CIS General Insurance Limited v IBM United Kingdom Limited - An analysis

 CIS General Insurance Limited v IBM United Kingdom Limited - An analysis

Charles Russell Speechlys LLP 

United Kingdom March 24 2021

Slow and chaotic rather than agile – some lessons from a digital transformation disaster

An important new judgment has recently been released by the Technology and Construction Court in the case of CIS General Insurance Limited v IBM United Kingdom Limited. The case deals with the failure of a high value digital transformation project and the purported termination of, and associated repudiatory breach of, the project contract.

The judgment was handed down remotely on 19 February 2021 under Covid-19 protocols. The complexity (and cost) of the case is evident, not least as there were 32 days of hearing. It is not known whether IBM will appeal the decision. The case is important, as large scale IT cases are relatively rare. There are also relatively few decided cases on development projects or digital transformation projects that have gone wrong.

There is a useful case in Scotland, Agilisys Limited V CGI IT UK Limited that also deserves careful review. Both cases are interesting in that project failures involved the alleged failing of subcontractors as well as the principal systems integrators delivering the full transformation project.

Abstract

The judgment from Mrs Justice O’Farrell is 754 paragraphs long and includes detailed commentary on agile sprints, delays, governance, relationship management, and the measures parties take to seek to manage project failure. It contains a number of useful points for consideration when negotiating and managing contracts for digital transformation projects. A summary of the key issues is set out immediately below, and the issues are explored in more detail later in this article. 

• Repudiatory breach – The case reiterates the importance of carefully following contractual termination processes. IBM failed to do this and was therefore held to be in repudiatory breach of the contract.
• Exclusion of liability (wasted costs) – CIS General Insurance Limited (CISGIL) claimed £128 million for wasted expenditure. However, this was deemed to be equivalent to a claim for “loss of profits, revenue or savings”, which was an excluded loss and therefore not recoverable.
• Out of the box insurance solutions – The case emphasises the importance of carefully considering at the outset whether out of the box solutions might need adapting for use in particular circumstances. In this case, a US insurance underwriting solution was not suitable for use in the UK insurance market. 
• Heed early warning signs – IBM was found to have inadequately reported on project delays. In this case, the Court found that earlier reporting would not have caused CISGIL to terminate the contract. However, it demonstrates the value of early reporting of issues by a supplier and its subcontractors.
• There are no winners where there is a major dispute – Although the Court found in favour of CISGIL, CISGIL only recovered circa £16 million. Damages in a case of this nature may well not fully compensate the claimant. Although easy in hindsight, it goes without saying that disputes should be avoided wherever possible, whether through good governance, cooperation and project management, alternative remedies such as step-in (where appropriate) or through proper project scoping and due diligence, and avoidance of project goals that are not achievable.

"There are no winners when there is a major dispute..."

What went wrong?

The case concerned an allegation that IBM had wrongfully terminated a contract for development of a new insurance underwriting system for CISGIL, a wholly owned subsidiary of The Co-Operative Group Limited. Following a reorganisation of the Co-Op Group in 2014 CISGIL needed to procure a new general insurance system. The contract involved a circa £50 million project for the implementation of a new system and £125.6 million for management services to manage the system for a period of 10 years from implementation. This followed an initial £5.6 million solution outline phase agreement to scope the system.

IBM entered into a subcontract with Innovation Group (IG) to implement a product called “Insurer Suite” as the solution for the project. It is important to note the CISGIL’s regulator, the PRA, had also taken an interest in the systems CISGIL planned to use and the separation of CISGIL from the Co-operative group. There was therefore a significant regulatory pressure to deliver a workable solution.

IBM entered into a contract to deliver a new general insurance technology platform based on IG’s product to meet specific requirements contained in (a) business functional requirement specification, (b) architecture model diagrams, (c) integration interfaces and (d) non-functional requirements. All these documents were attached as contractual documents to the contract for the implementation. The project also involved a detailed data migration exercise.

The project was to be delivered as an agile project to achieve the digital transformation objectives of CISGIL. The key requirement was for IBM to source, configure an “out of the box (OOTB)” general insurance solution and test and deploy the solution to meet the customer requirements in the agreement.

