How well are you managing your legal risk?

As Congress considers cutting trillions of dollars from the federal budget, waste and fraud detection will certainly be part of the plan for finding precision dollars.  Regulatory agencies are likely to increase their focus on compliance, and a new culture of compliance is likely to emerge in business in general.  Managing legal risk, in particular, is part of strategic planning and corporate compliance.  Unmanaged legal risk can lead to potentially significant adverse consequences.   Legal risk management is designed to help business managers improve future earnings of the company by identifying and appropriately managing legal risk to minimize potential losses.

What is legal risk management?

It is a systematic way of identifying legal risk in business, establishing programs for eliminating, avoiding, transferring, or mitigating the effects of such risk, developing a plan for conflict resolution, and educating business leaders and employees on how to manage such risks in the future.  There are five stages or steps:

  • identify  key issues and documents relevant to risk management through the use of a questionnaire
  • assess legal risk through an interview with key management personnel and a review of the documents
  • analyze legal risk by prioritizing and determining what risk can be eliminated, mitigated, or otherwise managed, and specifically how it will be done
  • manage legal risk and conflicts by developing a plan based on the risk analysis, including the use of available resources, establishing a conflict resolution plan, and providing appropriate training
  • implement, review, and follow up on the plan

What will I have at the completion of this process?

You should have a much better idea of what legal risks you face in your business, and a plan and process for managing that legal risk.  You should have comfort knowing that you have taken steps to manage your legal risk.  You will have sent a message to other members of your management team, and your employees, that you value corporate integrity and compliance.

How is legal risk management implemented?

The concept is a menu approach, and each step is unique.  Although all steps should be implemented, after the first two, you can choose to retain legal counsel to continue to assist and guide the process, or use internal personnel only for the remaining steps.  There is no outside legal cost for the first step.  The cost for legal counsel for the second step will be determined after review of the questionnaire and will fixed.  The cost for legal counsel for each additional step will likewise be fixed and determined from the information provided in the questionnaire and interview.

Who should be on the team for implementation?

Most businesses react to legal risks, and many attorneys are probably very good at addressing legal risks as they arise.  Legal risk management, however, seeks to avoid unanticipated risk, and potentially “bet the company” risks, and requires the involvement of team members, both business executives and lawyers who both understand and have implemented these concepts.

Is it possible to eliminate or even effectively manage all legal risk?

No, the objective of legal risk management is not to eliminate all legal risk.  That would be impossible. In fact, there is much legal risk that cannot be eliminated, and there are legal risks that business managers will consciously accept because the cost of eliminating them is too high.  However, legal risk management can help reduce the possibility of facing unexpected expenses in the future by dealing with legal issues now.  It is not about trying to find skeletons in the closet, but it is about looking forward and creating a plan to manage manageable risk.  It is about finding solutions, not just identifying problems.

How is legal risk management different from other compliance functions?

There is an overlap between corporate compliance functions and legal risk management.  Corporate compliance focuses on business and legal risks in a regulatory environment, while legal risk management focuses on how well the business is managing legal risk in general.  Legal risk management seeks to provide business managers and compliance officers with the tools and concepts necessary to help them manage and reduce legal risk and costs, and thereby improve the bottom line, and corporate integrity and compliance within the organization.

Principles-based business management

The businesses that will be most likely to implement legal risk management will be principles-based businesses, meaning they are motivated by core principles that positively impact stakeholders over longer periods of time.  Although they recognize the need for task-orientation, and acknowledge the new world of compliance in which they operate, they also seek to operate on time-tested core principles.  For example, a principles-based business will implement employment policies and procedures consistently applied not only to comply with law or a regulatory requirement, but because they want to be fair to their employees and create a positive working environment.  They will develop polices to avoid infringing on the intellectual property rights of others, because they value their own intellectual property rights and expect others to respect their rights.  Corporate integrity is important to principles-bases business, meaning that if policies are implemented based on principles, the executive management team not only talks about compliance with those policies and principles, but seeks to embrace and manage based on those principles.  Employees do not hear one thing, and see something else from their leaders.  The executive management team understands and buys into the need for consistency and compliance.

