A Thing
The Green SheetGreen Sheet

The Green Sheet Online Edition

June 11, 2018 • Issue 18:06:01

Legal ease: ISO contract management in the digital age

By Adam Atlas
Attorney at Law

A long time ago, ISOs had filing cabinets full of merchant agreements; now they have cloud folders, servers, hard drives and the odd thumb drive. The purpose of this article is to provide helpful thoughts on contract management in the digital age.

1. What is contract management?

Contract management is the process of managing the creation, signature and storage of contract records. Contracts form the core basis of the value of an ISO. From the ISO's main processor agreement, to its agent agreements, referral agreements, employment agreements and merchant agreements, each has a distinct role to play in protecting the ISO's business and rights under the law.

Good contract management results in the ability to effectively and securely record the various forms of contracts in use and the contracts that are actually executed. Most contracts are never read after they are signed. However, a key purpose in creating a contract is for it to serve as a record of the agreement made so that, if there is a disagreement, the parties can return to the contract as a written record of their understanding. There is little value in a contract that you cannot find.

In the contemporary digital age, the record of a contract is often much more than simply a scan of the parties' signatures. Instead, it is a file that contains envelope information about the time of acceptance, IP addresses of signors, operating systems, email addresses and various other data points that help connect a signor to a contract.

Separating the digital record of a contract from its envelope, or digital breadcrumbs, can be fatal to the contract archiving process because it may be hard to prove that the contract was accepted without that information on file. Online contracting platforms, like Adobe Sign and DocuSign, make it easy to pick up that information. ISO CRM platforms, like IRIS, also integrate with these services, making it even easier to collect all the information related to a given contract.

2. What contracts should an ISO manage?

The facile answer to this question is all contracts. That said, the allocation of resources to contract management should be a function of the value or risk associated with the contract. Merchant agreements, for example, form the basis of the equity of a given ISO. Even if the merchant agreements belong to the acquirer, it is not unusual for ISOs to be the custodians of merchant agreements, at least at the sign-up stage.

Agent agreements and referral agreements are no less important. They often contain important non-solicitation and confidentiality provisions that need to be accessible if they are to be enforced. If a rogue agent is stealing merchants in violation of the agent agreement, the ISO will be hampered in its enforcement of those terms against the agent if the ISO cannot find the agreement and prove that the agent signed it.

The ISO's main ISO agreement with its acquirer is also essential. ISOs are often parties to a series of ISO agreements, sometimes with multiple amendments. Each of these agreements and amendments should be meticulously recorded in a secure ISO storage location.

ISO contract management, by the way, should cover not only contracts and records of formation of contracts, but it should also cover key correspondence under each contract, such as notices of price changes and notices of default.

3. Who should manage ISO contracts?

Everyone at an ISO should be aware of the importance of contracts, but the ultimate responsibility of contract management might end up with a business operations lead and an IT lead.

The business operations person can ensure that each part of the ISO where contracts are used is sending executed contracts to the contract management system and following up where there are gaps.

On the IT side, the ISO might allocate energy to seeing that contract management systems keep contracts secure, with limited rights of access, archives contracts to ensure that they are not lost, and also supports easy retrieval when required. The greater the efficiency of contract management, the better the ISO business is served, as discussed below.

4. When will an ISO turn to its contract management system?

Contract management is a daily grind of archiving contracts formed and does not yield obvious dividends on a daily basis. However, every time an ISO has to look back on an agreement – for business negotiations or, perhaps, enforcement – all the hard work of managing contracts pays off.

The ultimate payoff of contract management is, of course, the sale of an ISO's business. When an ISO owner seeks to sell the business, the buyer will inevitably wish to carry out due diligence. This entails providing key business information for the potential buyer to review in order to assess the value of the ISO.

While the contents of contracts will evidence the basic value of the business, the level of organization of contract information will also impact the value of the ISO's business. Put yourself in the shoes of a buyer. Would your offer-price be influenced by the level of organization of the target entity? Naturally, an ISO that can't show the proof that it really has all the agent agreements it claims to have in place, will be less attractive than an ISO that has kept excellent records of all agent agreements and related correspondence.

5. What types of datasecurity apply?

ISO contracts contain sensitive business information pertaining to the ISO, but they also contain Social Security numbers and other non-public personal information of merchants and merchant-guarantors. ISOs have a legal duty to keep that information confidential.

Depending on the circumstances, that might mean maintaining certain security protocols with respect to ISO contracts, such as encryption, two-factor authentication and other forms of access control. It could not hurt to consult a technical advisor on how to best secure ISO contacts, and ISO data generally, in order to preempt data breaches. Having made the transition into the digital realm, ISOs owe it to themselves and their merchant clients to raise their digital contract management standards accordingly. end of article

In publishing The Green Sheet, neither the author nor the publisher is engaged in rendering legal, accounting or other professional services. If legal advice or other expert assistance is required, the services of a competent professional should be sought. For further information on this article, please contact Adam Atlas, Attorney at Law via email at atlas@adamatlas.com or by phone at 514-842-0886.

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

Prev Next
A Thing