The solution was to be delivered in two separate releases. Release one comprised of the sales and service system for home insurance products by the end of April 2016 and release two comprised of the sales and service system for motor insurance by 15 August 2016, with data migration to be completed by the end of October 2016.

Initial requirements were gathered under the terms of an interim services agreement to plan the implementation of the solution and to finalise the timeframe for delivery. As part of this exercise, there was a gap fit analysis against IG’s Insurer Suite product with over 500 requirements gathered. In the initial gap fit analysis some elements where shown as being OOTB, but a significant proportion of the requirements were required to be delivered by a mixture of further development of the base code, configuration and customisation of the product. As such, the exercise was a sophisticated digital transformation project requiring significant change to CISGIL’s own processes to adapt to the OOTB solution.

What did the contract require?

As is common for digital transformation projects, the contract contained a number of over-riding objectives that the project was intended to achieve. The following guiding principles were added to the contract between CISGIL and IBM:

• Technology led transformation – the technology plan and roadmap were stated to be the leading factors in both the plan for delivery and for any changes to CISGIL's organisation and operating model. Business structures, processes and transformation plans were to be adapted to the capabilities and limitations of the solution and the technology delivery plans, and not vice versa;
• Buy not build – the solution was to be based on a set of standard, market strength regulatory compliant software products;
• Out of the box – the software forming part of the solution was to be used in an out of the box fashion.

These are common aims in a transformation project in order to ensure that the project can be delivered from a technological perspective; however, this requires significant adaption of the customer’s processes in order to use the solution properly and to adapt its business model to a more market standard and less bespoke way of operating.

The dispute

CISGIL initiated proceedings in December 2017 after lengthy correspondence between the parties. IBM purported to terminate the contract on 27 July 2017 for non-payment of an invoice for £2,889,600 of unpaid licence fees (the AG5 milestone). CISGIL argued that IBM’s termination notice was invalid and a repudiation of the contract. On this basis, CISGIL claimed that the repudiation was an intentional breach of the contract designed to bring the contract to an end so IBM could escape its obligations under the contract, to avoid responsibility for delivering the project. CISGIL also argued this constituted wilful default, which would have removed some of the liability caps in the agreement, although this was not proved at court.

As Mrs Justice O’Farrell noted: by this time, lawyers were already engaged fully and the project was beyond rescue:

“Having read the contemporaneous documents and having listened carefully to the factual witnesses, it is clear that by July 2017 both parties were resigned to abandonment of the project. Both parties retained legal teams and tried to manoeuvre themselves into a position where they could extricate themselves from the contract with minimum damage. A high-risk strategy was adopted on both sides; the AG5 milestone payment, a modest sum in relation to the high value of the overall project, was the vehicle used to bring the project to an end.”

The principal claims for damages and IBM’s responses are summarised in the table: 

The decision

Damages - IBM’s limitation of liability clause excluded liability for wasted costs, so were not recoverable. The contractual cap on IBM’s liability also applied, despite the fact that IBM was held to be in repudiatory breach of the contract.

• Breach of warranty - CISGIL’s claim for breach of the warranty and for IBM failing to report on the true state of the project was also dismissed.
• Delay - However, IBM was in breach of the contract for delay of key milestones and in breach of its reporting obligations in respect of those delays.

CISGIL was awarded only £15,887,990 in respect of IBM’s breaches of contract, which was equal to the agreed cap on liability. IBM was entitled to set off the amount of its invoice at £2,889,600.

Issues to note for digital transformation projects

There will no doubt be many articles commenting on the issues raised in the case from a disputes perspective. The case report is 754 paragraphs long, so it is difficult to do justice to all the issues. The case will repay careful attention when drafting agreements for digital transformation projects as there is detailed commentary on the conduct of agile sprints, delays, governance, relationship management, and the measures parties take to seek to manage project failure. However, there are a number of interesting features of the dispute for businesses and their lawyers to note at a higher level.

