These are fascinating times for the outsourcing space – and perhaps even more so for the technology lawyers at its heart, charged with keeping abreast of the myriad trends driving industry change at an ever-increasing pace whilst also staying at the cutting edge of developments within the legal sector itself.
To get a deeper understanding of how these trends are impacting the practice of outsourcing itself, the GSA convened a roundtable featuring some of the foremost figures in the UK’s outsourcing law space, investigating topics as diverse as automation, GDPR, pricing and hiring.
GSA: In light of a general shift of work from external law firms to internal counsel, and then in part to outsourced legal services providers, how are you working to stay relevant and to keep delivering optimal value to your clients?
Kit Burden, Partner, DLA Piper: The legal services market generally has been disrupted by the emergence of different models – LPO providers and “on-demand” and other flexible lawyering options – as well as by the more general trend towards growth of internal legal departments. The one good thing for those of us involved in the outsourcing market however, particularly at the higher end, is that these remain very complicated projects; they’re not commodity legal services for the most part. Equally, while our inputs can certainly be augmented by the use of technology, we haven’t yet been replaced by AI or anything like it. I’d say that at the moment, certainly for the buy-side as opposed to the sell-side, there seems to be a healthy willingness to engage with specialist external counsel; and that the external counsel are improving and enabling their service through technology rather than being replaced by it. I would however say that the number of law firms who are genuinely specialists and able to deliver that kind of enhanced service to clients is probably smaller than it used to be. There are certainly a lot fewer law firms who have a real depth of both experience and ability in this area – but that’s probably no bad thing.
Nick Pantlin, Partner, Herbert Smith Freehills: I’d absolutely agree with that – if anything the market out there for sourcing has got a whole lot more complex, in terms of the technology and digital disruption that’s going on for all corporates. They’re having to think very differently about how they procure their services – or, if they’re in the business of selling services, how they sell them – and of course lawyers themselves are also being disrupted. We’re being asked to deliver our services more innovatively, more efficiently – and to examine how we can use technology to do that. So it’s a shared journey, and, again, I agree with Kit: as it’s got more complicated clients are continuing to turn to us. The risk assessment has got harder, for one thing, with increasingly disaggregated, complex ecosystems. So there’s a real opportunity for technology sourcing lawyers to play a key role in helping our clients succeed in an ever-challenging marketplace.
GSA: Looking at that increased complexity of risk assessment: does that mean you guys are having to change working practices, or to hire more – or different – people to reflect an increased focus on that particular area?
Nick Pantlin: I think that’s a good point. Inevitably it’s a part of our general need to change the way we deliver services and to be more innovative. To be really successful lawyers in this space we have to understand the technology and how it’s disrupting our clients in different sectors, and there’s a real challenge there in that different sectors are being disrupted differently: we can look at the banks, and the fintechs, and the start-ups, and the disruption there is different from that being seen in the energy sector, healthcare, transport… They’re very different issues across the piece. All of us in the legal sector will be hiring in – rightly – either technologists who are non-lawyers or lawyers who have computer science backgrounds and/or cyber expertise; people with genuine innovation experience, or digital transformation experience; knowledge managers; process engineers. To be able to provide the best advisory service – albeit under the banner of a law firm – you’ve got to understand all those things. So the shape of teams is going to change – is changing – absolutely.
Tania Williams, Partner, Kemp Little: Clients are coming to us for advice around the technology that is new, and how to best contract for it in the context of their business. For example, there might be a little bit of RPA being provided, in the context of something broader. The questions we are asked might be, “How do you contract around the different service delivery methods? How can we ensure we get the wider benefits from the service provider despite the different service delivery methods?” I think we’ll be seeing that kind of work for quite some time. I think also that a lot of this relates to how we as a law firm can expand our service offering to clients. We’ve got a number of associates, for example, who do have a computer science background and can help clients approach their problems in a way the clients simply aren’t equipped to themselves. We had a case in point recently with one of our associates, dealing with a bank, which had a lot of key data in different places and formats; he said that they needed to be able to aggregate that data, so he went away and built some software which the client is still using. That enables them to come back to us for a different kind of legal service, and to consume our legal services differently and more easily.
GSA: Does that imply a requirement for bulk and scale on the part of law firms which maybe hasn’t been there in the past – at least not at this level? That kind of work can be quite a costly endeavour: is this a landscape where the bigger beasts will have the advantage?
