Practical Tips for Managing Risks in Vendor, Supplier, and other Partner/Provider Relationships

The best place to stop a snowball from rolling the wrong way is the top of the hill.

When it comes to managing risk in business, there are two fundamental principles:

  1. You can’t disarm all of the land mines. A risk is like a land mine – it will detonate sooner or later once the right factors occur. Part of risk management is having enough information to know (or make an educated guess) at which risk “land mines” are more likely to go off than others, so you can stack rank and disarm the land mines in the right order. That way, hopefully you’ll disarm each one in time, and if one does goes off before you can disarm it it will cause minimal damage.
  2. You don’t have to stop every factor from occurring; you have to stop at least one factor from occurring. If a risk “land mine” detonates, a number of things all went wrong at the same time. Think of it as the lock on Pandora’s Box – for the lock to open (the land mine going off), the pins in the cylinder (the environmental factors) must align perfectly with the key (the catalyst). As long as one of the pins are misaligned, the lock won’t open. If you don’t have the resources or ability to ensure all pins are misaligned, try to ensure at least one pin is misaligned so the land mine can’t go off. (If more than one is misaligned, that’s even better.)

To manage a risk, a business must first mitigate and shift the risk to reduce the chance of the land mine detonating to the greatest extent possible, and then accept or rejectthe residual risk to the business. (For more on this, please see my earlier LinkedIn article on Revisiting Risk Management).

When it comes to your relationships with your key vendors, suppliers and other partners/providers, risk management principles should be applied to both existing partners/providers, prospective partners/providers, and “inherited” partners/providers (e.g., through acquisition). There are a number of ways to mitigate and shift risk in these relationships:

Mitigating the Risks

  • Do due diligence on your partners and providers. Perform research to see if the partner/provider has had security or privacy problems in the past. If they are public, look at the risk factors in their securities filings. Look at the partner/provider’s privacy policy to see if they make any claims they likely cannot live up to, or are overly broad in what they can do with your company’s data. Watch out for unrealistic marketing statements regarding privacy, security or their ability to perform the obligations you are contracting for. Use RFPs to gather information on prospective partners/providers up front (and keep it in case you need to refer to it later on if something they told in you in RFP proves not to be true).
  • Don’t automatically disqualify companies that have had past problems. If an RFP reveals that a partner/provider has had a past issue, focus on what steps they have taken to remediate the issue and protect against a recurrence. The result may be that they have a more robust security and risk management program than their peers.
  • Ask them what they do. Consider adding privacy and security questions to your RFP to gather information on current practices and past problems/remediation efforts (and to make them put it in writing). Watch out for answers that are too generic or just point you to their privacy policy.
  • Set online alerts, such as Google Alerts, to stay up-to-date on the news relating to your prospective or current partner/provider during the course of your negotiations and relationship, and escalate any alerts appropriately. If the partner/provider is public, set an alert for any spikes (up or down) in stock price.
  • Plan for the inevitable. Inevitably, your business relationship will end at some point. It could end when you’re ready for and expecting it, but you can’t count on that. If your partner/provider is mission-critical, develop an “expected” and “unexpected” transition plan and confirm that the partner/provider can locate and provide you the data you need to execute on that plan. For example, ensure you have all information and data you may need if the partner/provider ceases operations (for example, routinely download reports and data sets from their portal, or set up an automated feed). Alternatively, consider ways to ensure that if a partner/provider creates and stores mission-critical information (e.g., order or personal information, critical reports or data, etc.), it’s mirrored securely to a location in your control on a regular basis so that if there’s a problem, you have a secure and current data set to work from. This may be required or important under your company’s business continuity plan, and your contractual commitments to your clients.
  • Know your alternatives. Keep abreast of alternative partners/providers, do initial vetting from a security perspective, and maintain relationships with them. If a problem occurs, the company may have to switch partners/providers quickly. If you have taken the time to cultivate a “rainy day” relationship, that partner/provider may be happy to go out of their way to help you onboard quickly should a problem with your existing partner/provider occur (in the hopes that your company may reward their help with a long-term relationship).
  • Know what you have to do to avoid a problem. Once negotiated, contracts often go in the drawer, and the parties just “go about their business.” Make sure you know what your and your partner/provider’s contractual obligations are, and follow them. If they have “outs” under the contract, ensure you know what you need to do in order to ensure they cannot exercise them. If terms of use or an Acceptable Use Policy (AUP) or other partner/provider policies apply, make sure the right groups at your company are familiar with your obligations, and ensure they are being checked regularly in case they are updated or changed. If possible, minimize the number of “outs” during the negotiation. For existing or inherited partners/providers, consider preparing a list of the provisions you want to try to remove from their agreements so you can try to address them when the opportunity arises in the future (e.g., in connection with a renewal negotiation).
  • Put contractual provisions in place. Sales and Procurement should partner with IT and Legal to ensure that the right risk mitigation provisions are included in partner/provider agreements on an as-needed basis. Consider adding a standard privacy and security addendum to your agreements, whether on their paper or yours. Common provisions to consider include a security safeguards requirement; obligation to protect your network credentials in their possession; obligation to provide security awareness training (including anti-phishing) to their employees (consider asking for the right to test their employees with manufactured phishing emails, or getting an obligation that they will do so); requiring partners/providers to maintain industry standard certifications such as ISO 27001 certification, PCI certification, SOC 2 Type 2 obligations, etc.; obligation to encrypt sensitive personal information in their possession; obligations to carry insurance covering certain types of risks (ensure your company is named as an additional insured, and try to obtain a waiver of the right of subrogation); rights to perform penetration testing (or an obligation for them to do so); a obligation to comply with all applicable laws, rules and regulations); an obligation to complete an information security questionnaire and participate in an audit; language addressing what happens in the event of a security breach; and termination rights in the event the partner is not living up to their obligations. Not all of these provisions make sense for every partner/provider. Another approach to consider is to add appropriate provisions to a supplier/vendor code of conduct incorporated by reference into your partner/provider agreements (ensure conflicts are resolved in favor of the code of conduct).

Shifting the Risks

  • Use contractual indemnities. An indemnity is a contractual risk-shifting term through which one party agrees to bear the costs and expenses arising from, resulting from or related to certain claims or losses suffered by another party. Consider whether to include in your partner/provider agreement an indemnity obligation for breaches of representations/warranties/covenants, breach of material obligations, breach of confidentiality/security, etc. Consider whether to ask for a first party indemnity (essentially insurance, much harder to get) vs. a third party indemnity (insulation from third party lawsuits). Remember that an indemnity is only as good as the company standing behind it. Also, pay close attention to the limitation of liability and disclaimer of warranties/damages clauses in the agreement to ensure they are broad enough for your company.
  • Request a Parental Guaranty. If the contracting party isn’t fully capitalized, or is the subsidiary of a larger “deep pocketed” organization, consider requesting a performance and payment/indemnification guaranty to ensure you can pursue the parent if the subsidiary you are contracting with fails to comply with its contractual obligations.
  • Acquire insurance. Finally, consider whether your existing or other available insurance coverage would protect you against certain risks arising from your partner/provider relationships. Review the biggest risks faced by your company (including risks impacting your partner/provider agreements) on a regular basis to determine if changes to your insurance coverage profile are warranted; your coverage should evolve as your business evolves. Understand what exclusions apply to your insurance, and consider asking your broker walk you through your coverage on an annual basis.

