I remember when I first arrived in Korea in 1986. I was a young lawyer, the first foreign lawyer to work in-house for Samsung. It was an exciting time as Korea and Samsung were rapidly changing. Samsung was expanding rapidly and Korea was in the midst of the “Miracle on the Han”. It seemed that we were creating companies left and right. The Samsung group was expanding and I was a part of it. A little cement and water and we had a new company! Growth was everywhere. Not only growth but change as well. I really didn’t think about it but Korean society was changing too. In fact, I realize now that change is constant, even in retirement.
The fact that there is change even in retirement was brought home to me recently. When I first came to Korea in 1986 I went mountain climbing with my Samsung colleagues. We climbed Mt. Sorak..ie Soraksan. Upon climbing up one of the peaks I discovered an old lady who had climbed up with a bucket of magkeoli ( Korean rice wine) to sell to thirsty climbers. I was amazed she had made it to the top to sell magkeoli but later found this to be a common occurrence in Korea. If I recall correctly, the old lady had on high heels too. I would later joke to my friends that once I retired I was going to sell magkeoli on Soraksan. Recently, I made it back to Soraksan and to the top of one of the peaks. I expected to see an old lady selling magkeoli…but no. No one was selling alcohol at all. Why? Selling alcohol had been banned. Things have changed.
Obviously, not only people but companies and organizations have to realize that change is everywhere and must plan for it. They have to be ready to handle the usual legal and risk issues that they normally face as well as those issues and liabilities caused by the pandemic and the Russian invasion of Ukraine as well as supply chain issues. Change means of course that the normal areas of risk whether legal, operational, geo-political or financial will all of course have to be dealt with. Therefore, a company’s crisis management plan must consider pandemics such as Covid. But also, the normal everyday areas of risk that can and will result in loss of business must be addressed as well.
So, even in retirement, I have noticed changes around me. Customs change. Even laws, rules, and regulations governing our lives change. Cities and neighborhoods change as well. Whether you are working or retired, you cannot count on your life to be static as usual. Life is really never as usual. There really is no same old same old. Everything around us changes, maybe slowly and maybe slightly, but it changes. You may be too caught up in work or in life to notice the subtle changes around you. But change is everywhere if you look. Are you ready for change?
With covid restrictions tightening around Asia because of the Omicron Covid variant, some businesses are finding themselves stuck in limbo instead of getting back to quasi-normal. Hopefully, the Omnicron variant will not be as serious as first thought and people can get slowly back to normality. Omnicron of course is not the only risk that Asia and the world faces. A few days ago, people were enjoying the beach here in Busan where I live, the coffee shops were packed, including the one on the beach where I usually write, restaurants were busy and people were enjoying themselves. Even the baseball stadiums were packed. Then came Omicron. But also other risks too. With business increasing in parts of Asia, the Supply Chain itself had been stretched thin. Supply risks emerged. Other risks also began to surface such as the current semi-conductor chip shortage. Inflation is beginning to rear its ugly head (inflation in Korea is at the highest rate since 2012) and other major areas of risk such as employment, geo-political and currency-related risks are once again knocking on the door. So if you are doing business in Asia or thinking about doing business in Asia you must identify the risks.
As the world scrambles to try and normalize, Asia- the world’s primary source of manufacturing, is fraught with many areas of risk. Companies seeking to do business in Asia, whether Korea, Japan, China, Vietnam, or elsewhere, have to be very careful when it comes to risk. Besides Covid, operational, financial, legal, geopolitical, and environmental-related risks are all major areas of concern. Cyber-related risks are also increasing as they are in other parts of the world. As companies and countries start to address Covid related lockdowns, it is very apparent that companies must consider a multitude of risks. In fact, companies must be laser-focused on managing the many areas of risk, especially in Asia.
Obviously, risk management companies are a good resource for companies to use when managing risk. Other resources exist too, such as risk reports which identify risks on a regular basis.
