In the first part of our series ‘The False Promise of LegalTech CLM Solutions’, we learnt about the negative impacts of deploying a tool to manage your company’s contracts that has been built solely to serve the needs of your Legal team.
‘Why LegalTech CLM solutions are bad for your Business and your Legal team’ demonstrated the detrimental consequences of LegalTech ‘CLM’ solutions that support the Legal team but disempower the wider business in taking ownership of key stages of the contract lifecycle.
The real impact of Legal owning all things ‘contracts’ is they have an unrealistic workload, drown in low-value work and suffer from a poor internal reputation. Meanwhile, the majority of value negotiated in the contracts goes unrealised and the business is exposed to unknown risks. That's why LegalTech CLM Solutions are not CLM solutions at all.
In this article, we will look at another crucial concept in the scope of Contract Management that is missing in LegalTech solutions and needed more than ever before in corporate history. This stems from the concept - ‘You don’t Contract with a Contract’.
To step through this concept, let’s take a step back and consider the unique challenges faced by all businesses today.
Corporate Climate Change
We are living in an era of ‘corporate climate change’. In fact, we are in the perfect storm:
There are three trends that all businesses face for the first time in corporate history:
- Digital Transformation - there is a tsunami of change in the way all of us now work. The planned digital transformation journeys companies had embarked upon were immediately and vastly accelerated by Covid. The violent and concussive impact of Covid changed our professional and personal lives in a profound and lasting way. We will never work the old way again.
- Sweeping Legislation - there is a seismic shock of regulatory change sweeping every industry on the planet. Regulations such as GDPR, CCPA and Schrems II are more frequent, wider-reaching and carry more severe penalties than ever before. Gone are the days of a slap on the wrist from the regulator. Today’s fines are material and the implications of non-compliance are ruinous. Not only are we responsible for our own adherence to these regulations, we are also responsible for the compliance of the complex web of suppliers that support most businesses. The vast majority of businesses are simply not ready to respond, let alone achieve compliance, leading to dire consequences.
- Explosion of Data - the exponential growth of data within organisations continues to present profound problems and opportunities. In 2022 the amount of data created, captured, copied, and consumed worldwide will have grown 50x since 2010. All companies face the challenge of security and storage at a never-seen-before scale combined with the need to embrace technologies that can extract actionable reports and insights.
This changes everything
In this perfect storm of corporate climate change, our old ways of working are simply no longer fit for purpose.
We need to fundamentally change our approach in order to survive. History tells us that while some may, others will not.
Winners and losers
The unique challenge we face today represents a new chapter in the history of commerce.
Companies through the ages have faced radical changes from the industrial revolution to the advent of the internet. There have been winners and losers - and even the world's biggest brands have faced consequences for non-compliance.
- Amazon was fined €746 million for GDPR breaches, with claims that the advertising system isn't based on free consent.
- Google was fined €50 million by French regulators for a "lack of transparency, inadequate information and lack of valid consent regarding ads personalisation."
- Even retailers face financial penalties, as H&M received a fine for over €35 million due to monitoring several hundred employees.
History, like evolution, tells us it is not the strongest but the most adaptable that survive and thrive.
So how do we react?
The best companies understand that in addition to adopting a ‘cloud-first’ strategy to deploy best-in-class solutions that support their office, remote or hybrid teams, they also need to harness their data as a corporate asset. They recognise that the only defence against the tectonic shifts in the regulatory landscape is to understand all risks the business faces directly and indirectly in a data-driven approach.
The best companies understand that not only do contracts store much of the data they need to ensure compliance with regulatory changes - they understand that Contracts are in fact their number one corporate asset.
Contracts | Your number 1 Corporate Asset
A company's contracts are the foundational layer of commerce and protect all companies assets and define all liabilities. In fact, I challenge you to find any area of business that has value or represents a risk that is not defined in a legally binding contract.
The contractual foundation of your business defines:
- Revenue - all sales revenue with all customers
- Costs - all spend with vendors and third parties
- Risk - the risk management and agreed mitigation strategies with vendors and third parties
- Liabilities - the impact of non-compliance with your obligations
- Compliance - the regulatory standards between you, your vendors and third parties
- IPR - the protection of your IPR with and between your vendors and third parties
- Insurance - the agreed level of protection with your Insurer and customers
- Assets - the protection of all balance sheet items - the company’s net worth
In reality, without a deep understanding of the agreements made with all customers, vendors and third parties, a company cannot even respond to a new regulation let alone be compliant.
