Recently , the New York Times reported several fatalities and numerous injuries linked to defective airbags manufactured by a company named Takata. The defective design or nature of the airbag revolves around defective propellant in the airbag and has resulted in a massive recall involving millions of cars. According to documents reviewed by Reuters, not only did Takata know about the airbag problems in 2004 ( which it did not report to federal regulators) but its management instructed the engineers researching the problem to destroy all data and evidence regarding the investigation.
Not only is this turning into a media nightmare for Takata , but what is coming to light is a complete failure of risk management processes especially those involving manufacturing and safety protocols. Namely, Takata switched propellant chemicals in the airbags. The new propellant caused the metal airbag to burst open due to excessive air pressure caused by high humidity. It also was discovered that Takata's manufacturing plant in Mexico allowed a defect rate eight times above acceptable limits. Takata's problems could have been avoided had it followed appropriate risk management processes and procedures. Lives could have been saved. And injuries could have been prevented. What does Takata's problems with air bags have to do with risk management- well everything. Its all about the planning! Its all about the implementation of a properly designed and thought out Legal Risk Management Program.
When manufacturing products, especially those that could cause injuries, it all goes back to product planning. I recommend using checklists to help in the product planning and designing process. When designing products, manufacturing companies need to be very detailed to avoid product liability litigation, especially in the United States. Product planning is a very detailed process involving many departments. As part of an overall plan to reduce risks of product liability litigation as well as class actions and government investigations raised by CPSC or FTC concerns, it is recommended manufacturing companies develop a detailed design risk program or “DRP.” Such processes can minimize, reduce, or prevent liability when claims are brought as a properly designed DRP will minimize product failure as well as alert all concerned as to the major issues of product and design defects before such defects happen.
I recommend the use of a checklist cover such DRP matters. Checklists are a handy tool to use when looking at processes and procedures to minimize legal liability, especially in the product planning and design phases of product development. Product planning and design process considerations should normally include the following:
If Takata had followed the processes outlined above, it could have easily discovered the potential danger caused by the new propellant. It could have put in place a system which monitored and tested all aspects of its manufacturing processes. If it created a checklist covering all issues reflected above, there probably would not have been any issues.
Does your company have detailed design and manufacturing processes in place? Do you have a handy checklist to use as a tool when designing and manufacturing product? Remember, use of a checklist can help a detailed design risk program. When designing and manufacturing product- its all about risk. Implement a DRP today and put in place a handy checklist!
Using Metrics to Control Costs.
A company, wherever situated, will eventually be subject to litigation, government investigations, fines, employee actions, class actions, commercial litigation, etc. In a sense, the cost of business is having to pay for resolution of legal matters and problems. However, that cost may be high. In order for a company to properly defend itself will require the use of law firms, especially in the United States. However, legal fees and costs can be onerous and excessive. The financial well-being of a company may depend upon how well it is able to manage outside legal fees and costs. A company may win a lawsuit but go bankrupt because of excessive legal fees.
As part of an overall Legal Risk Management ( LRM) Program, a company’s law department must implement processes to control, reduce, and manage outside legal fees and costs. By utilizing legal risk management tools (such as surveys, interviews, risk assessments, KPIs and other metrics) a law department or risk management department can proactively reduce its legal spend. Likewise, a law firm , to stay successful must also implement internal processes to contain costs or it runs the risk of becoming irrelevant as corporate law departments switch from famous brand name law firms that are very expensive to lesser known law firms that are just as capable but much more reasonable in fees. Some of the tools that a law department or law firm can use to contain costs are:
Tools for Reducing Legal Fees
Processes that can measure the performance of outside counsel
Processes that track legal costs and expenses
Use of KPIs that measure the Law Departments metrics
Creation of a contract management system, which standardizes contracts and forms
Negotiation of legal fee agreements with outside counsel
Use of outside billing guidelines, which prevent excessive billing by law firms
Use by law firms of metrics such as KPIs that measure the law firms’ performance
Conduct risk assessments to determine whether to settle early or not
KPIs
Key performance indexes (KPIs) are an effective way to measure a Law Department’s metrics as well as use and effectiveness of outside counsel. It can also be used by a law firm to measure its performance such as turnaround time of matters, etc. I recommend a corporate law department to establish at least ten to twenty KPI metrics to get a good picture of the effectiveness of not only the law department but outside counsel. This can be reflected in the dashboard on your computer monitor. Typical examples would be:
Law Department’s total expense
Law Department’s total expense as a percentage of revenue
Number of active litigation matters
Number of new litigation matters
Number of closed litigation matters
Law Department’s fees for outside counsel
Total external spending on litigation matter
Cycle time to resolve claims
Estimated dollar savings through use of legal risk management tools
Percentage of legal matters that receive a management—specific post-mortem review
Law firms can use metrics too!
