CHEAT SHEET
- Cloud potential. In-house counsel can be using cloud-based technologies to its fullest potential by incorporating the vendors and sellers of a client.
- Mitigating risk. It is a top priority of in-house counsel to ensure that information coming from a supplier is accurate in an attempt to avoid labor class actions and global sanctions.
- Vendor agreements. Using the cloud to monitor vendors will make the error-ridden process easier and more accurate by amalgamating all of the information into one place.
- It’s more than trust. Through the cloud, business leaders and legal advisors can have access to the most accurate and representative data.
The cloud should be about more than making your legal department run smoothly. Today’s technology can bring acceptable levels of risk if the solution promotes business transparency and collaboration with global suppliers.
Startups and large multinationals have been implementing cloud-based business solutions for years. And why not? There’s no hardware to install or replace. If you go with a reputable vendor the solutions are highly secure, and updates happen in the background. Even some of the most mundane of business tools, like word processing, are now cloud based, enabling simultaneous global collaboration. Sales, marketing, and customer service teams are using customer relationship management solutions to do everything from manage sales pipelines to handle in-bound customer calls. HR teams are using cloud-based platforms to deploy global learning programs and manage benefits. In fact, virtually every department is now leveraging the cloud, and even corporate legal teams have started to embrace cloud-based solutions.
“Board of directors need a clear understanding of cloud technology benefits that allow anytime/anywhere access for compliance and cost-management; and, how to maximize them through effective governance practices,” says Patrick Stakenas, Determine president, CEO, and director. “This requires the board to see cloud technology not as an IT project, but rather as a business strategy.”
At its most elemental this includes electronic-signature solutions to speed and track the execution of legal documents, but it also includes case- and client-management tools to synchronize group calendars, and provide secure and searchable document storage. Corporate legal teams are also using virtual law-offices to collaborate with outside counsel on cases, as well as legal-focused project management solutions. Legal teams need to know their work is highly secure, and many are leveraging encrypted-mail and document-exchange solutions.
And this should be celebrated. It means that teams from anywhere in the world can quickly and safely share information and protect businesses from risk. Yet, these solutions are all about making the day-to-day work easier and more efficient. However, it’s not enough. To truly leverage the cloud, legal teams need to be looking at how they can use the cloud to manage one of their biggest risks, their vendors and suppliers.
What happens in Bangladesh matters in Arkansas
A little more than three years ago, in April 2013, a shoddily constructed eight-story building located in the outskirts of Dhaka, Bangladesh, collapsed, killing more than 1,100 people and injuring at least 2,000 more. The building, called Rana Plaza, housed multiple garment factories supplying low-cost clothes to some of the biggest brands around the world. Even as large cracks emerged in the building’s structure, and an engineer warned of a collapse the day before, factory owners sent their employees back in to work. Bangladesh has emerged as a major center of clothing manufacturing — and, in some cases, worker abuse. The web of 5,000-plus authorized and unauthorized factories make it difficult for companies to know exactly where their products are being made, and under what conditions. In our digitally transparent age, there is an irony in the fact that many suppliers succeed by keeping their clients in the dark.
In the immediate wake of the Rana Plaza disaster, for example, Wal-Mart declared in no uncertain terms that none of its suppliers used Rana Plaza garment factories. However, in the rubble of Rana Plaza, several contracts were found that suggested otherwise. One document revealed an order from Wal-Mart supplier Fame Jeans for 5,322 dark blue wash, skinny fit, girl jeans to be delivered to Wal-Mart in the fall of 2012. The CEO of Fame Jeans blamed “rogue employees,” telling the New York Times: “it’s very clear that Wal-Mart did not authorize me in any capacity to work within this factory.”
