(This is in continuation of yesterday's discussions on the need for
Software companies to learn some lessons out of Mr Arun Jain's arrest in
Indonesia and the experience of Elcomsoft in USA)
In continuation of our discussions on the lessons to be drawn
from the arrest of Mr Arun Jain of Polaris, we shall look at the possible causes
that lead to the situation.
It has already been discussed in the earlier articles in this
series that the main reason for the predicament of Polaris was that
a) The Contractual Risks were underestimated
b) Country Risk factor was ignored.
While the contract provided for an "Arbitration in Singapore"
as has been reported, it is not clear if there was a clause to the effect that "
Both parties had expressly waived their other rights under the laws of
Indonesia or India". This risk was therefore ignored.
Further, acknowledging that each country can have its own
internal compulsions to impose force-majeure influence on a contract, in any
international contract, it would be necessary to hedge this risk with a higher
profit margin while quoting for the contract. This is the quantification of the
country risk which should ideally be equal to the insurance premium for covering
the risk if such insurance exists.
One of the main action points that should therefore follow
now is to find a means of how such country risks can be covered by Indian
software countries.
Will a reference to the Embassy of the country be a
sufficient guard for a software company to accept a country risk?, or
Is there a need for quantification of the risk and
coverage through insurance?
If the country risk has to be insured, who will provide the
insurance?
What is the role of ECGC in Software export contracts?
What role Nasscom can play in developing such an insurance
cover?
are some of the questions that arise in this context.
While these long term debates go on, each software Company
should start reviewing their internal focus on "Legal Compliancy".
Naavi has a direct experience of the complacency that
prevails in the IT industry on legal compliance. The list of articles found
below starting from 2000, highlighting the need for Indian corporates to start
addressing the law related risks through a compliancy plan represents the
warnings that have been sounded out to the industry.
However, the industry has not responded to these calls in a
manner that responsible corporate entities should have done. The industry
bodies such as Nasscom also have not focused on this issue.
As a result of this complacency, the information assets of
the country have been placed at an enormous risk and in direct conflict with the
IPR of foreign companies. This loss is the loss of the nation as much as that of
the Company.
The Next Threat:
The next blow on the Indian software industry and their
information asset base will come in the form of Trade Mark, Copyright and Patent
Right attacks on the Products, Services, and Domain Names of Indian software
companies.
It is a fair guess that the Indian IT companies are neither
prepared legally nor have provided financially for legal battles in the
international arena for protecting their information assets.
I agree that "Regulation and Law" are dirty words for
businessmen. Many think that they would rather attend two more new marketing
presentations than attending to legal compliancy of the contract already on
hand.
Being both a marketing person and an advocate of legal
compliancy, it is necessary for me to emphasize the market oriented IT companies
that in the coming days of legal activism, if legal risks are not properly
hedged, even if you get several new contracts, the profits would be insufficient
to meet the losses if the legal non compliancy on any one of the earlier
contracts is brought to book.
Legal Compliancy of the Products
In addressing these issues we should also remember the lesson
from Elcomsoft that legal compliancy should extend to all the products of the
Company. If any product violates the IPR of any party, or the Cyber Laws of any
country, (eg: HIPAA or GLBA or ITA-2000 )then it is sufficient reason for your
executives to land in jails in India or foreign countries and to face damage
suits running to millions of dollars.
Even employee related disputes as in the case of Infosys
Phaneesh Murthy could be debilitating for companies as it could remove your key
employees from action and affect the morale in the company.
A Total Legal Compliance should therefore be nursed as a way
of corporate culture that should be inculcated in every employee of the company.
My advise to my friends in the IT industry is therefore "
Please shed your Complacency and Take Immediate Steps To Move towards Total
Legal Compliance". A stitch in time saves nine.
Naavi
December 25, 2002
Related Articles in naavi.org
Let Arresting
of Corporate Executives Stop -December 2002
Software
Companies Cannot Drop Their Guard-December 2002
Some
Questions Nasscom Should Answer-December 2002
This is
Business Terrorism December 2002
Legal
Negligence Can Be Devastating- December 2002
IS
Managers...Beware, This week you may be heading to Central Prison!!-June
2002
There is No
Quality without CCL Compliancy -May 2002
Preparing For
Cyber Law Compliancy- May 2002
ISP Managers
Beware...You may land in jails..if.. May 2001
CEO s and CTO
s- Keep your anticipatory bail ready. -December 2000
Are You Cyber
Law Compliant?-November 2000