Don’t Overlook These 6 Important Contract Clauses

Managing the review and negotiation of contracts involves regular stack ranking of projects. With many agreements to review and other job responsibilities for both in-house counsel and business counterparts alike, the value or strategic importance of the agreement often determines the amount of attention it receives. Given this, attorneys and their business counterparts generally do not have time for a “deep dive” into every nook and cranny of an agreement under negotiation. They focus their available resources on the big-ticket items — obligations of the parties, termination rights, ownership, confidentiality, indemnification/limitation of liability, and the like — and may only have time for a cursory review (at best) of other contract terms that appear in most agreements, called the “legal boilerplate.”

If you have a little extra time to spend on an agreement, here are six clauses that are worth a closer review. Why these? If worded improperly, each of these clauses can have a significant adverse impact on your company in the event of an issue or dispute involving that clause.

(1) the Notices clause. Failure to provide timely notice can case major issues. So can failing to receive a notice that was properly served. If mail can take some time to be routed internally, consider avoiding certified or first-class mail as a method of service. Personal delivery and nationally or internationally recognized express courier service (FedEx, UPS, DHL, etc.) with signature required on delivery are always good choices. Notice by confirmed fax or by email to a role address (e.g., “”) are also options to consider, either as a primary method of notice or as a required courtesy copy of the official notice. Use a role and not a named person in the ATTN: line – if the named person leaves, routing of the notice may be delayed. Consider requiring that a copy of every notice be sent to your legal counsel. Consider whether to make notice effective on delivery, versus effective a fixed number of days after sending (whether or not actually received). It is also worth considering making notice effective on a refused delivery attempt – the other side should not be able to refuse a package to avoid being served with notice. Ensure delivery is established by the delivery receipt or supporting records.

(2) the Dispute Resolution clause. Ensure the agreement’s dispute resolution mechanism (litigation vs. arbitration), and any dispute escalation language, is right for your company given the potential claims and damages that could come into play if you have a dispute. Make sure you’re OK with the state whose law governs the agreement (and ensure it applies without regard to or application of its conflicts-of-laws provisions). If neither home state law is acceptable, consider a “neutral” jurisdiction with well-developed common law governing contracts e.g., New York. Ensure you’re OK with the venue — consider whether it is non-exclusive (claims can be brought there) or exclusive (claims can only be brought there), and whether a “defendant’s home court” clause might be appropriate (a proceeding must be brought in the defendant’s venue). Finally, ensure the parties’ rights to seek injunctive relief — an order to stop doing something, such as a temporary restraining order or injunction, or an order to compel someone to do something — are not too easy or hard to obtain. In some cases, whether a party needs to prove actual damages or post a bond in order to obtain an injunction can play a critical role.

(3) the Order of Precedence clause. If your agreement has multiple components (e.g., a master services agreement, separate Terms and Conditions, incorporated policies from a web site, service exhibits or addenda, statements of work, project specifications, change orders, etc.), which piece controls over another can become critically important if there is a conflict between the two (e.g., liability is capped in Terms and Conditions, but unlimited in a Statement of Work). Ensure the order of precedence works for you. Consider whether to allow an override of the order of precedence if expressly and mutually agreed to in an otherwise non-controlling contract component. Don’t forget about purchase orders — they often have standard terms which can conflict with or override the contract terms unless they are specifically excluded. If you are negotiating a SaaS agreement, consider how acceptable use policies, terms of use, and other online policies may relate to the agreement. Watch out for other agreements/terms incorporated by reference, or on the other hand, consider incorporating your standard terms and having them control in the event of conflicting terms.

(4) the Assignment/Change of Control clause. If consent to assignment or a change of control is required, the clause can create significant headaches and delays during an M&A closing process or during a corporate reorganization. A client or vendor with “veto power” could leverage that power to get out of the contract, or to obtain concessions/renegotiated terms. Consider whether to include appropriate exclusions from consent in the event of a reorganization or change of control, but keep a notice requirement. Consider whether a parental guaranty is an appropriate trade-off for waiving consent. Also consider whether consent is needed in a transaction where the party continues to do business in the same manner it did before (e.g., change of control of a parent company only).

(5) the Subcontractor clause. Ensure you have approval rights over subcontractors where necessary and appropriate, especially if they are performing material obligations under the agreement or will have access to customer data or your systems. A service provider may not be willing or able to give an approval right to a subcontractor providing services across multiple clients, but may be OK with approval of a subcontractor providing services exclusively or substantially for your company. Include the ability to do due diligence on the subcontractor; remember that subcontractors can be an attack route for hackers seeking to compromise a company’s network. Ensure a party is fully liable for all acts and omissions of the contractor. Consider pushing security obligations through to the subcontractor. Require subcontractors to provide phishing training.  Consider limitations on what obligations of the other party can be subcontracted.

(6) the Non-Solicitation clause. Consider limiting a non-solicitation clause to those employees key to each party’s performance under the agreement, and other named personnel such as executive sponsors or corporate officers. Most often, neither party can live up to a clause that covers every employee at the company. Ensure there are appropriate exclusions for responses to job postings, recruiter introductions, and contact initiated by the covered party. Consider whether the clause prevents soliciting an employee as well as hiring them, and whether you want to restrict one or both.

Refresh your Contract Templates for Shorter Negotiations and Happier Clients/Customers

The old adage “if it isn’t broke, don’t fix it” was never meant for contract templates.  Businesses and business processes are always changing and evolving, and contracts need to change and evolve along with them. Over time, your contract will diverge from your marketing materials and sales proposals, the current operational reality of your business, and/or your company’s current risk profile.  When that happens, the contract may slow down a fast-moving customer sale by prolonging the negotiation cycle as you work through the inconsistencies or outdated commitments, or worse, a client or customer may look to hold your company to perform obligations you can’t satisfy as written.  Refreshing your contract template helps ensure you are keeping the negotiation cycle as short as possible and ensuring what you commit to contractually aligns with your actual performance under the agreement, which contributes to a positive client/customer relationship.

Setting Refresh Goals.  The first thing to do when starting a contract refresh cycle is to ensure the business and legal teams are aligned on the goals of the contract refresh.  In most cases, the goals include:

  • To ensure the contract template accurately reflects the operational reality of the business;
  • To shorten and clarify the contract template;
  • To make contract negotiations go more quickly and smoothly;
  • To remove as many ambiguous terms from the contract template as possible; and
  • To ensure the contract template is as fair and balanced as possible while protecting your company’s interests.