Yet, Wal-Mart’s multi-billion dollar reputation is now forever linked to this tragedy because of nearly zero transparency with its supplier. There were other companies, of course. The Italian brand, Bennetton, the Spanish fashion giant Zara, the UK-based retailer Primark, and Canada’s Joe Fresh sourced clothes from Rana Plaza’s factories. Beyond damage to a company’s reputation, any corporate attorney reading this story is no doubt wincing at business-crippling legal exposure.
Earlier this year, in May, a US federal judge dismissed a US$2 billion lawsuit brought against Wal-Mart, J.C. Penney, and the Children’s Place by Rana Plaza survivors. The judge ruled, in part, that the plaintiffs missed a filing deadline required by Bangladeshi law. A similar lawsuit is still pending in Italy, and survivors also filed a US$2 billion class-action lawsuit in Canadian courts against Loblaw, the parent company of Joe Fresh.
While clothing is decidedly lowtech, the biggest names in hightech have also been tripped up by their suppliers. Apple Inc. has been particularly vigilant about abuses within its supply chain, especially in the wake of recent controversies involving its massive Chinese supplier, Foxconn. These included allegations of sweatshop conditions, forced overtime, and other factory-floor miseries that led to a rash of Foxconn-employee suicides in 2010. Apple, for its part, has taken an aggressive stance with its suppliers. It issues an annual supplier responsibility report highlighting its efforts to manage abuses in its supply chain. In 2013, the company reported that it found children working in 11 factories that assembled Apple products. That year Apple cut ties with a Chinese component maker after 74 children were working on the factory floor. In its most recent report, Apple found just three instances of underage employees in its supplier facilities.
The challenge is that even for Apple, it can be very hard to know exactly what’s going on with your suppliers. The BBC recently reported on the use of child labor in the Democratic Republic of Congo where an estimated 40,000 children are employed in the mining industry. The mines are a source of cobalt, a critical element in the manufacture of lithium batteries that power the world’s most popular smartphones, tablets, laptops, and more. As the cobalt makes it way up the supply chain into the final product — lithium-ion batteries — it’s incredibly difficult to audit all suppliers for ethical business practices. While cobalt mining is an extreme example, the same can be said of almost any service. Do you know, for example, if the commercial cleaning service for your building is in compliance with federal laws around documented workers?
Here’s the real crux of the matter. Wal-Mart, Apple, and other enormously capitalized companies can survive devastating blows to their reputation — even ones unwittingly dealt by their own suppliers. But most companies can’t. Today, it’s more critical than at any other time in history to understand exactly how your suppliers are operating, so that you can protect your business, manage risk, and avoid being burned by the glare of mainstream and social media.
Beyond sweat shops — Sweating the small details with suppliers
It’s not just the hot-button issues of child labor and sweatshop conditions that put your company at risk. It includes knowing if your suppliers’ certificates of insurance are up-to-date. It also includes ensuring that your suppliers abide by codes of ethics, environmental policies, and food-safety protocols. It can also include ensuring your suppliers meet certain diversity requirements called for in large-scale multi-supplier contracts. This guarantees that your suppliers have formally agreed to conduct business in a certain way — via signed documents, agreements, and contracts.
The risk of not knowing goes beyond the class-action lawsuit. As any good corporate attorney knows, just the existence of a lawsuit can damage your company’s credibility. Threats to the business also include administrative penalties from federal, state, and local regulators if your suppliers are out of compliance. Add in crisis-management expenses if your suppliers’ poor environmental record touches your business. A supplier with lax data-security can open your company to federal and state investigations, and expose customers and employees to identity theft and online piracy. Far from the remote mines and sweatshops of the developing world, these risks are global and becoming increasingly relevant in developed economies from North America to Africa, and from Europe to Asia.
Thanks to advances in technology and cloud delivery of software, there is an enormous opportunity for companies to realize greater efficiencies and seamless collaboration with vendors and customers around the globe. When leveraged the right way, these advances can help companies reduce risk, increase visibility into their suppliers, and improve collaboration between suppliers and various internal departments.