Law firms can also use KPIs to measure performance and help contain costs. Typical examples would be :
Law firm’s total expense as a percentage of revenue
Number of active matters in relation to revenue
Number of closed matters
Turnaround time for transactional matters
Number of attorneys per case
Number of hours billed per attorney
Number of hours spent marketing the firm per attorney
Why Metrics?
There are other KPIs to use, but the above metrics can be used to help quantify the number of litigation matters, average time to resolve matters, total legal costs, and savings through LRM processes. The more processes put in place to measure performance from a risk management point of view the better. KPIs not only measure and track the effectiveness and efficiency of a law department but can be used as a tool to improve the effectiveness of the law department as well as the typical law firm.
What law firms must realize is that law departments are being held to a strict standard by the CFO or CEO of a company. Companies are requiring in house counsel to be more efficient and cost conscious especially when picking outside counsel. Law firms that come up with innovative business oriented practices that help the company’s bottom line will become the preferred law firms. As businesses use more and more metrics to measure performance and cost so will law firms be required to do the same thing. Law is becoming less of a staid old boy profession and is becoming more of a dynamic business that is subject to all of the vagaries of business just as the law firm’s clients are subject to such vagaries.
What can law firms do to contain costs and stay relevant:
Times are changing. Not only are corporations taking more and more steps to contain costs but the law departments and ultimately the law firms themselves are being required to contain costs as well. Failure to contain costs will result in law firms becoming less relevant in a world that is flat and quite demanding.
A company should consider the risk of success if it wants to remain successful.
I recenlty went to one of my favorite new restaurants in Seoul. The restaurant has a unique menu- something you normally dont see in Korea. The food was very good as was the service. It became my favorite place to have Sunday Brunch. I and many others started frequenting the place. Unfortunately, during my last visit, I noticed the service had rapidly declined. In other words the restaurant was becoming a victim of its own success. The restaurant owner clearly never thought he would be so successful so quickly. He could not keep up with the demand. His staff was stretched to the limit. Oh well- maybe I should look for another place to have Sunday Brunch.
My ex- favorite restaurant's failure to deliver proper service because of its success started me thinking about risks inherent in any business when it faces unexpected results- whether positive or negative. Looking at recent events it is impossible not to notice how many of the risks faced by companies were either unintended or unexpected. From a risk management standpoint, such a failure to appreciate potential risks because the risks were unexpected or the result of unintended consequences, is a failure of risk management itself.
Granted, it may be easier to foresee certain risks than others and take action to mitigate the risks that are more visible. But the very reason to create a risk management system and nurture a culture of risk mitigation, is to foresee all potential areas of risk and take steps to mitigate or at least acknowledge the existence of risk. Stockholders of a finance company do not want to be told the company collapsed because it failed to appreciate the risks inherent in mortgage backed securities. Investors in an energy company dont want to be told the company collapsed because it failed to reign in corruption and malfeasance on the part of upper management. What every company must ask itself is the fundamental question- "Has the company looked at all areas of risk, including the unexpected areas and taken steps to mitigate the risk.?"
Risk comes in many packages. Political. financial, legal, business, economic, natural and of course personal. Risk can be the result of political or economic events. Risk can also result from natural disasters. But it can also be the result of success. In essence, there is risk in the unexpected consequences of success. How so you may ask? Look at Sony. Sony's success led to hubris. It led to the decision to expand in to a multitude of business ventures and product lines which resulted in Sony concentrating less on it core products which had made it successful and concentrating on product lines it was not so familiar with. The end result- it took its eye off the ball. Samsung and LG rushed in. Look at Samsung today- you can also argue that Samsung was too successful with its PDAs and forgot to look at the competition in China. Sony, Panasonic and others are victims of thier own success. But they didn't have to be if they appreciated the fact that success can lead to unintended consequences.