One such report or report that is specifically focused on countries in Asia as well as Southeast Asia generally, happens to be Erudite Risk’s Daily Risk Briefing (DRB) Reports for Asian countries including Korea, Japan, Vietnam, China, and others. Erudite’s risk reports monitor intelligence in 12 countries across Asia and collect data from over 1000 sources on a daily basis. I highly recommend this report for those doing business in Asia whether it is Northeast Asia, Southeast Asia, or Asia as a whole. It is the most comprehensive risk-related report I have read that provides daily updates in a country-specific or regional manner. You can find out more at Erudite’s website- www.eruditerisk.com or for a sample go to the South Korean daily risk report page at the following link:
https://www.erudite.com/drb-intelligence/South%20Korea
It’s my day off. Though I am retiring soon I am taking a few days off here and there to take care of personal business before I depart the workplace. Of course they now have more work for me to do prior to my leaving. Well today they have to find someone else. I am always amazed that when I take a day off I am hit with work requests and when I am in the office…not so much. Ha-ha!
Having the day off also allows me to look around and contemplate my surroundings. I am not distracted and can be more present or mindful. I think it’s a good idea for those in the workplace to take a day off now and then and just look around. Everyone should ask questions and consider their current environment.
I am looking at Itaewon while sipping a cup of coffee. Yes..I am at a coffee shop in the Itaewon district of Seoul. Things are changing fast. Covid has really cause havoc. Many shops are closed. The bars and restaurants catering to the expat community are slowly closing or scaling back. The neighborhood known for its international focus is changing. It’s becoming more of a younger Korean focused area. I see buildings going up with no tenants and expat bars and shops closing. Times are changing.
Change happens in all of our lives. The old neighborhood may not be what it was. The city itself may be changing. And of course the country. We all have to ask ourselves if we are willing to change as well. For me of course, retirement will bring change. A change in my surroundings a change in lifestyle and a change in my perspective on life. I think everyone should realize that change is really constant. Embrace change or suffer the consequences. People get to caught up in the regular day to day tasks that they have that they don’t look around and notice how their environment is really changing.
For those in the workplace, take a look around. What changes do you see happening? Are you ready for change or not? Are you taking steps to stay relevant in today’s ultra-fast changing world? Are your skills still relevant or do they need upgrading? Like it or not, AI, VR and the blockchain will change how we work as well as what jobs and services are still relevant. If you run a company, are your products and services still relevant or do you need to change your product mix or even your business model? What about your internal compliance processes or your risk management processes? The forces causing change in today’s society will not stop. So it is up to everyone to understand change and adapt.
The only thing constant in life besides death and taxes happens to be change.
Today, many in house lawyers and corporate executives still think of risk management or legal risk management as the department that manages insurance policies. Many in house lawyers as well as some corporate managers don’t believe risk management is part of their job description. However, given the globalization of business, the increased volatility of today’s business climate and the changes in social media that has increased communication tenfold, the management of risk is now part of every manager’s job description, including the in house lawyer. Risk management should be viewed as an essential part of everyday management, including Legal Risk Management or LRM. Managing a company’s risks is not only important but vital. Until recently, lawyers have been trained to think reactively- i.e. to react to a threat or risks. But given the recent changes in the global business environment, in house counsel must now learn to manage risks. Such proactive management encompasses a large area of not only pure legal risks but also business risks that could lead to legal threats and issues. In essence, an in house counsel must now learn to proactively manage risks by minimizing risk, mitigating risks, transferring risks and eliminating risks. All are in a sense a proactive response to a risk rather than a purely reactive response.
The main role of in-house counsel in corporations or legal entities is now, of course, to mitigate legal risk in connection with the sale of products or services provided by the company. In essence how the company protects its success will be based in part on its ability to manage, control, and minimize legal risk, especially in a litigious society such as the US marketplace. Legal counsel must take an active effort in developing strategies, systems, and processes that will minimize the legal risks faced by the company on a daily basis. The area of risk management for in house counsel has become so large it can now be labeled “Legal Risk Management” or LRM. What is LRM? First you must define legal risk. A good definition is:
"The probable occurrence of a future event or non-event that will have a negative impact on the company that could result in law suits, fines, investigations, crisis, reputational harm, financial harm and of course the destruction of the company’s brand or even the company."