There are no winners where there is a major dispute

The project failed catastrophically, and the legal remedies arguably did not adequately compensate CISGIL for the total failure of the project. Prior to the project, CISGIL was part of the Co-operative Banking Group, alongside the life insurance division of the Co-operative Bank. Following CISGIL’s merger with Britannia Building Society in 2009, the group suffered a financial crisis. As a result, in 2013 the life insurance division was sold to Royal London and separation of the Co-operative Bank from the group was instigated to comply with regulatory requirements. In February 2018 the Co-op Group entered into a contract to sell CISGIL to Markerstudy. The Bank separated from the Group in January 2020.

Mrs Justice O’Farrell concluded, “[The project] was a failure. The parties abandoned unfinished a project that had consumed costs in excess of £120 million, leaving them with a system offering little or no value and substantial financial losses.”

Once the parties had commenced the project in earnest it is difficult to see how they could have fully drawn back, unless CISGIL had terminated for convenience, or included specific “drop dead” dates for termination that would have allowed enough time to procure a new solution or revert to the “lift and shift” option on the existing system that was also considered as an option before project commencement, although this would have been very far from a longer term solution.

With hindsight, it is possible to argue the project was too high a risk. IBM submitted in its response to the RFP that “In our view, what you are asking for in your RFP does not exist in the UK market today. A number of suppliers offer core insurance products that could eventually fulfil your policy admin and claims requirements but no supplier has a proven, modern, ready to deploy offering for a fully managed GI insurance IT service.”

Beware repudiatory breach

Although CISGIL failed to provide a purchase order for the invoice that was disputed and ultimately triggered termination, it did dispute the invoice within the contractual time period for dispute following delivery of IBM’s invoice. On this basis, IBM was not able to terminate the agreement as the invoice was in dispute and therefore it was in repudiatory breach of the contract. The case emphasises the fact that a party committing a repudiatory breach can very quickly find themselves on the wrong end of a substantial claim from the party accepting the breach, this completely reverses the bargaining strength of the parties. Ultimately, IBM got the fee it claimed but the court nevertheless held them liable for failing to deliver the project. As such, clear termination rights are necessary where a supplier wants to exit from a project to which it has committed. IBM thought it had got home on the termination for breach but failed to fully follow the procedure in the contract. Given the relative amount at stake and the importance of the project with CISGIL’s regulator paying close interest in the project, the court ultimately favoured CISGIL.

Heed early warning signs

The initial sprints for release one which started on 1 July 2015 did not work. The judge wrote with some understatement that “they were not a success”. Although the programme for release one was clear that the solution was to be delivered on an OOTB basis thereby meaning that CISGIL’s operating model had to follow the solution, there was clearly inadequate engagement from CISGIL from the beginning which ensured that the project was fully resourced and the aims in the contract were fully understood and embedded within the organisation.

CISGIL’s transformation director Alison Neate immediately identified weaknesses within the subject matter experts appointed by CISGIL including their failure to adhere to the OOTB approach and a number of sprint workshops to which only IBM and IG turned up. It was clear that CISGIL’s subject matter experts were trying to configure the system to the existing system rather than adjust the business processes to fit the new operating model. This should have raised immediate warnings for IBM.

By September, the sprints were close to collapse. Ms Neate also expressed her unhappiness with the respect that she was receiving from the project team leading to her resignation in April 2016 citing that “I am tired of the general lack of respect I get for running the programme and the criticism of it”.

Several attempts were made to redesign the sprint workshops so that IG had better visibility of the requirements that would impact the software. CISGIL’s own report during the sprints identified that their own subject matter experts were leading the discussions away from the required development of OOTB to issues for their preferred requirements. CISGIL were of the view that IBM knew the system technically in sufficient depth but were not able to facilitate these meetings to direct the conversation back to the agreed approach. It was also felt that IG at this stage was incapable of managing the process. It is evident that the revised plans approved by the transformation committee did not meet the agreed process.

There is a clear lesson that if the project methodology in the contract is not being adhered to the supplier must be responsible for flagging this and ensuring that the project can be conducted according to the agreed approach. Clauses requiring early warning of issues and clear “duties to warn” and, importantly, requiring the same from subcontractors or requiring the main contractor to obtain the necessary information from material subcontractors, could have given CISGIL greater leverage in the dispute.

How OOTB is OOTB?