Once your goals are set, the following steps can help you get the most out of your contract refresh.  Keep your refresh goals in mind as you go through each of these steps.

  1. Re-evaluate (and if needed, optimize) the contract model. Take a look at the core model of your contract.  Is it a Master Services Agreement with Statements of Work, Project Assignments or Service Orders?  One single contract containing terms for all products and services offered by the company with a checklist and pricing to select the products and services to be provided? The first step in a contract refresh is to ensure the contract model is the best one for your business and the business offering. The contract model should present the terms for your product or service in the simplest way possible, while allowing for flexibility of adding on services if needed. Your current model may be the right one for your business, but it’s important to ask the question.  For example, if your clients/customers consistently try to push their own paper on you with a different contracting model, think about whether their model (or elements of it) might make sense for your business.While you want to ensure your agreement anticipates how you’ll do business generally for the next 12-24 months, be careful trying to “future-proof” your contract by adding terms for service offerings you plan to roll out in the future.  You don’t want to make the agreement longer than it needs to be, and until the service offering is finalized the terms relating to it may change, meaning the terms you put into the contract will need to be changed anyway.  In this case, design your template with add-on services in mind so they can be added later.  Also, consider whether on-line terms, or an online policy such as an acceptable use policy referenced in and incorporated by reference into the Agreement, may help streamline the contract and allow for greater flexibility in changing those terms to reflect changes in your business.The appearance and readability of your contract matters just as much as the content and model. Ensure the contract is readable — use a common font and a readable font size.  Be sure to use headers and footers with page numbers and a confidentiality legend if appropriate. If you don’t use version numbers on your templates, consider adding version numbers to make sure you can easily track different versions of your contract templates (e.g., v2016.02.24 for the version released on February 24, 2016).  Consider running your template by your marketing department for their suggestions on making it look good.
  2. Confirm alignment with the sales proposal and marketing collateral. It’s a good idea to compare the contract template against the sales proposal and your company’s corporate website and marketing collateral. While there is always marketing fluff in sales proposals and marketing, ensure that the contract accurately reflects the proposal terms and commitments in marketing materials. If there are inconsistencies, ensure they are resolved.  Few things will cause a contract negotiation to bog down right out of the gate than the other side thinking the terms in the contract don’t match the terms in the proposal or the company’s marketing collateral that led them to want to do business with your company.Consider gathering all of the pricing and key business terms into one section or appendix.  Having pricing and key business terms scattered throughout an agreement can be very confusing.  The pricing and key business terms in the contract should match up to those in your sales proposal or deal term sheet, and where possible should follow a consistent format, structure and layout.  That way, when the other side receives your contract and compares the contract terms to the proposal or term sheet, they’ll see a 1:1 match which can help keep positive momentum going.
  3. Review previous redlines, look at previous business disputes, and talk to sales personnel. Quite often, there are standard compromise or fallback positions that become commonly used in negotiation as the contract template diverges from the operational reality and/or company risk profile.  Go back through previous redlines to identify compromises or fallback provisions that are agreed to on a regular basis. Consider whether that fallback provision should become the new standard provision in the agreement to remove it as a common negotiating point. Also, look at any business disputes you’ve had with your clients/customers that arose from or related to an ambiguity or issue in the contract, and look at any resulting operational changes that were made. Consider whether revisions to the contract would help avoid similar disputes in the future or better reflect the revised operational process.Talk to sales personnel involved in the negotiation of agreements based on the template, either individually or as a group, for their input on what sections are most frequently negotiated.  Identify terms or provisions in the agreement that are regularly negotiated – e.g., the non-solicitation provision, press release language, security and data breach language, termination for convenience language, indemnities, limitation of liability, etc.  Look at those terms/provisions to see if there is an alternative provision, or alternative wording, that works for your company and will eliminate the need to negotiate that point every time.  For example, if your contractual payment terms are net 15 but most parties ask for net 30, and you don’t really charge interest on late payments until they are at least 30 days past due (45 days from invoice date), it may be worth changing the payment terms to net 30 in the contract to eliminate this negotiation point.
  4. Streamline and simplify the template. Review the contract template to streamline and simplify it as much as possible. Don’t say something in three sentences that can be said in one.  Use a defined term to avoid having to repeat a lengthy phrase throughout the agreement.  Avoid including fluff in the agreement, such as a full page of WHEREAS clauses, unless there’s a compelling need for it. Ask people at your company who don’t normally read contracts to read it and highlight any language that seems confusing, and see if clarifying revisions make sense.  Avoid legalese wherever possible. Ensuring your contract is as clear as possible helps avoid disputes with your clients/customers by minimizing the chance that an ambiguous term is interpreted differently by the parties (or worse, that a party relies on that interpretation to take a particular course of action that can’t easily be undone).
  5. Validate the pricing and terms/obligations with stakeholders. Obtain (or make) a list of all of the department heads and business owners in your company whose team/group/division has operational responsibility for terms in the agreement (for simplicity, we’ll call these department heads and business owners “stakeholders”).  The review should include not only the business terms with business stakeholders, but also the legal and risk allocation terms (e.g., representations/warranties, indemnifications, disclaimer of warranties, limitation of liability, etc.) with legal and compliance stakeholders.Mark up a copy of the template to identify which pricing and business terms and obligations are tied to which stakeholders.  Circulate the draft to each stakeholder, and set up a meeting with each to review, modify and obtain sign-off on contract language and provisions related to that stakeholder.  If you’ve already identified potential changes to streamline the contract (such as in #3 or #4 above), review those with the stakeholder to obtain buy-in, and ask the stakeholder if they have any additional suggestions on ways to streamline and simplify the agreement terms relevant to that Stakeholder. If a stakeholder indicates that your company doesn’t really do what a particular contract provision says, either remove the obligation from the agreement or ensure the stakeholder commits to the company’s performance of that obligation.

A few closing thoughts:

  • Once the contract refresh is complete, determine who needs to sign off on the new template before it’s introduced for use, and obtain their approval to start using the new template.
  • Consider using communication plan to introduce the refreshed template to personnel involved in negotiating the agreement such as your sales and Finance teams.  Also consider whether the creation of a companion explanatory document such as a contract FAQ, or embedded comments in the draft itself, would help your clients/customers better understand your agreement and further shorten the negotiation cycle.
  • If you are updating a set of online terms or an online agreement where the changes will automatically apply, ensure you follow any notice requirements for amendments or changes to the agreement.
  • Make sure you archive a copy of the contract template being refreshed.  You may need to refer to it later, e.g., if there is a client/customer dispute involving the older template.
  • Finally, set a regular review cycle (ideally no less than once a quarter) to check with Stakeholders and ensure there have been no major changes from a business or legal perspective that require changes to the agreement template.

