Contract obligations compliance sits at the heart of every successful agreement.
Each contract specifies activities that each party to it is obliged to do or refrain from doing, either separately, or jointly with the other party or parties.
By signing a contract each party is making a legally enforceable commitment to comply with their applicable obligations.
The size of this commitment will vary in line with the number and type of obligations contained in the contract.
And it’s not always a straightforward calculation. A high volume of standard or common obligations can require less resource to manage than a small number of non-standard or complex obligations.
As a result, contract obligations compliance can be a challenge for any business. It can be made still harder by shifting priorities and changes in personnel. Furthermore, failure to comply with contract obligations can lead to a breach of contract and represent a potentially serious latent risk to the business and one that needs to be closely managed.
In order to help you improve your contract obligations compliance we’ve developed a step-by-step approach, covering:
- Some assumptions to provide context
- The nature and span of contract obligations
- Consequences of non-compliance
- Awareness and ownership of obligations
- Ranking the criticality of obligations
- Establishing the compliance checking timetable
- Developing the compliance checking procedures
- Addressing non-compliance
- Reporting compliance checking outcomes
- Recalibrating an obligation.
For the purposes of illustrating the concepts in this article, the following assumptions will apply:
- For the sake of simplicity, there will only be two parties to any contract discussed with respect to obligations: the organisation requiring certain products or services, and the supplier selected to fulfil the need
- The activities to be performed for contract obligations management will mostly be described from the organisation’s viewpoint
- The organisation has some risk management policies in effect to drive obligations compliance behaviour
- The organisation has some processes in place to support the collection, analysis and reporting of obligations compliance data.
The bulk of contract obligations are explicit and visible, relating mainly to the operation of the contract, such as:
- Issuing invoices within 10 days of the end of the month
- Not issuing invoices later than six months following delivery of an order
- Paying invoices by the due date
- Paying late fees when invoices are paid after the due date
- Submitting requests to amend the contract via an agreed process.
Other obligations that apply are typically not party-to-party related, and may or may not be incorporated in the contract by reference only, without any accompanying details. These obligations can concern compliance with:
- Laws and regulations enacted at any level of government, such as data protection principles and export regulations. Sometimes the applicable laws and regulations will be stated in the contract by reference without any details. At other times, those laws and regulations will apply even if not explicitly stated in the contract
- The organisation’s internal directives, policies and operating practices, such as a code of conduct governing behaviour on the organisation’s premises. Compliance cannot be expected unless details are provided before contract execution
- Generally accepted domestic and international standards, such as SOC 2 Type 2 data-centre security reporting.
Consequences of non-compliance
All obligations are meant to be complied with, but the consequences of non-compliance or a breach of contract can range from trivial, such as interest accruing on late invoice payments, to catastrophic, such as termination of the contract, massive government fines, loss of business or failure of the non-complying party.
Commonly, where non-compliance is an isolated event, the parties to the contract will treat the case as an aberration and attempt to ensure that causation is adequately remedied, with or without a penalty of some kind.
More serious non-compliance in respect of effect on the aggrieved party may require invocation of the contract’s dispute resolution process or a court hearing to obtain any redress.
Chronic, blatant or bullying non-compliance, often based on market power and arrogance, can be difficult to combat. The courts of law and public opinion may be the only way for any consequences to be applied for such behaviour.
Obligations awareness and ownership
The legalese used in contracts, the often confidential nature of a contract’s content, and the generally limited need-to-know about a contract outside the Legal and Contract Lifecycle Management teams, all work to restrict general knowledge about the workings of any particular contract.
However, many stakeholders in a contract need to know certain things about it in order to do their jobs. This is particularly the case when it comes to ensuring compliance with the obligations associated with that contract.
In an earlier article we advocated the use of a contract summary for providing a good plain language overview of the features of a contract, including obligations.
One outcome of the summarisation process is the allocation of ownership to certain aspects of the contract, like obligations.
Obligation management needs to be internal to the organisation, regardless of which party is the obligation holder with compliance responsibility.
This allows proactive steps to be taken by the organisation to detect any drift towards non-compliance by itself or the supplier, and take or request remedial action sooner rather than later.