IBM had warranted that the OOTB functionality of the solution was adequate. The contract imposed on IBM an obligation to take all reasonable steps to ascertain the risks associated with implementing the project using Insurer Suite. It was felt that IBM did in fact take reasonable steps to ascertain the risks associated with this product, did not misrepresent the nature and scope of the development and the product did not require substantial rewriting and development as alleged by CISGIL. However, it was clear that the product was not fully adapted for the UK market and the process of re-writing certain components did place on IG an obligation they were unable to fulfil. This was a significant cause of delays in the project and demonstrates the importance of considering, at the outset of a project, how a solution might need to be adapted for use in overseas markets, particularly in regulated sectors.

Mrs Justice O’Farrell considered what the position would have been had the breach of warranty been established:

“I accept Mr Summerfield’s evidence that, if CISGIL had been told that Insurer Suite required substantially more development than identified in the fit-gap exercise and, as a result, the Key Milestones were unachievable, it is likely that it would have abandoned the project and not entered into the MSA. The benefits that CISGIL hoped to derive from [the project] were substantial; they included increased competitiveness, cost savings, regulatory approval and a solution to the loss of the shared platform with Co-op Bank. However, prior to any commitment by executing the MSA, CISGIL would have paused if informed that those benefits might be in jeopardy. There remained the “lift and shift” option which, although inadequate to provide the business improvements desired by CISGIL, would have allowed it to exit the legacy platform prior to December 2017 and explore alternative long-term solutions.”

Use of Remedies

Although the full contract is not disclosed, it is clear that there were detailed remedies for both parties in the contract short of termination, and these remedies were used to an unusually full degree. Clearly which rights and remedies are appropriate for a specific project must be considered clearly at the drafting stage.

For example, step in rights were actively considered. CISGIL set up a technology innovation and change group to work on an initiative (“Pinarello”), which was a proposal to consider the removal of IBM from the project through the exercise of step in rights under the contract. This would have left CISGIL to continue working directly with IG on the software development. Ultimately, this did not proceed but the fact that the right was considered was significant. Use of such remedies is generally a last resort and would have required CISGIL to directly supervise IG. This would only be possible for experienced customers with the necessary skills or the ability to buy in those skills to conduct the project. The Board at CISGIL was actively involved in the discussions around the Pinarello options, identifying three plans:

• plan A - continuing to complete the project,
• plan B – removing IBM and stepping in and
• plan C – alternatives such as new suppliers or cancellation of the project, review of corporate structure operating model and ownership options in order to resolve the situations, these options included sale or run off of the insurance book.

It was also evident that there was significant tension between IG and its new private equity owners, The Carlyle Group. Carlyle were frustrated, believing that IBM was acting as a go between, preventing meaningful interaction on a tripartite basis particularly between CISGIL and IG. At this point there were allegations  that the IBM team’s behaviour had become less co-operative and was impacting effective decision-making and communication. This breakdown in communication is clearly an issue for all projects in trouble. To the extent that communication is unable to be effectively managed, the project is likely to face terminal problems.

IBM also had significant remedies against IG in its contract, including the ability to conduct a review and source code assessment on IG and to exercise its own step in rights under its contract. In addition, IBM had a parent company guarantee given by the Innovation Group Limited and IBM had a number of meetings with IG’s private equity owners in order to try to get the project back on track and emphasise the seriousness of the issues.

Communication

CISGIL also made claims that IBM was in breach of the agreement by failing to report on the true state of the project. Clearly this is where the expected behaviours of transparency and good communication must be set out clearly in the contract, in addition to expected outcomes. Agile contracts can also contain provisions on expected behaviours which can set common objectives to resolving disputes, escalation and transparency. It is not known in this case whether the contract contained any of these transparency obligations and expected behaviours and whether they could have helped to focus the parties on achieving a more positive outcome. Given the size of the project, the pressure from regulators and the clear issue between IBM and its software developer, issues resolution was going to be difficult without clear communication and very senior management engagement.

Pricing

The contract was not based on time and materials costing. This is unsurprising given the risk and contract value. However, smaller projects are often conducted on a time and materials basis. It is often very difficult in those projects to establish where the supplier must remediate issues at no cost and where the work is legitimately chargeable. In the case where the project is going wrong, the discipline of a fixed price can be helpful to avoid disputes over costs and to focus deliver on the agreed timelines.

