Risk Management for In House Lawyers
Today, many in house lawyers still think of risk management as the department that manages insurance policies. Some may in fact think that risk management also encompasses handling bad publicity or maybe even covers a disaster recovery plan. Many in house lawyers, as well as some corporate managers don’t believe risk management is part of their job description. However, given the globalization of business, the increased volatility of todays’business climate and the changes in social media that has increased communication ten fold, risk management is now part of every manager’s job description, including the in house lawyer.
Risk management should be viewed as an essential part of everyday management, including legal management. Managing a company’s risks is not only important but vital. Until recently, lawyers have been trained to think reactively- ie to react to a threat or risks. But given the recent changes in the global business environment, in house counsel must now learn to manage risks. Such proactive management encompasses a large area of not only pure legal risks but also business risks that could lead to legal threats and issues. In essence, an in house counsel must now learn to proactively manage risks by minimizing risk, mitigating risks, transferring risks and eliminating risks. All are in a sense a proactive response to a risk rather than a purely reactive response.
The main role of in-house counsel in corporations or legal entities is now, of course, to mitigate legal risk in connection with the sale of products or services provided by the company. In essence how the company protects its success will be based in part on its ability to manage, control, and minimize legal risk, especially in a litigious society such as the US marketplace. Legal counsel must take an active effort in developing strategies, systems, and processes that will minimize the legal risks faced by the company on a daily basis. The area of risk management for in house counsel has become so large it can now be labeled “Legal Risk Management” or LRM.
What is LRM? First you must define LRM. Legal risk is the probable occurrence of a future event or non-event that will have a negative impact on the company that could result in law suits, fines, investigations, crisis, reputational harm, financial harm and of course the destruction of the company’s brand or even the company. Legal risks and business risks intertwine to such an extent that business risk have legal impact. Therefore, in house counsel must become involved in the day to day management of business risk itself. This leads to the question of a company’s appetite for risk. For a company , as well as its in house lawyer, to properly manage risk- management has to understand what risk it is willing to take in the market place and what risk it is not willing to take. Is it willing to buy inferior parts for its product and risk the probability of a product liability lawsuit in order to make a greater profit or not? What does the Board of Directors think about risk? Has the BOD ordered a risk audit of the whole company? Is the company willing to accept more risk than it currently accepts , and if so, what is the rate of return it needs to justify the additional risk?
A company may have competing objectives that result in increased risk or a decision to accept additional risk. Does the company have a business model that compares the benefits over the potential increased risk? If the company’s sales department wants to increase sales revenue by offering a one year warranty over its normal sixty day warranty has the company’s service department quantified the risk of increased costs to provide additional service? Is it worth it?
An in-house lawyer must also determine how the organization’s risk appetite compares to the risk appetite of its competitors in the market place. What are the competitions’ risk policies towards its products and services? If the company wants to become an innovator instead of a follower, is it willing to increase its exposure to risk? If so, how much additional risk is it willing to take? What about additional risk in product safety or service delivery? Does the company in fact what to be a trend setter without additional risk? How can it do that?
An in house lawyer must now think in terms of risk analysis. The lawyer must use tools to not only identify risk but provide a qualitative analysis a risk’s probability and its impact on the company’s objectives and bottom line. Various tools include risk map, use of processes such as interviews of key personnel, procedures involving review of industry guidelines, internal procedures, risk diagrams, etc. What risk analysis has been developed to gauge the safety controls in the manufacturing division’s product design protocols? How does the R&D division handle the potential risk of defective parts and materials?
Not only must the in house counsel identify risks but he must assess the inherent likelihood and impact of the risk. Will the impact of the risk be very minor or could it be a major event. Once the in house counsel analyses the risks and assesses the potential impact of the risk, he can then determine how to handle the risk- such as risk mitigation, risk transference, risk avoidance and risk acceptance. Though lawyers don’t like to admit it ( as lawyers by nature are risk averse) risk acceptance is an acceptable form of responding to a risk- especially when the risk cant be mitigated and the upside can bring potential gain. Risk mitigation can be achieved through various means such as implementation of a loss control program. Risk transfer can of course be achieved by such means as insurance, as a well drafted insurance policy covering a specific form of risk will result in the transfer of the risk to the insurer.
It is time that in house counsel realize they are in fact legal risk managers. The law department of a corporation can serve it well by playing a substantial role in the corporate wide management of risk by proactively managing potential risk instead of just reacting to it. By working with cross corporate teams to manage risks through corporate governance, compliance, loss control, review of HR processes or product safety concerns besides just purely legal issues, a corporation’s law department increases its value to the company. Instead of just a pure cost center, it can in fact become a profit center.
By controlling and managing legal risk, an organization is able to control its future. Without adequate LRM processes, a company is exposed to claims, lawsuits, fines, and investigations. Not a day goes by where some governmental investigation or lawsuit is not reported in the local newspaper. These days it is a common occurrence. Therefore, it is imperative that an organization and its in house legal team understand that by controlling and managing legal risk, an organization is able to control its future. Without adequate LRM processes, a company is exposed to claims, lawsuits, fines, and investigations. Not a day goes by where some governmental investigation or lawsuit is not reported in the local newspaper. These days it is a common occurrence. Therefore, it is imperative that an organization understands the role that LRM plays in an organization and that adequate systems, processes, and procedures be implemented to minimize, control, and transfer such legal risk.