While the contract summary does a good job of increasing obligation awareness, successful obligations management requires a detailed compliance specification for each obligation.
Also required is a standardised process for checking compliance and tracking obligations. This will not only simplify any training needed across the organisation, but also increase the pool of people who may need to participate in a compliance check without much prior notice when circumstances dictate.
Ranking obligation criticality
The criticality of an obligation is directly related to the implications of the worst-case response to its non-compliance.
Consider invoice payment after the due date. In many contracts, when late payment occurs, the supplier may or will charge interest at a particular rate on the amount outstanding until that amount is paid in full.
Any accrued interest will appear on the next invoice after full payment is received for the outstanding amount. Obligation criticality here is likely to be low or very low.
However, if the payment is outstanding for say more than 60 days, the supplier might withhold the contracted services until all amounts then due are paid in full within say five days. Depending on the nature of those services, the payment obligation criticality might range from low to very high.
It’s important then that each obligation is assigned a criticality level, to heighten awareness that what might superficially appear to be a minor, relatively low risk commitment actually isn’t.
When to check for compliance
Obligation criticality usually drives compliance check frequency: the more critical the obligation, the more frequent the check.
However, other factors may need to be considered in setting the check frequency for any particular obligation, such as a poor compliance performance history.
A date for each check should be established initially, say for the first 12 months of the contract’s life.
A calendar of check events should be set up, catering for any necessary preparatory activities like information gathering and discussions with stakeholders, plus any follow-up activities that might be needed, say to rank, address and report any non-compliance discovered.
The calendar should be regularly reviewed and updated as circumstances require.
If you use a Contract Management System with an automated alerting capability and/or a workflow engine that can be triggered by dates, this would be the best place to record the compliance check schedule.
The obligation owner should be the person to receive the ‘check due’ alert.
A compliance checking approach
The scope of activities required for any particular compliance check may vary for each check occurrence, depending on the complexity of the obligation and the number of aspects that need to be examined. Accordingly, the number of people required to assist with each check may also vary.
A generalised compliance checking approach for the obligation owner to use could involve activities like:
- Determine the scope, timing and people needed to conduct the approaching check
- Advise the people involved about the scope and timing of the check, and their roles
- Collect and distribute any information necessary for conducting the check
- Review the collected information and score the level of obligation compliance achieved.
Our free template can also be used to capture the details of each compliance checking event, from the obligations to be checked, to the compliance scores assigned, the issues detected and any remediation activities needed.
It doesn’t matter if the scale used to indicate the level of compliance achieved is simple (eg none, low, medium, high) or complex (eg 0-10).
It’s important that the same scale is used everywhere, and that it is based on the notion that the higher the compliance level, the lower the risk to the organisation.
An important aspect to watch for over time is evidence of a downward trend in the compliance score for any specific checking activity. This needs to be treated as a rising non-compliance potential.
Dealing with non-compliance
Non-compliance can occur for many reasons, despite best intentions. Some non-compliance might be first detected by the organisation without the supplier being aware that there was a problem until advised so by the organisation, or vice versa.
Alternatively, it may be a rising non-compliance potential that gets noticed and the details passed on as a pre-emptive action.
Irrespective of how any actual or potential non-compliance is detected, again there is value in adopting a standardised approach to dealing with it, such as:
- Advise the obligation holder about their actual or potential non-compliance
- Estimate the effect of actual non-compliance on the affected party
- Investigate and determine the causes of the actual or potential non-compliance
- Decide on and then quickly apply a method to remediate and prevent such non-compliance
- Negotiate and deliver an acceptable compensatory response for the affected party as needed
- Update the contract as needed to restate an obligation or its compliance method
- Revise the detailed compliance specification as needed
- Inform all interest stakeholders about how the non-compliance was dealt with.
Note that steps 3-6 above may be undertaken jointly with the supplier as necessary.
To the extent possible, measures to address any actual or potential non-compliance should be implemented without undue delay. This action helps to minimise risk and shows the commitment of both parties to the smooth running of the relationship.
Reporting obligations compliance
Visibility of obligations is incomplete without some understanding of how well both parties to the contract are meeting their individual and joint commitments.
Obligation compliance levels should be a major reporting item for risk management purposes, as many stakeholders have a vested interest in the achievement of high levels of compliance, both personally and organisationally.
