New tools, new challenges

It is possible artificial intelligence will change all our working life immeasurably in the next 20 years. It might put us all out of work; nobody knows. Even if it did happen in 20 years’ time, it is of no use to me in the way that I do my job right now and not much use to you as in-house lawyers to know what might happen. What is important is to understand what is possible now, what you can do with it and what the dangers are of trying to implement technology without thinking through what you are trying to get out of it. I will give some hard-earned experience picked up at the dirty end of a lot of technology projects.

I used to deny I knew anything about technology because it was not cool for a very, very long time. I used to be a coder; I have been an analyst; I have worked as a systems manager and a global project manager. I have implemented a huge number of IT projects; some very successful, some less so. It is very easy to believe the hype of technology without focusing on what you want to get out of it. I got out of IT; I educated myself into a job with the legal function at HSBC. I was in charge of their global knowledge management programmes, strategic technology and latterly risk management. I joined Berwin Leighton Paisner (BLP), set up a legal risk consultancy and then joined EY at the beginning of this year, delivering legal risk solutions into in-house counsel.

I am a fan of technology. I have always been amazed by the potential it has to deliver transformational change. Then you look at the reality of implementation that only one in three technology projects are delivered on time and deliver a reasonable proportion of the desired benefits. Two thirds of technology projects fail in some way. Of those failures roughly 20% take twice as long as they said they were going to. Another 20% take three times as long and a final 20% are a complete write-off. In 2014 it was estimated that $275bn was written off through failed IT projects globally.

The best way to achieve success with technology is to align it to the needs of your business. I am going to talk about three things. I am going to talk about some trends. Technology is not going to transform the private practice of law anytime soon. The trends that are affecting you as in-house counsel are far more important and relevant today. I am going to talk about how those trends are being translated into new responsibilities you have as in-house lawyers. Finally, we will talk about technology and where you can apply it to improve your value to the businesses you serve.

ai-conf-2A head of litigation told me it was easy to get £2m to fight a case and impossible to get £20,000 to fix the problem.


There are three key trends. There is the growing cost of getting it wrong, cost pressures on legal departments and the trend towards an increased mandate for in-house lawyers.

1. The cost of failure

Up until about 2011, [for major banks] the cost of getting legal risks wrong was pretty much an acceptable cost of doing business. Following the crisis and the regulators understanding what they believed was going wrong in the industry you can see there has been a step change in approach. The peaks are predominantly Libor-related but what is interesting is if you look at the volume and the size of the foothill fines what is happening is that there has been a step change in the amount they are fining [Regulators] have gone from making it an acceptable cost of doing business to imposing behaviour-changing fines.

The reasons for these fines are not peculiar to the financial services sector. They are for things like complaints handling, IT failures and governance failures. They are basic, operational and conduct-related issues that could go wrong in any business and in any sector. The key thing to take away from this is that the environment in which business operates is fundamentally different to 10 years ago. The cost of failures to meet regulatory requirements is now very, very expensive.

2. Cost pressures on in-house legal departments

I joined the legal department in 2005/06, pre-crisis. We were less than 1% of overall operational cost. There was no pressure. Then you get put in charge of external legal spend, and people start to ask how much you are spending. Then you get asked about legal losses and why they are going up. The pressure starts to mount.

The costs of legal fees and expenses and litigation [in my research] come from data submitted by four US banks. They have to submit a form, Y911C every quarter. I have been recording that data from 2010 [through] 2014. There is no correlation between litigation expenses, such as losses and cost of external legal fees and legal fees and expenses. What you see, though, is that there is cost pressure now on the legal fees and expenses. There is a desire to bring that down. There are questions being asked about why there is no control over litigation expenses if the cost of getting it wrong is so high. If lawyers are part of the control of the actions that could result in litigation there should be some sort of correlation between an investment in legal fees and a reduction in litigation fees and expenses.

