• BIO

    BNY Legal Uses OpenAI: How We Cut Contract Review Time and Built Responsible AI into Our Practice

    Diverse in-house legal team using a holographic AI interface to speed contract review with a compliance shield and financial district skyline

    🔎 Why we explored AI for legal work

    I work on the legal team at BNY, and like many in-house counsel teams at large financial institutions, we face a constant stream of contracts, regulatory questions, and novel legal issues. When I tackle a novel question about the law, I rely on deep research to do a first pass. That process can be time consuming, repetitive, and mentally draining when the work piles up.

    We are also a highly regulated company operating in trusted positions within financial markets. That means anything we introduce into our workflows must meet demanding standards for resiliency, risk management, and compliance. We needed solutions that would help our attorneys work faster and more consistently without compromising our governance expectations.

    That's why we started investigating how large language models and tools built on them could support legal work. Our goal was straightforward: use AI to augment lawyers, not replace them, and to do so within robust guardrails that preserve client confidentiality, regulatory compliance, and professional judgment.

    🧭 The governance-first approach I insisted on

    Responsible adoption begins with governance. From the start, we treated governance not as an afterthought but as the backbone of our program. I worked with a cross-functional team that included legal, compliance, security, risk, and technology partners to design principles and controls by design.

    One teammate, Priya, our governance lead, put it plainly:

    “Building the governance guardrails and having responsible AI principles by design is super important.”

    Her point was critical. Without clear rules and oversight, an AI pilot can create downstream legal and operational risks. We created a framework that covered:

    • Data security and privacy: limiting which datasets can be fed to models, implementing anonymization where practical, enforcing access controls, and avoiding inadvertent exposure of sensitive information.
    • Model provenance and transparency: documenting model versions, configurations, and task-specific tuning so we could trace outputs back to inputs and settings.
    • Human oversight: maintaining a human-in-the-loop process for all legal outputs so attorneys remained accountable for final decisions.
    • Risk assessment: identifying scenarios where AI could introduce unacceptable risk and setting strict “do not automate” boundaries.
    • Governance committees: establishing cross-functional review boards to approve use cases and monitor ongoing performance.

    These controls allowed us to move fast while preserving the integrity of our legal function. Rather than seeing governance as a barrier, we treated it as an enabler—one that made it possible to scale AI safely across a highly regulated organization.

    🛠️ Building the Contract Review Assistant

    We focused first on a high-impact, well-defined use case: contract review. Contract review is repetitive, detail-oriented, and time-sensitive—exactly the kind of work where an AI assistant can increase efficiency. I teamed with product managers, engineers, and other attorneys to design a Contract Review Assistant that augments an attorney’s work rather than replacing judgment.

    Key design choices included:

    • Scope limitation: We constrained the Assistant to specific contract types and clause categories during the initial rollout. This reduced risk and made evaluation straightforward.
    • Template-driven prompts: We converted common review tasks into repeatable prompts and templates so output would be consistent and auditable.
    • Context windows: We carefully defined what contract text and metadata the model could access, preventing spillover of unrelated confidential information.
    • Human review checkpoints: Every AI suggestion was surfaced alongside source references and confidence indicators, and attorneys always had final sign-off.

    The outcome was a tool that helps attorneys find problematic clauses, identify negotiation levers, and draft suggested redlines and negotiation notes. It’s not a replacement for judgment; it’s an assistant that does the heavy lifting and surfaces the right things for lawyers to review quickly.

    ⚖️ Legal research meets deep verification

    When I said earlier that I use deep research for novel legal questions, that process didn't disappear. Instead, AI became another way to accelerate the first pass of research. The Assistant can summarize relevant clauses and point to precedent, but attorneys still conduct verification and apply domain expertise.

    We emphasized three behaviors:

    1. Use AI for fast reconnaissance — ask the model to surface likely authorities, contract comparators, or clause issues to reduce initial legwork.
    2. Verify rigorously — treat model outputs as hypotheses to be confirmed through primary sources and established databases.
    3. Log findings — keep auditable records of model outputs, attorney edits, and final decisions to support compliance and future training.

    This approach preserved the quality of our work while cutting down the time attorneys spent on low-value tasks such as search and first-draft redlining.

    📈 Results: speed, quality, and consistency

    One of the most tangible benefits we tracked was time savings. The Contract Review Assistant helps our attorneys improve the speed, quality, and consistency of their reviews. In practice, it has:

    “Helped reduce the time by 75% on average.”

    That statistic is meaningful because it reflects not just faster reviews but also more consistent outputs across the team. Faster reviews freed up attorneys for higher-value work: negotiating strategy, client counseling, and more complex legal analysis.

    Beyond speed, we saw qualitative improvements:

    • Improved consistency — standardized templates and prompts reduced variability between reviewers.
    • Better onboarding — junior attorneys and paralegals reached productive levels faster with the Assistant’s guidance.
    • Higher accuracy — attorneys identified edge cases faster because the Assistant surfaced less obvious issues.

