Dive Brief:
- Nearly half of companies (48%) say their enterprise risk is rising, with a growing reliance on third-party relationships contributing to much of that higher risk, according to Forrester Research data presented at a legal technology panel discussion.
- Cybersecurity attacks and procurement decisions to favor commercial technology over building internally are also major legal risk factors, said Alla Valente, a senior Forrester analyst who specializes in enterprise risk management.
- Artificial intelligence is beginning to play a role in contract management and helping companies respond to new risks via their contracts, according to the panel of experts from Evisort, Microsoft and Forrester.
Dive Insight:
Third-party relationships, governed by contracts, have become a central element of many organizations but those partnerships also introduce risks for legal managers.
The importance of these contracts is growing and they can become “just another risk-management tool” in a company’s legal toolbox, Valente said, speaking Thursday on a webinar sponsored by Evisort, a contract management software company.
In-house counsel, legal officers and other risk managers must define a role for their contracting practices in mitigating risks and know what’s in existing agreements.
One of the tougher tasks in assessing contracts is “a get-clean and a stay-clean process” of analyzing agreement language in light of new risks or regulations, said Tom Orrison, Microsoft’s senior director of legal operations.
AI can help analyze a body of contracts to flag risks or note changes over time in areas where older agreements may not align with newer ones. “Spending a lot of money for a manual review of all contract provisions … is not always feasible,” Orrison said.
The technology giant, for example, has about 1.5 million contracts, and takes on roughly 150,000 new ones each year. Evisort is among the technology vendors assisting Microsoft’s contract-management work.
Another area for risk management involves the agreements related to the large amount of commercial technology that many companies acquire for their operations. Buying, rather than building it yourself, can save capital expense but that also increases a company’s dependence on third-party external systems that can suffer cyberattack or otherwise fail, Valente said.
“We’re buying all of this technology, so we have these huge volumes of third-party ecosystems,” she said. “It’s just introducing more risk that really kind of tempers some of the benefits they’re getting.”
Another area of risk the panel identified stems from technology innovation occurring at a far faster rate than what regulators and policymakers can keep pace with. Generative AI, for example, has proliferated rapidly in the past three years even as policy oversight has advanced relatively slowly.
As they catch up on AI, data privacy and other issues, regulators in Europe and the U.S. often look to the language in commercial contracts as a guide for risks and best practices, with much of the policy focused on managing third-party relationships, Valente said.
“Make sure you have the right contractual arrangements and the right contractual protections,” she said. “You don’t need to wait for regulators to tell you what you need to do.”
AI has made many legal professionals nervous, fearing a loss of their job or less value being placed on their expertise in a particular area, Orrison said. “Careers were made based on subject matter experts knowing the most,” he said, noting that AI “democratizes” a knowledge base.
Lawyers, however, will remain valuable because of the “reasoning capabilities” they provide atop AI data and subject expertise, he said. “It’s the (legal) judgment on top of this,” Orrison said, and AI “is not taking that away.”