How do I agree with my CFO on a liability cap that is acceptable to the business?

A community clinic article - an initiative for you and by you.

We are usually the buyer rather than the seller in a services agreement context where liability caps are relevant. 

For us it is about making sure we know what our key risks are that we will never accept, and hard-coding them into our agreements, versus everything else. For example, it is helpful to have rules around when you give an unlimited indemnity which should be tightly policed. 

It’s also important not be spending valuable legal time asking for positions that you are simply not going to get in the market. I think CFO’s are receptive to that because legal time is expensive and also because delaying contract on-boarding slows the business down. This is really important if you are working in a fast-paced, growth environment. 

Finding “market” positions and then setting ideal and back-up positions as flexes around market is a good approach.  Traditionally it was a little hard to define a market position on a liability cap, but it is getting easier because of A/I tools that can analyse all of your contracts and tell you what you are actually achieving across 100’s of agreements. Another approach is to get external counsel opinion. A/I is cheaper though! 

Michael Phillips - Head of Legal (Advice and Central Functions), Schroders Personal Wealth

Assuming this relates to the products or services that you sell, the cap can be decided on following the preceding questions that you have to answer.

The first question: 
Have I drafted my limitation of liability terms as tightly as I can but in a way that will remain enforceable regarding my business and/or consumer clients bearing in mind consumer law and regulation? After all the cap only applies to things that you have not been able to exclude liability for.

The second question: 
Have I taken account (and briefed the business) about areas such as breach of confidentiality, IP loss, regulatory fines where custom, practice or law in your sector set a high cap or no cap?

The third question:
Is your drafting a cap formulation in an industry normal format ( e.g by reference to a cash amount, or to fees paid, or fees due over contract life, etc) that people buying your type of goods or service are used to?

These questions are all directed at the point that, if your customers will not sign up to a cap and/or it is unenforceable then the cap is pointless.

The fourth question:
What does your insurance cover provide for/cover? You will need to make sure that you are aligned, and you understand what the “net exposure” to the company is for things that are in the insurance excess, exceed the insurance cover level, or result from not being within insurance cover for the thing in question.

The fifth question: 
How much commercial “wriggle” room do you need? Things go wrong in contracts, and with key customers, it may be better to have the flexibility to offer service credits or some other limited compensation rather than losing the client outright.

The sixth question: 
What exposure do we have left and how likely is something to happen which slips through all of these cracks and is still ours to pay at the end of the analysis?  

This is a good exercise to do as it puts the probability of a material claim into context so that you can sensibly discuss, service credits, insurance cover and the cap amount together.

At the end of this process the conclusion is likely to be that either you follow industry norms (and understand through the analysis above how much net exposure your business has and how likely it is to occur) and/or you set a cap at or below the level of the relevant “per claim made” insurance cover that you have for that area so that, as long the insurers are notified promptly and are in scope for the cover, your exposure is limited to the insurance excess and higher insurance premium following a material claim.

Bruce Macmillan - General Counsel


This, along with the usual suspects of indemnities, warranties and representations, is one of the most challenging aspects of contract negotiation in my experience – if only there was a magic formula we could all use! Sadly, though, there isn’t, and each contract needs to be assessed individually.

What’s key, in my view, is that determining an acceptable liability cap involves a cross-business collaboration – with input from the likes of project managers, lead stakeholders, the Finance Team etc., and not just us in Legal. For example, what might be academically risky for us isn’t actually a risk in practice for the business. 

In terms of quantifying/ scoping a liability cap, I tend to take the following into account:

  • What are the potential liabilities under the contract?
  • What are the chances of them happening? 
  • What consequences would (or could) follow if they did happen?
  • Does the business have resource/ ability to absorb potential losses, without significant financial impact? 
  • Does (or should) the business benefit from insurance policies to mitigate any liability risks?
  • What’s standard in our industry in terms of liability caps?
  • What have we agreed previously for similar contracts?
  • What’s the business’ risk tolerance?

Above all, it’s vital that an in-house lawyer knows how to negotiate a cap that protects the business (as much as it reasonably can, that is), without restricting the business’ operations or hindering a potential deal.