The world today is flat. Every aspect of the world is interconnected. Success can be fleeting if companies fail to realize that a company's brand is now based not only on creating a superior product but on providing superior service or creating a superior consumer experience. The risk a company faces on a day to day basis is the risk that it fails to recognize it must provide a superior product, service and customer experience on a regular basis. Once it provides a superior product or service, it must continue to do so or it runs the risk of failure or collapse. It faces unexpected failure as it relied too long on the out of date "successful" business plan. Or it experiences unexpected failure because it relied too long on the "superior" product that suddenly becomes out of date. What happened to the Sony Walkman? The risk is that a company fails to realize everything changes, and based on past success or based on unexpected success it fails to push the envelope and fails to provide a superior product or superior service all the time.
How does your company handle success? Has it stopped striving to be the best? Has success made it complacent? Does it understand that there is great risk in success if it fails to understand why it became successful? Does the risk management department consider the risk of unintended consequences? What do the reports from the field say about products and product development? What does Service say about customer satisfaction? Is your company a little paranoid about its business plan or is it overly confident based on past victories and successes? Is it always trying to streetch the envelope or is it a little comfortable?
A risk management department in any company must understandably handle commonly perceived risk on a daily basis. But it must also consider the risks inherent in unexpected or unintended consequences. Failure to do so invites great risk and potential disaster. What do the risk models and processes say about success? Talk to your risk managers. They will be the first to tell you if your products or services are becoming out of date or are having trouble in the field. Remember, one of the unexpected consequences of success is risk.
Product planning and development has the potential for great risk, but also for mitigation of risk if the right mechanisms can be used in a timely fashion. Creating products that do not present safety risks or pose a hazard is not only should be the main goal of a manufactruring company but it of course can be a complicated process. As I have stated in my other blogs- companies need to be very risk management focused to avoid product liability litigation and legal exposure. If safety related processes are implemented in a timely and correct manner to minimize product defects, such processes can limit and minimize legal risk, especially regarding class actions.
Product development and planning normally involves four distinct stages prior to mass production:
In each stage there is potential cause for risk, as each stage involves processes that can potentially expose a manufacturing company to great legal risk by virtue of poor planning, documentation or poor implementation of critical development processes. A breakdown in processes can lead to disaster. Such processes include :
In each stage of product design, development, and production, many departments must share and coordinate information, tasks, roles and responsibilities, and communication with each other. Failure to do so in an effective manner in accordance with proper procedures and processes leads to not only failure but potential legal liability. For instance, let’s look at the main stages of a product planning cycle in a new product development scenario.
A typical product planning life cycle would involve at least eight departments and look something like this:
These days companies must pay close attention to the development process. As part of a robust risk management program, product planning and development must also pay attention to product defects and resulting product liability claims. A product planning and development process is the first process in the manufacturing cycle that if handled properly can ensure the products are manufactured in an environment which minimizes product design and manufacturing defects and produces high quality products.
I recommend any manufacturing company to implement a legal risk management audit covering the department and divisions I have mentioned above. Such audit should pay close attention to the product planning and development processes currently in place. Every company should ask itself whether the processes in place are first class, adequate or outdated. Producing defective products resulting in injuries or that present safety issues or safety hazards will always lead to product liability lawsuits and class actions. Extreme care and caution must be taken to minimize any chance of legal liability. Remember, when planning and developing products- processes that promote safe designs and safety comes first.
Risk Management for In House Lawyers
Today, many in house lawyers still think of risk management as the department that manages insurance policies. Some may in fact think that risk management also encompasses handling bad publicity or maybe even covers a disaster recovery plan. Many in house lawyers, as well as some corporate managers don’t believe risk management is part of their job description. However, given the globalization of business, the increased volatility of todays’business climate and the changes in social media that has increased communication ten fold, risk management is now part of every manager’s job description, including the in house lawyer.