Using this term, legal risks are in fact many. Legal risks can be operational, strategic, financial, regulatory, contractual or corporate in nature. Virtually any risk that can result in litigation, fines, investigations or pose harm to the company or organization (reputational, etc.) can be included. A number of legal risks a company may face can be associated with the following:
Corporate Responsibility Risks
Brand / Reputation Issues
Pricing Issues
Competition Risks
R&D Development Strategy
Regulatory changes
Corporate Governance standards
Legal compliance
Loss of Intellectual Property
Foreign exchange risks
Pension Liabilities and related laws
Contractual Liabilities
Fraud / Money Laundering-FCPA risks
Receivables / Credit-Insolvency risks
Inside a company risks may be placed in many categories:
• Strategic
• Operational
• Financial
• HR
• Technology
• Legal and Regulatory
• Contractual breaches and damages
Legal risks and business risks intertwine to such an extent that business risk have legal impact. Therefore, in house counsel must become involved in the day to day management of business risk itself. This leads to the question of a company’s appetite for risk. For a company, as well as its in house lawyer, to properly manage risk- management has to understand what risk it is willing to take in the market place and what risk it is not willing to take. Is it willing to buy inferior parts for its product and risk the probability of a product liability lawsuit in order to make a greater profit or not? What does the Board of Directors think about risk? Has the BOD ordered a risk audit of the whole company? Is the company willing to accept more risk than it currently accepts, and if so, what is the rate of return it needs to justify the additional risk? A company may have competing objectives that result in increased risk or a decision to accept additional risk. Does the company have a business model that compares the benefits over the potential increased risk?
Not only must the in house counsel identify legal risks but he must assess the inherent likelihood and impact of the legal risk. Will the impact of the risk be very minor or could it be a major event. Once the in house counsel analyses the risks and assesses the potential impact of the risk, he can then determine how to handle the risk- such as risk mitigation, risk transference, risk avoidance and risk acceptance. The law department of a corporation can serve it well by playing a substantial role in the corporate wide management of risk by proactively managing potential legal risk instead of just reacting to it. By working with cross corporate teams to manage legal risks through corporate governance, compliance, loss control, review of HR processes or product safety concerns, a corporation’s law department increases its value to the company.
By controlling and managing legal risk, an organization is able to control its future. Without adequate Legal Risk Management (LRM) processes, a company is exposed to claims, lawsuits, fines, and investigations. It is imperative that an organization and its in house legal team understand that by controlling and managing legal risk, an organization is able to control its future. It is imperative that an organization understands the role that LRM plays in an organization and that adequate systems, processes, and procedures be implemented to minimize, control, and transfer such legal risk.
Law firms and other service oriented organizations are just beginning to realize that risk management concepts apply to them as well as manufacturing based organizations. Lately, consultants are advising law firms to implement project control methods, look at legal processes from a six sigma point of view and even apply the basics of marketing 101 or sales 101 to increase business from potential clients. As the legal industry continues to shift from the old “charge per hour” model, law firms are beginning to realize that not only do marketing concepts apply to the “business and management of law” but risk management concepts apply as well including loss control.
Risk management should be viewed as an essential part of everyday management, including legal management. Managing a company’s risks is not only important but vital. Until recently, lawyers have been trained to think reactively- i.e. to react to a threat or risks. But given the recent changes in the global business environment, as well as changes in how law firms manage themselves, attorneys and support staff must now learn to manage risks. Such proactive management encompasses a large area of not only pure legal risks but also business risks that could lead to legal threats and issues. In essence, lawyers must now learn to proactively manage risks by minimizing risk, mitigating risks, transferring risks and eliminating risks. All are in a sense a proactive response to a risk rather than a purely reactive response. This of course includes minimizing costs and using processes or tools to minimize costs and risk.
Loss control is a tool that a law firm or other service related organization can utilize or should use to minimize or reduce risk. If properly used, loss control can reduce losses and decrease exposure associated with such losses. Loss control can of course be simply defined as “efforts that reduce expected losses”. But of course it is more than that as it encompasses management of efforts that reduce expected losses – or in other words processes that can prevent, reduce, or mitigate losses. Loss control processes, in other words, if properly used, can mitigate and reduce risk. Normally, loss control processes can be very effective in reducing costs and expenses faced by any organization, especially a manufacturing company that manufactures products. But it can also be applied to service organizations such as law firms or accounting firms.
