Law firms are learning to avoid adopting technology just for the sake of it, says Roy Russell, managing director of document and information lifecycle management specialist Ascertus. Increasingly, they are learning how to use it successfully to provide a better service for their customers.
You were closely involved with law firms in the early years of your career before concentrating on corporate legal for many years. Now you are working with law firms again—what differences have you noticed?
IT at law firms has certainly become much more of a professional function over the last 12 years or so. In the early days, the role of the IT director, if there was one, or IT manager, was that of a WP supervisor, and they would call in system engineers to get repairs done. They didn’t necessarily need to have a technical background. Today, with clients applying pressure over issues like security and governance, the IT teams are professionally qualified individuals. That’s a big change, and we are now starting to see law firms be as demanding as corporate IT.
The trend among the biggest law firms seems to be to split their IT into two operations—is that something you have noticed?
Yes, they have the business as usual, ‘keep the lights on’ IT, and then they have the strategic business transformation IT. In some firms, the two don’t even seem to work together! There is also a drive help train and build the AI app. A lot of AI licences have been purchased, but it remains to be seen how many of them will be of real use in the firm going forward.
What have you found to be the biggest difference between corporate l egal departments and law firms?
The biggest issue is that in a law firm, the users are fee earners, and in corporate legal departments, the users are a cost centre. Even in the biggest corporates, the departments aren’t that big in Europe—in the US it’s very different—so the corporate legal department, as well as being a cost centre, and therefore facing budgetary constraints, has historically had very little notice taken of it by the IT department.
By contrast, when fee earners sit down at their computer, they can access thousands of pounds worth of software products that are designed to make them more productive. The aim is to enable them to squeeze every last billable second out of the day. Corporate legal departments, when it comes to technology, have been the poor cousin.
They have had to scratch around to get technology. It’s nice that in the last couple of years, legal departments have started to adopt technology much more widely in Europe and we’re starting to see the emergence of the legal operations role as well. That’s helping not just from a technology perspective but also from the finance management side of things. It’s also no surprise that the Corporate Legal Operations Consortium has set up a European chapter and they are starting to see big growth in that.
What are the key risks for law firms when they adopt new technology?
Too often clients get carried away by the sales talk and don’t realise how much effort it takes to maximise the benefits of the product. We have seen a lot of firms rushing to buy AI, for example, not seeing that it was primarily a development tool. There are some products with off-theshelf functionality, but building an AI application from the ground up takes a lot of technical effort and legal effort.
You have to find multiple legal minds to exercise—it’s something they just have to offer. We’ll see a lot more of that this year. In iManage, for example, AI will be able to fill in missing metadata. It will be able to recognise that a document is a letter, or a particular type of contract, and fill in the metadata automatically without the users even touching it. We’ll start to see that lighter touch, under-the-hood AI coming in.
How can they avoid falling into that trap?
If you go to a particular software vendor, their interest is to sell their product regardless of what the client’s requirements are. Historically, clients have paid a lot of money to get around that to do due diligence and get consultants in. These days, they are looking at companies like us who position themselves as solutions providers. We do have relationships with various software vendors, but we are focused on the bigger picture. If we can’t do what’s needed, we’ll point the client to someone who can. We’re starting to see a swing back in the market towards clients paying for that and for quality delivery, whereas for many years the focus was on price. Some would wait for year-end and then demand software at a discount, knowing that sales targets needed to be met. The market has started to realise that you get what you pay for.
Do you expect to see a lot more AI in 2018?
Yes, but it’s going to become something that is embedded within existing applications. Vendors are acquiring AI tools, such as iManage buying RAVN. This means iManage will have AI embedded within it. Software vendors are starting to license AI almost as a box-ticking towards the adoption of technology not just for the sake of it but to provide better customer service, increasing customer satisfaction and retention. From the law firm perspective, it’s also about increasing the recoverability percentage, being able to offer and manage alternative fee arrangements and know that they are going to make a profit at the end of the day.
Security is obviously another big issue as the GDPR approaches. Are you seeing a change in law firms’ security strategies?
With the GDPR [General Data Protection Regulation] countdown well and truly under way, law firms will adopt more advanced approaches to data security.
The Panama Papers and other recent high profile cases have clearly highlighted the reputational damage a security breach can cause. Come 25 May 2018, when the new GDPR comes into force, the business impact of a data breach like that suffered by Appleby [millions of whose documents were disclosed in the ‘Paradise Papers’ leak] will be debilitating for a law firm. Going beyond standard security measures such as analysing application logs, network traffic, endpoint device activity and files downloaded by systems users, firms will adopt more advanced approaches to data security such as behavioural modelling, machine learning
iManage, for example, have expanded their product portfolio to include a feature that can build up a profile of how each user interacts with the system. If that profile changes suddenly, it means that user account has been breached or the user has gone rogue. With monitoring going on every 15 minutes or so, you can nip anything untoward in the bud very quickly. That’s the kind of proactive approach to security that is needed. Firms need to accept that it’s not a matter of if you’re going to be breached, but when.
In 2018 firms will have no choice but to segregate content, establish ethical walls and institute governance policies that allow access to information on a ‘need to know’ basis. This will ensure that only authorised individuals have access to sensitive data—and in the event of credentials being compromised, the impact of the breach will be significantly limited to the account in question.