This blog post was written by David O’Connor, Senior Legal Editor for Practical Law at Thomson Reuters.
Organizations across the globe are increasingly focusing on managing risk, especially in today’s risk-heavy environment amid the global pandemic and ensuing economic crisis.
To succeed, every organization must determine the level of risk it is willing to tolerate and base its decision-making and strategic direction in keeping within that tolerance level. If an organization does not properly manage its risks through effective risk identification, evaluation, prioritization, and planning, it may adversely affect its operations, finances, growth, and reputation in the market.
Indeed, the 2020 State of Corporate Law Departments report, published in April by Thomson Reuters and Acritas, shed some light on the critical role risk management plays in today’s business environment, stating:
In today’s crisis environment, many businesses have become vulnerable because of falling revenues. This makes the corporate law department’s role of safeguarding the company and ensuring it survives this crisis so vital. Law departments are having to try to anticipate and mitigate new risks as they emerge, as well as adapt to regulations as they are brought in by governments trying to slow the spread of the disease and the economic fallout that comes with it.
General counsel & risk management
General counsel and their corporate law departments are often at the forefront of their organizations’ risk management programs. A law department’s primary risk management role is to evaluate the potential legal consequences of its organization’s decisions and protect the organization through the processes of:
- defining actual and potential legal, regulatory, and other risks and their likelihood of occurring;
- determining applicable legal standards and obligations;
- identifying and quantifying possible legal, financial, and reputational consequences; and
- providing legal services and advice in accordance with the organization’s risk tolerance.
In addition to protecting the organization through its day-to day legal services, a law department can manage risk by using its cross-organizational involvement and insight to provide holistic advice to the organization and ensure that an activity that benefits one department or initiative does not inadvertently create risks for a different department or initiative.
Law departments can also act as a control mechanism to monitor that the organization’s risk tolerance is followed across the company. For example, if a business function or colleague consistently pushes the organization to assume contractual responsibilities or liabilities outside the organization’s risk tolerance, the law department can work with the organization’s risk managers to redirect or retrain the function or colleague.
Aligning with an organization’s risk tolerance
The general counsel and the legal department’s in-house attorneys must align their services and advice with their organization’s risk tolerance to effectively carry out their risk management responsibilities. To discharge this duty, a law department should closely coordinate with the organization’s risk assessment program by playing leadership roles in those assessments, participating in their development and execution, and reviewing, analyzing, and publicizing their results.
In addition, law department members can (and should) join the organization’s risk committee. In this role, they can:
- provide legal advice to the committee;
- educate themselves about the concerns, pressures, and motivations of the organization’s different departments and functions;
- surface existing and upcoming risks that the law department may not otherwise learn about; and
- interview business leaders and colleagues across the organization to identify their current and emerging risks and concerns.
Finally, these members can review the law department’s services and advice in connection with prior organizational activities to determine where the services and advice were successful in keeping within the organization’s risk tolerance and where the services and advice were out-of-step.
Once all this insight and information is gathered, the general counsel should use this data to design and implement appropriately-aligned departmental risk management strategies, standards, and practices. In-house counsel should be trained on these strategies, standards, and practices and incorporate them in their day-to-day services and advice. These strategies, standards, and practices should also be incorporated in the department’s standard agreements and clauses and be consulted during other law department activities, such as deciding whether to start or resolve litigation, conducting transactional due diligence, and considering expansion opportunities in new markets.
Finally, as the organization modifies its risk tolerance due to changes in its leadership, maturity, market, experience, and regulatory exposure, the general counsel should calibrate the law department’s practices against those modifications to ensure that the department’s services and advice remain consistent with organizational standards.
Law departments that stay current with their organizations’ evolving risk tolerance will help their organizations succeed, while law departments that do not will inhibit their organizations’ operations, results and ultimately their profitability and sustainability.