To properly manage civil litigation, especially in the United States, companies need to implement LRM strategies and processes by use of an in-house Law Department that is capable of overseeing or managing outside litigation. Depending on the legal exposure of a company, it can be a full-time job. This management function will be key in properly coordinating litigation to avoid excessive costs, duplication of effort, and minimization of disruptions to a company’s business, as well as setting an effective trial strategy.

What many foreign companies doing business in the United States fail to appreciate is that an outside litigation lawyer does not necessarily have the company’s best interests in mind during litigation. Litigators want to win. Sometimes the desire to win is not in the best interests of the company. Many companies have paid a great deal of money to litigate a case when a resolution to the dispute was available had the parties tried to actively settle the matter. Remember, a trial lawyer’s business and primary goal is to win- not to settle.

An in-house legal manager, representing the company’s best interests, can help facilitate settlement once a legal risk assessment as to the validity, cost, and expense of litigation is made. In fact, during trial, a settlement is still possible and can be facilitated by in-house counsel. Therefore, the Law Department should maintain control and oversight of any litigation. A LRM program can be very helpful in managing the legal risk process as well as providing litigation oversight. Remember, litigation can result in a variety of negative issues such as:

• Loss of time.
• Expense.
• Potential interruption of business.
• The cost and expense of business interruption.
• Potential bad or negative publicity.
• Negative impact on the company’s brand image
• Potential loss of reputation.

As companies facing U.S. litigation are often exposed to excessive fees and costs, massive business disruption, lengthy litigation, and the unpredictability of the jury system, efficient management of the litigation process is necessary. Though, obviously, outside litigation counsel is necessary in most cases, an in-house Law Department can save the company great sums of money by managing the litigation process. Such management involves the assessment, management, and potential transfer of risk through various LRM strategies, including:

-Effective coordination of legal defense efforts in order for the company to avoid duplication of costs and effort from case to case
-Coordination of witnesses, answers and interrogatory responses, documents, and depositions
-Acting as the central site for all facts, positions, decisions on legal issues, and motions
-Development, implementation, and coordination of a defense plan

As part of an overall LRM program, a company’s Law Department must implement processes to control, reduce, and manage outside legal fees and costs. By utilizing legal risk management tools, a Law Department can proactively reduce legal fees and costs.

When using outside counsel, most companies, especially those that have affiliates or subsidiaries, need a comprehensive approach. Unfortunately, many companies hire law firms on a case-by-case or ad hoc basis. Sometimes divisions of the same company hire different law firms without thinking about potential issues of legal talent and failure to obtain high-quality legal services on a consistent and reasonably priced basis. Sometimes, divisions of the same company hire different law firms to handle similar legal issues or litigation.

If a company has an in-house Law Department, it is incumbent upon the in-house Law Department to develop processes to select and use outside counsel on a consistent basis with a focus on quality, reasonable fees, and, of course, success. Such success is normally the result of a long-term relationship in which outside counsel becomes a member of the company’s “team,” learns the business, and can, therefore, provide timely legal and business advice.

Centralization

A company either has in-house counsel or it does not. To successfully handle legal issues facing most companies these days (especially those involving litigation ), the use of outside counsel must be centralized. If a company has many divisions or subsidiaries, a department should be empowered to oversee all legal matters. There are numerous advantages to centralization of the legal function:

Advantages of Centralization

-One organization has an overview of all legal issues confronting the company and can properly advise management on legal issues.

-Efficiency: Whether in-house or outside, efficient and fast response to legal issues is necessary.

-Use of a single law firm as outside general counsel can result in monetary savings.

-Centralization of legal services lends itself to the centralization of the company’s legal records, documentation, and information, creating a more efficient process.

-Centralization of legal services allows for a more efficient review of data, resulting in the proper use of information and development of an appropriate strategy.

-Investment: Whether a company is large or small, it needs to look at use of outside counsel as an investment. Picking the right outside counsel and developing a long-term relationship with such counsel will pay dividends in the long run.

