In the past I have commented on crisis management and the tools needed to handle such crisis in today’s business environment. Of course what companies are finding out is that international crisis are harder to handle than domestic ones. Why? In today’s world, many companies do business internationally. Because of international considerations, an international crisis is harder to manage than a domestic crisis. As it is more complex, companies caught up in an international crisis have to pay more attention to international, cultural, and communication issues than they would in a purely domestic scenario. Cross-border crisis management has become very important. Therefore, an international crisis requires a number of steps, including:

• Planning for an international crisis
• Appointing an international crisis manager
• Establishment of an international crisis management team
• Knowledge of foreign situation and its impact
• Communications
• Cross-border management of the crisis

The principle focus of any crisis management strategy, especially in an international context, is communications. All crisis management plans call for effective crisis communications, which many times are not always executed. Inadequate or failed communications lead to bad publicity, unhappy stakeholders, and potential disaster. An effective crisis communication strategy is necessary for any international crisis. A number of companies failed to defuse an international crisis because of poor communications. A number of processes are need to implement an effective crisis communication strategy to manage an international crisis, including:

1. Creation of the crisis communication team.

2. Identify key spokespersons who will speak for the organization. Who are they? What are their roles?

3. Training on cultural issues, if the crisis involves other cultures.

4. Establishment of communication procedures and protocols.

5. Identify key messages to communicate to key stakeholders and groups.

6. Has a budget been approved for the crisis?

Though companies try and resolve the crisis at hand and spend significant sums of money to do so, if they fail to properly communicate to stakeholders such as the media and the public, they in effect have lost control of the situation and can expect outrage and consumer dissatisfaction to such an extent that the very existence of the company may be threatened. So remember, a company doing business internationally has to plan for an eventual crisis which may pose a threat to the company. If it fails to handle communications properly, it faces not only a potential loss of business but a negative impact on its brand and reputation.

On November 19, 2019, the Korea Fair Trade Commission (the “KFTC”) announced it was creating a task force that would investigate unfair trade practices in the information, communication and technology industry- ie ICT Industry. . Although the KFTC had established a task force team for the ICT industry in 2016, the team had been inactive since the decision against Qualcomm. The establishment of the new team is believed to reflect the determination of the KFTC’s new head- Chairwoman Joh. Since her appointment in September of 2019, Joh has continuously expressed interest in creating a fair trade environment in ICT areas.

Led by the Secretary-General of the KFTC, Mr. Chae Kyu-ha, the 15-member task force will take charge of investigations involving unfair trade practices and abuse of dominance in the ICT areas. The Economic Analysis Division and the International Cooperation Division will also closely cooperate with the new task force to react to the rapidly changing competition environment of the ICT industry.

The KFTC is expected to continue its push against unfair trade practices and abuse of dominance in the ICT areas. The task force's investigations may lead to changes in the KFTC’s enforcement guidelines.

For more information, please contact Lee & Ko's Antitrust Practice Group.

The other day I had lunch with a friend who was lamenting the fact his company’s sales team continued to ink deals without any regard for risk. When he asked them why they continued to do so, the reply was “that’s the way we have always done things.” Unfortunately, many companies continue to plod along doing business without regards to risk. In fact, many companies fail to look at operational risk which can lead to disaster down the road. In order for a company to succeed it not only has to a sustainable business model but it has to constantly review its risk processes. After all, what happens when the current business model does not work anymore? What happens when the risks outweigh the benefits of continued standard corporate operations? Maybe it’s time to re-examine your risk management processes. Do they really work?

When talking to your staff or to other departments, how often have you heard the phrase “That the way we have always done things.” Just because corporate processes have been done one way doesn’t mean that the best way or even in todays’ fast changing world- the right way. Even after 2008 many companies continued to use the failed metrics that got them into trouble in the first place. Even the credit markets haven’t changed as much as you would think after 2008. Why?

I truly believe that once processes are created in a corporate or bureaucratic environment, it is as if the processes have been set in stone. They are very hard to change. Even if the world around the company has changed. It is human nature to accept what has been done in the past. Few people want to “rock the boat” even if the proverbial boat is actually sinking. Companies get into real trouble because of this. What happens if the company’s business model actually is out of date or its business plan is no longer viable? Just because it worked in the past doesn’t mean it will work in the future.

I therefore caution everyone not to blindly accept the current risk management processes in place. Risk managers as well as in house counsel and other managers should be challenging risk management metrics on a regular basis. Counsel should be auditing departments on a regular basis. Does that compliance program really work? Maybe it did 5 years ago. But what about today?
Remember, if local or national laws have changed maybe the current processes are out of date. If the products that your company manufactures or the services it provides have changed maybe the internal processes surrounding the review of those products and services are out of date. What about the current social environment? When reviewing your current product liability review processes have you factored in the new risks created by the Internet of all Things? These risks are real. Are you ready for them? Does your current business model still work or is it outdated? What about data privacy laws?

It is a fundamental truth that all things change. Of course, some things change faster than others. Regardless, don’t rely on your old or standard risk management processes to continue to provide the same level of comfort they did in the past. Continue to review and to modify them if necessary. And don’t think that just because “that's the way things are done” your company should continue to operate as usual.

