What is Contract Risk Analytics?

Following our post last month, ContractKen engaged with many practitioners to understand what is the best-in-class industry framework and approach to defining, measuring, and managing contract risks.

We attempt to summarize our viewpoint on contract risk analysis here.

Contracts exist so that the parties' risks, commitments, and obligations are well understood, negotiated, and managed. So, what do you mean by contract risk analysis? Is it a fancy way of saying contract review?

Yes, and No.

Contract Risk Management is a practice of active (re)definition, measurement, and management of legal, financial, brand, and security risks that have significant business impact potential. Risk clauses in the contract address situations when things may go wrong or opportunity costs for either party.

A rigorous approach towards these risk clauses is the foundation of management of contract risks.

What is the rigor and breadth of risk analysis?

It varies by the scope of the transaction. For e.g., below is one rank order to prioritize agreements for rigorous risk analysis

• M&A agreement

• 3rd party distribution or supplier agreement

• Technical Data or Product shipment

• Customer SoW

• Internal training requirement

What should be the frequency of such analysis?

Progressive companies keep track of regulatory risks as the language in your contracts needs to be compliant with changing regulations. Few examples:

• Standard Contractual Clauses (SCC 2.0 / Schrems effort) in the EU is an ongoing example

• LIBOR-related changes in the past

• GDPR, CCPA related changes in the past

• Emerging Risks like ESG

What is the best framework for risk analysis?

Most organizations have simple rules of thumb like below to categorize 'risky' contracts:

• Contract value > certain level

• Services involving sharing or transfer of data of personal or sensitive nature with outside parties

• Services for the provision of healthcare or administrative services (e.g., coding, claims processing, transcription) or any service/activity that requires a receipt, transmission, use, or disclosure of Protected Health Information (PHI)

• Intellectual property licensing

A rudimentary, yet effective, approach toward risk assessment is to identify all such factors for your business and assign each 'position' a score (say, higher for more risk). Then, have your contract managers score each contract according to the matrix, and lay special emphasis on riskier contracts.

A more sophisticated and scalable approach towards contract risk management is combining the use of Digital Playbooks and AI.

ContractKen is working with some leading US organizations to assess their contract risk frameworks, design & implement digital playbooks and leverage AI to automate the audit of a large number of contracts for risk.

How do you communicate around risk analysis with the rest of the organization?

Senior execs managing risk (GCs, CFOs, CROs) love Risk Dashboards which capture an enterprise-level view of contract risk trends. To enable the build-out of such contract analytics dashboards, organizations need to treat contract data as assets and link it with tools that extract and present risk information in a visual manner.

Analysis and management of various types of contract risk is a massive topic for each organization and deserves much deeper treatment. In subsequent posts here, we will discuss many of these elements and our approach toward them in detail.

If you're interested in diving deeper into this and benefit from our learnings, please reach out to us at hello@contractken.com or set up a time here.