Jonah Paransky of Wolters Kluwer’s ELM Solutions explains how law departments will deliver value with operational rigor. His remarks have been edited for length and style.

CCBJ: How has the corporate legal department’s role expanded beyond its traditional responsibilities?

Jonah Paransky: There are several key items worthy of notice. The first is there’s been a sea change in expectations for how corporate legal departments will operate. In particular, it is expected that they will operate more like other corporate departments driven by process, using data to drive better outcomes, with operational experts and expertise. That’s a major change in expectations from the C-suite.

The department must embed itself into the company so that it can provide better business advice and genuinely be fully integrated into the business’s operations. It must do this while improving the operational capabilities of the organization and the operational efficiencies within the department. There is also an expectation that the corporate legal department will act with financial acuity, with the ability to manage its budget effectively.


What are some ways that corporate legal departments can demonstrate their business value?

To start, it is critical for departments to deeply understand what value they’re providing, measure that value and communicate it back to the organization. It’s not enough to sit at the table and be part of the business conversation. The sales team has key performance indicators they use to communicate the value they provide to the organization, as does the marketing team and the finance team. The corporate legal department needs to be able to instrument the department to understand and demonstrate the value they’re providing, the work they are doing and the outcomes they’re driving back to the organization.

Legal departments will deliver value by embracing operational rigor in the management of the department. The ability to look specifically at questions of budget and spend, to develop spend management initiatives and to make the hard decisions about moving forward with a case or a matter is crucial. Legal departments also need to look at different billing models, such as alternative fee arrangements, how they manage internal versus external spend, the way they manage relationships with their law firms and how they’re using technology to drive better outcomes. It is the ability to think about the value they’re providing, and communicate what they’re doing to reduce legal expenses or drive better legal outcomes or, even better, both.


You mentioned that leveraging technology can help demonstrate business value. What are the trends you see in the legal market along these lines?

As legal departments provide greater ease of use and experience through technology, it should result in increased user adoption. Historically, enterprise software has often been perceived as very powerful and valuable but very difficult to use. As employee expectations and organizations have changed, there is an expectation of usability. This means being able to keep the power of these sophisticated solutions, but at the same time making them radically easier to use and bringing workflows directly to where individuals in the organization and in the legal department work. That is a critically important part of improving business value with technology.

It’s also about using the information the legal department has to drive better corporate outcomes. It means taking data from the day-in and day-out interactions and using it to drive better corporate outcomes through artificial intelligence, analytics and reporting. All of that is driven by technology combined with the right processes.


How can corporate law departments work with providers to get the most out of the technology that they choose to use?

You need to have the right relationship with the technology providers, where you are both moving in the same direction and you both have similar objectives. And the provider should have the resources and the commitment to continue evolving the software. You don’t buy software, implement it and then never change it over time. The corporate legal department should realize it can start with something and then continue to grow that over time. One of the mistakes corporate legal departments have made in the past is to overly customize their approach to the technology and lock themselves in a box where they cannot evolve over time.

You also want to make sure you are partnering with a provider that can help you make decisions that go beyond just your legal department’s wants and needs, bringing the provider’s broader experience into play on best practices and ways to drive the best outcomes. Lastly, you want a provider that is sophisticated enough to properly partner with you around issues such as information security, along with global support and customer experience. When there are issues – and there will always be issues – you want to have a good customer support experience.


AI is a big buzzword today in the market. Where are you seeing the benefits of using AI?

Artificial intelligence, or AI, from a corporate legal department perspective is still right at the beginning of its evolution. If you think about where AI becomes useful, what you really need is a good amount of data, either structured or unstructured. The second thing is you need to have experts, both in terms of what you’re doing with the AI system and the data, and the people you are providing decision-making support to. If you have lots of data and you have the experts, you’re in pretty good shape to be able to use AI, along with its associated capability sets like data analytics, visualization and reporting, to drive better outcomes inside the organization.

A good example is a service Wolters Kluwer released that focuses on integrating AI and experts to drive better outcomes for corporate legal departments around legal bill review. Using the service, departments have seen significant benefits over historical approaches to handling compliance issues, mismatches between bills and the billing guidelines that they put in place with their outside counsel’s firm.

It is important to have data that is not just about the corporation itself, but also other similar corporations. AI and machine learning systems need to be trained, and the way you do that is with many examples of similar situations.


What are some of the key challenges facing corporate legal departments?

We talked earlier about the pressure of improving corporate outcomes while reducing expenses. That can be a challenge for many corporate legal departments. It takes operational rigor and a focus on combining technology, process and people effectively.

But there is also pressure around information security. Corporations spend a lot of money on information security. They are concerned about exposure to and the impact of data breaches. They have seen the financial, legal and reputational damage experienced by other corporations in the headlines.

With the changing regulatory landscape, which includes the General Data Protection Regulation (GDPR) in Europe, the corporate risk profile is rising rapidly. The challenge is that corporate legal departments have incredibly sensitive information shared with many outside partners in law firms. The reality is law firms are not always as sophisticated in information security as are their corporate partners. We’ve already seen examples of breaches of law firm data with significant negative repercussions to the involved individuals or corporations. I believe we are going to see a focus in corporate legal departments on what to do about their law firm partners’ security preparedness, and making sure that those partners are ready to deal with this data-focused world and the risk associated with sharing data.


What steps can corporate legal departments take to deal with that challenge?

First, as with any provider relationship where sensitive data is involved, the contract or the agreement between the corporation and outside counsel must include a set of standards and expectations around information security. If that foundation is not there, it is very hard to ensure an appropriate level of rigor going forward.

Second, you need to know where you are. Understanding the current information security posture of your third-party partners is critically important. I would recommend starting with your largest law firms, or those that hold the most sensitive information. Are they meeting well-known and understood third-party standards? Do they hold so much data that you must audit them yourself using your internal audit teams? What are the standards that you expect, and are they meeting them? If they are not, what is the remediation plan to ensure that your data will be properly secured?

In my experience, the only way to do that right is to start with things like automated questionnaires that your third-party partners can use to provide feedback to you about their approach to information security. Then you can work to improve that security over time. If a corporate legal department has law firm partners that are not able or willing to meet information security norms, the way that is going to improve over time is by corporate legal departments voting with their pocketbooks.


Looking ahead, do you see any emerging security issues that corporate law departments should be paying attention to?

Yes. The information security landscape is getting more and more complex. As we said, there are changing regulations that have significant corporate risk associated with them, but the threat landscape is also getting more sophisticated. You have state actors involved. You have non-state actors involved. From a corporate legal department perspective, the most important thing to do is to ensure that the corporation is taking due diligence in terms of protecting data and their outside partners are sophisticated and investing as heavily in information security as the corporation is.

In deciding which law firms or which third-party providers you’re going to work with, an assessment of their information security program sophistication and level of maturity is just as important to the ­decision as their capabilities as attorneys, their price point or the value of the relationship. That is going to be a big change inside the corporation, because it adds a whole set of criteria that historically were not a part of the decision-making process about setting and managing these relationships.