The successful SaaS lawyer has to play many roles. Gavin Walles, GC at Mention Me talks about being the overseer - enabling teams to self-serve while reducing legal involvement. How does he do it?
In high-growth SaaS companies, there’s usually a set of tools which are seen as the ‘single source of truth’. Salesforce might be the ‘single source of truth’ for revenue; Slack might be the ‘single source of truth’ for communications; Google Drive might be the ‘single source of truth’ for training and knowledge-sharing.
But as a sole lawyer at a SaaS company, with a commercial team that’s growing all the time, my aim is to ensure that legal can introduce the necessary steps into those tools to ensure legal and compliance are taken into account at the outset. In addition, as the company scales I aim to ensure legal compliance doesn’t become a bottleneck.
It’s incumbent on me to find instances where legal could be a bottleneck, and instead, find a scalable process to ensure the business can meet its commercial ambitions.
If all transactions are reliant on one individual and his or her legal expertise, then there’s a potential for that individual to be a bottleneck to allowing the business to operate effectively. If that person takes a holiday, or finds there aren’t enough hours in the day to handle their workload, the process will break. It’s incumbent on me to find all those instances where legal could be a bottleneck, and instead, find a scalable process to ensure the business can function in a compliant way of course but also in a way for it to meet its commercial ambitions.
That means my goal as general counsel is to become an overseer. I have oversight of all legal issues (and business issues), but I don’t need to get involved directly in every single one of them. I enable self-serve so the business can scale, without being solely dependent on me. Legal teams don’t scale in the same way other business teams do and so if I can empower teams to spot a legal problem, flag it to me or better resolve it (if it’s a simple problem without my involvement), then my strategy is working.
Preventing risk, planning ahead 🔮
So how do we create that oversight? A growing SaaS business faces lots of potential legal risks which need to be mitigated.
- Contracts: Most startups and scaleups handle their contracts in the same way; using existing tools and embedded processes to create a manual workflow. The commercial team would download a template and populate the Word document, save as a PDF, negotiate contract terms back and forth via emails with clients, and then send for signing. Not only was it a time drain but legal had no idea what was happening once the deal was underway. From a data perspective - it was a black hole. How could I enable self-serve whilst gaining visibility over the process?
- Data and information security: As the company’s Data Protection Officer, I need to make sure our privacy and information security policies and procedures are watertight. How can I support my colleagues in IT and equip them with the information they need? Getting buy-in and budget for new technology can be challenging - so how can we achieve more with the tools we already have? How can I create a privacy-focussed culture?
- Compliance: Monitoring compliance across the company is no mean feat, without a dedicated team. A larger organization would have an internal audit function in place, but a scaleup doesn’t; in the earlier stages, how do you maintain oversight with regard to compliance?
I aim to empower other teams in the business and hold them accountable for the work legal currently gets involved with - so I came up with a few solutions that would make sure legal stays in control, even as the business scales.
It’s not scalable for legal to sit as a bottleneck in the sales process. Contracts may be legal documents, but it’s up to the sales team to use them
Contracts: enabling the business to self-serve 💪
It’s not scalable for legal to sit as a bottleneck in the sales process. Contracts may be legal documents, but it’s up to the sales team to use them - so it makes sense for them to manage that responsibility themselves, with controls to ensure some information on contracts cannot be changed without legal approval. My company has a fantastic revenue operations manager. This is someone who is a non-lawyer who amongst other responsibilities acts as the day-to-day point of contact for the revenue team in issues relating to our standard contracts.
It’s more than just self-serving on routine contracts; the revenue operations manager ensures that there’s an agreed standard for key terms, so legal only needs to get involved when clients want to deviate from these terms and there’s pre-populated wording which I’ve approved. This means I don’t need to see every contract.
Limiting my involvement in negotiations has made a huge difference to the legal team, reducing my time spent per deal. The sales team has the power to agree on the most common deviations, but anything that isn’t standard comes to me - and as a result, the proportion of contracts that need my attention is at most around 10 per cent.