Tania Williams: Well, we’re not one of the bigger beasts – but we’re very agile, so we can respond quite quickly when clients have those requirements. Our skill-set more than anything has allowed us to do that –that particular associate knew the contracts, he knew the client, and he knew enough coding to be able to create the software. This trend doesn’t necessarily move the smaller players out of the market; having our experience in a niche market definitely helps.
GSA: Kit are you having to hire differently, or in different ways?
Kit Burden: So from the point of view of hiring: I think there’s probably more fungibility in terms of private practice and in-house roles than there was previously. In past years, there was a sense that you would be set in your ways in terms of either private practice or in-house and never the twain would meet. Now, very frequently you’ll see people who have a wider commercial and/or technology understanding from in-house roles who are coming back into private practice. It’s not so much where we’re hiring people from, as what do we do when we get them. We now recognise that the training of lawyers either at the junior end or as they get older is different from what it used to be. For example we run software programming courses; we make sure that our associates are better trained with software tools for the delivery of content, because our clients are expecting to digest our advice in different ways from how they used to. They need it to be delivered in the language that they speak in their businesses, which is typically very visual, and tech-enabled, and not in the form of a long memo with footnotes. The lawyers who can adapt to that new reality and make sure they’re delivering their advice in a way that’s more digestible and engaging with their customers will do better in the long run; therefore obviously you need to train your lawyers to ensure they’re capable of delivering the content that way.
Nick Pantlin: That’s right, and we’re seeing something very similar – and we’re genuinely recruiting non-lawyers as well to compliment our lawyers with experts who are technologists, innovators, professional knowledge managers, process engineers... The shape of the lawyer and scope of work and the skill-sets of the lawyer need to change, because clients’ businesses are increasingly being digitised. When it comes to a major due diligence, or regulatory investigation, or dispute, there are inevitably terabytes of data, so we need people who understand that data, how to use it, how to interrogate it. Clients expect us to deliver services more innovatively. Then there’s the trend of alternative legal services provision and how that affects fee models - and of course the use of LPOs and some start-up services providers – and in some senses big law firms are having to be fast followers. A lot of firms - like us - have built alternative legal services offerings because our clients absolutely need a breadth and variety of supply – but they’d rather deal with a smaller number of firms who can do this end-to-end, and that means being able to deliver alternative legal services as well as the high-end services model.
Tania Williams: I agree; we find ourselves having to expand our service offering so that clients can consume services more easily – but also procure them more easily. A good example might be on our data protection team; we have consultants who can complete data mapping for clients. For us, it’s not just the legal work and advising on a clause around data protection; it’s the more practical application of that, and making sure that the processes work. We provide that broader service in a variety of different areas, to ensure that clients have everything they need in a one-stop shop, because they just don’t seem to have the time or the budget to shop for that elsewhere.
GSA: Not necessarily wanting to get too bogged down in the sticky subject of billing, but: because clients might be expecting a bit more of a smorgasbord of contracts right now, do you find that you’ve had to get more flexible right from the very beginning of the engagement working out what model might be appropriate for each client?
Kit Burden: Interestingly I don’t think there’s any sensitivity in talking about commercial rates anymore; I think the days when lawyers almost measured the weight of the file in order to work out what they could charge a client, and thought that any negotiation about fees was almost beneath them, or something to be embarrassed about, are long gone. Most law firms now are pretty entrepreneurial about how they approach pricing – more so, I think, than they’re sometimes given credit for. For a lot of the larger sourcing engagements we work on, the hourly rate is an irrelevance. We’re using fixed-price or capped-fee arrangements, and value-based fees are again very common. We have a lot of clients who want to adjust the whole way they work with us, for example to try to have more pre-set menu cards for the different kinds of contracts we can process for them. All this is a further reflection of the way in which the relationship between clients and external lawyers has changed, to try to identify what is commoditisable – whether in terms of whether it’s amenable to being automated, or commoditised in terms of price structure – and what needs to be approached on more of a complicated bespoke basis. I think generally most law firms are actually not only open to that but, as I said, far more sophisticated at doing that then they’re given credit for.
Nick Pantlin: Coming back to something mentioned earlier about the downward pressure on all our clients to use legal services more efficiently, at less cost (both in terms of internal resources and external legal spend): this results in a consolidated set of law firms that they use, and typically panels are getting smaller with combinations of specialised and bigger firms. But again that’s all being enabled and improved by some of the technology out there. Obviously the net effect of that is that for our core client relationships we are able to take on a broader range of work - both complex and "business as usual". That also means that–what’s also coming back, happily, is more of a relationship of trust. As Kit was explaining there, if we’re going to offer these alternative fee arrangements, inevitably that means we have to take on more risk; but it’s got to be two-way, and there has to be an understanding from the client that we need increasing trust both ways. The client needs to accept that there’s been a change in the scope of the relationship, and that we need to have those sorts of discussions. The only challenge to that is the interplay of the procurement teams: procurement getting in the middle and potentially disrupting that relationship. But that’s an ongoing challenge I think.