Risk management should be viewed as an essential part of everyday management, including legal management. Managing a company’s risks is not only important but vital. Until recently, lawyers have been trained to think reactively- ie to react to a threat or risks. But given the recent changes in the global business environment, in house counsel must now learn to manage risks. Such proactive management encompasses a large area of not only pure legal risks but also business risks that could lead to legal threats and issues. In essence, an in house counsel must now learn to proactively manage risks by minimizing risk, mitigating risks, transferring risks and eliminating risks. All are in a sense a proactive response to a risk rather than a purely reactive response.
The main role of in-house counsel in corporations or legal entities is now, of course, to mitigate legal risk in connection with the sale of products or services provided by the company. In essence how the company protects its success will be based in part on its ability to manage, control, and minimize legal risk, especially in a litigious society such as the US marketplace. Legal counsel must take an active effort in developing strategies, systems, and processes that will minimize the legal risks faced by the company on a daily basis. The area of risk management for in house counsel has become so large it can now be labeled “Legal Risk Management” or LRM.
What is LRM? First you must define LRM. Legal risk is the probable occurrence of a future event or non-event that will have a negative impact on the company that could result in law suits, fines, investigations, crisis, reputational harm, financial harm and of course the destruction of the company’s brand or even the company. Legal risks and business risks intertwine to such an extent that business risk have legal impact. Therefore, in house counsel must become involved in the day to day management of business risk itself. This leads to the question of a company’s appetite for risk. For a company , as well as its in house lawyer, to properly manage risk- management has to understand what risk it is willing to take in the market place and what risk it is not willing to take. Is it willing to buy inferior parts for its product and risk the probability of a product liability lawsuit in order to make a greater profit or not? What does the Board of Directors think about risk? Has the BOD ordered a risk audit of the whole company? Is the company willing to accept more risk than it currently accepts , and if so, what is the rate of return it needs to justify the additional risk?
A company may have competing objectives that result in increased risk or a decision to accept additional risk. Does the company have a business model that compares the benefits over the potential increased risk? If the company’s sales department wants to increase sales revenue by offering a one year warranty over its normal sixty day warranty has the company’s service department quantified the risk of increased costs to provide additional service? Is it worth it?
An in-house lawyer must also determine how the organization’s risk appetite compares to the risk appetite of its competitors in the market place. What are the competitions’ risk policies towards its products and services? If the company wants to become an innovator instead of a follower, is it willing to increase its exposure to risk? If so, how much additional risk is it willing to take? What about additional risk in product safety or service delivery? Does the company in fact what to be a trend setter without additional risk? How can it do that?
An in house lawyer must now think in terms of risk analysis. The lawyer must use tools to not only identify risk but provide a qualitative analysis a risk’s probability and its impact on the company’s objectives and bottom line. Various tools include risk map, use of processes such as interviews of key personnel, procedures involving review of industry guidelines, internal procedures, risk diagrams, etc. What risk analysis has been developed to gauge the safety controls in the manufacturing division’s product design protocols? How does the R&D division handle the potential risk of defective parts and materials?
Not only must the in house counsel identify risks but he must assess the inherent likelihood and impact of the risk. Will the impact of the risk be very minor or could it be a major event. Once the in house counsel analyses the risks and assesses the potential impact of the risk, he can then determine how to handle the risk- such as risk mitigation, risk transference, risk avoidance and risk acceptance. Though lawyers don’t like to admit it ( as lawyers by nature are risk averse) risk acceptance is an acceptable form of responding to a risk- especially when the risk cant be mitigated and the upside can bring potential gain. Risk mitigation can be achieved through various means such as implementation of a loss control program. Risk transfer can of course be achieved by such means as insurance, as a well drafted insurance policy covering a specific form of risk will result in the transfer of the risk to the insurer.
It is time that in house counsel realize they are in fact legal risk managers. The law department of a corporation can serve it well by playing a substantial role in the corporate wide management of risk by proactively managing potential risk instead of just reacting to it. By working with cross corporate teams to manage risks through corporate governance, compliance, loss control, review of HR processes or product safety concerns besides just purely legal issues, a corporation’s law department increases its value to the company. Instead of just a pure cost center, it can in fact become a profit center.