We also implemented Juro to centralize documents and offer legal full visibility over the contract process. Our contracts are now dynamic, actionable and data-driven, which is great from a retention perspective - instead of relying on one person to remember details of the process, we’ve implemented an automated system that does all the heavy lifting. My ambition (alongside my revenue team’s ambition) is to use contract tools like Juro to drive down the length of time a deal takes to get signed.
Infosec: enter the chatbot 🤖
A fast-growing SaaS company will naturally deal with plenty of frequently asked questions about information security. The nature and volume of those questions will change over time too, as the product and company grow. How could we use existing tooling to keep up?
One of my colleagues in our engineering team suggested we could use a chatbot he’d designed and re-purpose it to be used to answer the most common questions on infosec. We fed it common questions and answers. Even better, as an AI tool, the chatbot deploys machine learning, so when it sees people ask the same questions in slightly different ways, it can learn that they’re looking for the same answer.
Automating knowhow like this removes another point where legal could become the single source of failure. It’s greatly reduced my time on infosec - again, my role becomes that of an overseer - and it’s a great example of how self-serve wasn’t necessarily about getting in new hires. The resource already existed - we just had to learn to use it in a new way to empower our colleagues.
You don’t want to scare your colleagues with an impending legal issue; focusing on the solution rather than the problem is a great way to relate it back to the work people do
Compliance: self-serve training that scales 📈
Meeting our compliance obligations across the business is no small task, and it gets harder with each new hire and each percentage point of growth. Whether it’s data privacy, financial reporting or key contract terms, commercial colleagues need to be able to access the training and information they need, at the point of need, to maintain compliance.
The simplest solution was to create online lessons on topics like privacy, which I could update in my own time, and colleagues could access when they needed them and also it would be included in normal induction training. We also incorporated quizzes into the training to ensure the team actually watched the lesson. Rather than try to force the business to follow a “legal” process I spoke with teams about how their existing processes worked and then built legal and compliance guidance into these.
In addition, I picked external tooling which integrated into our existing tools so the team didn’t have to learn a whole new way of doing something - this ensures that legal will be part of commercial colleagues’ thinking by default, rather than being an afterthought.
That said, personalized feedback and training sessions are also important. Legal and sales can’t exist in their own bubbles - I make sure I attend the weekly revenue trading meetings so I’m constantly aware of upcoming projects and priorities. It also provides the revenue team with a clear opportunity to ask me questions or detail their challenges, and if necessary I’ll deliver informal how-to sessions to help them. It means I can answer questions immediately.
With bigger changes, such as regulatory updates, I plan and deliver a company showcase in our monthly meeting and follow up with individual teams on how the particular update will impact them. My aim is always to give the team the knowledge they need and empower them to be able to understand and talk to issues that might come up in conversations with clients. The messaging of your training needs to be right - you don’t want to scare your colleagues with an impending legal issue; focusing on the solution rather than the problem is a great way to relate it back to the work people do and help the wider business understand.
It’s easy to measure training’s success - if it resonates with the business, you’ll have a more engaged audience. And we’re fortunate at Mention Me to have buy-in for that; our employees are super smart and want to be excellent at everything! From a sales perspective, the team wants to understand the contracting process and how to resolve legal queries because it’ll help them close deals faster. From our engineering team’s perspective, they want to understand the “spirit” of the law so they can know the parameters they need to work in and know when to flag issues to me. Educating colleagues also means that they can appropriately challenge me and my own decisions which means we can work together more effectively and ensure we come up with the right decisions to help the company.
Keeping processes scalable 💸
Some of these processes - such as individual training and feedback sessions - will become unscalable as we continue to aggressively grow. When and who to hire is a question that depends on your business - at a certain stage it might make sense to bring regulatory specialists in-house, or invest in a legal operations professional to help keep your processes running smoothly unless you already have a similar person in your business already.
Self-serve can free up legal’s time to then focus on high-value work, but the systems you have in place need to be dynamic and adaptive, so that legal can oversee them without needing to get too hands-on. This means planning ahead, taking a proactive approach and diving into your existing wealth of resources to see how you can continue to power the business to success.