There are three sorts of legal spend: First, you have transactional spend, based around deals, the cost of legal fees within a transaction. What you really want to worry about there is trying to manage the unit cost of giving that advice. Then you have crisis management, the bad spend, where you throw whatever money you need at a problem because you need it to go away. Then you have advisory spend: the investment in improving your legal risk and structure to avoid problems coming further down the pipeline. I have had a conversation with a head of litigation who said it was very easy to get a budget of £2m to fight a litigation case but almost impossible to get a budget of £20,000 to fix a contract he knew would result in the litigation in the first place. [But] the cost of getting stuff wrong is much bigger now. It is much easier to build a business case to make the structural investment in preventing issues.

3. Change in the mandate for in-house lawyers

There is a general conversation within industry as to whether lawyers should be part of a second line of defence. I do not know if anybody has to wrestle with operation risk models. On one side of the table, somebody thinks an in-house team should be entirely independent and just give legal advice. On the other, you have people that want to be involved in the business at a strategic level and give up a lot of the legal protections they have as part of the profession.

The regulators are pushing the agenda as well. They have reminded in-house lawyers in the financial sector of their responsibilities as a second line of defence. The European Banking Authority decided that ethical conduct was part of a group of general legal risks that they wanted reported that has expanded the scope of responsibilities for in-house lawyers significantly.

There is a debate in the financial services sector as to whether legal should be a key control function. I cannot see the result of that consultation being anything other than a yes, that legal is a key control function. The amount of loss that results from legal risk is too big for it not to be. Those three things add up to an increased mandate on your in-house lawyers at the same time as you are under increasing
cost pressure.

You are being asked to work in new ways outside of a transaction, outside of an advisory remit and start to look at what legal risk looks like, what legal work looks like as an aggregate of costs across an entire business. It is very, very different to the work of in-house teams ten years ago. These three things converge to say that you have to find new ways of working.

Challenges for in-house teams

The challenge is that you need to be able to exert necessary governance and control over business decisions. Business decisions can cost millions of dollars in fines. It is not just the fines; it is the cost of the investigation, the disruption to business. When crises happen, it is hugely expensive. Part of the defence is to get lawyers involved in the decision-making process and help the business to make better decisions.

A key objective is business insight. As lawyers, you give insight into what the law says but is that all that you should do? How much insight is given into legal risk, or to help the business navigate the legislative and regulatory landscape more nimbly than peers?

The same challenge that every other internal function has is how you deliver effectively at the right price point. We have our three core objectives: governance and control; business insight; and operational excellence.

ai-conf-3Two thirds of technology projects fail in some way. In 2014 it was estimated that $275bn was written off through failed IT projects globally.

When you are trying to work out how to improve performance across all of those you need to look at the assets you have to manage as a GC. You have people, your operating model and technology.

In terms of people, how do you manage them? How do you train them? Are they the all-singing, all-dancing trusted strategic advisers everybody says they want in house?
In terms of operating model, are you structured in a way that supports cost-effective delivery of advice, cost-effective delivery of insight and give you the right level of control over what the business is doing? How can you apply technology to increase operational efficiency? How can you use it to augment the insight that you are able to deliver to the business?

There are different facets that you can measure within the governance and control section. You can also measure improving levels of scenarios, from basic to leading practice. Among the facets, there are aligning integration and influence assurance. On alignment, are you organised to be completely independent of the business or are you fully aligned to the business strategy? On integration, do you deliver reactive advice, do you react to what the business needs or are you fully integrated and representing business committees, chairing some committees on the leading end of the scale?

Second of the objectives is business insight. You have depth, scope and breath. On the depth side, is it transactional? Do you just give advice within the boundary of a transaction? Or are you looking to give insight at board-level meetings and play a full part in the planning process?

On the scope, is it again about the law, are you looking at the business or are you looking at the impact of legal and regulatory changes on business, feeding all of your legal risk assessments into planning to make sure the business understands everything they need to know about the current and future legislative regulatory environment? For breadth, do you just advise people face-to-face or have you got knowledge systems?

Operational excellence gets a lot of excitement. It is some of the less sexy stuff on the model, covering budget and spend management, matter management and reporting. Having an AOP [annual operation planning] process, having a budget set out and reporting budgets on a monthly basis and spend against budget and incorporating possibly external spend into your budget and being able to talk about work-in-progress, challenging external firms on their spend against budget.