To provide useful information, the obligations compliance report could show details like:
- Contract numbers: total contracts; important contracts; important contracts compliance-checked this year; other contracts; other contracts compliance-checked this year
- Contracts checked this period: supplier name; contract name; contract importance; contract purpose; # critical obligations; a list of critical obligations checked showing the obligation holder and owner details, the assigned compliance level and comments about any non-compliance detected plus planned remediation date and approach if known, and a rolled-up overall compliance level
- Overall totals: for important and other contracts, separately and together: contracts checked, obligations checked, compliance by level; rolled-up overall compliance level.
The format of the compliance information reporting, its presentation timing and distribution arrangements all need to be agreed within the organisation.
A contract may oblige one or both parties to self-report on their compliance with some or all of their obligations, and provide that information to the other party.
The content and format of the self-reporting and its presentation timing should be specified in the contract or otherwise agreed between the parties.
Since supplier self-reporting is likely to be incorporated into the organisation’s internal reporting on compliance levels, a measure of confidence in the self-reported numbers is required.
A policy of ‘trust but verify’ using internally-sourced information is a good way to establish that measure.
It will also reveal any mistakes, misconceptions, miscalculations or misinterpretations made by one or both parties if the numbers don’t agree. The discussion about any differences can be:
- Enlightening: didn’t know that
- Worrying: should’ve known that
- Damning: should have known better
- Incriminating: shouldn’t have done that.
‘Trust but verify’ can probably be done on a random, spot-check basis rather than for every reporting cycle. The ‘trusting’ party should deal with undesirable outcomes as it sees fit.
The ‘trusted’ party should willingly and rapidly address any issues which can or have eroded that trust.
Further analysis of the reported compliance levels might be conducted to suit specific needs such as non-compliance by organisational unit, contract type, supplier, country and so on.
In today’s highly dynamic regulatory and political environment, yesterday’s dead certainty can disappear, change unrecognisably, just need a light refresh or remain acceptable just as it is.
Change may be forced or planned, and may need to be achieved overnight or over the longer term. Expecting and being prepared for this is a good risk management strategy.
Considering this environment, many aspects of a contract should be regularly reviewed for ongoing relevance. For contract obligations, the focus should be on the most critical commitments and those that are most difficult or tedious to check for compliance.
Over time though, every obligation should be assessed for ongoing relevance at least once."
Discussions with the supplier will always be needed, to highlight relevance-related concerns about the need for, nature or current settings of any obligations, and jointly decide on any achievable recalibration.
Where change to obligations is possible and desirable in some respect, amendments to the following should be expected:
- The contract
- Some of the data measurement requirements supporting compliance checking
- Some of the compliance check specifications
- The compliance checking timetable
- The compliance reporting regime.
Details of any such changes must be relayed to all interested stakeholders, regular participants in obligation compliance checking activities, and recipients of obligations compliance reports, as and when appropriate.
How to manage contract obligations with Gatekeeper
Manually tracking obligations is a huge task. Staying in control means having all obligations in one place. All stakeholders need visibility of a contract, its progress and its performance. Your business needs an accurate and centralised record of key dates and events. This could include items such as:
- When goods should be delivered by
- When a renewal is due
- When a contract is expiring
- When a contract review is due.
Manual methods often require Legal teams to extract this information and update it on an ongoing basis. This adds extra weight to their already large workloads.
It also exposes the business to human error. Data can be captured incorrectly. Important dates can be missed out. And if the document isn’t secure, anyone can change the captured data. This makes tracking obligations difficult.
So how can CLM software make contract obligations compliance easier?
1.Centralise contract metadata
When stakeholders want to see what’s on the horizon, they need total visibility of the portfolio. They don’t want to spend time locating contracts, information or related documents. So if your business stores agreements in a variety of places such as Excel, Sharepoint and email, it’s time to stop.
Contract management software provides automation and artificial intelligence. Rather than internal teams manually entering information, data can be accurately extracted from agreements. AI Extract from Gatekeeper can be used for legacy data and new agreements so you can stay ahead of all obligations.