Efficient and timely use of outside legal services, whether such use of outside legal services is picked by an in-house lawyer or by a company manager or officer, relies on whether outside counsel is the right fit for the company. There are many law firms around, but not all are the right fit. Picking the right law firm or outside counsel depends on a number of factors. Many times, a company picks a law firm because of a personal relationship between a company officer and a lawyer in the firm. Or maybe the firm has done a good job in advertising. The trouble is, without going through a process to determine the acceptability of a law firm, picking outside counsel can be hit or miss. A centralized legal function is necessary to avoid mismanagement of outside legal counsel. 

There are several reasons why companies find it harder and harder to handle major crisis. These days, because of the internet, companies have to get out in front of a crisis, or the bad PR will kill them quickly. It used to be companies had time to react and get out front. Now they don’t. So, if companies don’t have a strategy in place to address the crisis, it’s hard to get out in front. In fact, by most accounts, a company has twenty-four hours to put a crisis management strategy in place once it becomes aware of the underlying event. This twenty-four-hour period is sometimes referred to as ‘the golden hour.’ If a company isn’t prepared, twenty-four hours is not long enough to think things through. Of course, In-House counsel have to understand their roles in a crisis as well. They have to manage legal liability and balance it with business considerations. They also have to help the PR team educate the public on the issues and make certain all legal regulations are followed. Normally, the In-House team hasn’t really thought about its role and responsibilities in the event of a major crisis. This can be a problem.

Another issue is that sometimes Management refuses to acknowledge the existence of a crisis until it is normally too late. Remember, a crisis unfolds in a series of stages and not in a vacuum. First, there are early indications of a crisis brewing followed then by actual warnings of a crisis followed by the crisis exploding and overwhelming management. It is at this stage that most companies try and resolve the crisis, but it is usually too late. The crisis morphs, PR gets really bad, the impact of the crisis deepens, the stakeholders and shareholders get very worried and upset. The key to properly managing a crisis is to acknowledge the existence of a crisis at the beginning and to have a crisis management plan in place. Legal needs to be heavily involved with Management to help resolve the crisis at this stage.

The major problem with handling a crisis is that communications play an important role. When you look at the timeline of the average crisis: a company not only has to determine what need for communications exist (internally and externally) but also must have the communications drafted and ready to go within twelve hours of the start of the crisis. Within twenty-four hours, Management should have a plan in place including a communications plan and should be talking to the media or have a third party talking to the media for it. If you don’t have a crisis management plan already in existence before the event, you probably won’t get your hands around it in time. Legal must also know what to do and when.

As In-House Counsel What Should Concern You?

Ask yourself the following questions:

-What happens if one of the machines in your company’s main manufacturing line breaks down? How long would it take to come back online? Or, what happens if as a major service provider you are unable to provide the service you are obligated to provide?

-Can you cover by finding alternative sources of supply, how long would that take to do? How long to cover the losses? What about the supply agreements?

-If you lose productivity and can’t supply customers on time you could lose everything. Are you able to absorb the losses? What obligations do you have under your supply agreements?

-Who should be the crisis manager?

-In case of a crisis do you know all of the relevant insurance policies and the appropriate notification deadlines? Or is this left up to the insurance department?

-If a crisis involves regulators, are you aware of the basic time frames in which to notify and/or involve the regulators? And, who are the appropriate regulators? Do you have contacts with them?

-From an in-house perspective have you thought about how to mitigate civil liability?

-So how do you minimize civil liability and perhaps criminal liability too?

-Are you prepared for litigation?

-What steps should you take to mitigate liability?

For In-House counsel in companies that could experience a major crisis, it is vital to have a plan in place. Think about the questions above. Ask more questions too. Be prepared.

If a company wants to identify the major legal risks it faces, it needs to come up with a process to assess risks. But how?

When thinking in terms of legal risk management (LRM) in-house counsel or risk managers should ask some questions. First, what is the degree of risk the company is comfortable with? Or what degree of risk is a department in the company comfortable with? Also, what perception of risk does the various levels of management in the company have towards risk? Remember, this requires talking to all departments and the various department heads as well as middle managers, etc. to get a good grasp of their perception of risk or at least their perception of legal issues facing them. Only after that happens and an assessment of the legal risk environment is completed can you then proceed with a risk analysis. Of course, the accounting department may be looking at things under a COSO standard while the HR department may be looking at risks under the ISO standard.