On the reporting side, do you report legal risks? Do you report trends and losses from different business lines that have a source in a legal risk, so that businesses understand where the losses are originating?

Using technology to improve performance

If you are going to improve performance or any of those three objectives, where can you use technology to enable that performance improvement?

1. Basic technology

On the less sexy end you are looking at basic technology that can lead to a digital workplace, like working tools such as Office. You can get big efficiency gains by moving from being tied to a desk to being connected to matter management and document management systems so your legal team can always plug into the information it needs to advise clients.

2. Advanced technology

If you then start to connect into the business and give people access to your matter systems, they can check on progress themselves; they can get insight into how their matters are progressing, what they need to do and they start to get a much better of experience of working with the in-house teams. Then, if you connect your working matter management systems – your digital workplace – through to external suppliers, or if you have external firms able to input into your central matter system, you create huge efficiencies through the chain. When your business gets sight of that it becomes quite powerful.

Knowledge management – again, have you got some sort of informed self-service? Like a PLC but for your internal business? If you could track that and decide which business processes need to be accelerated so you could reduce the deal and transaction time you could start to generate, as a legal function, real competitive advantage.

At the sexier end of technology, we get to talk about data analytics, automation and artificial intelligence.

3. Data analytics

Data analytics are very, very hyped but difficult to implement because you need to know what you are looking for. From a legal perspective you need a set of key risk indicators: what is it that the business does that could get it into trouble and how can you work out when that is happening? On the performance side, what is it that you should be delivering as an in-house team across these three objective lines of insight; governance and control; and operational efficiency? What measure points can you pick out that clearly demonstrate to stakeholders what you are doing is better than other legal departments?


Data analytics are very, very hyped but difficult to implement because you need to know what you are looking for.

4. Automation

a. Bad automation

There is a tendency to automate bad processes because people assume the technology is going to fix a problem with an underlying process. It is a classic problem with legal process outsourcing and business process outsourcing. Never automate a process you are not confident is working as well as you can get it to. If you rely on the process outsourcing to fix that it is going to cost you a lot of money.

b. Good automation

Once stuff is automated, as the process does not change too much it continues to work and it is very reliable. There are new technologies, such as Blue Prism and other robotic process automators out there. Instead of needing to input data at each stage, the little robot will take a bit of data from here and pass it to this system there. At the end of it you have an end-to-end flow. It is very cool.

c. Developer-free automation

At the more leading end of that automation style you can start looking at developer-free robots. That RPA [robotic process automation] stuff does not really need a development team. If you start to apply some of the artificial intelligence into there as well you can build some powerful things.

5. Artificial intelligence

There are two more things I am going to talk about very quickly: artificial intelligence, because it is my pet subject, and massive time and cost savings. I built what could be the UK’s first contract robot last year [at BLP]. We built it to solve a problem within the firm and it delivers the work 10 million times quicker than the equivalent human team. I told that to an IT director in a law firm a couple of years ago and they said, ‘We do not need it to be that fast’. That does not make the whole process quicker because there are different elements. But when you put it into that team they are happy because they do not worry it is taking their jobs – they are just happy they have not got to work through a weekend. There are huge benefits.

The problem is the market is not particularly evolved at the moment; there are not many products that will work reliably that you can just plug into what you are doing. Therefore if you want to take advantage of [advanced automation] you need to invest time in helping the technologists to make it work in the legal area as well as pay a bit of money. But the benefits are worthwhile; we made our investment back the first time we pressed go on that particular project.

6. Strategy

Finally: strategy. It is absolutely core to the success of whatever you want to do with technology. You have to have a strategy with what you are doing. It could be just to keep the lights on, it could be run by IT or you step in and say, ‘I am going to own this’ because this is fundamentally important to the ambitions of the business. It is really the deciding factor between whether you are going to be one of those three that succeed or one of the two thirds that fail.

Thank you.

Matthew Whalley is director of legal risk services at EY. He was speaking at the Legalease event, AI and the Law Tools of Tomorrow, which was held on 18 March this year at the London Stock Exchange.