The VA wants spending data
Recently, the United States Department of Veterans Affairs (VA) was in the process of renewing a significant vendor agreement with a global specialty pharmaceutical company based out of Malvern, Pennsylvania. The original agreement with the VA required the pharmaceutical company to establish spending goals with a range of small-businesses and diverse sub-contractors. These included HUB Zone certified businesses — typically those in high-unemployment areas — as well as woman- and veteran-owned business, and also companies established by disabled veterans. In order to be renewed, the pharmaceutical company not only had to establish spending goals with firms in each of these categories, but it also had to definitively show progress toward reaching those goals. The risk extended beyond the loss of this significant contract, because failure to achieve these goals could lead to financial penalties, and the loss contracts with other government agencies.
Monitoring these vendors, and the pharmaceutical company’s annual spend, developed into a cumbersome and time-consuming occupation. The process was riddled with errors and required hundreds of hours of manually entering and analyzing data. To solve the problem, the company first chose to completely extract and cleanse their supplier data from a larger unwieldy database that contained all of the company’s vendors. Secondly, the company implemented a Supplier Information Management system that enabled suppliers to self-register on the system. This ensured that there were no errors introduced by the pharmaceutical company. Suppliers, for their part, were eager to sign on as their success was pegged, in part, to the pharmaceutical company’s ability to show spending with their businesses. Finally, the pharmaceutical company was able to combine its own internal spending data against the registry of certified suppliers in one online dashboard. The time to produce these required reports for the Veteran’s Administration dropped from 400 hours to 200 hours in the first year. Beyond the money saved on fewer hours, the company successfully renewed its contract with the VA, and avoided costly penalties that could have arisen from poor insight into their own suppliers.
The legal cloud
The corporate legal world is embracing cloud-based software to do everything from contract management to department management. It’s being used to track litigation, store documents in digital repositories, and send encrypted contracts around the world. Here are some leading types of cloud-based solutions and providers.
Practice management software
For legal departments that view themselves as in-house legal firms — including billing other departments for their services — practice management software can be a valuable option. These solutions typically offer time tracking, billing, online collaboration, and calendaring, so you don’t miss critical legal or regulatory deadlines.
Leading providers include: TimeMatters; Clio; Abacus Law; and PracticePanther.
Contract lifecycle management
Contracts are the currency of modern business. They establish guidelines for acceptable behavior, production targets, and partnership rules. Contracts touch every aspect of business from real-estate leases to vendor and supplier agreements. Contract lifecycle management solutions give legal teams the ability approve, securely store, and manage these valuable business documents.
Electronic signatures
Many of us still remember the days of endlessly faxing and FedExing documents around the world to get requisite signatures — some companies are still doing it! Many legal departments — and law firms — have embraced electronic signature solutions that save both time and money by digitizing the signature process. Leading providers include: Docusign and RightSignature.
Supply chain management (SCM)
Many companies are now including in-house counsels in the business of supply-chain management by leveraging cloud-based SCM solutions. These solutions enable legal teams to ensure suppliers are properly insured, and abiding by codes of ethics and environmental standards. They can also help ensure that suppliers are not circumventing employment regulations, and in so doing they provide legal departments with the means of protecting the business.
Knowing your supplier
One of the world’s largest grocery store operators was expanding into what is known in the industry as a multi-department store. This means consumers can not only expect to find fresh food and produce, but also books and consumer goods like televisions and other electronics. Home and office furnishings, school supplies, a health clinic, and even a bank branch office can be found in these types of stores. This company was a pioneer in developing an esourcing platform in which suppliers would bid to provide different products and services to the chain. While the platform eased friction in the transactions between the buyer (the grocery chain) and sellers, it didn’t give the grocery chain much visibility into their suppliers. For example, did suppliers have appropriate insurance and food-handling certifications? The grocer also wanted to know if its supplier companies were meeting diversity and sustainability goals. Another challenge is that the esourcing platform didn’t house other critical information, meaning executives from the grocery chain would have research across several different sources to get a complete picture of their supplier.