By controlling and managing legal risk, an organization is able to control its future. Without adequate LRM processes, a company is exposed to claims, lawsuits, fines, and investigations. Not a day goes by where some governmental investigation or lawsuit is not reported in the local newspaper. These days it is a common occurrence. Therefore, it is imperative that an organization and its in house legal team understand that by controlling and managing legal risk, an organization is able to control its future. Without adequate LRM processes, a company is exposed to claims, lawsuits, fines, and investigations. Not a day goes by where some governmental investigation or lawsuit is not reported in the local newspaper. These days it is a common occurrence. Therefore, it is imperative that an organization understands the role that LRM plays in an organization and that adequate systems, processes, and procedures be implemented to minimize, control, and transfer such legal risk.
Compliance Training- Get the Board of Directors Involved
Legal risk management ( LRM) not only plays an important part in the success or failure of a corporation, but it is so important that it must be elevated to the Board of Directors for such LRM processes to be effective. As the Board of Directors ( BOD) of a company owes a fiduciary duty and obligation to the corporation, such duty requires a Board of Directors that is fully informed and knowledgeable on major issues of risk. Whether it is compliance issues, SOX, currency risk, antitrust, M&A issues, ERISA or tax etc., the BOD must be fully informed about the potential risk to make the appropriate decisions involving the management of the company. Therefore, due to its very nature, the BOD cannot escape its fiduciary obligations with regard to understanding and approving LRM processes.
Compliance is therefore a major area or risk prevention that the BOD must be informed about on a regular basis. One of the hallmarks of a good compliance program is not only approval of the compliance program by the BOD but the fact the BOD is also trained on compliance as well. Training the BOD on compliance of course has its own peculiarities and concerns apart from compliance training for the average employee.
In fact, The Federal Sentencing Guidelines provides that a compliance training program must include training for the Board of Directors. Though the Guidelines does not explicitly state that it does state that the organization must take steps to communicate its compliance program and ethics program to members of the organizations governing authority and high-level personnel. A BOD’s fiduciary duty combined with the mandates of the Federal Sentencing Guidelines has in effect laid the groundwork for compliance training with the BOD. Though of course, companies seek to share compliance data with their BOD, they must also train the BOD on compliance related topics to get the full protection as promised by the Guidelines.
An effective compliance program for the Board of Directors should cover topics such as:
1. Discussing current trends and best practices in compliance programs
2. Describing the major components of an organization’s internal compliance program’s and explaining how it works,
3. Assessing how the internal compliance program measures up against other programs
4. Discussing risks and what the organization is doing to address, prevent , transfer and mitigate risk
5. Supporting documentation- a company needs to prove the Board of Directors has been substantially trained in the compliance program- therefore the company or organization will need to produce supporting documentation. Such documentation should include:
Having the Board of Directors attend training not only satisfies the Guidelines. But it sends a powerful message across the organization and sets a tone so to speak that the organization takes ethics and compliance seriously and that compliance programs are important” at all levels of the corporation. Also,if compliance training takes place in an On Line format- all the better as the Board of Directors may take training outside an actual physical board meeting and save valuable board meeting time for other activities.
Once the company decides upon the training format for the Board, such as an e-learning format, it should also include a benchmarking module for the BOD. The training program should include comparisons to compliance programs of other companies and peer organizations. Benchmarking is one way for the Board of Directors to understand if the compliance program is meeting standard industry practices. If it does not, the compliance officer or risk manager can ask the BOD to authorize more budgets to replicate the compliance programs of other companies that do meet industry standards.
A legal risk management program to be effective must be elevated to the Board of Directors. This includes the implementation of a risk assessment as well as a compliance program. It is important that the Board becomes involved with legal risk management, especially compliance, as a Board’s fiduciary duty and obligations under the Federal Sentencing Guidelines requires it. How a company conducts such risk assessment, compliance program implementation and training depends in large part on the efforts or the company’s risk manager and/or compliance officer.
