For companies with disparate systems and processes, managing contracts and contractual relationships remains a challenge. Yet, failure to keep contracts current may also result in a failure to satisfy regulatory demands, posing compliance and legal risks.
Knowing how to properly manage risk across the company’s entire contract portfolio is a critical part of maintaining compliance with contractual agreements and ensuring that contracts remain current and in line with regulatory requirements in the United States and abroad. In a June 27 Compliance Week webinar, compliance and legal executives shared what effective strategies they have developed within their own companies to make their contract management processes more efficient and transparent.
At a high level, leading companies are employing digital strategies where appropriate and are seeking to automate tasks by using such technologies as data analysis tools, dashboards, continuous monitoring, data warehousing, and data extraction tools. The idea is that the more that compliance and risk teams can analyze all the data the company has in relation to its compliance requirements, the more value the compliance department can bring to the company, and the more forward-looking the business can be in managing and predicting risk. “These are powerful concepts that are changing the way that leading organizations are running their compliance departments,” said Sanjay Manocha, vice president of compliance at Conduent, a digital solutions provider for businesses.
“The greatest potential for immediate gains is in the world of contracts, and the intersection between compliance and contracts,” Manocha added. This includes supplier contracts, partner contracts, employee contracts, customer contracts, and more.
Current advances in artificial intelligence provide companies the ability to easily extract language from contracts—such as rights, duties, and obligations—and link those to business operations, providing greater transparency into whether those contracts are being complied with. Moreover, because most contract terms are standard across the board, there’s also the opportunity for companies to automate the contract-creation process, so long as certain terms and conditions are not specific to region, product, or service.
Regulatory change management is one example of an area ripe for automation in the contract management space. When talking about regulatory change management, it’s important to understand which contracts are impacted, which need to be amended, and how to communicate those changes to key stakeholders—such as sales teams, customers, and suppliers. The question companies are faced with is, “How do we make that as seamless a process as possible?” Manocha said.
“The greatest potential for immediate gains is in the world of contracts, and the intersection between compliance and contracts.”
Sanjay Manocha, VP of Compliance, Conduent
In fact, that is the challenge that car rental company Avis Budget Group is tackling right now, following the recent enactment of the EU’s General Data Protection Regulation. Specifically, Article 28 of the GDPR requires specific terms to be included in contracts. Thus, to ensure compliance with GDPR, Avis decided to amend all of its vendor agreements to include these new provisions, said John Podesta, privacy officer and associate general counsel at Avis.
That step involved reaching out to appropriate stakeholders to identify which vendors handle personally identifiable information, both related to customers and employees. To achieve that, “we had several business sessions with several stakeholders across the organization to educate them about the law, its requirements, and what information we needed from them,” Podesta explained.
Once Avis had identified which services and vendors were, in fact, under the scope of GDPR, the next step involved pulling up those contracts. That may seem like a relatively straightforward concept, but depending on the size of the company and whether all contracts are centrally located and available, “the document-gathering process can be very time consuming,” Podesta said. You must also account for how to assess and handle contracts in different languages, he said.
In addition to reaching out to stakeholders, Avis also developed a data-processing addendum template for its vendors to execute, with the idea being that Avis would have one consistent form for all vendors. Although you can use internal resources—like your in-house legal team or procurement department—to achieve this, Avis decided to enlist the help of outside counsel and a service provider to reach out to vendors and engage in that first round of negotiations, in case there was any pushback, Podesta explained. To facilitate communication between everybody, Avis implemented a collaboration portal where we could review and update documents and see the status for each.
The other challenge was that many clients were requesting that Avis amend its agreements for provisions of services that Avis provided to those clients, Podesta said. Much of it was driven by “a knee-jerk reaction” to GDPR compliance, he said. “Many amendments didn’t apply to the type of services we provide, so we needed to educate our clients and let them know what terms were applicable to us. We also educated sales so they could speak knowledgably on this issue.”
It’s important to provide clear guidance around what processes would require escalation, Podesta said. For example, if there’s pushback on an indemnification provision or an audit provision, you would want clear guidance identifying which stakeholders to send escalation matters to. For its part, Avis drafted a playbook for its service provider and outside counsel spelling out its expectations concerning contracts.
Another aspect of proper contract management is contract compliance. “Contract terms must be a function of the contract risk, which then needs to be a function of the deal model,” said Joseph Suich, chief compliance officer and counsel at GE Power. “The deal model drives the risk, which drives the contract terms.”
Understanding the deal is so important, Suich stressed. “Don’t miss that step. That is the step that drives everything else.” Suich said that’s the reason why he pushes his folks to make sure they have a seat at the table as the deal is being structured, so that they know how to properly mitigate both the contracting and execution parts of the deal.
The sales/commercial contracting-to-execution handoff is often flawed, Suich said. One way to plug that hole is “to make the people giving the thumbs up in the beginning also on the project execution side, as well,” he said.
Consider having that same team do project site visits, as well. “We do 90 site projects site visits at my division a year, where my folks are getting their boots dirty walking around at the projects looking for compliance issues,” Suich said. Specific examples include competitive bidding issues, or environmental, health, and safety issues. “They may not be experts in all of this, but they’re looking with eyes wide open,” he said.
It’s also important to pay attention to any provisions in the contract that may need revisiting. “If you are dealing with the folks who are dealing with the contract and drafting the contract, and you’re responsible for governance, are you capturing all the issues that you’ve had with prior contracts for related services?” Manocha said. Understand which contracting standards didn’t work in the past that now need to be changed. Create a knowledge management platform so that when you’re drafting new contracts with new suppliers, you’re capturing that information, he said.
Also, make sure employees are properly trained. Train folks to look at the bidding process. Train folks to look at the execution process. Train folks on not just when they’re going through customs, but also on when they’re using a custom broker, things like looking for issues on customs forms that are improper or incorrectly labeled or amounts that are incorrect, Suich said.
Use advances in technology to improve compliance training. “It’s not fair to say, ‘Get it right every single time.’ That’s not the way to go. If you provide a simple technological path, people will follow that,” Suich added.
For example, GE Power provides its sales reps a compliance app. That way, they can seek immediate guidance from the app when they have question. If they’re in a meeting, for example, they can dismiss themselves from that meeting, go to the app, and see whether they can talk about an issue, for example. This app also gives them contact information at their fingertips, and the ability to call a lawyer 24/7, should they have questions.
In addition to processes and technology, the people part is a key aspect to proper contract management. “It takes a tremendous amount of coordination,” Manocha said. “It takes a tremendous amount of collaboration and the right messaging for your organization—whether it’s with the folks drafting the contracts, folks enforcing the contract, or the folks dealing with the counter-parties to get them on board with the reasonableness of the terms that you’re seeking to obtain. It’s a very delicate process.”
As the regulatory environment grows more complex, it’s important for companies to stay ahead of these changes. The good news is that risk and compliance teams today can employ tools that provide greater transparency around the contract management process. “The goal in all of this is getting ahead of the ball,” Manocha said, “striving for simplicity and collaboration and working across cross-functional teams.”