Repapering: beware the grey swan
By Brett Aubin
Brett Aubin explores if Schrems II is the next grey swan for solicitors
Repapering is a bona fide nightmare for in-house legal departments: a regulation changes, a law changes, there is a market event or corporate action – firms are triggered into a process of contract risk review and potentially amendment (repapering), that is mostly unwelcome and often, very unwelcome. Firms hit hardest are those with large customer and vendor bases and, if the sector is heavily regulated, the peril is greater still.
Who is most affected?
Financial services in particular have been heavily impacted over the last 20 years, going all the way back to MIFID 1 in the noughties, through the initial EMIR/Dodd Frank post financial crisis industry reforms in the early twenty teens, reaching its apogee in the Margin Reform and Libor Transition requirements that are still ongoing.
For the uninitiated, it’s difficult to envisage the magnitude of these challenges.
On the Libor Transition, as an example, the biggest banks in the world have had to manage upwards of 20,000 individual negotiation processes, across products and geographies, involving amendments to complex contracts like ISDA’s and syndicated loan agreements.
Even if each of these negotiations only took six hours (which is optimistic), you are still talking about 17,000 odd days of project time – and costs probably in the £15-20m range. All things considered, it’s pretty hideous stuff.
The future approach
There is a now though, a new cloud on the horizon, problematic to all who handle personal data and this is, of course, the fall-out from the Schrems II decision and the consequent invalidation of the Privacy Shield. For many firms reliant on Standard Contractual Clauses (SCC) to compliantly transfer personal data outside the EEA, the Schrems II decision means these SCCs have to be updated with additional measures and processes.
Going forward, organisations must use the new SCCs for new or updated data transfers – and have until 27 December 2022 to migrate any existing EU SCC arrangements to the new SCCs.
Financial services firms are impacted, but they are at least ‘repapering fit’ and have recent, if painful, experience of having to navigate these types of challenges. Our concern, though, is for the average, mid-sized, non-bank corporate, with a couple of thousand customers and a few hundred vendors, who now have to get their heads around the potential legal operational implications of this 27 December deadline, with little to no institutional muscle memory of what this entails.
For unfortunately, at these organizations, it is not uncommon that, at board level, repapering is considered a ‘Grey Swan’ event - a predictable but low probability event that even though high impact (costly), is almost never properly planned or budgeted for. And the fault line where this misstep often manifests is through an immature legal operating model, particularly around digital transformation.
What to watch for
Some of the red flags to look out for are:
- large concentrations of warehoused physical paper versions of contracts;
- where contracts have been scanned, no centralised documented repository or, just as bad, multiple fragmented repositories;
- not enough consideration given to the logistics of data extraction or, indeed, what the extraction model needs to be in order to facilitate risk analysis and amendment;
- because policy is often not standardised and enforced at regional, national and global levels, there is a proliferation of contract templates. We know of one large corporate with over 400 ‘approved’ templates for a standard customer contract.
The punchline here is, for something like SCC repapering, if firms don’t know where their contracts are, or what data is in their contracts, or don’t have people and technology familiar with volume processing, even just performing a risk review on a small contract estate has to be done manually – and has to be based on a low confidence ‘dipstick’ testing approach across the multiple template permutations.
In turn, this often backs legal professionals into a corner where they have to rely on crude ‘brute force’ amendment or repapering strategies that, because they are based on poor or no data, do not remotely balance the need to manage legal risk against, at best, annoying customers and vendors or, at worst, putting commerce at risk.
What can be done?
So, what are a few quick and pragmatic things organisations can do to get structurally ready for the new SCC repapering challenge – and also start better positioning themselves for digital transformation in the future?
- Digitise and centralise all your critical contracts – get them out of physical storage, filing cabinets, desk drawers, inboxes and onto a controlled, indexed, centralised, contract repository.
- Audit your contract estate – as a part of #1, make sure you have all the executed contracts and ancillary agreements required for each of your vendors and customers.
- Close your audit gaps – use web portals or outreach tools to contact vendors or customers and request document updates or additional information.
- Consider a data model – understand and prioritise key contractual data points to support ongoing portfolio management, risk analysis and future amendment. For Schrems II repapering, this would obviously prioritise data protection clauses.
- Isolate bespoke arrangements – to the extent they exist, know where there are significant template deviations or bespoke arrangements, so they can be fully contemplated in any risk and amendment review.
- Extract crucial data – if budget is tight, isolate the crucial data points from #4 and extract those using the most cost-effective combination of technology and people.
- Staunch the template noise – while you cannot change the proliferation of templates on the legacy book, you can rationalise and control template usage going forward.
- Update policy – to embed #7, ensure you standardise and streamline policy, wherever possible, up to the global level.
The bigger picture
Not all of the above needs to be completed before considering a repapering challenge like SCC repapering but the key thing is to start this journey sooner rather than later. Even at big organisations, this can be pragmatically achieved with one or two people with hybrid legal or change management skillsets who, reasonably quickly, should be able to start providing transparency as to:
- the scope of the impacted vendor or customer base
- the existing contractual data firms have access to and where the gaps are
- the bespoke provisions and template variability that will need to be considered
- what native technology capability organisations pragmatically have access to in a short time frame.
The above should help to start shaping a responsible repapering strategy and delivery plan, while crucially, presenting senior management with a prioritised list of risks that will need to be recognised in the near term.
The long history of repapering projects is littered with the lesson it’s best to invest in ‘bringing out the dead’ in the early stages of project thinking, rather than to risk having to compensate for findings towards the back end of a project, where new data may need to be extracted, or customer and vendors recontacted, all under a pressing deadline and potentially regulatory scrutiny.
Here be dragons – or, indeed, grey swans!
Brett Aubin is Regulatory Response for Konexo – and his immediate focus over the coming 12 months will be the Libor Transition. Developed by Eversheds Sutherland, it delivers global alternative legal and compliance services in the UK, US and Asia: konexoglobal.com