Leniency programs have been used quite successfully around the world to battle cartels. The same holds true in Korea. Since its introduction in 1997, Korea’s leniency program has become the most important and effective means of cartel discovery. Korea’s leniency program was updated in 2005 which improved predictability and reliability.

From 2005 to 2018, Korea’s antitrust regulator – the KFTC- applied fines in 557 cartel cases. Among those cases, 335 cartels were discovered using its Leniency Program. Or in other words, over 60 % of the cartel cases from 2005-20018 that resulted in fines were discovered because of the leniency guidelines.

What is leniency? Basically, it’s a system of partial or total exoneration from penalties that would otherwise be applicable to a cartel member which reports its cartel membership to a competition or antitrust enforcement regulator. It has been used quite effectively in the US, EU and other jurisdictions. Some jurisdictions, such as the EU uses the leniency program to offer a reduction in fines up to 100%.

Korea’s leniency program, is similar to the US and EU. Of course unlike the EU, which only levies administrative fines in the case of a cartel, the KFTC may refer a cartel case to the Prosecutor’s Office for criminal prosecution, which makes a leniency deal to avoid prosecution quite tempting for many cartel members.

For more information on the Leniency Regime in Korea, please contact me or the antitrust practice group of Lee & Ko.

Today, many in house lawyers and managers still think of risk management as the department that manages insurance policies. Some may in fact think that risk management also encompasses handling bad publicity or maybe even covers a disaster recovery plan. Many in house lawyers, as well as some corporate managers don’t believe risk management is part of their job description. However, given the globalization of business, the increased volatility of today’s business climate and the changes in social media that has increased communication tenfold, risk management is now part of every manager’s job description, including the in house lawyer.

The main role of in-house counsel in corporations or legal entities is now, of course, to mitigate legal risk in connection with the sale of products or services provided by the company. In essence how the company protects its success will be based in part on its ability to manage, control, and minimize legal risk, especially in a litigious society such as the US marketplace. Legal counsel must take an active effort in developing strategies, systems, and processes that will minimize the legal risks faced by the company on a daily basis. The area of risk management for in house counsel has become so large it can now be labeled “Legal Risk Management” or LRM.

What is LRM? Legal risk is the probable occurrence of a future event or non-event that will have a negative impact on the company that could result in law suits, fines, investigations, crisis, reputational harm, financial harm and of course the destruction of the company’s brand or even the company. Legal risks and business risks intertwine to such an extent that business risk have legal impact. Therefore, in house counsel must become involved in the day to day management of business risk itself and think in terms of risk analysis. The lawyer must use tools to not only identify risk but provide a qualitative analysis a risk’s probability and its impact on the company’s objectives and bottom line. Various tools include risk map, use of processes such as interviews of key personnel, procedures involving review of industry guidelines, internal procedures, risk diagrams, etc. What risk analysis has been developed to gauge the safety controls in the manufacturing division’s product design protocols? How does the R&D division handle the potential risk of defective parts and materials?

It is time that in house counsel realize they are in fact legal risk managers. The law department of a corporation can serve it well by playing a substantial role in the corporate wide management of risk by proactively managing potential risk instead of just reacting to it. By working with cross corporate teams to manage risks through corporate governance, compliance, loss control, review of HR processes or product safety concerns besides just purely legal issues, a corporation’s law department increases its value to the company.

By controlling and managing legal risk, an organization is able to control its future. Without adequate LRM processes, a company is exposed to claims, lawsuits, fines, and investigations. Not a day goes by where some governmental investigation or lawsuit is not reported in the local newspaper. These days it is a common occurrence. Therefore, it is imperative that an organization and its in house legal team understand that by managing legal risk it can control its’ future. Therefore, it is imperative that an organization understands the role that LRM plays in an organization.

Besides managing risk, risk managers must also have a knack for good stakeholder management. In fact, in order to provide effective leadership in today’s corporate world, risk managers and those who have a risk management function, must understand the significance of good stakeholder management. Considering the high employee and investor turnover rates it is no wonder that risk managers must take the lead in providing risk management information to various stakeholders not only from a compliance perspective but from a profit/loss perspective as well.
Who are the various stakeholders that a risk manager must concern himself or herself with? Of course the more sophisticated a company is the more stakeholders there are. Nonetheless, the main stakeholders of any company or organization usually include:

1. Employees
2. Upper Management including the Board
3. Customers
4. Suppliers
5. Regulators
6. Investors
7. Business partners; and
8. Credit Analysts

Each group of stakeholders mentioned above is important to the overall success or survival of a company. They may have a key role in determining the strategy of a company and therefore need to understand relevant risk related information in order to understand the issues facing the company. Of course, depending on the various laws and regulations facing companies, it may be there are in fact reporting requirements that should be met. The Board as well as Upper Management has risk management responsibilities when it comes to addressing risk, and in order to provide effective leadership, Management must look at Stakeholder Management as part of good Corporate Governance.

The first step for any risk manager when dealing with stakeholders is to ask the hard questions such as: (i) Are you prepared to handle risk events relating to your stakeholders? (ii) In a crisis management event, are you ready to address your customers? (iii) In case of litigation, do you have the right information to communicate to your regulators? , and (iv) What are the risk management process to use in case you have major employment related issues?

Providing effective risk management leadership requires the risk manager to understand who the major stakeholders really are and what risk management reporting processes actually exist or should exist. Once you can answer these questions, you are on your way to provide effective risk management leadership.