Follow ACC Docket Online:  

Are You Quantifying Your Risks in Contracts?

The ACC Annual Meeting, held in Austin, TX, will begin in less than two weeks. Here, Chase D'Agostino, executive director of corporate solutions at QuisLex, overviews the various case studies that he and his fellow panelists will delve into at their session "Quantifying Risks in Contracts."

I n a world where litigation finance is bringing real underwriting to legal issues, there was a surreal scene that I heard about at the Association of Legal Technologists conference last February.

David Cambria, then-director of global operations for law, compliance, and government relations at Archer Daniels Midland (ADM), was sharing the company's matrix for categorizing legal matters. ADM's legal department uses a classic quadrant that segments matters by high/low business impact and high/low legal risk.

For example, ADM identified GDPR compliance as having high legal risk but low business impact. The law firms in the room disagreed and responded with a parade of horribles that could befall a company for failure to satisfy its GDPR obligations. Cambria conceded that the penalties were steep, hence the recognition of the legal risk. But he tried to explain that GDPR is uncorrelated with the price of corn, which is why ADM slotted GDPR as low business impact. (ADM is one of the world's largest agricultural processors and food ingredient providers.) The law firms were unpersuaded. To them, legal risk equals business impact.

The scene was surreal but not surprising. Legal professionals are not accustomed to quantifying, let alone pricing legal risk. They are prone to issue spotting and argumentation. This mentality fails to recognize that since resources are finite and the future uncertain, every business decision entails risk. Legal professionals drive value not just from spotting the risk but also from working with their clients to understand and distinguish the risks that are worth taking from those that are not.

At Marketo, the legal team came up with a risk scoring system for contract terms. For example, a provision capping Marketo's liability at US$1M might get a high score — the risk is clear and small, relative to the size of a company. By contrast, a provision that narrows Marketo's liability but leaves it unlimited might receive a low score. Sterling Miller, general counsel at Marketo, explains:

"We needed a simple way to understand risk in our contracts. Scoring contracts allows us to know where the problems are and which potential new contracts need further review by a cross-company committee. Having the committee review low-scoring contracts and deciding their fate takes the legal department out of the 'deal-killing' business because the committee decides yes or no, not legal."

For Marketo, this was not merely a prospective exercise to reduce risk and increase consistency across their contract base. Once contract terms were rated, Marketo could identify existing contracts that needed to be amended in order to conform to the company's risk tolerances. In just a few months, they were able to cost-effectively review and score 80,000 contracts by combining an alternative legal service provider, QuisLex, with AI-enabled contract abstraction technology.

As executive director of corporate solutions at QuisLex, it was fascinating for me to watch it unfold firsthand. This project was exciting because we saw the real business impact. We were helping a client not merely identify risk but remediate it. Taking steps toward quantifying risk to drive legal and business decision is something we are seeing as a growing trend in the industry and nowhere is this better exemplified than in the great work Marketo did.

Companies are also using risk categorization as a way to drive resourcing decisions (e.g., in-house lawyer, outside counsel, or alternative legal service provider). One reason VMware has won multiple industry awards is for assessing their contract workstreams in terms of risk profile, strategic importance, and required skillset to determine how and who should best handle each work type. This approach has led to a myriad of new approaches to efficiently handle their work: automation, self-service tools, business empowerment, process re-engineering, and outsourcing to name a few.

Aine Lyons, VMware's vice president and deputy general counsel of worldwide legal operations, comments:

"Every department has finite resources, including legal. We deploy our resources to maximize business value. There is little business value in great lawyers reviewing routine contracts, especially when you can introduce self-service options, like our NDA portal, or automated workflows that use AI to flag deviations from optimal language. Part of leveraging expertise through process and technology is letting go where it makes sense to let go and getting comfortable with smartly weighing risk based on data."

This is a nascent trend. While it's easy to establish a consensus that segmentation is useful, the conversation often breaks down when it gets to the particulars. The professional issue spotters come out in full force to observe that the map is not the terrain. How can legal risk not result in business impact? Where is the bright line between a "high risk" and "medium risk" when scoring contract provisions?

"This decision should be made on a company-by-company basis, underpinned by historical risk tolerances and industry trends," suggests Kevin Fumai, senior managing counsel at Oracle. He continues: "It also should evolve periodically over time, as business practices and operational policies are updated to meet (and exceed) new market demands." There are benefits of incremental improvements in accuracy.

What's important is getting started somewhere. I have worked with companies that start with simple categorizations. For example, all single source vendor agreements are "high risk" and need to be managed by an in-house lawyer. This gets the right mindset in place with the team as they start to distinguish tasks based on risk and further down the road we can break out more nuanced rules and classifications. At the complete other end of the spectrum, we are seeing companies looking at AI to help triage contract requests based on whether a draft fits within predefined guideposts.

The trend of quantifying risk in contracts and other legal workstreams will continue to expand. The topic is being featured at the upcoming ACC Annual Meeting in the session "Quantifying Risks in Contracts" at 2:30 p.m. on October 22nd. The session will include the use cases described above from me, Aine Lyons, Sterling Miller, and Kevin Fumai.

Learn more about the session and register for the event at the ACC Annual Meeting page.

About the Author

Chase D'AgostinoChase D'Agostino is an executive director of corporate solutions with QuisLex. D'Agostino works with legal departments and law firms to design, implement, and oversee solutions that reduce risk and cost while increasing efficiency and productivity. Drawing from his experiences as commercial counsel at Colgate-Palmolive and as an associate at Simpson Thacher & Bartlett, D'Agostino understands the day-to-day challenges faced by in-house and law firm lawyers. He is well-versed in the leading legal technologies, including contract management tools and AI tools.


The information in any resource collected in this virtual library should not be construed as legal advice or legal opinion on specific facts and should not be considered representative of the views of its authors, its sponsors, and/or ACC. These resources are not intended as a definitive statement on the subject addressed. Rather, they are intended to serve as a tool providing practical advice and references for the busy in-house practitioner and other readers.