A risk assessment can cover the areas and/or departments that are important to the company. Such areas may include:

• All insurance matters, including the renewal of insurance carrier and recommending obtaining additional or different types of insurance when needed.
• Handling all product liability claims, including product safety claims, subrogation claims, investigations, discovery, and product liability lawsuits for the organization.
• Reviewing product warranties, warnings, and manuals to ensure compliance with relevant laws and regulations.
• Reviewing processes regarding product recalls, government-related complaints, and government investigations and inquiries, including the FDA, and FTC in the United States, etc.
• Working with the Service Department or QA Department and other departments to analysis potential safety issues and report the findings to management.
• Performing due diligence reviews of safety-related issues and evaluating such findings.
• Reviewing PR/marketing processes, other departments and outside PR on responding to the media with respect to safety-related issues (media crisis team/crisis management team).
• Assessing the training given to the service/call center (if any) personnel on how to handle consumers complaining about safety issues and how to recognize product liability issues and escalate them to the proper people.

The above areas are a fraction of what con be looked at or considered when conducting a risk assessment. But it’s a place to start. It depends on the nature of the company and the primary business drivers of the company. And of course, the company's perception of risk.

Recent privacy concerns have caused many countries to beef up their data privacy laws and regulations. The EU of course, is a case in point. As is Korea and others in the Asia Pacific Region. However, the data privacy issues a company faces, are really the tip of the proverbial iceberg. What about the electronically stored information (ESI) that companies have? Electronic data! ESI exposes a company to a myriad of risks, data privacy of course one of them. Besides the multi-dimensional universe of data privacy, cybersecurity is also very important today as many companies and governments continue to get hacked. Even cybersecurity insurance is getting popular. However, companies not only have to worry about getting hacked or running afoul of the latest data privacy laws and regulations. Companies must also consider what data to even store, where to store it, how long to store it and protocols to decide how to analyze and review it. Let alone- where to find it, if it gets lost. Failure to take the where, when and how into consideration can expose the company to unforeseen ESI issues- such as violating ESI discovery laws as well as the associated document retention risks.

Electronically Stored Information- Document Retention Risks and Concerns

If a company is involved with litigation in the United States, it has a duty to locate all relevant information, data, and documents—including ESI that are relevant to the case. This can be quite onerous, as it requires:

• Familiarity with document retention policies
• Involvement with IT personnel
• Communication to “key players” of the litigation hold
• Location and retrieval of all relevant information wherever that information might be

The legal risks facing a company that fails to handle the above requirements in an economical/efficient manner can be tremendous. Companies have been sanctioned millions of dollars for failing to abide by ESI requirements or, even worse, have lost the respective lawsuits, costing even more. What can a company do to mitigate the legal risks surrounding document management to comply with US legal requirements?

1. Plan of Action

A company must take steps to develop an adequate data and document management plan. It is not too surprising that even the IT Department itself may not have an adequate understanding of where all of the electronically stored documents are considering the plethora of handheld devices that may store documents and other electronic information. Therefore, a company’s management and IT folks need to sit down and map out where all of the documents are located if possible. A document management plan should take the following steps into consideration:

• Assess the company’s current use of technology documents.
• Locate all in the company’s possession.
• Use technology to leverage legal requirements.
• Retain experts or outside consultants to above or to help implement systems/processes.
• Implement policies and procedures addressing all legal risks posed by ESI.

2. Risk Assessment of ESI

To implement an appropriate plan of action, a company must conduct a risk assessment of its processes and capabilities by:

• Seeking proposals of vendors (outside experts)
• A top-to-bottom analysis
• ESI and paper documents
• Hardware and software
• Management of data
• Retention of data
• Litigation holds
• Disaster preparedness

3. ESI Implementation

The legal risks facing companies in today’s legal and regulatory climate, especially in the United States, are enormous. Failure to implement a data and document management program that not only addresses a company’s business concerns but legal obligations as well can be disastrous. The development and implementation of a Legal Risk Management Program (LRM) addressing these concerns is not a luxury but a necessity. It is highly recommended that a company implement a data and documentation management program that addresses ESI and all of its issues.

For risk managers or in-house counsel, the development of a comprehensive ESI program is crucial. Talk to your IT folks. If necessary, enlist the help of outside ESI consultants. Get your hands around your company’s ESI. Implement an ESI document management program and implement processes to handle all associated risks.

