Foundation before Automation: Legal Review Policy

Published on Oct 28, 2022 byInnoLaw Group

At the InnoLaw Group, most of our corporate counsel customers first come to us for our expertise on all things related to Contract Lifecyle Management (CLM) technology. They’re usually feeling overwhelmed by the volume of work being thrown at them, as well as the increased demands from the business and c-suite for increased efficiency, insights, metrics and reporting on their work. 

Amongst the vast array of LegalTech options out there which are (over?) sold as the silver bullet solution to all their efficiency needs, CLM technology is at the forefront for the vast majority of corporate legal teams, for whom processing large volumes of contracts is an ever-growing daily requirement.

As CLM consultants, some days it feels like our jobs would be better described as professional rain clouds, because right from the start, we have to rain on the “jumping to tech” as a quick and easy solution notion, get everyone to take a step back, get the shiny tech demo stars out of their eyes (for a little while at least) and remind them that there is foundational work to be done before tech can save you. To be clear, we know that it can – we also know that jumping right in and automating unclear or poor processes for the wrong reasons, never works out well. 

Throughout this series, we will provide you with our expert insights and practical guidance on all things contracting related in the hope that you will be better prepared to (i) improve the way your company handles contracting and (ii) if necessary, select and implement the right CLM technology for your company.

Let’s begin with the most fundamental and foundational step of all, the Legal Review Policy.

Legal Review Policies 101: Why, What and How

The fundamental question that drives the need for a Legal Review Policy is “what contracts should the Legal team spend time on, and what contracts should it not spend time on?”  

The problem is that Legal team lawyers often find themselves trapped in a reactive role when they review the contracts sent to them by their company. Somehow the business owners determine what Legal should and shouldn’t review, yet the attorneys are in the best place to make that determination. So, why don’t more Legal teams take a proactive role in defining what should land on their plates? 

Eventually the sheer volume of commercial contracting work will mean Legal teams are restricted in how they spend their time. They often arrive at this step only because they reach a breaking point and cannot keep up with demand.

For those who are unfamiliar with Legal Review Policies - a Legal Review Policy is a document which records what transactions Legal must review. It’s essentially a set of rules that let the business owners know which transactions Legal must get involved in and which transactions the business is empowered (by Legal) to handle on their own.

The goal of a successful Legal Review Policy is getting Legal out of the way when there isn't significant risk to consider or mitigate. How much risk and what types of assumable risk are dependent on the nature of each contract as well as the organization’s culture and appetite for risk.

Points to consider:


  • Legal needs to take control over their inbox by creating a policy for the business to follow. This starts with writing down what Legal must review. 


  • Business owners must get Legal involved in certain transactions. Determine if the policy comprises a list of what the business may handle without Legal’s involvement, versus what the business may not handle without Legal’s support. Are you trying to give as much freedom as possible, or empower the business with only specific scenarios where they can contract without Legal’s involvement? While at first glance this may seem highly tolerant of risk and very unempowering to have a short and finite list of contracts that require Legal’s support, it can have the opposite effect.


  • Risk: the goal is to get Legal out of the way when there isn’t significant risk to consider or mitigate. Risk is dependent on the industry, geography, and culture of the company, so there is no one policy that will work across different companies, but there are a few common themes that legal teams should be able to agree upon, including but not limited to: 
    • Standard NDA templates should be handed to the business to execute on their own, without having to go through Legal.
    • Low value, low risk contracts without access to any sensitive information or materials should be enabled for the business to proceed independently.


  • Separate the policy by contract types and create large buckets. Depending on the industry, more or special buckets may be needed, but at a minimum consider general categories such as: (i) purchasing (aka vendor or procurement) contracts; (ii) revenue generating contracts; (iii) information exchange agreements.


  • Determine the value of the vendor agreements and if there is an amount below which it is acceptable for the business to contract without any support from Legal. When considering this amount, include other variables that may present risk besides the allotted amount (e.g., whether the vendor will access any critical data or need to be onsite at the physical premises). Include these factors in the policy.                      


Description automatically generated


  • Regardless of the type of contract, describe the transactions that are part of the policy. Sometimes, policies that use contract titles are too restrictive, when really the risk under mitigation is related to the underlying activity that requires legal review. Or sometimes, there isn’t a specific “type” of contract that is easy to describe in a policy, and it is easier to describe the transaction contemplated. 


  • Some third parties’ relationships are so complex that their contracts should always include legal review. Whether there are trust issues between the entities, or the nature of the business relationship is complex, in many situations a list of particular third parties may be included in a policy to ensure Legal’s involvement for negotiations with those specific counterparties.


  • If there are other business-managed control points that can mitigate risks, then the legal review policy can include criteria met through other business processes as a way to side-step legal review. For example, if the procurement organization has a robust program for certain vendors which requires that they have a master agreement in place before any work is completed, then subsequent engagements under that master agreement may have the ability to proceed without any legal involvement, provided the master covers the contemplated risks for the predictable type of services the vendor will deliver.


  • If there are templates available that the business can use - provided they are unchanged - that should be part of the policy, with links to where the templates may be accessed. (NDAs are a perfect example of this scenario. Every company should have an NDA template that the business is empowered to use independently.) 


  • Some aspects of the policy may require significant discussions and internal negotiations with other stakeholders and business owners. If this policy will create new obligations for the business as a prerequisite to the empowerment the policy is intended to achieve, then those obligations should be clearly defined. Some training may also be needed. 


  • Create a simple communication plan and follow it. As part of the communication plan, a broader change management plan may be needed if the policy creates significant enough changes to how people have contracted.


  • You’ll also want to ensure that the policy is operational i.e. it works with how the company operates. For example, if the policy requires business owners to access information that is unavailable then the policy will be ineffective.


Description automatically generated


  • Once the policy is designed conceptually, as in the above figure, the next challenge is to draft it in a way that is easy to understand for the entire business. Simple language is key. Remember, no policy that is written in legalese will be successful! 


No matter what the details of the policy are, so long as there is a clear and practical mechanism to empower business independence in certain contracting processes, then you’re off to a great start! As with all things legal, remember that your Legal Review Policy will evolve with time and require a degree of flexibility and periodic reviews – so don’t let the fear of getting it all done perfectly right from the start hold you back from taking the first step towards liberating your inbox and regaining control of your contracts.     


About the AuthorView Profile
InnoLaw Group

InnoLaw Group

InnoLaw Group is a boutique firm, comprised of trusted CLM consultants and legal advisors, that specializes in supporting corporate legal teams to streamline legal review of contracts based on efficient processes, optimal templates, simplified playbooks, continuous data-driven improvements and selecting CLM technology solutions which align with the automation priorities of the organization. InnoLaw Group empowers legal teams to focus on only the highest value commercial transactions and legal advisory work to support key objectives of the business by providing CLM strategic advice and consulting services as well as customized, practical CLM Simplified Workshops.


View more
Search Legaltech Jobs
Legaltech Jobs provides targeted job listings for alternative careers in law, including roles in legal technology, legal data, legal operations, legal design, and legal innovation. Click and browse to find your next opportunity!
Search Now
We use cookies to monitor the performance of our website, improve user experience, and assist in our marketing efforts. By continuing to browse our site, you agree to our use of cookies.