    🔁 Cross-functional collaboration made it work

    Rolling out AI in a regulated environment required more than a single sponsor. We formed a cross-functional group that met regularly to manage technical, legal, and operational risks. That group included:

    • Legal subject matter experts
    • Compliance and risk officers
    • Security engineers
    • Product and design leads
    • Data scientists and model ops

    This group ensured that governance, resiliency, and usability were treated equally. For example, our security team helped define data handling rules, while product managers translated those rules into the Assistant’s UI and workflows so attorneys could work without friction.

    🔐 Resiliency and risk management

    In financial services, resiliency means the systems we use are robust against outages, adversarial behavior, and systemic failures. We did not introduce AI tools unless they met our strict resiliency and risk management requirements.

    Steps we took included:

    • Fail-safe modes — the Assistant degrades gracefully if model responses are uncertain or a service is unavailable; attorneys revert to existing workflows without disruption.
    • Monitoring and logging — we log model inputs and outputs with access controls, enabling audits and post-incident analysis.
    • Performance SLAs — we defined acceptable response times and error rates and built alerting for anomalies.
    • Adversarial testing — we stress-tested prompts and inputs to identify hallucinations or unsafe outputs before production rollout.

    These measures gave our risk and compliance partners confidence that we were not introducing unchecked automation into a sensitive function.

    🤝 AI as a strategic partner

    I believe AI has a profound opportunity to be a strategic partner for legal teams. The Assistant freed attorneys from repetitive tasks and allowed us to focus on judgment-driven work: negotiating, advising business partners, and thinking strategically about legal risk across the enterprise.

    That strategic value is not theoretical. When lawyers spend less time on routine reviews, they can participate earlier in product design and transaction structuring. That shift moves legal from gatekeeper to enabler—helping the business innovate while still managing risk.

    🧾 How we measured success

    To be confident about the benefits, we defined and tracked several metrics from day one:

    • Time to review — average hours per contract before and after Assistant adoption.
    • Quality checks — percentage of reviews needing substantive rework after initial AI-assisted drafts.
    • Consistency indices — variance in suggested redlines across reviewers.
    • User satisfaction — attorney surveys on usefulness and trustworthiness.
    • Compliance incidents — any near misses or breaches attributable to the Assistant.

    By quantifying outcomes, we could make data-driven decisions on expanding scope, investing in model tuning, or tightening guardrails.

    🧩 Practical playbook: how to start

    If you are part of a legal team exploring AI, here is a playbook that worked for us. I offer it as a practical checklist you can adapt to your context.

    Step 1: Identify a bounded, high-value use case

    • Start with contract review, due diligence checklists, or summarizing long documents.
    • Choose contract types or subject matters you understand well so you can evaluate outputs rigorously.

    Step 2: Build a cross-functional team

    • Include legal, compliance, security, product, and IT.
    • Set clear roles: who approves prompts, who monitors model performance, who owns remediation.

    Step 3: Define governance and baseline safeguards

    • Document permitted data types and prohibited data.
    • Implement human-in-the-loop reviews and escalation paths.
    • Set up audit logging and change management for prompts and templates.

    Step 4: Pilot with strict limits

    • Limit to specific contract templates or clause families initially.
    • Monitor outputs and collect attorney feedback daily during the pilot.

    Step 5: Measure and iterate

    • Track the metrics described earlier.
    • Use feedback to refine prompts, update templates, and improve user experience.

    Step 6: Scale thoughtfully

    • Expand scope only after demonstrating consistent improvements and safe operation.
    • Maintain an approval process for new use cases and continuous risk assessment.

    ⚠️ Common pitfalls and how to avoid them

    Implementing AI in legal workflows can be transformative, but there are common failure modes I have seen or anticipated. Here’s how to avoid them:

    • Overtrusting outputs — Avoid treating AI suggestions as definitive. Always verify against primary sources and existing playbooks.
    • Poor governance — Don’t skip cross-functional review and clear policies about data usage and model updates.
    • Unclear accountability — Make sure it is always clear who signs off on a piece of legal work and how the AI assisted the decision.
    • Scope creep too fast — Resist scaling beyond the pilot unless monitoring shows consistent, measurable safety and quality.
    • Neglecting resiliency — Have contingency plans and ensure workflows function if the model is unavailable.

    📚 Use cases beyond contract review

    While contract review was our initial focus, there are many related opportunities for legal teams:

    • Regulatory research — Summarize regulatory changes and map impacts to business processes.
    • Policy drafting — Draft or revise internal policies and procedures with standardized language.
    • Discovery triage — Prioritize documents for review during internal investigations or litigation holds.
    • Training and onboarding — Provide new hires with interactive guides and examples tailored to your organization’s contracts and standards.
    • Playbooks and precedent management — Automate retrieval and suggested edits from precedent libraries.