As companies begin to dig out of the current pandemic and consider or re-evaluate business continuity plans, it is time for in-house counsel, risk managers and CLOs to consider ways in which to mitigate risks, including legal, operational and corporate. Here are a few considerations when contemplating risk assessments:

1. Conduct an Insurance Risk Assessment

i. Conduct a risk assessment of insurance policies. Such an assessment must be conducted to create a business risk profile to identify factors that have the greatest financial impact on the company as well as to identify appropriate risk transfer strategies to:

a) Stabilize insurance costs;
b) Mitigate extraordinary financial impact;
c) Ensure cost effective protection against catastrophic losses;
d) Optimize tax and accounting issues.

ii. Conduct an analysis of current coverage, amounts, deductibles, excess.
iii. Evaluate all insurance policies and insurance companies- coverage, costs, etc.
iv. Investigate establishment of captive insurance company.
v. Review insurance brokers to determine if the right programs are being put out to bid
vi. A review of all claims should be performed

2. Review Litigation Considerations of the Company and /or its Foreign Business Operations or Subsidiaries:

i. Affiliated companies or subsidiaries can be named as defendants. These companies will need coordination of defense and discovery matters. How do the companies handle this?

ii. Consider jurisdiction over foreign entities, including the parent entity.
a) Jurisdiction Issues
b) Maintaining Corporate Compliance

iii. Litigation Respecting Same Products in Multiple Jurisdictions-issue for electronics companies and home appliance manufacturers
iv. Insurance coverage-is it adequate? Has it been reviewed?
v. Litigation issues must be reviewed such as:

a) Coordinating billing from local counsel.
b) Insurance coverage notices and claims and updating carriers.
c) Budgeting for cases.

vi. Currently, many large US companies and subsidiaries of non-US based companies have numerous insurance related lawsuits involving class actions, product liability claims, bankruptcies, employment cases and antitrust and regulatory issues. These should be reviewed.

a) Product Liability Actions
b) Patent Actions
c) Regulatory Proceedings and Investigation
d) Commercial Disputes
e) Product Liability Costs

3. Consider Typical Legal Theories on which a Plaintiff May Base a Products Liability Claim and Class Actions In US and Elsewhere:

i. Breach of Express Warranty.
ii. Breach of Implied Warranty.
iii. Negligence.
iv. Strict Liability.
v. Deceptive and Unfair Trade Practices ("DUTP").
vi. Consumer Class Actions

4. TO ADEQUATELY PROTECT AND DEFEND AND MITIGATE THE RISK OF A COMPANY AND ITS U.S. AND FOREIGN SUBSIDIARIES, NUMEROUS PROCESSES AND PROCEDURES SHOULD BE IMPLEMENTED AND REVIEWED BY LEGAL COUNSEL AND/OR RISK MANAGERS. SUCH PROCESS GOALS ARE:

i. Product Risk Management Goals.

a). Encourage correct product use, increase customer satisfaction and minimize possible injury from use.
b). Improve ability to defend the company in the event of litigation by developing and substantiating defenses to liability, reducing exposure to liability, for example, by removing grounds to impose punitive damages.

ii. Adopt Product Loss Control Policy and Procedures which include:
1. Requiring product group or divisional officers to develop programs consistent with corporate guidelines.
2. Establishment of a group Claims Defense Committee.
3. As a part of the Research – Design – Development process, conduct formal hazard/failure evaluations on all new products.
4. Publish Quality Control Standards and Procedures for all components, materials, and processes critical to product, service, safety, and reliability.

iii. Product Management Consideration Respecting Limiting Potential Liability Exposure – Develop Checklist to include in Product Readiness Approval Objectives Including Product Design Considerations:

a) Written procedures for the design program, including:
b) Design choices – consideration of alternatives.
c) Specifications – definition of acceptable ranges of variation for each characteristic to assure that all designs are reviewed before they are released to manufacturer.
d) Establish a design review committee.

iv. Marketing

a) Review all published statements about the products including advertising, product listings and catalogues to assure that they do not: mislead users, encourage users to disregard directions and warnings contained in the labeling, or promote unapproved or inappropriate uses.
b) Include provisions in distribution and purchasing agreements so that distributor and/or purchaser will:
(i) complete and return surveys and questionnaires
(ii) notify the company of any product failures or malfunctions