Identifying and managing hidden enterprise contract risk


Financier Worldwide Magazine

April 2016 Issue

April 2016 Issue

It is no secret that big financial institutions have been inundated by the regulatory penalties that have been levied since the financial collapse in 2008 and the passing into law of the Dodd-Frank Act. Unfortunately, these businesses can only expect regulatory obligations and fines to continue escalating, with no end in sight.

A 2015 Morgan Stanley report states that even though big banks have been fined £185bn since 2009, they still stand to face about £46bn in litigation costs alone between now and 2017. Most of these fines involve securities fraud and concealment of risky mortgage information. However, in other cases, charges have been levied because of continued failure to manage and identify key collateral, provide ready access to key data on material entities, and present a comprehensive description of obligations and exposures, in addition to other delicate contractual information that previously was either not well understood or was inaccessible pending a firm’s litigation.

With the Financial Conduct Authority and other regulatory bodies keeping a keen eye on financial services businesses, these firms will have to be vigilant in better managing their compliance obligations in order to avoid greater penalties in the future.

Financial markets and firms continue to adapt to a growing array of challenges that threaten major dislocations on a global scale. Now more than ever, it is imperative to reflect on key trends and shape new strategies that help firms move forward with confidence in an uncertain world.  

Contract risk management

One area of enterprise risk that is often overlooked is the discipline of contract risk management. It overlaps with several risks that make up an enterprise risk framework. Operational, counterparty, regulatory and financial risks are frequently cited as disciplines in an enterprise risk framework, yet firms fail to recognise that each of these risks is inherently embedded within contractual agreements.

Improper management of all these variables can cause unintended consequences. Many firms struggle to integrate contract risk management into an enterprise risk framework, because they find it too complex and difficult to measure.

It is generally understood that some risks are measurable and other risks, like uncertainty, are harder to measure. Uncertainty falls into the realm of probability where distributions or a range of outcomes are considered likely within degrees of certainty. These risks represent the ‘surprises’ that expose the firm to loss or disruption. Risks, on the other hand, are documented and in most cases are addressed through risk transfer schemes or risk mitigation documented in contractual agreements, commercial insurance or business decisions to improve internal controls.

Contract risk is typically characterised as low frequency, high impact events. Firms seldom scrutinise these low frequency risks because they happen so rarely and are difficult to predict. But what if you could model the risk of failure more accurately using contract risk intelligence?

Contract business intelligence

Every organisation must determine appropriate levels of internal controls and risk tolerance. Some firms may already have a few of these processes in place and may only need to increase management’s involvement. Others may need to rethink how contract risk management is integrated into an enterprise risk framework. In either case, contract risk requires a proactive campaign of awareness and internal controls to prevent a crisis. Tapping into business intelligence in contract risk systems provides leadership with clever insights into risk exposures to properly manage. This requires a forward-looking approach using contract intelligence as a lever to improve operational excellence while reducing risks.

The power of data analytics is being used today to solve tough business problems by improving strategies to uncover sales opportunities, reduce costs and clarify the competitive landscape. These same tools are being implemented in smart systems to monitor cyber security, track the status of the supply chain, and manage contract risk. The challenge, to date, has been a lack of visibility into how the actions and decisions in one part of an organisation impacts other parts of the firm in unexpected ways. Data analytics helps to connect the dots and enable contract managers and board members to ask better questions about the health of the firm. What once took weeks of manual research of company-wide data could now be found with just a few keystrokes.

You cannot manage what you cannot measure, but understanding what to measure is equally important.

Understanding risk in all of its forms is the most effective way to manage its impact. To truly manage risk, corporate directors and senior executives should not be satisfied with a top 10 list of risks. Operationalising contract risk management requires better tools.

The importance of visibility before a crisis

It may be obvious that visibility before a crisis is important. Who wouldn’t want to know how a crisis could unfold and thus limit the costs involved in resolving the matter? A better question may be ‘why doesn't this happen more often?’ The surprising answer is that firms underestimate the risk of encountering a convergence of events that perpetuate a crisis. Many people fail to appreciate what it would take to respond.

Contract intelligence can be used to provide important analytical data to create ‘what-if’ scenarios to assess the scope of liability in specific events. Organisations that fail to prepare before a crisis lose credibility when responses to basic questions are incomplete or worse yet, not easy to answer with a degree of confidence. Timely information and confidence in the accuracy of data often determines success or failure in crisis management.

Moving forward

Before taking any action, firms must make an honest assessment about the tools, resources and people who manage contract risk. In some cases, an external consultant may be useful in providing an independent assessment of contract risk management. On the other hand, many firms are well aware of the pain points in contract risk, but lack executive stewardship to drive an enterprise approach.

Monitoring key risk metrics for contract risk management while taking steps to address the gaps that exist in internal controls and performance measures are more important than ever. Whether starting from scratch or simply fine-tuning existing programmes, identifying your contract risk and beginning to improve your ability to manage the uncertainty of your firm's contract risk will better prepare your firm for the future.


Bill Hewitt is the chief executive officer of Exari. He can be contacted on +1 (617) 938 3777 or by email:

© Financier Worldwide

©2001-2019 Financier Worldwide Ltd. All rights reserved.