Strategic risk management

Strategic risk management is part of strategic planning.  It is a systematic way of identifying legal risks in business, establishing programs for eliminating, avoiding, transferring, or mitigating the effects of such risk, and educating business managers on how to deal with such risks in the future.  It is designed to help business managers improve future earnings of the company by identifying and appropriately dealing with legal risk which leads to future costs that may be avoidable.

Why Focus on Prevention?

Failure to practice preventive risk management leads to crisis management and the loss of valuable corporate assets, including top management time, organizational stability, productivity, money, and morale.  The cost of prevention is nominal compared to the cost of resolving legal risks after they become problems or disputes.  Prevention cannot be delayed or avoided.

What is Legal Risk?

Legal risk is the possibility that a business will incur financial losses, including non-operating losses, based upon its legal relationships with its employees, creditors, competitors, customers, and others.  With a rapidly changing and increasing complex legal environment, the number of legal risks facing businesses is increasing dramatically.  Managing legal risk is no longer intuitive and the legal mine field through which business managers must now navigate is crowded with potential explosions.

How Does Strategic Risk Management Work?

The focus of strategic risk management is diagnosis of your business to prevent legal risk in the future.

  1. Risk Identification:  “What legal problems do I currently have and what are my future legal risks?”  Legal audits help diagnose or identify existing and future risks.
  2. Risk Assessment and Determination:  “With the existing legal risks in my business identified, how significant are they and what can I do about them?  Legal counsel helps create a program to eliminate, avoid, transfer, or mitigate existing legal concerns or risks.
  3. Strategic Risk Control and Avoidance:  “What strategy can I implement to avoid or control legal risk in the future?”  Legal counsel helps to establish a program for handling the company’s legal risk in the future.

What is a Legal Audit?

A legal audit is like a physical examination for your business.  It is a tool for analyzing the existing legal condition of your business and identifying potential future legal risks.  It includes interviews with key officers and employees and a review of critical documents, such as articles of incorporation, bylaws, minutes of meetings, policies and procedures manuals, contract forms, online contracts, and other significant contracts, and the company’s website.  Based upon the review conducted, an analysis is made and recommendations provided to management for handling the legal risks identified in the review.

Is It Possible To Eliminate All Legal Risk?

The objective of strategic risk management is not to eliminate all legal risk.  That would be impossible.  In fact, there is much legal risk that cannot be eliminated and there are legal risks that you will consciously accept because the cost of eliminating them is too high.  However, strategic risk management can help reduce the possibility of facing unexpected expenses in the future by dealing with legal issues now.

How Do I Know If I Need Strategic Risk Management?

If you are in business, you need strategic risk management.  Just as you cannot send your friend to the doctor for your physical examination, you cannot avoid having the diagnosis made for your particular business.  Business managers must plan for all aspects of business operations at the same time.  One such function managers cannot overlook is planning for legal risk.  If a manager focuses on production, but fails to anticipate how the production will be capitalized, the business has a high possibility of failure.  Likewise, if business managers focus on the future success of the business, but fail to effectively plan for legal risk, the business may face significant, if not insurmountable obstacles in the future.

What Legal Risks Do I Face?

Each business and each industry is different.  As a result, in addition to several common legal risks in business, you face unique risks.  For example, all companies face the possibility of employees making claims for harassment or discrimination.  However, software publishers face unique risks when selling software in foreign countries.  Your business should be evaluated individually and a plan adopted for the risks of your particular business.

Issues Which May Impact Your Business

The following are examples of common issues addressed by strategic risk management:

Are your online contracts enforceable, including your terms of use?

Does your website infringe on the intellectual property rights of others?

What rights do you have in your trademarks, and do your trademarks infringe on the rights of others?

Are your officers, directors, and shareholders protected from personal liability?

Are there any limitations on how or when you can terminate any employees?

Can your key employees compete against you or solicit your employees?

Are your distributors independent contractors or are they employees for whom taxes and other assessments must be paid or franchisees for whom federal law compliance is required?

Are you fully protecting your intellectual property as important assets of the company?

Is your business engaging in any price fixing or other unfair trade practices?

Do all of your means of raising capital, debt and equity, comply with federal and state law?

If one of your shareholders dies, can he or she sell his or her shares and control to a person who is adverse to other shareholders or current management, or who may not share the same values or goals as other shareholders and management?

Are your contracts current, and have you performed as required under your contracts?