GSA: Well, there are plenty of big challenges out there… Taking a high-level view, what do you all see as being the biggest issues currently facing clients, and the space generally?
Tania Williams: The most common questions we’re getting asked right now are around GDPR, and how clients manage their compliance. That’s an obvious one. Another issue is around the push to the cloud, and how clients – especially in financial services – can manage that, especially with major cloud providers offering standard terms, and the bigger banks and insurers typically asking for more than the providers are willing to offer. I think on the compliance side, everyone is getting there. On the contractual side, I think most people are still very much feeling their way, and learning how to contract around GDPR. If you pick up an old outsourcing contract, with DPA provisions, we all knew them inside-out and back to front. We knew what the suppliers will accept; we knew what the customers will be happy with. With GDPR, partly because of the size of the potential fines and increased risk, and the processor having additional obligations , we are in much more of a learning phase. And it’s the same with the cloud; it’s a matter of time, with customers learning how suppliers are going to contract, and suppliers maybe having to move a little, and get ahead of the curve a little more.
Kit Burden: I think Tania’s right – and even for someone as long in the tooth as I am, one of the really good, interesting things about the market over the last four or five years is how much flux there has been in terms of contracting norms: firstly because of the impact of the cloud, that Tania’s referred to, and then the disruption caused by GDPR, which isn’t just around changes to the data protection clause itself but because of its impact on things such as drafting of various aspects of limitation of liability clauses, and knock-on effects on termination rights, step-in privileges, and all manner of things which touch upon data. And I think that’s a good thing for lawyers: it forces us out of the comfort zone of just being able to rely upon what market practice has always been, and forces us to come up with new ideas about how to rebalance risk and reward, or to reset the relationship between the parties, and find new ways of working together. I think for those of us who are the, let’s say, legal geeks in all of this, and who enjoy this kind of challenge, there’ve been few better times to be a technology lawyer than the last few years.
Nick Pantlin: I think what it’s also doing in a good way - if you go back to the principles of what GDPR and the cybersecurity Directive and what these supposedly "technology-agnostic" regulations are trying to achieve – is the much-touted concept of “privacy by design”, or “security by design”. What that’s trying to encourage (and I think we all see that now in the deals that are being done) is forcing the lawyers to be there at the outset. The days when we used to come on board when the deal was already done, and the sales leads from the tech company had proved the worth of the solution, and we were called in just to take a look at the contract and sign it off, are long gone. That doesn’t work anymore, either because you’re having to deal with supplier T&Cs for a big cloud-backed platform, or because of the multiplicity of vendors making up the solution or the supply chain of a more complex service; you have to get the lawyers together at the outset with the compliance, the operations and the technology teams , to properly understand what the technology is, and its risks – whether commercial, regulatory or legal. The reality is that if you stick with Microsoft or Google or Amazon, your leverage to actually negotiate on many of those terms is much reduced from when we all started doing these big technology contracts.
GSA: Just picking up on cybersecurity specifically: do you see lawyers being a strong weapon in the cybersecurity armoury? How useful a tool are lawyers being in that fight?
Tania Williams: Well, one thing I’d say is that, yes, someone needs to be putting up a fence, but when we’re only reviewing and managing one deal, we’re not reviewing the whole fence: we’re dealing with one panel of that fence only. There has to be a consolidated, coordinated approach across the client’s business, and quite often we only see parts of that when we’re looking at a particular deal. It’s often a good indicator, though, how a client and supplier contract as to how much of a handle they have on cybersecurity. In general people do seem to be getting their heads around it – and it does seem to be much more of a board issue to drive a concerted, consolidated approach across the business.
Kit Burden: You can have all manner of provisions in a contract – indemnities, unlimited liabilities, warranties, undertakings – to try to commit a service provider to maintain protections against unauthorised access, but the fact remains that no system is ever going to be 100% secure: we’ve seen hacks against some of the world’s most sensitive systems. So I don’t think the contract should be seen to be an adequate protection in and of itself; it has to be backed – and this goes back to Nick’s reference to GDPR – by “security by design”. The primary focus should be on what people can do (and what they can spend) to try to protect themselves. The question as to whether or not there’s a really meaningful contractual remedy if unfortunately that proves not to be sufficient should really only be the fallback.
