How well are you managing your legal risk?

As Congress considers cutting trillions of dollars from the federal budget, waste and fraud detection will certainly be part of the plan for finding precision dollars.  Regulatory agencies are likely to increase their focus on compliance, and a new culture of compliance is likely to emerge in business in general.  Managing legal risk, in particular, is part of strategic planning and corporate compliance.  Unmanaged legal risk can lead to potentially significant adverse consequences.   Legal risk management is designed to help business managers improve future earnings of the company by identifying and appropriately managing legal risk to minimize potential losses.

What is legal risk management?

It is a systematic way of identifying legal risk in business, establishing programs for eliminating, avoiding, transferring, or mitigating the effects of such risk, developing a plan for conflict resolution, and educating business leaders and employees on how to manage such risks in the future.  There are five stages or steps:

  • identify  key issues and documents relevant to risk management through the use of a questionnaire
  • assess legal risk through an interview with key management personnel and a review of the documents
  • analyze legal risk by prioritizing and determining what risk can be eliminated, mitigated, or otherwise managed, and specifically how it will be done
  • manage legal risk and conflicts by developing a plan based on the risk analysis, including the use of available resources, establishing a conflict resolution plan, and providing appropriate training
  • implement, review, and follow up on the plan

What will I have at the completion of this process?

You should have a much better idea of what legal risks you face in your business, and a plan and process for managing that legal risk.  You should have comfort knowing that you have taken steps to manage your legal risk.  You will have sent a message to other members of your management team, and your employees, that you value corporate integrity and compliance.

How is legal risk management implemented?

The concept is a menu approach, and each step is unique.  Although all steps should be implemented, after the first two, you can choose to retain legal counsel to continue to assist and guide the process, or use internal personnel only for the remaining steps.  There is no outside legal cost for the first step.  The cost for legal counsel for the second step will be determined after review of the questionnaire and will fixed.  The cost for legal counsel for each additional step will likewise be fixed and determined from the information provided in the questionnaire and interview.

Who should be on the team for implementation?

Most businesses react to legal risks, and many attorneys are probably very good at addressing legal risks as they arise.  Legal risk management, however, seeks to avoid unanticipated risk, and potentially “bet the company” risks, and requires the involvement of team members, both business executives and lawyers who both understand and have implemented these concepts.

Is it possible to eliminate or even effectively manage all legal risk?

No, the objective of legal risk management is not to eliminate all legal risk.  That would be impossible. In fact, there is much legal risk that cannot be eliminated, and there are legal risks that business managers will consciously accept because the cost of eliminating them is too high.  However, legal risk management can help reduce the possibility of facing unexpected expenses in the future by dealing with legal issues now.  It is not about trying to find skeletons in the closet, but it is about looking forward and creating a plan to manage manageable risk.  It is about finding solutions, not just identifying problems.

How is legal risk management different from other compliance functions?

There is an overlap between corporate compliance functions and legal risk management.  Corporate compliance focuses on business and legal risks in a regulatory environment, while legal risk management focuses on how well the business is managing legal risk in general.  Legal risk management seeks to provide business managers and compliance officers with the tools and concepts necessary to help them manage and reduce legal risk and costs, and thereby improve the bottom line, and corporate integrity and compliance within the organization.

Principles-based business management

The businesses that will be most likely to implement legal risk management will be principles-based businesses, meaning they are motivated by core principles that positively impact stakeholders over longer periods of time.  Although they recognize the need for task-orientation, and acknowledge the new world of compliance in which they operate, they also seek to operate on time-tested core principles.  For example, a principles-based business will implement employment policies and procedures consistently applied not only to comply with law or a regulatory requirement, but because they want to be fair to their employees and create a positive working environment.  They will develop polices to avoid infringing on the intellectual property rights of others, because they value their own intellectual property rights and expect others to respect their rights.  Corporate integrity is important to principles-bases business, meaning that if policies are implemented based on principles, the executive management team not only talks about compliance with those policies and principles, but seeks to embrace and manage based on those principles.  Employees do not hear one thing, and see something else from their leaders.  The executive management team understands and buys into the need for consistency and compliance.