Legal audit

When was the last time you were feeling healthy, but went to see a doctor because you wanted to avoid future illnesses? Usually we wait until we are sick and ready to go to the hospital before we take the time and spend the money to see the doctor. It is sometimes hard to get motivated to get preventive health care. Unfortunately, in some cases, waiting until we are sick can have lasting negative consequences.

The same holds true for our MLS businesses. Sometimes we do not know what potential business illness might be lurking inside. A business illness usually translates into litigation and damages, as well as lost sleep, lost productivity, anxiety, low employee morale, and other very negative conditions. I have done presentations for MLS and associations called “The Joy of Litigation.” Few appeared to enjoy the irony of the title, but it is probably safe to say that, except for litigators, most of us do not care for litigation. How do we know if our MLS business is in good business shape, or if there are potential litigation claims hiding in the wings? Does our MLS have a low grade business fever, or is there a major business artery ready to burst, and we do not know it.

Legal audits are the answer. Simply stated, legal audits are preventative health care for businesses. Lawyers trained in applicable substantive areas of law, and in conducting legal audits, pull out the legal stethoscope, blood pressure machine, and thermometer and check the health of the business. The first step in a legal audit is to provide a questionnaire to obtain basic information about your MLS. With this information, a checklist of documents and additional information is generated. The lawyer reviews the documents and information, and determines whether the MLS has a business fever, or an even greater potential business health problem. Thereafter the lawyer generates a report which identifies the potential problems, together with a list of recommendations to correct the problems and avoid future liability and legal concerns.

The legal audit will either help confirm the MLS appears to be in good business health, or disclose some problems that need to be resolved. Either result is a good result. Discovery of a legal health issue before a lawsuit is filed and served gives the MLS time to consider alternatives and develop a strategy to make the MLS well again. If the legal audit discloses nothing, as an executive officer you have acted prudently in making sure the appropriate steps are taken keep the company healthy. Some executive officers might ask, “Why would I want to discover latent issues that will make me look bad?” I do not ever recall a situation where an officer of a business discovered a problem before it exploded, and the officer was criticized for the discovery and resolution of the problem.

What business ailments might a legal audit disclose? For example, data feeds should not be given without a license agreement. The legal audit first determines if appropriate license agreements exist, and if they do, will determine if the critical legal issues have been covered. The purpose of the legal audit is not to rewrite all contracts and pick away at every detail. There is no written contract on the planet that cannot be improved. A legal audit reviews the documents at a much higher level. Another example, each MLS should have an antitrust compliance policy. The legal audit will reveal whether or not there is a policy, and if the answer is yes, whether or not the MLS is in compliance with the policy. Plaintiffs’ counsel love well drafted policies that have been adopted and discussed within the organization, but have been ignored when it comes to compliance. The non compliance establishes for the judge and jury the MLS knew what needed to be done to legally comply, but failed to do so. Non compliance with a policy is the proverbial “smoking gun.” The legal audit reviews rules and regulations to determine if key provisions are included, and if the MLS is a National Association of REALTORS® MLS, determine if there will be insurance coverage issues. These are only a few of the issues covered by an MLS legal audit. The list goes on.

The concept is the MLS gets a legal body scan and determines if there are any major concerns to address. Is a legal audit perfect? Will it catch every possible legal sore throat? No, just as a medical body scan cannot identify all potential health issues, a legal audit will not identify every possible legal risk. At a time when MLS are operating in a complex and rapidly changing environment, it is a risky course of action to ignoring what you do not know, and focus only on that which you know.

Another question: Does it make sense to conduct a legal audit at a time when revenues are falling, or at least not increasing, the subscriber base is weakening, and the board of directors is asking you to focus on the implementation of better and more efficient technology? The answer is there may not be a better time to be prepared for the future. The present may be considered a time of calm waters before the next surge in the housing market, or before your neighbor MLS knocks on your door and says, “Should we consider data sharing?” Now is the time to do an internal examination and make sure there are no surprises in the closet or latent business health issues.

A legal audit is therefore an efficient and a quick tool for measuring the business health of the MLS. The results of the legal audit will either help you, as an executive officer, sleep a little better at night knowing there are no obvious concerns, or they will give you an opportunity to identify and resolve potential business health issues before they grow and develop into major problems which may take much more money and effort to resolve.