10 Common Negotiation Positions and How To Work Through Them

One of the more frustrating things to run into during a contract negotiation is the “stock position.”  These are negotiation positions often used as tactics to shut down discussion on a point, or to push back on an otherwise reasonable request  Part of every attorney’s job is to find and leverage ways to make the negotiation cycle more efficient.  Being prepared for these 10 common negotiation positions, and knowing ways to work through them, can help you avoid a stumble on your way to the negotiation finish line.

10. It’s Locked Down (“We only send our agreement as a [PDF/locked Word document].”)
Why you hear this: Some companies try to limit redlines to their agreements by only distributing agreements as a PDF or a Word document locked against editing, making it very burdensome if you want to propose changes.
How to respond:  Propose capturing any changes in an amendment or rider to keep the agreement itself as-is, but ask for a Word version so you can show the changes you’d propose be captured in the amendment or rider.  If they won’t budge, consider creating your own Word version to redline (modern versions of Adobe Acrobat Pro have built-in OCR that lets you save a PDF in Word format, or you can print and then use Optical Character Recognition (OCR) to convert the PDF to an editable version). You can also create an unlocked version of a Word document for editing purposes fairly easily – see my earlier article on this topic.  If you create an editable version yourself, be sure to state in your cover note when sending the agreement back that you have created a Word version solely to facilitate your and their negotiation of the agreement, and reiterate that you would be happy to capture the agreed-upon changes in an amendment or rider to the agreement.

9. Can’t Help You There (“I don’t have the authority to negotiate that.”)
Why you hear this: The person you are negotiating with either doesn’t have the authority to approve changes to this provision, or wants you to think that he/she can’t make changes to it.
How to respond: If the change is important to your company, let them know why, and ask them if they can break out to seek approval from a person with authority (you’ll hold if on a call). Alternatively, ask if the person with authority can join the conference call or meeting so you can explain the importance of the change or provision directly.  If they balk, ask them to set up a follow-up call or meeting with the person with authority.  If they’re bluffing, asking them to bring in someone with authority may result in a change in position.

8. We’re The Best Around (“Do you know who we are? We’re the number one [vendor/supplier/provider/client] [of/to] [thing] in the [geographic area].”)
Why you hear this:  This response is the equivalent of “we’re the big fish in this pond – be lucky you’re working with us.”  They’re trying to use their market position to get you to back off your position or request.
How to respond: This is one of the reasons it’s important to have a credible backup partner/supplier/vendor waiting in the wings, or at least know who the other party’s major competitors are.  If your position or request is reasonable, you’ll need to stand your ground.  Let them know that while you are aware they are a major player, your request is important to your company, and that you hope they can negotiate on this point.  If you hold fast, you may have to drop the names of their competitors (if you know the name of a sales rep in your area, drop that) and let them know, expressly or by implication, that their willingness to work with you on this point is more important than your desire to work with the top player in the market.

7. Don’t Stop Us Now (“Why are you asking about that? You’re slowing the deal down/this [will/may] cause us to miss our [contract execution date/launch date/etc.].”)
Why you hear this: All too often, parties enter negotiation where one or both are already committed or invested in the relationship — implementation has already started, financial forecasting has already assumed the agreement is completed by a certain date, commitments regarding the agreement have been made to senior management, etc. The other side may be trying to leverage a “need for speed” on your company’s part to avoid discussion of potentially contentious or unfavorable points.
How to respond: It depends on what is more important to your company — getting the deal done quickly, or taking the time to negotiate your point.  If it’s a “nice to have” point, discuss the pros and cons internally of giving on the position in the interests of time.  If it’s a “must have,” call the other side’s bluff and let them know that while you understand that digging into this point may impact the negotiation or launch schedule, resolving this point must take precedence. If you do that, be aware that the other side may try to “forum shop” and reach out to one of the negotiating parties, or a superior, who they think is feeling pressure to close the deal and can exert leverage to get past this point. Propose alternative or compromise positions, and offer to work on a compromise in real-time on a call or via a WebEx or GoToMeeting session to keep the ball rolling.

6. Take Our Word For It (“I know the contract doesn’t say that, but it’s our practice.”)
Why you hear this: The contract template you are working from may be old and no longer tracks to the operational realities of the parties’ obligations and duties.  It’s also used where the other side is unwilling to commit contractually to a negotiating or marketing statement or position.
How to respond: Stress that the contract needs to accurately reflect the business and operational reality of the relationship.  If it’s their practice, they should be willing to give you a contractual commitment on it. If they refuse, let them know that if they can’t back up their statement with a corresponding obligation in the contract, that’s a red flag and you’ll need to discuss their position with your business team (in other words, give them a Don’t Stop Now). Consider ending the call/meeting early to huddle with your business team on this point – it can send a message to the other side that you are serious about this issue.

5. We Can’t Afford That (“That will affect our revenue recognition.”)
Why you hear this: The requested change could require them to spread the revenue across a longer period of time, or shift it from one fiscal month/quarter/year to the next. If the sales rep has already committed a contract close to the business, or is planning on it to meet quota or get bonus, this can be a major stumbling block for them. For example, a termination for convenience clause can often affect revenue recognition.
How to respond: This can be a legitimate argument.  However, there is often a creative way to structure terms that meets their revenue recognition requirements yet gives your company the flexibility it needs.  Put on the creativity hat and work with your business/legal counterpart, and your finance team, to try to find an alternative that will work.  If not, you’ll need to stand firm and see whether they want the business even with altered revenue recognition terms.

4. You Don’t Need To See That Now (“We don’t give our [customers/partners] our [documentation/policies] before they sign the agreement.”)
Why you hear this: If an agreement has policies that apply to your company and are referenced or incorporated by reference in the agreement (e.g., Terms of Use, Terms of Service, Vendor Code of Conduct, Conflict of Interest Policy, Trademark Guidelines, etc.), taking the time to review these policies can extend the negotiation cycle.  They agreement may also contain a warranty that the product or service conforms to the documentation, which you’ll need to review to understand how strong of a warranty you’re getting. If there’s anything in there that your company can’t abide by, you could be setting your company up for a problem out of the gate.
How to respond: Explain that your company can’t fully commit to an agreement until it has reviewed and signed off on all terms and policies related to the agreement. If they’re balking at providing documentation relating to a warranty section, let them know you need to see the documentation first.  See if there’s a group within your company that can play “bad cop” here, e.g., “Internal Audit needs to see it before we can sign.” Consider adding a 30-day right to rescind to the agreement in your client’s favor, which lets you sign first, but lets you back out if you don’t like the terms of their policies. Search online — many times you can find a policy on the other side’s own website.

