Most executives consider each contract as a discrete data point of risk exposure, but few have a true understanding of their organization’s aggregate potential exposure or the activities and events that could trigger obligations and liabilities across an entire category of contracts simultaneously. With targeted data abstraction and contract analytics, General Counsel, Chief Risk and Compliance Officers and in-house attorneys can transform their contract libraries from a black hole of unknown, unquantified risk into a strategic enterprise risk management asset and competitive differentiator.
Aggregate Contractual Commitments and Enterprise Exposure: Is One of Your Largest Potential Risks or Opportunities Hiding in Plain Sight?
Most companies have adopted well developed measures for managing risk at the individual contract level. In-house counsel steadfastly focus on negotiating the discrete terms of each agreement, fighting for the strongest protections while ensuring that exposure to the company is minimized. Operations teams establish robust measures and controls to manage risk, with the expectation and intent that the organization will be fully compliant with the terms of the contract. Yet more often than not, after signing the contract is put away on an electronic shelf and ignored, only to be re-visited when a triggering event has occurred. Further, the electronic library that the contract resides in is used primarily as an administrative and storage tool.
Executives who believe that they have covered all the bases in managing contractual risk by taking this one-off approach fail to recognize the aggregate exposure embedded in their contracts, as well as the opportunities to leverage key terms that can impact the bottom line. In order to assess whether a company is extracting the most value from its contracts, executives should consider the following questions:
- Does your contract database function as dynamic, query-ready tool that enables your team to run customized reports and produce actionable enterprise risk management insights on an ongoing basis?
- Do you periodically calculate the aggregate impact of a single major event?
- Can you confidently identify the aggregate risk embedded across all of your contracts – from an enterprise-wide as well as line of business perspective?
- Have you considered the aggregate exposure embedded in all of your contracts in right-sizing your organization’s insurance coverage?
- Do you periodically review your aggregate contracts in order to identify cost reduction or revenue increase opportunities?
Companies who cannot answer each of these questions with a definitive “yes” are missing the opportunity to take full advantage of an existing resource. Executives recognize that not all contractual commitments are the same – yet without a thorough understanding of the risks embedded in all of their contracts, they do not truly know the exposure of risk to their organizations, potentially leaving their company vulnerable to risk that is hiding in plain sight. Further, they may miss opportunities to generate revenue or improve other financial metrics.
An underutilized strategic asset
In the event of a crisis, response time is critical. When a company triggers its crisis management plan, it must identify and quantify the extent of the crisis in order to address potential public relations, reputational, financial, and regulatory and compliance issues. If a company has not already identified and analyzed its aggregate contractual risk and implemented a program to measure, and monitor that risk on a periodic basis, when the crisis hits, it will be too late. Without the guidance of existing data, a company will essentially have to start from scratch, devoting significant time, energy and resources to locating relevant documentation, identifying parties that need to be notified such as regulators and clients, and evaluating the exposure associated with each affected agreement. All the while the fines, penalties and/or contractual liabilities are piling up. The urgency of managing a crisis, coupled with limited knowledge on aggregate exposure, is likely to lead to highly unfavorable results.
Nobody can predict when a big subpoena or cyber breach will occur, but when it does happen, executives should have immediate visibility into risk exposure across clients, geographies and lines of business. Executives with a holistic view of their aggregate contractual risk in advance of a crisis event are better positioned to evaluate exposure more efficiently and accurately, and to confidently lead their organizations towards crisis resolution.
The scope and complexity of monitoring aggregate contractual risk and periodically conducting deep-dive analyses in order to truly understand the enterprise-wide exposure will vary depending on the extent to which form agreements are used. Utilizing form agreements and established internal protocols and standards for acceptable legal and financial terms may simplify things. On the other hand, organizations that regularly negotiate bespoke contracts may find these tasks daunting. In either case, the ability to run reports and track exposure in real time on a company-wide level is essential to navigating the breadth and depth of an organization’s contractual data.
Enter Next-Gen Contract Management – a holistic, data-driven approach that enables a thorough understanding of the interdependencies of contractual exposures, more accurate risk calculation and forecasting, and ultimately, better business decisions across various enterprise activities.
Next-Gen contract management in action
Proactive Avoidance on Noncompliance
Transforming a contract database into a strategic asset provides a greater visibility into possible risks that may occur in various scenarios. By understanding the scope, probability and events that trigger different contract clauses, organizations can increase better prepare to mitigate their level of exposure.