The traditional definition or concept of loss control relates to loss prevention or loss reduction that is associated with products or monies related or associated with products. Loss control processes are normally divided into two main categories—loss prevention and loss reduction and are defined as follows:
Loss prevention: activities that reduce expected losses of inventory or monies associated with inventory by proactively reducing the frequency of losses
Loss reduction: activities that reduce expected losses of inventory or monies associated with inventory by decreasing the size of the loss, which is a reactive and not a proactive process
Applying these concepts to a law firm or service related organization we can see how six sigma and other concepts such as project management can be utilized as a loss control process. After all the main goal of six sigma as well as and project management would be to improve efficiencies and minimize waste or the costs associated with waste. Law firms tend to over analyze and over process matters. How much cost can be saved if documents are no longer over processed or over analyzed? How much time can be saved for more productive matters? From a loss control standpoint, what processes can a law firm or law department implement that reduces cost and monies associated with cost? What efficiencies will be gained once project management processes are implemented?
Six Sigma and Loss Control
Six Sigma has been championed by companies such as GE, Motorola, Samsung, IBM and others. Originally promoted as a process to improve profitability it is really about reducing expenses, waste, and loss as well as adding value and efficiency. Consider using six sigma when reviewing processes that involve:
(i) Client expenses
(ii) Office expenses such as mail
(iii) Over review of documents
(iv) Use of software
Project Management
Project management has become another Legal Risk Management tool or process that has become more popular amongst law firms lately. Firms are realizing that once they get away with the old “charge per hour” paradigm and start focusing on alternative fee arrangements there is really a need to manage the matter on a project by project basis to contain and reduce costs.
Parts of a project management process
(i) Initiation of the matter- this includes the scope of the matter, the desires of the client and the goals of the client and law firm.
(ii) Planning of the project- just like an architect plans the design and building of a house or a building, the planning portion of legal project management covers the key decisions in achieving the desired outcome.
(iii) Implementation- this is when the firm of the staff conducts the work to implement the plan.
(iv) Monitoring of the project- is the budget being followed? Are the expenditures reasonable for the work being performed?
The concepts of loss control (and really risk management) can be applied to the legal industry as well as other service industries. Just because the original concepts were applied to the manufacturing industry doesn’t mean these concepts can’t be applied to service related organizations as well. Remember, for law firms it’s all about effectively and efficiently representing clients in a manner that not only achieves the goals and objectives of the client but does so at minimal cost and expenses. The more efficient a law firm becomes at handling matters at minimal cost, the more value the firm adds to the client’s business. The will usually equate to a higher client retention rate.
Before a crisis breaks out, it’s always a good idea for the company’s risk manager or the risk management department (RMD) if one exists to review his or her role, or in case of the RMD, its role within an organization. In today’s environment, including COVID 19 virus issues, it is very important. In order to understand the risk management department’s area of responsibility within an organization, I think it best to for the head of risk management to work with his supervisor in drafting corporate guidelines covering the risk management’s area or responsibility which can then be disseminated throughout the organization. No only should the RM or RMD’s are of responsibility be covered but each individual within the RMD should have his or her position and are of responsibility described in detail as well. It’s best to have everything outlined before the RMD has to contend with a crisis, especially a pandemic.
Areas of responsibility should include the purpose and policy of the RMD in the organization, the functions and execution points of the RMD (who does what, when, how, reporting lines, etc.) as well as a detailed outline of the procedures and processes of the RMD. Procedures and processes can include:
-conducting risk assessments of the organizations’ divisions and departments
-developing solutions for the various risk management issues
-developing business continuity plans
-coordination with various departments to assist with compliance issues
-oversee loss control concerns
-develop training for the organization’s employees covering various risk related areas of concern such as product safety, etc.
Besides managing risk, risk managers must also have a knack for good stakeholder management. In fact, in order to provide effective leadership in today’s corporate world, risk managers and those who have a risk management function, must understand the significance of good stakeholder management. The first step in leadership for any risk manager when looking at stakeholders is to ask the hard questions such as:
(I) Are you prepared to handle risk events relating to your stakeholders or not?
(II) In a crisis management event, such as a pandemic, are you ready to address your customers?
(III) Do you have the right information to communicate to your regulators?
(IV) What are the risk management process to use in case you have major employment related issues?
(V) Do you have a business continuity plan in place?
(VI) Have you coordinated your plans with Legal?
Providing effective risk management leadership requires the risk manager to understand what his or her role within the organization is as well as who the major stakeholders really are and what risk management reporting processes actually exist or should exist. Once a risk manager can answer the questions, the manager as well as the RMD itself is ready to provide effective risk management leadership.