Gethin Bennett - Assistant Legal Counsel - The Royal Mint

In-house lawyers are often asked what level to set a liability cap at? Or more practically, what level can we get? 

Liability caps are really an agreement about what level of risk your organisation will share with the other organisation that you are doing business with. Costs over the cap will be at your business's risk. 

To think about what level of cap is appropriate, I would start by identifying the risk that may arise. Make sure you don’t just focus on the technical factors, also consider the human factors.

Threats can arise from within and outside your organisation. A good framework for thinking about this can be to consider: 

  • Cyber-criminals - how financially or operationally valuable is the project and how easy would it be for cyber-criminals to cause issues to arise?
  • Malicious actors - how easy would it be for staff and third parties to disrupt the project. How valuable would it be to them if they do?  
  • Regulatory priorities - are regulatory expectations likely to be met by the project and is the project in a priority area for regulatory enforcement? 
  • Reputation and impact on customers and staff - what might the impact of issues in this project be on the organisation's reputation and how might this impact customers and staff?
  • Scale matters - is your project a one-off pilot or a larger-scale enterprise initiative? The scale of the risk is likely to be proportional.

By recognising the potential impact and likelihood of issues arising and the ways a threat could arise, you can assess whether the measures deployed to mitigate them and the level of costs that may arise as a result. 

The other area to consider is your relative negotiating position:

  • Does your project involve a third-party incumbent with a history of no issues arising and good security practices such as multiple layers of security, clear communication, and accountability? If so, your CFO may agree to take on a greater level of risk and lower liability cap as risks are less likely to arise.  
  • Are you dealing with a third party who has a "killer product" and who knows that you are not going to walk away from the deal? If so, you are less likely to be able to convincingly negotiate a higher cap. 
  • Whilst one to many SaaS providers are generally unwilling to negotiate changes to their terms, an area where they can move is liability as it does not affect the operational aspects of the standard service. 

Assessing the risks of threats arising, the accompanying issues and the likelihood and impact of those issues can provide a good framework for negotiating liability caps with third parties and giving good advice to your CFO.

Jonathan Friend - Senior Lawyer, Information Rights, BBC

The question presupposes that the CFO has to agree to this. It may not always be the case, of course. If it is the case, obtaining agreement will be subject to the governance process in place (and personality of the CFO!). 

The answer will also depend upon whose liability is being capped: your business or a counterparty/supplier’s. If it is your business, the CFO and others may wish to aggressively cap your liability to the absolute minimum. CFOs rarely like unlimited liability! I’ve assumed below it is a supplier’s liability. 

Ideally, liability is not capped. However, most businesses do this to ensure they are within their insurance requirements and as their business model is predicated on a certain level of risks being assumed versus the rewards anticipated. 

In practice, what might be presented to a CFO often indicates limited scope for negotiation. The legal function will have obtained what is likely to be the best position in the circumstances. So the agreement of the CFO is likely to be about how well: 

(1) the legal risks are articulated; and 
(2) the ‘business contract owner’, who has the relationship with the supplier, explains why these risks are outweighed by the “rewards”, the lack of alternatives and how such risks can be appropriately managed.  

Typically, the wider context and relative bargaining powers will be determinative in presenting the legal risks to the CFO. These circumstances can lead to a cap with a number, but it is not a precisely modelled quantification. The number is likely to be a “market norm”. Where that does not exist, often a per annum (or less commonly, per incident) liability cap ‘floor’ of the higher or £50,000 or 150% of the annual consideration is proposed. Often there are exclusions from this e.g. IP, confidentiality, data protection and regulatory issues. They might be uncapped or subject to ‘super caps’ such as £1 million per annum. 

The relative bargaining powers of the parties are also highly determinative of what is presented to the CFO. If a supplier has the best price or can delivery in accordance with an urgent timetable, often their lower than market liability cap is agreed to (albeit perhaps via separate governance, such as a non-standard commitment process). 

James Butler, Group Head of Legal & Corporate Governance at SG Kleinwort Hambros