Contracts play a critical role in the Regulatory Eco-System as can been seen in the diagram below:
Contracts can be very complex and define many promises between the parties but typically include:
- Obligations - the contractual commitments made between the parties
- Liabilities - the scope of the financial impact of non-compliance to your obligations
- Data - the type of data exchanged between the parties and agreed protocols and regulations
- Pricing - the agreed pricing of the product or service along with any pricing tiers and refunds
- Service Levels - the defined SLAs, measurement and penalties for non-compliance
- Indemnity - mutual or exclusive legal and financial protection in the event of a claim
- Termination - how to terminate the contract by a given date or in the event of non-compliance
- Governing Law - the legal jurisdiction to interpret the contract in the event of legal proceedings.
As we outlined in ‘Why LegalTech CLM solutions are bad for your Business and your Legal team’, locking this data within a document in a LegalTech CLM prevents the empowerment of wider business to ensure compliance and drive value. The proactive management of this data is vital to unlock the benefits of the contract and minimise corporate risk.
However, contracts are only part of the Regulatory Eco-System as you don't Contract with a Contract.
You Contract with a Vendor or Third Party.
You don’t Contract with a Contract. You Contract with a Vendor or Third Party. [Click to tweet]
Your Regulatory Eco-System
In this era of corporate climate change, it is no longer good enough to store basic information on your contracts such as end dates and termination provisions.
The current regulatory landscape demands that you not only extract and proactively manage your contract obligations but also ensure that your vendors or third parties are themselves compliant. In some industries, this also extends to your vendors’ subcontractors, also known as ‘Fourth-Party oversight’.
As a company or operating group, you may have many contracts for the same or similar service from multiple vendors. You may also have many products and services from the same vendor. The contract you form is between two parties - your company and your vendor.
The vendor or third party is part of your Regulatory Eco-System whether you like it or not. The contract and vendor are two sides of the same regulatory coin.
The contract and vendor are two sides of the same regulatory coin. [Click to tweet]
Considering only one side of this coin leaves you partially blind and horribly exposed.
The regulatory landscape dictates that you need to know that you vendors and third parties are compliant in all key areas:
- InfoSec - compliance to Information Security standards for your industry
- Data Processing Agreement (DPA) - governing how company and customer data is managed
- Sub-Processors - the data location and management of your sub-processors (now exponentially more complex and onerous due to Schrems II)
- Criticality - segmentation of your vendors into tiers to reduce the compliance workload
- Credit Score - the live credit rating by an industry body indicating their financial performance
- Risk Score - the live risk score that can warn of litigation, liquidation and key changes in management
- Sub-Contractors - the vendors’ or third parties’ own suppliers relied upon to deliver the product or service
- Accreditations - the required accreditations for your industry such as ISO 9001 and ISO 27001.
It is not possible to be compliant in today’s regulatory climate without understanding, digitising and reporting on the data related to the contracts you execute and the vendor or third party with whom you transact.
This regulatory landscape is ever-changing and dynamicTo add to the complexity, the Regulatory Eco-System changes hourly. As highlighted by Covid, industries can be paralysed almost overnight. This materially changes the status of all current vendors and third parties and requires immediate action.
However, regulatory volatility is only one challenge. As the business continues to evolve and grow there is an ever-growing demand for new products and services. This means more contracts and new tranches of compliance and regulatory risk that needs to be managed with the new vendor or third party.
The fundamental regulatory flaw of LegalTech ‘CLM’
This, again, is where LegalTech ‘CLM’ solutions fundamentally fail.
They are by their nature document-centric solutions. They often have nothing more than a simple record of a ‘company’ with some basic tagging information to represent this vital regulatory entity of a vendor/third party.
There is little to no functionality to support the workflows required to capture and record compliance during vendor onboarding or to schedule regular automated reviews of critical regulatory data.
LegalTech tools are built to support the generation and negotiation of a document. This approach logically appeals to a legal audience as their scope of work is often focused on the contract itself and much of their effort to protect the business is leveraging their high-trained drafting skills in minimising contractual risk.
However, as we have learnt, the days of corporate risk being mitigated entirely within the Legal team are long gone. It is simply no longer possible nor is it reasonable or achievable to place this responsibility on the Legal team.
LegalTech ‘CLM’ solutions lock away a company’s number one corporate asset within the Legal team only. In doing so they leave the Legal team partially blind to the regulatory risks the business is facing. They also paralyse all other departments within the business that need to work in unison with the Legal team to achieve compliance in an ever more challenging regulatory landscape.
LegalTech ‘CLM’ solutions lock away a company’s number one corporate asset within the Legal team only.'
You can’t lock away Contracts in the Legal team. You don’t Contract with a Contract.
In this perfect storm of corporate climate change, there will be winners and losers. Those who take a unified approach and those that continue to solve business-wide challenges in a silo.
Gatekeeper provides a unified contract and third party management platform with unlimited users, live Risk and Credit Scores and an onboarding and compliance portal to ensure input from every stakeholder to help manage contracts within your business, reducing the load on busy Legal teams.
See live risk and credit scores with MarketIQ
To find out more and get a demo of Gatekeeper, get in touch today.