Until the situation becomes more clear, Cognizant customers can take a number of steps to mitigate potential negative effects on their own businesses:
Conduct an IT services risk assessment. Although customers are unlikely to feel any service delivery impact unless the issue turns out to be more far reaching, now is a good time to determine what their exposure is. Should the issues grow, that could lead to loss of talent, focus, or financial instability resulting in suboptimal delivery and additional service risk, says Rutchik.
Get assurances in writing. FCPA violations get the attention of business executives, boards, and stakeholders. They’ll want to know what’s going on at Cognizant. IT leaders should obtain the “adequate assurances” from Congizant that this is not a systemic issue, Rutchik says.
Insist on better communication. Cognizant customers should ask that account and company leader provide greater transparency into the scope and scale of the probe. In particular, they should ask why Coburn left the organization, says Fersht.
Know your rights. “A well-constructed outsourcing agreement should provide for representations and warranties to comply with laws or [may] have specific requirements to be and remain in compliance with the FCPA,” says Rutchik. “This situation may enable customers to terminate for cause if they so choose, or to demand specific remediation on the part of Cognizant.”
Customers should also look at any “flow-down” or “flow-through” provisions where any breach by Cognizant as a back-end provider may create compliance or breach issues for those in their end-customer agreements, their debt or equity covenants, their codes of conduct, or other related areas, says Rutchik.
Sign up for CIO Asia eNewsletters.