How can legal contribute to a customer centric agenda?
One of the panels discussed this issue. I think this is so relevant. I think first, we need to define what customer centricity means to us as in-house counsel or compliance officers, both vs internal customers and external customers. Who are our customers? And what do those customers need? What customer insights do we need to collect and how do we do that? We cannot just assume that our own view of what constitutes a valuable service or a great delivery is necessarily what our customers expect or need. Our marketing department constantly do customer research. Why wouldn’t we?
A customer centric approach will typically involve a closer relationship with the business to understand what a relevant service and a good user experience means to them. One good way to do this is to use open questions and active listening techniques, which sometimes don’t come naturally for lawyers (who like to excel at delivering the answer...). Customer centricity can also be about embedding compliance procedures into business in a way that enables the business to meet important objectives such as business speed, for example by using lean thinking and RegTech.
A customer centric legal delivery can also involve designing general terms and conditions in a way that is relevant and comprehensible to the consumer rather than (which is too often the case) trying to excel as a lawyer by producing a ”legal piece of art”. We can get hands-on insights about what customers prefer and can use legal design principles to create something that better fits those preferences. The same goes for GDPR/privacy. What expectations do our consumers actually have in terms of privacy and our level of transparency around how we use their data? What benefits do customers see in having the right to choose between different integrity options, such as multiple choice options on cookie use rather than just ”accept all or you cannot use our service”. Would that be a commercial competitive edge for us as a company if we offered that? We can find this out, if we ask.
We can also find customer centric KPIs to measure our performance. We can for example measure the business’ view of our ability to listen to them, understand their needs and provide services that are relevant and help them solve their business challenges, such as in a customer survey or in-depth interviews, or simply by measuring NPS (”if your legal department was a law firm, how likely is it that you would recommend them to others”). We could also have consumers rate the quality of our general terms and conditions or integrity policy. Or we could measure how many consumers actually read it - and ideally confirm that they have understood it. It would be great if they engaged in it enough to let us bother them with such questions.
How do we succeed with compliance?
There was a breakout session on why so many corporate compliance processes fail. Many companies witness a power struggle, a polarisation, between the compliance function and the business. It is hard to be successful with compliance under those circumstances. What is a better, more successful formula? One way is to really try to establish a compliance culture in the company. To be truly powerful, such culture must come alive from the top - and not just from the board, but also from the executive management - and should also be a by-product of the company’s overall values. If the company culture genuinely involves corporate responsibility it is a lot easier to get the message across on the purpose of compliance, such as ethics. I recently heard a story about a construction company that did team development exercises to enable staff to better understand each other as individuals (background, personality, values etc.). As a result, the company saw a substantial drop in workplace safety incidents. When people started to genuinely care about each other as human beings they started to change their behaviour. They got a clear ”why” to workplace safety compliance. That is pretty amazing, and makes total sense.
Clearly, also, there are several perfectly rational business reasons for why compliance matters. No doubt, there is a business case for compliance. Maybe you have heard the saying ”if you think compliance is expensive - try non-compliance”. Reputation is increasingly important, among consumers and when selecting business partners (such as in partner due diligence investigations) and compliance is often key in the selection criteria in procurement, not just for the public sector. Many companies like to select business partners with solid compliance programs in place for the simple reason that it alleviates their own burden to secure overall compliance. It also offers a quick and easy way to minimise business risks. The investor community also increasingly care about corporate responsibility and compliance - not to mention the talent we want to attract to our companies, which are often purpose driven.
As mentioned above, you can also come a long way as a compliance function with just applying customer centricity. Simply listen to your internal stakeholders and sit down with them to design compliance programs together to make them relevant and streamlined. Apparently there are 200 new provisions of regulation being adopted every single day now (!) and we have all heard about the exponential growth of data, especially unstructured data. The number of third parties we work with are also increasing. We probably will not manage the workload for compliance under our current operating model. To be able to navigate in the new regulatory landscape we will need to adopt lean and scalable RegTech solutions. What’s in your compliance team’s RegTech Road-map?
How can we be more impactful in cooperating with the board?
At a conference like this there is much discussion about how legal and compliance people can become more impactful within our organisations. There was a think tank about how to work better with the board.
My take-away: As lawyers we will be a lot more impactful if we truly understand how the board (or the executive management team for that matter) want to have information or proposals presented to them. Is the material we bring to the table truly relevant, straight-forward and to the point or is it just exhausting and boring? Does it resonate with them? Do we need to bring more facts, data and insights, so they don’t just hear theoretical risks or questionable business benefits? We need to understand what format, content and presentation style will make us most successful, and what pre-meeting dialogue is necessary. As always, it is a lot about developing cooperation and communication skills.
How do we leverage AI in contract drafting and negotiation?
Many companies that now adopt AI for contract review/drafting complain about the time and effort involved in training the machines properly to get adequate quality. Who will do that job and how can it be done more efficiently? We had a discussion on the prospects of moving towards more ”open source law” by having many companies input their (anonymised) contract data to some kind of central clearing house that collects it and systemises it to everyone’s benefit. It would be like building a huge contractual industry database.
That is a great idea, but who will drive that work and who will want to participate? Some may argue having great contracts as a company is a competitive edge (at least many lawyers would like to think so...) and that, for that reason, you would not like to share it with others. As we develop our contract automation and AI applications further however contracts will be increasingly standardised and commoditised so that argument, if valid today, will fade over time. The value add of lawyers will not be in repetitive basic contract drafting or pointless negotiation on boiler plate provisions, but rather in our ability to properly address the key risks and business benefits of the case at hand on a more commercial level.
What’s the route to trustworthy AI?
A representative from the European Commission talked about the ethical guidelines for the use of artificial intelligence that they have developed. It is an attempt to proactively address potential problems with wide adoption of AI, which is not (yet) fully regulated by legislation. According to the guidelines, trustworthy AI should respect all applicable laws and regulations (”the rule of law”), as well as the following principles:
- Human agency and oversight: AI systems should enable equitable societies by supporting human agency and fundamental rights, and not decrease, limit or misguide human autonomy.
- Robustness and safety: Trustworthy AI requires algorithms to be secure, reliable and robust enough to deal with errors or inconsistencies during all life cycle phases of AI systems.
- Privacy and data governance: Citizens should have full control over their own data, while data concerning them will not be used to harm or discriminate against them.
- Transparency: The trace-ability of AI systems should be ensured.
- Diversity, non-discrimination and fairness: AI systems should consider the whole range of human abilities, skills and requirements, and ensure accessibility.
- Societal and environmental well-being: AI systems should be used to enhance positive social change and enhance sustainability and ecological responsibility.
- Accountability: Mechanisms should be put in place to ensure responsibility and accountability for AI systems and their outcomes
I think it is a great initiative from the Commission. Now we need to see how this translates into practical application. How do we approach these guidelines in cross-functional teams within our companies and interpret what it means in our day-to-day business as we adopt AI in different areas.
Clearly, there was a lot of talk about Brexit too... still confusing to most people if and when it will happen and in what shape and form, such as what legal implications it will bring. I spoke to several people who thought perhaps there won’t be a Brexit after all. We’ll see...
This was originally published on LinkedIn in April 2019, please find the original version here.