As COVID Continues, Finance Sector Companies Double Down on Software Escrow

Many banking and financial services companies rely on software escrow to safeguard business-critical software essential to their operations. Software escrow has been a part of their business continuity plans for years, and may even be required by the FFIEC, OCC, and other regulators. However, as the COVID-19 pandemic continues to present new challenges — including undermining the stability of software vendors — vendor managers, IP counsel, and procurement leaders look to standardize and strengthen their approach to escrow and verification to ensure they are protected.

Some questions I frequently hear from our banking and financial services customers these days include:

• How can we implement a consistent software escrow process across all of our business units?
• What are some of the vendor risk factors we should be looking for?
• Can you recommend a standardized approach to escrow verification?
• Is there a better way to implement software escrow across business units in an easier, more cost-efficient manner?
• What are the additional steps we take to protect SaaS vs. on-premises software?

As my team and I help our customers become more diligent in incorporating a standardized approach to software escrow and verification throughout their companies, I’ve reflected on how the pandemic increased this awareness and need. Here are some statistics and recommendations from industry thought leaders, along with my takeaways on how this impacts banks and financial institutions.

As Bankruptcies Rise, Make Sure you are Prepared

• Overall, business bankruptcy filings are 30% higher than they have been at any time during the last 5 years. And, with attempts to re-start the economy already sputtering, the news during the second half could be worse. (Reed Smith)
• The current COVID-19 pandemic will increase bankruptcy filings and thereby impact licensors and licensees of intellectual property. Licensors and licensees are advised to evaluate the provisions of their license agreements … It is important to note that an escrow agreement is a “supplementary agreement” under section 365(n), and as such a licensee’s rights under the escrow agreement continue to be enforceable in a bankruptcy situation (National Law Review).

My view: As bankruptcies increase, evaluate the risk factors that could affect your software vendors. Are they small or unproven? What is their funding situation? Are they located in another country with different regulations? If you find yourself in a situation where your developer goes out of business, an escrow release of the software source code lets you continue with development in-house or keep a suddenly unsupported product running long enough to find and implement a replacement.

Increase Operational Efficiency Now, Rather than Later

Your instincts may be telling you to continue to hunker down and suspend any new investments or proactive action until the crisis is over. However, that isn’t the optimal strategy to recover faster. … Investing before the end of the crisis can have a huge impact on your business. An HBR study found that companies using a balanced approach with proactive moves before the crisis ends have a 76% higher chance of pulling ahead of the competition …At most financial services companies, automation through operational applications and technology typically leads to the biggest operational efficiency gains. Start to methodically work through your automation list, updating and reprioritizing as needed. See if you can start on 1-2 automation projects before the crisis ends. (Sage Intacct)

My view: Forward-thinking banks and financial institutions are planning a more consistent, structured escrow approach now. They want to have greater operational efficiency around their escrow processes, and leverage this across their business units.

Build Resilience for the Future

• In a survey by Deloitte on “Confronting the Crisis,” 34% of respondents identified gaps in how to address technology as a critical way that existing resilience plans fell short. … For any resilience program, the driving principle should be to improve decision-making and create a proactive and agile risk capability. Programs should take a prioritized “business services view” to plan contingencies for critical services, assess impacts, and set priorities at an enterprise level. (Deloitte Insights)
• COVID-19 caught many companies unprepared. To increase their organizations’ abilities to respond to future challenges with confidence and insight, procurement teams can take actions to embed risk management into procurement decisions, all the way from upfront sourcing through to payment execution. (Accenture)
  
  My view: Risk management around technology procurement is an important area to pay attention to for business continuity. Software escrow is only one piece of the puzzle, however, make sure your escrow agreements are effective and comprehensive to safeguard your technology investment.

Conclusion

COVID-19 has knocked us all for a loop. Words like “resilience” are used frequently, but you need to understand what this means for your business and create a plan to make it happen. Like most financial institutions, you probably already have escrow agreements in place to safeguard your business-critical software.

Now is the time to evaluate your escrow agreements to make sure they are active, up to date, include all the relevant release conditions, have a frequent deposit schedule, and are verified for completeness and accuracy. Ensure all of your business-critical software is covered and coordinate between business units for efficiency and cost-effectiveness.

We will get through this … but it is important to put an action plan in place to come out ahead of the crisis.

NCC Group Software Resilience has acquired Iron Mountain’s Intellectual Property Management (IPM) business. For more information on the acquisition, please visit our dedicated information hub, or contact Iron Mountain IPM.

Get in touch