Legal risk management is top of agenda for any legal department. To prevent businesses facing financial and reputational losses, general counsel along with their legal teams must identify and manage risks at an early stage. Traditionally trained to solve problems in a reactive manner, legal departments need to develop and implement strategies to mitigate risks proactively.
Legal risks management is vast and complex. Having a long-term plan with clearly defined objectives is key. This business case needs to justify your investment in knowledge, expertise, resources and technology etc. To help you get started risk management, here is a basic 3-step guide you can follow within your business case.
You need to assess the maturity of the legal risk management within your company. In general, most businesses can position themselves within the 4 levels of maturity given below:
- No formal legal risk management reporting, risk decisions made principally on personal judgements.
- Basic legal risk policies in place, proactive discussions with business, adhoc risk mitigation.
- Allignment with business objectives, quantitative reporting of legal risks, assigned responsibilities.
- Dedicated legal risk managers, independent legal risk assurance, automated risk reporting
In the second step, you need to create a legal risk management framework. This framework must be a combination of the legal entities, governance structure, contract categories and legislation relevant for your business.
At this stage, you should develop the required business processes and related risk management policies. Relying on ‘good judgement’ of the business and the in-house legal alone is no longer sufficient. The legal department requires structured processes for decision making, to solve escalating issues and to integrate with the risk management framework of the entire business.
The business processes must be specific for legal risk management. The risk management framework needs to be adapted to the legal context of the company.
Ready for implementation
The outcome of the legal risk management plan you developed for your business case must ensure the following:
- Board support for discussing, identifying and quantifying risks.
- Allignment of objectives with business goals.
- Sufficient budget investment in knowledge, human resources and technology.
- Clearly defined legal risk management framework.
- Ownership of legal risks embedded in the organisation
- Structured training for people involved.
- Effective reporting on legal risks.
The global business environment is at a rapid pace. Therefore, general counsel and legal departments need to take an active part in assessing the risks their businesses are exposed to and take a proactive approach when mitigating them.