – often falling between IT, legal, procurement and finance teams. The latency is dangerous given the potential for very high claims that could have been addressed earlier.
Never raised by the statutory auditors, this is a board issue where the risk(s) are often overlooked by both the audit committee and any separate board risk committee. This is wrong: software under-licensing is not an incidental administrative issue but one that properly falls to be managed by the audit committee under the FRC’s UK Corporate Governance Code (July 2018).
Corporates are highly dependent on database technology and applications to run their businesses. But this dependence means that, if the installed software cannot readily be shed, then neither can any corresponding financial liability to the software vendor.
Robin Fry is a software licensing lawyer and director at Cerno Professional Services, a firm specialised in challenging licensing demands.
Global Banking & Finance Award Winner – BPC
In this exclusive interview we spoke with Jane Loginova, BPC about the ways BPC helps financial institutions create relevant digital experiences for customers.
FE CREDIT and The Journey To Customer Experience Enhancement
As a leading enterprise in the consumer finance industry, FE CREDIT is being on the mission of constantly enhancing digitalization and adopting advanced technological platform in order to bring customers optimum experiences when they use the company’s products or services. With the endeavour of shortening the distance with customers, Genesys is considered a strategic platform applied by FE CREDIT to serve customers the bests as soon as they concern or are in need of financial services.
Global Banking & Finance Award Winner -PT Sucorinvest Asset Management
Exclusive interview with Mr. Jemmy Paul Wawointana,Chief Executive Officer of PT. Sucorinvest Asset Management
86% of UK businesses face barriers developing digital skills in procurement
A shortage of digitally savvy talent, and a lack of training for technical and soft skills, hinder digital procurement initiative...
ISO 20022 migration: full speed ahead despite recent delays, says new Deutsche Bank paper
Today, Deutsche Bank has released the third installment in its “Guide to ISO 20022 migration” series, which offers a comprehensive...
What Skills Does a Data Scientist Need?
In this modern and complicated time of economy, Big data is nothing without the professionals who turn cutting-edge technology into...
The importance of app-based commerce to hospitality in the new normal
By Jeremy Nicholds CEO, Judopay As society adapts to the rapidly changing “new normal” of working and socialising, many businesses...
The Psychology Behind a Strong Security Culture in the Financial Sector
By Javvad Malik, Security Awareness Advocate at KnowBe4 Banks and financial industries are quite literally where the money is, positioning...
How open banking can drive innovation and growth in a post-COVID world
By Billel Ridelle, CEO at Sweep Times are pretty tough for businesses right now. For SMEs in particular, a global financial...
How to use data to protect and power your business
By Dave Parker, Group Head of Data Governance, Arrow Global Employees need to access data to do their jobs. But...
How business leaders can find the right balance between human and bot when investing in AI
By Andrew White is the ANZ Country Manager of business transformation solutions provider, Signavio The digital world moves quickly. From...
Has lockdown marked the end of cash as we know it?
By James Booth, VP of Payment Partnerships EMEA, PPRO Since the start of the pandemic, businesses around the world have...
Lockdown 2.0 – Here’s how to be the best-looking person in the virtual room
By Jeff Carlson, author of The Photographer’s Guide to Luminar 4 and Take Control of Your Digital Photos suggests “the product you’re creating is...