Even if your data is currently in complex tables or is handwritten and hard to read, AI Extract can digitise it and store it against the master record in a central repository. This repository offers a single and secure location where all data is stored. You can see a history of all versions, who owns a contract and any actions that they have taken. By automatically extracting and centralising contract metadata, your business can work from a single source of truth.
Automatically extract and upload contract metadata with Gatekeeper
2. Keep obligations progressing with automated workflows
Bottlenecks are the enemy of progress. Without visibility of a contract’s current status, stakeholders won’t know what’s left to achieve. A delay in sign-off delays execution - and obligations won’t be fulfilled on time. Manually tracking a contract’s progress takes too much time. It often involves disrupting Legal teams to ask for updates. It can also mean that bottlenecks are left unidentified and unresolved.
Gatekeeper resolves this issue with its Kanban Workflow Engine. Access a visual and immediate snapshot of your contract’s progress. Identify and resolve bottlenecks to keep time-to-contract minimised. Combined with automated notifications triggered by key dates, there’s no need to manually chase other teams or suppliers. If an action related to an obligation needs attention, stakeholders will receive the alert straight to their inbox. This level of automation and visibility makes it easy to see any issues preventing contract obligations compliance.
Visualise and automate internal contracting processes
3. Assign ownership for contracts
Without accountability nobody is truly in charge of contract outcomes. That means obligations can easily go unfulfilled by all parties involved. Assigning contract ownership means that specific individuals have responsibility for contract obligations compliance. They must have visibility of their contracts and upcoming events in order to prioritise their efforts and ensure nothing slips through the cracks.
Even though a sole custodian may be named for a contract, Gatekeeper is a CLM system designed for the entire organisation. It is designed to prevent the silos that can often lead to failures within obligations.
The system enhances collaboration between Contract Owners and other teams with a messaging centre. Assigned owners can reach out to other stakeholders and suppliers, prompting them to take action or sharing updates about obligations.
Ownership of a contract may also need to change depending on what stage of the lifecycle it’s in. It may also change if the original owner leaves the business. That’s why Gatekeeper facilitates continual ownership. Agreements can be easily reassigned so someone is always accountable for obligation fulfilment. Internal changes shouldn’t be a reason for bottlenecks or oversights that damage external relationships.
See owners and communicate effectively with Gatekeeper
4. Improve contract visibility with dashboards
Contract owners don’t want to spend valuable time searching for information they need. Tracking contract obligations compliance should be easy. When upcoming events and potential risks can be easily identified, quick action can be taken. Gatekeeper provides visual dashboards, allowing contract owners to improve their monitoring processes for obligations compliance.
Users can see the entire contract portfolio at a glance. They can also drill down into the contracts they specifically own. Dashboards within Gatekeeper use a variety of colours to make risks and events easier to spot. Users can identify if a contract is coming up for renewal, a key date has been missed or compliance information needs updating. Dashboards also include RAG statuses, allowing users to prioritise attention where it’s needed most.
Obligations can also be centred around costs, performance and risk. Gatekeeper offers additional dashboards within each of these areas. This visual representation allows businesses to make informed decisions about their agreements. If obligations have been missed too many times or cost more than was forecast, a business may choose to end the relationship. Likewise, if all obligations are met or expected performance has been exceeded then third parties can be rewarded.
See the information you need with Gatekeeper's visual dashboards
Managing compliance with contract, regulatory, policy, process and other obligations is a good risk minimisation practice.The key to success here is increased visibility of obligations, their ownership and criticality.
A solid understanding of the pitfalls of non-compliance, a strong commitment to complying with their obligations by all parties, and a structured compliance checking program supported by appropriate alerting technologies are evidence of that visibility.
Achievement and maintenance of a high level of obligations compliance in at least all important contracts is a reasonable and worthwhile target.
It shows that, while individual contracts may have more compliance issues than others, at a portfolio level, obligation risk is being managed within acceptable bounds.
Not only that, but the Contract Lifecycle Management function can provide a solid indicator of its value to the organisation in the form of a validated obligation compliance level.
In this article we’ve presented an approach to help you achieve effective obligations compliance, and provided a useful template that can be modified to suit your particular circumstances.
If you would like more information on how to manage your obligations compliance then contact us today for a free consultation.