3. I Can’t Believe You Said That (“We take offense to your position that we might [lose your data/breach the warranties, etc.]”)
Why you hear this: The “rightful indignation” argument is common when the other party wants to avoid a discussion on a topic, or truly doesn’t understand why you would be asking about that.  They may be confusing your risk management with an insinuation that you don’t trust they can live up to their obligations.
How to respond: Explain why the issue is important to your company.  If your company has been burned by the issue in the past, or your General Counsel/management team is focused on this issue, let them know — almost every company has some hot-button issue that can impact its contract negotiations.  You can also let them know you’ve seen recent articles about this issue and it’s top of mind.  Be sure to stress that you’re not playing Devil’s advocate and looking at the worst-case scenario, but you’re rather be prepared for the worst and have some extra words in the contract than be caught unprepared when the unthinkable happens.

2. That Comes Later (“We will [address/schedule] [your implementation/that topic] in a [SOW/Addendum] after we sign.”) 
Why you hear this: Punting on a contentious or time-consuming issue, such as ownership of deliverables, can help move the agreement to completion.  Once the contract is signed, however, you may lose your leverage to negotiate that provision.  Alternatively, the other party may attempt to include a provision in the SOW/Addendum that will take precedence over a corresponding provision in the base agreement, essentially renegotiating it.
How to respond: If a provision is material or critical to the agreement or to your company, insist that it’s negotiated as part of, or at the same time as, the agreement. Ensure you have a strong order of precedence clause so your negotiated wins in the agreement aren’t undone in a later document.

1. That One’s New (“No one has ever asked us for that before/we’ve never given that to anyone before.”)
Why you hear this: Unless a company is very new, it’s very uncommon that no one has ever asked for a particular request before.  It’s more likely that the person you are negotiating with has never heard anyone ask for that before.
How to respond: Ask them to confirm they are saying that no contract the company has ever signed has had that provision.  If they hold firm, use it as an opportunity to push for a contractual representation to that effect (putting their money where there mouth is), and/or push for a “most favored nations” (MFN) clause on that term so that if they do offer that term to anyone in the future it will be automatically incorporated into your agreement. These approaches often lead to a change of tune. They may try to limit a rep or MFN clause to similarly situated clients/partners – consider whether this makes sense.

Revisiting Risk Management

A couple of years ago, I wrote an article on “Risk Management 101.”  Risk management is not the same as risk avoidance — taking risk is an important driver of business growth. As an attorney, it’s important to recognize that “zealously representing your client” is not the same thing as insulating your client from risk.  Risk in business is like risk in investing; you have to be willing to take a loss if you want to achieve solid growth, and your appetite for risk determines how much risk you’re willing to take.  Any risk management decision is a decision on whether or not to proceed with a particular course of action (or inaction) given the balance between the potential benefits and the potential risks.  Given the importance of risk management, I thought it was time to revisit the topic.

What to do with business risk. Once you’ve identified a business risk, there are four things you can do with it:

  • Mitigate it by following or implementing technical, administrative or procedural steps or safeguards, or best practices, to reduce your company’s exposure to the risk;
  • Shift it by making another party responsible for the risk exposure through contract terms (e.g., representations and indemnification, liquidated damages, etc., requirements to be named as an additional insured or loss payee under the other party’s insurance), or through obtaining your own insurance;
  • Reject it by walking away from the proposed course of action or inaction that causes the business risk; or
  • Accept it by proceeding with the proposed course of action or inaction knowing it could cause an exposure based on the business risk.

When faced with a business risk that calls for a risk management decision, you should first reduce the risk, then decide what to do with the remaining risk.

  • To reduce the risk, the attorney will partner with his or her business counterparts to mitigate and shift as much of the risk as possible.  For example, the attorney will work with business owners to determine if there are procedures in place to control the risk, or whether procedures could be put in place to help control the risk.  The attorney will work with the company’s insurance group to see if its insurance will cover the risk.  If the risk is arising in the context of a contract, the attorney will work to incorporate risk shifting provisions into the agreement to control the risk.  The goal is to reduce the risk as much as possible, but be mindful that there can be an ROI impact here.  If mitigating a risk through new processes, new insurance premiums, etc. increases the cost to the business, the overall costs from taking the course of action is impacted.
  • Once the risk has been reduced, a decision has to be made to accept or reject the remaining risk.  Unless the risk relates to a violation of law, the attorney will turn to the business decision-maker to call the ball.  When presenting a risk decision to the decision-maker, (1) describe the business risk; (2) explain what risk mitigation steps will be implemented or taken; (3) explain the potential costs related to the remaining risk (both tangible, e.g., cost, and intangible, e.g., impact to the business), and the benefits of the course of action; and (4) let the business decision-maker call the ball.   This way, the business decision-maker can make an informed business risk decision.  The amount of detail you go into is often driven by the speed at which the decision needs to be made.  If a decision must be made quickly, you may not have the time to explore risk mitigation steps first, in which case you can describe the mitigation steps that could be taken. Consider your audience — be as concise as possible in describing the costs and benefits to management.  Make sure the person that is approving or rejecting the risk has the authority to do so within the organization. Lastly, the attorney and business person should ensure that the risk management decision is documented in case an issue arises later on.

What to do if a risk exposure occurs. While the initial instinct when something bad happens is to assess blame, an authorized decision-maker who makes a well-informed business risk decision should not be “thrown under the bus” if the risk exposure ultimately occurs. If proper risk management procedures are followed, the exposure should result in a review of the risk management decision to see if other “hindsight” data points would have impacted the risk management decision if known at the time, and determine if changes to the decision-making process or the company’s risk profile are appropriate on a go-forward basis.  Risk exposures will happen in business. If a decision-maker is disciplined (or worse) in the event of an exposure just for making the business risk decision, even if the benefits far outweighed the potential risks at the time the decision was made, the company will send the message that good risk management practices don’t matter to management.  Reward those who follow good risk management practices.

Accepting a business risk is the same thing as electing to self-insure against the risk. If you don’t identify and manage a risk, your business is accepting the entire risk without any mitigation steps.  For small risks, this usually doesn’t cause a problem.  For bigger risks, this can be catastrophic.  Understanding, implementing, and fostering solid risk mitigation practices at your company can make all the difference.

Six Tips for Working Efficiently and Effectively With Your Attorney in Contract Negotiations

Some people dread having to go to their legal counsel with a contract for review and negotiation.  “It’s the department of business prevention”; “we’ll never get it done”; “my attorney doesn’t understand what the business needs.”  Quite the contrary. In-house counsel want to partner with you to facilitate the company’s business objectives and help the company succeed, while at the same time managing risk to our client – the company. Ensuring you and your attorney work together as effectively and efficiently as possible is key to this process.  Here are 6 tips to keep in mind when working with your attorney in contract negotiations.