The company implemented a Supplier Information Management system that required all suppliers to pre-register into the system through a new supplier portal. During this registration process, companies also had to prove that they were in compliance across a range of key areas including food safety, law, accounting, diversity, sustainability, and social compliance. Beyond simply checking boxes, companies were required to provide food-safety certificates, tax identification numbers, and proof of insurance. By customizing dashboards, department and business leaders could now measure the health of their suppliers across the entire spectrum of risk — from lack of insurance, to poor health and safety records. This 360-degree view into their suppliers enabled the company’s lawyers to manage risk and work with suppliers who were out of compliance.
Bringing clarity to contracts
The US Pharmacopeia Convention (USP) is a scientific nonprofit organization that sets standards for the identity, strength, quality, and purity of medicines and food ingredients manufactured, distributed, and consumed worldwide. USP’s drug standards are enforced in the United States by the Food and Drug Administration and are used in more than 140 countries.
While the organization was adept at establishing standards for pharmaceuticals, it had almost no standards for managing its agreements with vendors and suppliers. Until a few years ago, USP’s contracts process was in a state of disarray. Contracts across all departments were handled within the department and then delivered to the company’s legal department — usually via email, but sometimes in printout form. Legal templates existed but without a centralized database, and departments were often using out-of-date versions. Imagine, for example, a contract initiated between Human Resources and an employee-benefit supplier. The HR manager, often using an out-of-date contract template, would forward the negotiated agreement to the legal department for approval. An in-house attorney would then respond via email, noting that the template had changed and asking for the contract to be redrafted. Once redrafted, the legal department would again review the document.
Finally, there was no central repository for USP’s contracts. Once a contract was finally executed it might remain on a flash drive or on the desktop computer of the employee who initiated it. Sometimes contracts were forwarded to the legal department to store, but not always. Without a repository, contracts auto-renewed without anyone at USP being aware or, conversely, a valuable contract would unknowingly expire.
Meanwhile, USP’s business with existing clients in North America was growing, and it was also adding new customers around the world. This global expansion compounded the complexity of managing these all-important supplier agreements. To solve this problem, USP adopted a cloud-based contract management platform that served as a repository for executed contracts, but also for contract templates. Instead of reviewing each contract line-by-line, USP’s attorneys could search for changes within a template, thus eliminating costly man-hours, and freeing lawyers to handle more pressing issues than proofreading. Renewal and expiration alerts now give USP and its suppliers ample time to renegotiate contracts if necessary, and also to monitor performance incentives built into contracts. An e-signature feature ensures that files can be tracked as they navigate around the world, and guarantee that the authorized contract is housed in the company’s repository.
Reviewing contracts is not enough
Today, business leaders and legal advisors must do more than simply trust their suppliers. Organizations must proactively protect against risk and threats to the bottom line. This means more than responding to crises. It means having the ability to analyze supplier data, to look for trouble spots, and to make adjustments before problems arise. And the only way to do that is to increase transparency.
I’m reminded of another story about factories in Bangladesh. In 2013, a few months before the Rana Plaza collapse, a small team of executives from Nike flew to Bangladesh to inspect some of their suppliers’ factories. Rumors about their suppliers were troubling but executives needed to see for themselves. Many know that Nike has had its own very difficult history with its overseas manufacturing and allegations of employee abuse, but in the last several years they’ve put in several measures to monitor their suppliers. According to a story in the Wall Street Journal, the executives found hazardous conditions during their tour, including fire hazards and windows that were sealed shut in one factory. If a fire broke out, the executives feared, many would die. This, combined with other problems, caused the Nike executives to sever their ties with the supplier.
Most of us aren’t in the global manufacturing business, and won’t be sending employees on fact-finding missions to Bangladesh. We don’t have to. Today’s technology gives us the ability to glean critical information about our suppliers, find trouble spots, and take action to protect our business.