Everyone loves getting new customers and projects. However, not everyone knows at what cost we have them. And I’m not talking about sales effort right now. I’m talking about the bureaucracy, which is an inevitable companion of a new deal. I’d like to share some of the issues we often have during the contract closure and give a couple of advice on dealing with them.

The first document you will likely have to sign with a potential customer is a Non-Disclosure Agreement (NDA). Although this document, by its nature, is pretty straightforward and rather hygienic, still, the lawyers can overcomplicate it. Usually, the potential customers ask for our NDA template. Funny enough, they never agree to sign it without a round of reviews, which generally don’t add any value.
So Hack#1. The first advice would be not to waste time and ask for your counterpart’s template. This, for sure, will add some load on yourself to review the 3rd party terms. However, it most likely will speed things up. A separate sub-issue with the NDA is that some companies, especially in Ukraine, tend to incorporate monetary responsibility into the NDA. What can you do if you see, say, a penalty of 100K USD in the NDA, knowing that your potential contract worth is 10K USD maximum? 
Hack #2. Well, you can try converting the exact responsibility to a cap (“up to 100K” instead of “100K”), still referring to the “proven damages caused”. This will please the counterpart’s lawyer’s eye but might not expose you to this amount (“proven damage,” remember?). 
Hack #3. Still, it is a good idea to have the professional insurance up to date and its coverage aligned to the penalty caps.

Now you are at the contract stage. Will it be challenging? Well, it depends on who you deal with. Our experience shows that foreign clients usually accept our contract template. 
Hack #4. So, the advice is to have a good template aligned with generally accepted best practices. You will still have clients, especially from the post-soviet countries, willing to be very creative with contract wordings. 
Hack #5. Our approach is the following:  we tend to tolerate whatever doesn’t expose us to a higher risk. The only thing we push away gently but firmly:  the business terms (price, payment terms, etc.). 
Hack #6. A separate story is about having a stamp on the contract, which is the archaic practice in the post-soviet countries. Even though in Ukraine it is no longer required, many lawyers and accountants still insist on it. The general advice would be to have the proper justification that the stamp is not required (e.g., the #1982 law in Ukraine) at hand to convince them. 
Hack #7. Otherwise:  accept it and have a logistics solution on how to deliver the signed paper contract back and forth.

In case you are in the offensive security industry, a small but essential document for you to have is the Engagement Letter (EL). Make sure you don’t do any risky activities without it adequately worded and signed by the client. Your actions will likely have many attributes of activity that would otherwise be deemed illegal, and your only proof of its good intent is the EL. Also, make sure the EL is signed by the party who is eligible to authorize your actions, i.e., the entity owning the asset you are testing. 
Hack #8. If there are any issues with EL signing, be firm that it is legally required, and you will not do any work without it because you don’t want any legal consequences. Your willingness to do the job legally is usually convincing enough for the EL to be properly signed by the client’s organization’s highest authority.

The work is done – where is my money? Last but not least is to get your payment. I think you are not counting on enforcing the payment legally, right? So how to ensure the customer pays you? 
Hack #9. Whenever possible, of course, split the fee and agree on some advance payment, hopefully covering your costs. This may not be possible with some of the bigger customers, since they force all vendors to follow their business terms. You can try using the argument that the pre-payment is needed together with the EL to prove the client’s authorization of your actions that could otherwise be deemed illegal. Sometimes this helps. On the other side, bigger customers usually have better payment discipline, unlike the smaller ones. How to help them pay you?
Hack #10. In case your corporate structure allows it, be flexible in channels of receiving the payment. You may not believe it, but some customers still ask if they can issue a cheque. 
Hack #11. And in any case please be kind but very consistent in your reminders. 
Hack #12. Sometimes you can kind of escalate it if there is no payment after a few reminders. Just decide who can be the “bad cop” on your side of the negotiations. And involve this person only when the situation needs to look like an escalation. Same on the client-side ( if you have anyone from a VP / CEO level):  leave this person as a last resort in the escalation. If the reason for the delay is pure negligence, usually, the feel of escalation improves people’s diligence.

And of course, I outlined only the key elements of potential bureaucracy, omitting all kinds of RFIs, RFPs, tenders, partner certifications, etc. In the end, please remember:  whichever bureaucracy monster you face, treat it just as a cost of doing business. Please don’t treat it personally. And justify it precisely as a cost – whenever the return on investment is worth it, go for it. Otherwise, look for something else.

I wish you have clients with reasonable requirements and smart lawyers. 

Stay patient, kind and firm, and take care 🙂