Change control and code quality

The number of changes was not considered unusual for a project of this nature (around 100 for release one), which the experts considered would be insufficient to significantly delay the project. However, there was clear evidence of deliverables being presented for testing with multiple issues. While this may have been done to mitigate the effect of project delays to the project plan, ultimately this caused significant issues in acceptance and the temporary abandonment of UAT at one point. This will have further undermined confidence in the project from CISGIL and seemed further to indicate to CISGIL that the OOTB functionality was not adequate for the project.

Limitation of liability and wilful default

IBM was ultimately liable up to its cap on liability but this had been set at a level significantly below the overall project cost. CISGIL’s attempts to demonstrate wilful default were not demonstrated, and this meant that their attempts to override the caps on liability failed.

CISGIL failed to establish a claim for wasted expenditure. The Court held that:

 “IBM submits that CISGIL’s claim for wasted expenditure is excluded... On analysis, it is a claim for loss of profit, revenue or savings; although the quantum of the loss is assessed by reference to the expenditure that has been incurred, the actual loss is the profit, revenue or savings through which that expenditure would have later been recouped but for the breach.

CISGIL submits that its claim for wasted expenditure is not a claim for loss of profit. Compensation for wasted expenditure puts it into a break-even position on the assumption that its financial and non-financial benefits from IBM's performance would have been worth at least as much to CISGIL as the amounts expended in reliance on the contract.”

The court excluded the claim by reference to another case, The Royal Devon and Exeter NHS Foundation Trust v ATOS IT Services UK Ltd2 . Mrs Justice O’Farrell established that the loss of the bargain suffered by CISGIL as a result of IBM’s repudiatory breach comprised the savings, revenues and profits that would have been achieved had the IT solution been successfully implemented. As such, while CISGIL was “entitled to frame its claim as one for wasted expenditure but that simply represents a different method of quantifying the loss of the bargain; it does not change the characteristics of the losses for which compensation is sought.”

IBM ultimately will have had claims against IG, but the case does not give any indication as to whether IBM was able to claim against IG or how much of its losses it was entitled to recover.

Subcontractor failure

This is an important point to consider, as much of the blame for project failure was laid at the door of the subcontractor, IG. While CISGIL was unable to establish that the OOTB solution was not fit for purpose and had not been adequately developed for the UK market, a significant development effort was required and the code audit revealed that the way development was done was not helpful to the overall delivery of releases one and two. IG appeared to have inadequate resources for the project.

It appears that CISGIL did not place the whole risk of the project on IBM to deliver. They were actively engaged in considering IG as part of the solution. Had IG been an unknown quantity, more of the responsibility for successful project delivery may perhaps have been required of IBM. CISGIL’s CEO Mark Summerfield “accepted in cross examination that during the tender and due diligence phases, IBM was identified as the best option following a high degree of investigation. Questions of the capability of Insurer Suite were primarily addressed by IG, as CISGIL both knew and expected. IG’s reputation and industry standing was a factor which CISGIL took into account when selecting IBM as a supplier. CISGIL formed a positive impression of IG from interaction during the due diligence process and it was satisfied that Insurer Suite could meet CISGIL’s requirements. CISGIL was aware that there was a substantial number of its requirements that did not exist OOTB and therefore, would require at least some base development or customisation. He agreed that CISGIL did not suggest, or expect, IBM to carry out a code review of Insurer Suite; it expected IBM to rely on IG to deliver Insurer Suite.”

When seeking to place responsibility on the supplier for selection of particular subcontractors or products used, it is important to make that very clear in the contract. Although the Court found in favour of IBM on this point, where a customer is involved in selection, a supplier may also benefit from a clear statement reflecting the customer’s role in making that selection.

However, in any event, it would be common for the principal supplier to take responsibility for the actions of the subcontractor.

https://www.lexology.com/library/detail.aspx?g=753c1026-6ac5-4e70-b706-d73f04d3ef5c#:~:text=The%20case%20concerned%20an%20allegation,The%20Co%2DOperative%20Group%20Limited.&text=All%20these%20documents%20were%20attached,the%20contract%20for%20the%20implementation.