Boko Inyundo, DLA Piper: In a technology-driven world of rising cyber-related risk, the cybersecurity aspects of the contract become more critical as buyers look to outsource services, given that the inherent shift in organisational structure may increase the potential threat landscape that either the enterprise or customers may then face. That will become even more significant as IoT technologies penetrate industry and society, as quantum computing comes in, as 5G settles… Although in and of themselves those elements of the contract don’t change, per se, they’re probably more concentrated around the board-level conversation about them as one tries to outsource or procure services. The minute you transfer resources to another party you’re opening up a window for threat actors to penetrate.
Nick Pantlin: In some ways the regulators have got it right in the sense that with GDPR et al, firstly they’re now a board-level item with very hefty fines that we all know about; but also what’s changed – and this has the direct impact on contracting that we’ve been discussing – is that what GDPR is doing is for the first time is making the service providers in their capacity as data processors directly liable. That changes the whole dynamic of the negotiations: as Tania pointed out, what used to be pretty standard boilerplate clauses around data processing provisions are no longer applicable. Similarly, the cybersecurity or NIS Directive – also coming in in May this year – for the first time makes digital service providers – the ISPs– directly accountable under the legislation. It’s an acknowledgement by the regulators that these are shared responsibilities dealing with protecting data, dealing with cybersecurity risks. That’s a good thing.
Boko Inyundo: I do see another issue arising over the next few years around disputes. The more these emerging technologies drive enterprises to outsource services of the right kind to the right people, you’ll also have a greater opportunity for disputes along the way because liabilities are spread.
Nick Pantlin: That’s a really good point, and funnily enough this morning we hosted a conference looking at how the telecoms industry is being disrupted and one of the topics was connected and autonomous vehicles. I think that’s a good example to demonstrate that issue: all connected via technology, all the different players, issues and risks around who’s responsible should one of those vehicles crash: the platform provider, the car manufacturer, the software developers, the person nominally in charge of the car… Coming back to where we started around increased disaggregated supply chains, we’re going to have lots of different players forming part of the service or supplier ecosystem, leading to complex liability and data flows - making the role of the sourcing lawyer increasingly important to help clients manage and contract for sourcing success.
GSA: Well let’s take a deeper look at what’s going to happen in that timeframe. What does the world of sourcing and technology law look like in, say, 2025?
Kit Burden: I think AI and how it is getting out from the very early stages into real production is going to be really, really interesting. I don’t know where we’ll end up in terms of liability structures for AI because it challenges some of the basic concepts of assignment of liability that we’ve historically lived with. I think therefore that AI will be a big challenge to our thinking, our structures – and not just in the public policy arena, but also in the way that commercial contracts get constructed as well. So I would pick that up as being my key challenge for 2025.
Tania Williams: I think by then we’ll have more and more smaller deals. I think the day of the large outsourcing deal will be coming to an end; I think it’s going to be easier for clients to take a bit more of a pick-and-mix approach to who they’re contracting with and how they contract.
GSA: Is that partly because of a greater focus on end-to-end processes? Because once an organisation has a process that’s running pretty well, it may end up being something that’s just BAU and nothing to do with deals they have to keep renewing.
Tania Williams: I think it is. I think the tools that will be used to help speed up those processes will also mean that people can contract differently. It’s no longer a case that you have to have hundreds of people looking after an F&A outsourcing environment, for example, because suppliers can use a little bit of software here, a little there, and use fewer people to tie it all together. So clients will probably be looking to contract by expertise in a particular area rather than having to outsource the whole function to a third party who manages everything.
Nick Pantlin: The picture that all creates is, again, one of a more complex service provider ecosystem, with everything being disaggregated and broken up and much more competition. Interestingly, coming back to the sourcing cycle over many years – and we’ve seen it from the Big Bang through multivendor and multisourcing via SIAM and towers: if you look at the outsourcing space of 2025 from a strategic sourcing function perspective, on the customer side, I think it’s going to be even more important. We talk about the “intelligent customer” but if you look at what things might be like in 2025 just managing the complexity of everything from AI to complex supply chains and all this wonderful disruptive tech that will be in place, and dealing with the liability issues: is there a role for a service aggregator there? Do the big tech companies come in to help customers manage their liabilities and risks across those end-to-end processes? Because I think it’s going to be very hard for customers themselves, depending on their core businesses.