  1. Contract negotiation is a partnership, not a handoff. Contracts contain both legal and business terms. We will largely defer to you on the business terms (unless it’s something we’ve seen before that we know is a problem), and will focus on ensuring the legal terms are in order. You need to be a part of the negotiation process to provide guidance and approvals on business terms as they are negotiated.  If you submit a contract for review and then just wait for an email saying it’s done and signed, it will slow down the process as we’ll have to reach out to you, or worse, make assumptions about what your business needs are or what you are OK agreeing to in the contract.
  1. Negotiations can take time – don’t wait until the last minute to engage Legal. Negotiations can take time, but attorneys don’t want to drag them out – we have a lot of work on our plate, and we want to enable you to start working with the company or vendor so you can meet our corporate objectives. However, part of our job is also to negotiate terms that protect the company, and to help you navigate around the pitfalls and mountains.  If you come to us at the last minute and there are major issues (e.g., risks we can’t accept without high level approval), it’s a no-win situation – we feel you’re not giving us time to do our job as attorneys, you’re unhappy because the agreement can’t get done by your desired completion date, your boss is unhappy because you missed your deadline, others whose work depends on the negotiated partnership or vendor relationship are negatively affected, etc.

Build time for the legal review process into your project timeline, and if you’re unsure ask your attorney how much time they think it will take before you even get to the contract phase.   Engage Legal with questions on business terms or legal terms early in the process if it will help streamline the negotiation later on — we can help you structure business terms up front while they are being negotiated, to make the negotiation process go more smoothly.

  1. Provide complete business terms when you submit your contract request. Unless you are requesting a standard form agreement on your company’s paper, we need to know as much detail on the business terms as you can provide when you submit a contract request to Legal. Otherwise, we may have to make assumptions about what you’re looking for, and if we’re wrong it will mean redrafting work which will slow down the process. If you have a term sheet, attach it. If not, summarize the business terms in the request with as much detail as you can provide.  Include the full legal name of the other party, and their street address.  We’ll call you to flesh out any terms on which we have questions or need more information or detail.  Also, read the draft carefully before you forward it to the other side.  If the contract doesn’t match the business terms that were discussed, we’ll stumble right out of the gate on the contract negotiation.
  1. When you get a draft or get back redlines, add your comments on the business terms before submitting it to Legal.  If you send a draft on the other side’s paper or you receive redlines from the other side, go through it before you send it to Legal and mark it up with your comments and edits to any business terms.  If you need to reach out to internal business owners for their input or approval (e.g., Finance on payment terms, IT on SLAs, etc.), either do it before sending the draft to Legal, or indicate in the draft that you’re following up on an open business point before you send it to Legal.  Otherwise, the internal discussion draft you get from Legal will just include notes on where you need to provide input on business terms, slowing down the process.
  1. Listen to your lawyer’s suggestions – we’ve done this before. We have been in many contract negotiations, and have seen most contract provisions before.  We often know what provisions work with the company’s internal processes and requirements, and how third parties are likely to negotiate and come out on a given provision. If you come in with a business term or a position on an open point that we think may be a tough sell to the other party or is “out of the box” from an internal process perspective, our experience can help you avoid going down dark alleys or dead ends in the negotiation.  Good attorneys don’t just spot problems, but also offer alternatives to try to find a workable solution.  We may be able to offer an alternative provision or wording that meets your business needs, works for the other party, and satisfies your internal processes.

Attorneys usually have a sense as to which approach to contract negotiation (exchanging redlines right away, hopping on a call with the other side right away, exchange redlines first then get on a call, etc.) will be most effective for a particular contract or third party.  Your instinct may be to jump on a call with the other side as soon as you send or receive a draft, but in some cases that may end up unintentionally slowing down the negotiation. Tech-savvy attorneys may also suggest leveraging technological tools to increase speed and efficiency, e.g., WebEx online conferencing to make edits to the draft in real-time as if all parties are sitting in a conference room together.

  1. Attorneys will advise on the risks and share their opinion, but the business needs to “call the ball.” Every contract involves risks and rewards.  My job is to shift as much risk as I can (e.g., through contract terms), and to help explain how to mitigate risks (e.g., through internal process or procedure to control it).  Any remaining risk needs to be accepted (we understand but the benefits are worth it) or rejected (the benefits aren’t worth it) by the business.  Unless something is illegal or there’s simply too much pure legal risk to proceed, the attorney isn’t the one who should be making that risk decision.  We may share our opinion, but we can’t make the decision.  You (or someone higher up in the company) needs to make the risk decision after weighing the pros and cons.  If no one wants to be the decision-maker, the negotiation will grind to a halt.

The Why, When and How of Confidentiality Agreements (Part 2)

Nondisclosure Agreements (NDAs), a/k/a Nondisclosure Agreements (NAs), Confidentiality Agreements (CAs), Confidential Disclosure Agreements (CDAs), and Proprietary Information Agreements (PIAs), are something most business leaders and lawyers deal with from time to time.  However, few companies have implemented policies stating why, when and how NDAs should be used.  In Part 1 of this article, I talked about the “why” and the “when.”  Part 2 covers the “how.”

HOW to use an NDA.  Once you’ve figured out the why and the when, use the following tips and tricks as you work with NDAs:

  • Keep them fair and balanced. While you always want to try to avoid getting bogged down in contract negotiations, this is especially true for NDAs typically entered into at the outset of a relationship or where disclosure of specialized information is needed to further a business purpose.  Counsel should work with business leaders to ensure the NDA template is fair and balanced. If a potential partner or vendor insists on their NDA, consider whether it is fair and balanced – if it is, it may not be the best time for a battle over whose form to use.
  • Make sure “purpose” is defined. NDAs should include a description of why the parties are sharing information (a potential business relationship between them, a potential business combination, to allow your company to participate in an activity, etc.)  This is usually defined as the “Purpose.” Defining the Purpose, and restricting the recipient’s use of your CI to the Purpose, can help ensure contractually that information you disclose is not misused.
  • Avoid sharing customer records or personally identifiable information under an NDA. Be very careful if you want to share customer or employee records or other personally identifiable information under an NDA. You generally need other security protections that aren’t in a standard NDA; your privacy policy might not allow it; you may not have the necessary permissions from the data subjects to share it; there may be specialized laws (e.g., HIPAA) that could be impacted; etc.  If you need to share data to evaluate a new product or service, use dummy data.
  • Ensure “Confidential Information” covers what you want to share. Make sure the definition of “Confidential Information” is broad enough to cover all of the information that you’re planning to share.  Whether you are disclosing financial projections, business plans, network credentials, samples of new products, or other information, if it’s not covered by the definition the recipient has no obligation to protect it.
  • Watch out for “residuals” clauses. One dangerous clause to watch out for (and avoid) in NDAs is the “Residuals” clause.  “Residuals” are what you retain in memory after you look at something (provided you don’t intentionally try to memorize it).  Residuals clauses let you use any residuals from the other party’s CI retained in your unaided memory.  However, it’s next to impossible to prove that something was in someone’s “unaided memory.”  Residuals clauses are a very large back door to NDA requirements.
  • Understand the “marking requirements.” NDAs generally require identification of confidential information so that the recipient knows that it should be kept confidential.  For example, you generally have to mark any information in written disclosures as “confidential” using a stamp, watermark, or statement in the header/footer (don’t forget to mark all pages of a document and its exhibits/attachments in case pages get separated).  Some NDAs require that confidential information disclosed orally has to be summarized in a written memo within a certain period of time in order to fall under the NDA – don’t lose sight of this obligation, and consider steps to mitigate the risk if you have this requirement (e.g., a reminder in your lead management system to summarize when a note of a sales call is included).  Other NDAs include a “catch-all” to keep confidential any information where, from the circumstances of disclosure, the disclosing party clearly intended (or the recipient can determine) that it should be kept confidential.  This last clause is a double-edged sword – it ensures the broadest possible protection for you, but also for the other party
  • Look at the “nondisclosure period.” Most NDAs have a defined period of time during which confidentiality obligations will apply to CI.  Once the period ends, your CI is no longer considered confidential by the other party.  If you are disclosing trade secrets, it’s important that they are kept confidential forever, or until the information enters the public domain through someone else’s acts or omissions. Also, consider language that requires the other party to securely dispose of your CI when there is no longer a business or legal need for them to possess it.
  • Control onward transfer. Ensure you’re controlling the onward transfer of your CI.  Generally, a recipient’s onward transfer of your CI should only be permitted when (a) the receiving party is a business partner of the recipient (a contractor, subsidiary, supplier, etc.); (b) the receiving party needs to know the CI in furtherance of the Purpose; and (c) the receiving party is bound by written confidentiality obligations at least as strong as those in the NDA between you and the recipient.  Make sure the NDA holds the recipient liable for any improper disclosure of CI by the third party so you don’t have to go after the third party, and requires that data be transferred securely.
  • Watch out for overlapping confidentiality obligations. As I noted in Part 1, it’s important to look out for duplicate confidentiality obligations governing the same confidential information.  In some cases, a party may suggest that each party sign the other’s NDA.  In other cases, a party might try to keep an NDA alive after a services or other agreement has been finalized and signed.  You should avoid having different confidentiality obligations govern the same agreement, as it can easily lead to a big fight over what contractual obligations and provisions apply in the event of a disclosure, distracting you from dealing with the actual breach of your CI.
  • Be mindful of your return or destruction obligations. In most NDAs there is a requirement for a recipient to return or destroy the discloser’s CI, either upon request and/or upon termination.  Sometimes the discloser gets to pick between return and destruction, sometimes the recipient.  In order to ensure compliance, make sure you limit disclosure of third party CI internally, and keep track of who has access to/copies of it.  Without tracking that information, it’s very difficult to ensure return or deletion when the time comes.
  • Be careful sharing access credentials. If you’re sharing any network or other computer access credentials as part of the Purpose, ensure the NDA contains additional security obligations to maintain appropriate safeguards to protect access credentials, to limit use of them (no onward transfer), notification in the event the credentials are (or are suspected to have been) compromised, and an indemnity if the security obligations are breached.  Remember, the Target breach began with the compromise of a subcontractor’s network credentials.
  • Consider using electronic signatures. As I described in my earlier blog post, using an electronic signature system for NDAs can make the nondisclosure process even more quick and efficient, letting your business team get to sharing information sooner.

There are other NDA issues as well, such as ensuring injunctive relief language is not too limiting or broad for your company’s needs.  As always, consult an attorney with expertise in NDAs (and a business-savvy approach) to ensure your company, its confidential and proprietary information and its trade secrets are properly protected.

The Why, When and How of Confidentiality Agreements (Part 1)

Nondisclosure Agreements (NDAs), a/k/a Nondisclosure Agreements (NAs), Confidentiality Agreements (CAs), Confidential Disclosure Agreements (CDAs), and Proprietary Information Agreements (PIAs), are something most business leaders and lawyers deal with from time to time.  However, few companies have implemented policies stating why, when and how NDAs should be used.  Quite often different people at the same organization take very different approaches to using NDAs, resulting in inconsistent protection of a company’s confidential or proprietary information (“CI”) — or worse, jeopardizing company trade secrets.  This two-part article provides a summary of the why, when and how of NDAs.  In Part 1, I talk about the “why” and the “when.”

WHY to use an NDA.  There are three primary, and sometimes overlapping, reasons why to use an NDA – for protective purposes, for strategic purposes, and for contractual purposes.

  • The most common reason for entering into an NDA is to ensure there are adequate (and binding) protections for your CI before you share sensitive information with another party.  If your company has trade secrets, failing to put confidentiality obligations in place with third parties who have access to your trade secrets can cost you your trade secret protection.
  • An NDA can also be used as a litmus test to gauge whether a party is truly interested and serious about discussions with your company.  If you’re asked to sign an NDA well before confidential information will be exchanged, this might be the reason.  An example is a requirement for potential vendors to sign an NDA before the RFP is provided to them, even if there’s nothing confidential in the RFP.  Requiring an NDA up front can also ensure that you don’t get down the road with a potential vendor or partner only to find that they are resistant to signing an NDA.
  • An existing confidential obligation to a third party may require you to put confidentiality obligations in place with any subcontractor or business partner with whom you need to share the third party’s CI for business purposes (more on this in Part 2).  If an existing agreement with your subcontractor or business partner doesn’t satisfy contractual requirements, a separate NDA may be needed.

If a third party questions why an NDA is needed, consider whether that should be a red flag in and of itself.  They may not view confidentiality as a significant concern or priority, may not be sophisticated about the importance of strong confidentiality practices, or may be trying to get you to reveal confidential information without an NDA in place.

WHEN to use an NDA.  Once you’ve determined that you need an NDA for one or more of the above purposes, you then need to determine when to use one.  Keep these questions in mind:

  • What is confidential information? In order to know when to use an NDA, you need to first know what needs to be protected.  This is often the MOST IMPORTANT question a company can ask.  What information is considered confidential or proprietary information, and what information is a trade secret?  Everything else should be considered non-confidential.  Look at your IT policies to see how data is classified at your company (many classify CI into levels) and use those classifications to determine what categories of information should be protected.  If it’s information you include in your marketing brochures or on your corporate website, it’s not confidential or proprietary information.  Use this test – if you would have a problem with the information showing up on the front page of your local paper or elsewhere for the world to see, or if it ended up in the hands of your competitors, you may want to treat it as confidential if it’s disclosed.  Educate your sales and other internal business teams as to what’s considered CI, and when an NDA is required — make sure to remind them that part of their job to protect your company’s confidential information.
  • Who is disclosing what? Not every discussion about a potential business relationship requires an NDA.  Look at what information may be disclosed and by whom.  If your company isn’t disclosing confidential information as part of the discussion, the onus should be on the other party to ask for an NDA.
  • Are there existing confidentiality terms? Sometimes an existing business partner or vendor will ask for an NDA before sharing information about a new product or service.  Before signing, check your existing agreement to see whether its confidentiality language is broad enough to cover the new information.  If it is, push back on the need for a separate NDA.  You should always try to avoid having multiple confidentiality terms governing the same confidential information (for more on this, see Part 2.)  If they insist, make sure the new NDA is limited in its purpose and does not overlap with the existing agreement.
  • When will sharing begin? Determine when in the in the sales cycle/vendor selection process you need to start sharing CI – that’s your “NDA point.”  Once you’ve determined your NDA point, make sure it’s build it into your SOPs and other business process documentation to minimize the chance that CI is shared without a valid NDA in place.
  • What is the right effective date? In business, the cart sometimes gets ahead of the horse when it comes to getting an NDA in place.  If your company gets out over its ski tips by disclosing CI without having the NDA in place first, ensure that the NDA applies retroactively to by setting the effective date as the date on which confidential information was first disclosed, not the date on which it was signed.

Put Electronic Signatures to Work for You

Companies and in-house law departments are increasingly adopting new technology-driven processes to create efficiencies in their day-to-day operations.  One such process is the use of electronic signatures, or “e-signatures.”  E-signatures provide many benefits to companies if implemented correctly, but there are some important caveats to keep in mind.  Understanding what they are and how to use (and not use) them is critical.

What is an electronic signature?  The federal Electronic Signatures in Global and National Commerce (E-SIGN) Act defines an electronic signature as “an electronic sound, symbol or process which is attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.”  In other words, an electronic signature is an electronic identifier of a person who places it on a document or record and intentionally consents to, accepts, or approves that document or record in a way that the identifier can be attributed to that person. An easy way to remember this is as an electronic identifier that’s affixed, accepted and attributable.  The good news is that E-SIGN’s definition is technology-agnostic, meaning it will apply to new developments in e-signature technology.

Examples of e-signatures include a person’s signature captured on a tablet on a contract followed by pressing a “Purchase” button; pressing a button (e.g., “1”) on your phone on a recorded line to accept a new 2-year cable subscription; checking a box to indicate that you have read and accept a software EULA; or a Google Wallet or Apple Pay transaction automatically done by computers (“electronic agents”) which you initiated and a merchant accepted electronically.

Is it the same as a digital signature? No, although many people use the terms interchangeably.  A digital signature is a more secure form of electronic signature that uses encryption or a biometric identifier to ensure the signature is authentic and can be linked back to the signer.  It can’t be tampered with thanks to the encryption or biometric identifier. (Examples include using a private encryption key to sign a document, or using a thumbprint to embed a digital code in a document.) Digital signatures are commonly found in financial transactions and where being able to detect a forged signature is critical.

Are electronic signatures legal?  Yes.  In 2000, Congress enacted the E-SIGN Act, which states that electronic signatures on contracts and records related to commercial transactions are just as effective as a physical (or “wet” signature). However, if a law or regulation requires a written contract or record, an electronic signature isn’t sufficient if the contract or record can’t be retained and accurately reproduced by all parties. 48 states have enacted their own e-signature law based on the Uniform Electronic Transactions Act (UETA). (MD and VA have enacted a different model law called the Uniform Computer Information Transactions Act (UCITA) that covers computer information.) There are specialized digital signature laws applicable to some industries, such as the federal e-signature regulation specifically related to the FDA. Electronic signatures are generally valid in other countries.

It’s important to note that there are some types of contracts and records that cannot be electronically signed, such as wills, trusts, and marriage certificates/divorce decrees.

Can e-signed documents be notarized?  Yes, but it’s still fairly uncommon. E-SIGN permits electronic notarization.  However, most e-signature providers are still adding functionality to support electronic notarization of an e-signature. You’ll need to find a notary authorized to do e-notarizations (in Minnesota, for example, becoming an e-notary requires an additional authorization on top of your standard notary license). You still have to electronically sign an agreement in the presence of an e-notary (except in Virginia which permits remote notarization, e.g., via video conference), which basically defeats the purpose.  As e-signatures continue to gain traction, e-notarization will likely start to catch up.

If I want to use electronic signatures with my contracts, is there anything I should add to them?  Consider adding a disclaimer such as this to your contract templates: “The Parties agree that electronic signatures are intended to bind each Party with the same force and effect as an original handwritten signature, and a copy containing an electronic signature is considered an original.” UETA requires that the parties have agreed to conduct business electronically. Although it can be inferred from the conduct of the parties, including an affirmative statement can be helpful (and demonstrates to your clients and vendors that you are embracing 21st century contracting methods).

Are there e-signature risks I should watch out for?  The biggest risk is that an e-signature you were relying on turns out to be unenforceable. Just because E-SIGN says that an e-signature has the same legal effect as a physical signature doesn’t mean that it’s automatically enforceable. Parties seeking to avoid liability under a contract may look to attack the validity of the contract in the first place by claiming it was never validly signed.  The identifier on a contract (e.g., “/s/ Scott Signer”) isn’t enough to establish that it’s a valid electronic signature — you have to be able to attribute that identifier to me to provide that I was the one that wrote it.  This gets even more complicated when trying to use e-signatures on a small device, such as a smartphone.

Think of e-signatures as falling into one of two buckets based on whether the contract or record being electronically signed is considered “low priority” (the enforceability is not likely to be challenged, such as on a low-value, one-time transaction), or “high priority” (enforceability of the agreement is very important given the strategic or monetary value of the transaction).  For low priority contracts and records unlikely to be challenged, being able to conclusively attribute an e-signature to a person may be less critical, so an identifier on a contract or record (“/s/ Scott Signer”) without a strong authentication mechanism may be “good enough.”  For high priority contracts and records, being able to conclusively establish affixation, acceptance and attribution is critical, so using a strong e-signature process (such as an e-signature provider) that validates the identity of each signatory, and keeps copies of the signed agreement available to each signatory, can help ensure enforceability.

The reverse is also true — be careful that you don’t unintentionally create an electronic signature (e.g., with an email signature).  You don’t want someone trying to argue that your email saying “yes, that sounds good” to a business offer, where your email had your signature as General Counsel or Chief Operating Officer, constituted a binding agreement.  (I use a disclaimer in my long-form work email signature that emails cannot be used as an electronic signature.)


I would strongly encourage all companies interested in using electronic signatures on contracts to consider an electronic signature provider such as EchoSign or DocuSign.  E-signature providers have well-developed systems that make it easy for companies to execute contracts, forms, and other records electronically through a legally defensible process, can support “batch sending” of documents for signature via a mail merge-like process, and can be configured to automatically send fully executed copies to all parties (as well as to your Legal department or contract manager).