    📋 A simple governance checklist

    Below is a compact checklist I share with teams starting their own programs. It captures the minimum elements we insisted on.

    • Define permitted and prohibited data use
    • Establish a human-in-the-loop workflow
    • Document model versions, prompts, and templates
    • Set monitoring, logging, and SLA expectations
    • Create incident response and rollback plans
    • Implement role-based access control and encryption
    • Run adversarial and bias testing
    • Measure key metrics and report to governance committee

    🔬 How we handled model hallucinations and edge cases

    Models sometimes produce confident-sounding but incorrect outputs. We tackled this proactively by:

    • Embedding confidence indicators — the Assistant shows a confidence score and flags suggestions that require extra scrutiny.
    • Providing source citations — every substantive suggestion includes references to source text so attorneys can validate claims quickly.
    • Setting human review thresholds — certain types of changes (material changes to liability or regulatory language) trigger mandatory senior attorney review.
    • Maintaining a feedback loop — attorneys can flag hallucinations or errors, which feed back into model tuning and prompt updates.

    👥 People and culture: getting attorneys on board

    Introducing new technology changes how people work. To get adoption, I focused on three cultural levers:

    • Trust through transparency — explain what the Assistant does, how it makes suggestions, and how we monitor it.
    • Training and hands-on sessions — run small group workshops where attorneys can try the Assistant on real examples and see safeguards in action.
    • Celebrate wins — highlight time saved and quality improvements to show tangible benefits.

    When attorneys experience real time savings and see the Assistant helping with tedious parts of their job, skeptics become advocates.

    🔭 The future of legal work, in my view

    AI is not a silver bullet, but it is a powerful amplifier for what lawyers do best: advise, negotiate, and apply judgment. I see a future where legal teams pair domain knowledge with machine speed. That combination allows lawyers to work higher up the value chain and to be proactive partners in product and business design.

    From my experience, success requires marrying strong governance with practical tooling and a focus on human oversight. When done right, AI becomes a strategic partner that helps legal teams move faster, work smarter, and manage risk more effectively.

    🧠 Final practical tips I follow

    Before you adopt an AI assistant for legal work, remember these final practical tips that guided us:

    • Start small and measurable — pick a pilot that has clear before-and-after metrics.
    • Keep humans accountable — AI suggests; people decide.
    • Document everything — models, prompts, data sources, and changes.
    • Keep governance active — a one-time policy is not enough; monitor continuously.
    • Invest in training — help attorneys use the tool correctly and confidently.

    ❓ Frequently asked questions I get asked

    Will AI replace lawyers?

    No. AI accelerates routine work, but legal judgment, negotiation skills, and ethical responsibility remain squarely human functions.

    How do you ensure client confidentiality?

    We enforce strict data handling rules, access controls, and encryption. We also restrict what data can be sent to models and keep logs to support audits.

    What happens when the model is wrong?

    Our workflow requires attorney review for all substantive decisions. Errors are logged and used to refine prompts and guardrails.

    How do you measure success?

    We track time savings, consistency, quality measures, user satisfaction, and any compliance incidents. Those metrics guide scope expansion.

    📝 Closing thought

    Implementing AI in a legal function requires careful design, strong governance, and close teamwork across legal, security, and technology. When those pieces align, the result is a tool that improves speed, quality, and consistency while preserving professional judgment. For our team at BNY, the Contract Review Assistant became a strategic partner—freeing attorneys from repetitive tasks and allowing us to focus on the legal work that truly requires human reasoning.

    Adopt thoughtfully, govern proactively, and keep people at the center. That is how AI becomes an enabler, not a risk.

  • Read More
  • Featured image for the blog, "Co je Vibe Coding? Jak proměnit nápad v aplikaci pomocí příkazů v přirozeném jazyce (Google AI Studio)"
    Co je Vibe Coding? Jak proměnit nápad v aplikaci pomocí příkazů v přirozeném jazyce (Google AI Studio)
  • Featured image for the blog, "OpenAI a Gradient Labs: Proč je pro banky nemožné škálovat podporu s lidmi a jak to řeší AI agent"
    OpenAI a Gradient Labs: Proč je pro banky nemožné škálovat podporu s lidmi a jak to řeší AI agent
  • Featured image for the blog, "Co Codex odemyká pro Ramp: AI code review, která urychluje vývoj a snižuje zátěž inženýrů"
    Co Codex odemyká pro Ramp: AI code review, která urychluje vývoj a snižuje zátěž inženýrů
  • Featured image for the blog, "Automotive Special Address: Advancing Level 4 Autonomy, the Path to Scalable, Safe AVs and Robotaxis (a proč je rok 2025 zlomový)"
    Automotive Special Address: Advancing Level 4 Autonomy, the Path to Scalable, Safe AVs and Robotaxis (a proč je rok 2025 zlomový)
    • AI World Vision

    AI and Technology News