For instance, many contracts contain a clause requiring parties to comply with all applicable laws and regulations. In the event of a breach, the non-breaching party typically has a right to terminate the agreement, and there may or may not be penalties associated with the termination. Regulators may announce changes in law or regulations which, when implemented, will impact how a company conducts its business. Proactive management of these obligations is essential. Being able to query a sophisticated contract management database driven by predictive analytics enables business leaders to evaluate and understand the scope of business impact, develop an organized response plan and quantify the hard and softs costs associated with the new compliance obligations. In addition, timely regulatory compliance eliminates the risk and impact of contractual noncompliance.
A thorough understanding of aggregate risk can also bring significant insights from the perspective of right-sizing an organization’s insurance, helping executives make better-informed decisions and avoid the unnecessary cost of being over-insured in areas that are less relevant to their company – or worse, the threat of being under-insured. For example, a company that regularly “touches” personal identifiable information or personal health information needs to ensure that its insurance coverage for cyber security events is right- sized not only for the inherent and residual risks of its business model but also for its commitments and obligations embedded in customer and vendor contracts. Being underinsured can be devastating to the bottom line if a trigger implicates multiple agreements, geographies or business units at the same time.
Unlock Revenue, Avoid Costs and Enhance Margins
Utilized correctly, a strategic contract management database can help a company unlock revenue, avoid costs and enhance margins. For example, contracts often contain cost of living adjustment (COLA) provisions, deferred payment penalties, and various other rights to upcharge. Without a way to quickly and easily query your database, it would be impossible to know if contracts that may have been written years ago contain these provisions. As a result, these opportunities may go unrealized. By using a contract management database, organizations can monitor for these situations, increase their price accordingly, or levy the extra charges thereby driving additional revenue.
Organizations that rely on their contract libraries as static, administrative tools may also fall victim to unnecessary costs that would have been identified and avoided more easily with a strategic contract management database. For example, a company that is not satisfied with a specific vendor from a pricing or offering standpoint may have agreed to an auto-renew clause in its overarching agreement with such vendor. Without a dynamic contract database, this company may overlook or miss the notice date to trigger its termination right only to find itself committed with the vendor for another term. On the flip side there may be an auto renew right that locks in a lower than market price increase. By missing the deadline to elect this option, the vendor will be able to mark-to-market the pricing of its services.
How to unlock the most value from your contract library
General Counsel and Chief Risk and Compliance Officers can adopt a NextGen Contract Management approach and strengthen their enterprise risk management programs by taking the following steps:
- Establish a dynamic, query-ready contract database that transcends administrative and storage utility
Today, many companies that have invested in advanced contract management systems are not using such systems to their full advantage. Online contract databases are often used merely as an administrative tool (i.e. storage, parsing data). A sophisticated digital contract library should be used to generate custom reports that identify and quantify opportunities and risks, thereby empowering the legal and business teams to make data-driven decisions. A digital contract database can also be used to support prospective analysis and opportunity cost assessment. For example, a company deciding whether or not to continue to run a business unit or shut it down in the wake of new regulations which will increase costs significantly could use Next-Gen Contract Management to run hypothetical scenarios and leverage predictive analytics to make reliable, data-driven insights into the risk and cost-profile of the business.
- Identify areas of significant contractual risks and obligations
Executives should conduct a heat map exercise to identify areas of significant contractual risks and obligations, considering each specific customer contract to establish an aggregate or enterprise view. The heat map exercise should contemplate the inherent risk to the company (by adopting a quantified scoring methodology assigning a weighted value for each risk), as well as mitigating factors that can be implemented.
When conducting the heat map exercise, it is critical to consider the various nuances of your organization. Using a one-size-fits-all approach will not take into account the different risk profiles of each line of business, and therefore will not be as effective in your analysis.
- Regularly monitor areas where there is aggregate exposure
Organizations should leverage predictive analytics to develop regular reports monitoring their risks based upon the heat mapping and scoring exercise described above. By understanding which events are most likely to trigger adverse events for multiple clients, they can better prepare for and prevent these situations as well as increase their crisis readiness.
The overwhelming amount of data in an organization’s contract portfolio represents substantial risks but also presents a business opportunity that is too often underutilized. Chief Legal Officers and Chief Risk Officers should seize this opportunity and use their company’s data for strategic risk management and revenue and margin enhancement. By partnering with an experienced provider to implement NextGen Contract Management, they will gain a holistic view of their enterprise-wide contract exposure and unlock value hidden in their contract libraries.