The independent agent channel is many years into a race for the best tech stack. Vendors are ubiquitous and aggressive in promising the next best way to identify leads, manage relationships, price and propose insurance, manage claims, and on and on.
Your agency likely receives a constant barrage of technology opportunities, most of which come with contracts heavily favoring the vendor. It is tempting to simply sign off or “click through” without careful analysis of your agency’s and the vendor’s rights and responsibilities under the contract. All the same considerations applicable to any contractual business arrangement apply to technology vendor contracts, along with some added twists, so these contracts require serious attention.
There is no one-size-fits-all way to review proposed contracts, but there are some recurring issues and terms to watch for.
How does the proposed contract and the services and products it promises mesh with your agency’s contracts with insurance companies? Are there conflicting terms or obligations that could put your agency in breach of any of those contracts?
Legal compliance is non-negotiable. If your agency enters the contract and starts using the services and products offered, will it present any regulatory compliance issues? Are any recordkeeping, privacy, or other legal obligations implicated? If the vendor will have access to personal information, you should consider including language that limits how your vendor uses and discloses personal information under the agreement. Further, if you are subject to any of the numerous and often complex privacy laws and regulations, there may be contract language that you are required to include with your vendors. If you are unsure of potential legal obligations on the privacy front, you need to consult with your attorney.
If the vendor will have access to your agency’s and clients’ confidential information, it is important that there are safeguards to protect such information. You want to ensure that the language (a) is mutual; (b) requires the return or deletion of your confidential information at the end of the agreement; (c) requires the vendor to utilize appropriate controls as necessary to protect your confidential information; and (d) requires the vendor to notify you in the event they have violated any of the confidentiality obligations noted in the agreement.
Third-party vendor breaches are on the rise, and contract language should be in place to mitigate this risk. When negotiating, data security language can be adjusted in consideration of the amount and sensitivity of data and the level of risk involved in your relationship with a vendor. At minimum, the agreement should include (a) a requirement for appropriate and reasonable security measures and or security measures in line with any regulatory requirements; (b) an obligation to notify you of, investigate, and mitigate any unauthorized access, use, disclosure, or modification of your data; and (c) cost shifting language requiring the vendor to reimburse you for costs incurred due to the unauthorized access, use, disclosure, or modification of your data.
With the emergence and widespread use of generative AI, some vendors now include language within their agreements that (a) permits the use of AI in the provision of services; and (b) allows the vendor to utilize your data to train their AI model. If you are in a regulated space or if your vendor will have access to sensitive and or confidential information, you should consider removing this language from the agreement and or inserting guardrails to mitigate potential risks. One potential guardrail is to only permit the use of AI with deidentified and aggregated data.
When reviewing the intellectual property sections of an agreement, you need to think about (a) whether the vendor is creating any custom software for your agency; and (b) who might need access to the software, internally and externally (for example, affiliates or vendors). If the vendor is creating custom software on your behalf, you should consider whether the contract language explicitly passes ownership of that custom software over to you.
Trust but verify. Audit rights in an agreement provide a mechanism to ensure your vendor is doing what they say they will do. Ultimately, the goal is to prevent or detect potential risks and assess your vendor’s practices and data usage. To accomplish this, your agreement should include a provision allowing auditing of the vendor’s related practices, policies, and all related records as necessary to verify the vendor’s compliance with the terms of the agreement.
Many hands make light work, but they also amplify risk. Your agreement should not allow your vendors to utilize subcontractors without limitations or obligations. As you increase the number of individuals who have access to your data and your systems, the higher the risk becomes. Exercise due diligence on current subcontractors and insist on approval requirements for them to work on your account. Last, but not least, your vendor must agree to be responsible and liable for the acts of their subcontractors under the agreement.
Provided Warranty. Warranties in tech contracts are crucial as they provide a level of protection ensuring that the products and services provided meet certain standards and that any issues are addressed in a timely and satisfactory manner. For example, this may include a warranty that the services and products will comply with their documentation, applicable law, and that they will not contain or introduce any malicious code.
Provided Remedy. Along with the provided warranties, there should also be a clear remedy for violations of the warranties. The remedy should include a time limit for resolving the violation and an option to terminate and or receive a refund due to the defective service or product if the violation is not remedied.
In many cases, a vendor will try to severely limit their liability for direct damages and fully disclaim liability for any indirect damages. Further, this limitation on liability language may be one-sided, leaving your agency’s potential liability uncapped. First, you should ensure that the limitation on liability is mutual. Next, depending on the value of the contract, you may adjust the liability cap for direct damages to a higher number that is more in line with the actual spend and risk associated with the agreement. Although a disclaimer on indirect damages is common, a good way to mitigate the risk that certain damages may be disclaimed or not fully covered is to include carve-outs, meaning specific types of damages for which the vendor cannot be shielded from liability.
Indemnification provisions are essential in tech and software contracts because they allocate risk between parties and serve to protect your agency from potential legal and financial liabilities arising from third-party claims, particularly in situations like intellectual property infringement, data breaches, or software malfunctions. In drafting or revising indemnity language, you should ensure that the language effectively holds your agency harmless from any applicable third-party claims and enables you to adequately recover all reasonable losses, including attorney’s fees. Further, you should consider whether you would prefer the right to assume and control the defense of the third-party suit.
Requiring insurance coverages and minimums in your agreements ensures there is a financial mechanism in place to cover potential damages or losses that arise. Insurance requirements should be instituted and should not be reduced during the term of the agreement. For example, if your vendor will have access to sensitive data or your systems, you should insist on a contractual requirement to maintain cyber liability insurance.
If this seems like a lot to consider, you are right, it is. This guide is not a checklist or roadmap, but rather an exercise in issue spotting and a wake-up call. Technology is both a blessing and a curse, combining opportunity and risk. Contracting with vendors to deploy and help manage technology for your agency cannot be taken lightly.
Although this document provides concepts to consider when reviewing and revising technology and software contracts, this is not an exhaustive list, and your agency should consult with competent counsel when evaluating contracts.