Now more than ever, no matter the size of the team, strategic planning is critical to setting the course for the in-house legal team. The factors affecting in-house counsel and their teams are ever increasing and evolving. These factors include internal business strategy, external risk factors, and the financials.
The challenge can be regularly stepping back to identify and evaluate the right set of factors impacting the department’s plan. It may require a new approach to in-house legal department planning.
In today’s heightened business and financial regulatory environment, corporate Chief Legal Officers (CLOs) and General Counsels are being called upon more than ever to ensure their organization’s global compliance with new and evolving regulations.
As companies grow, the demands on their legal and compliance teams grow with them. New markets, broader geographic operations and new technologies all require constant oversight and intervention by in-house teams, at a minimum, insofar as evaluating their legal compliance requirements and impacts.
All told, the job of the company’s head lawyer has never been tougher or more critical. Given what many legal compliance experts expect to be a continuing escalation in regulatory oversight and corporate scrutiny of all industries, the CLO’s task is not for the fainthearted.
Here are just a few of these proactive and reactive responsibilities. Today’s CLO must stay abreast of possible changes to the laws of dozens of countries, confirm that accurate filings are made on time to the right regulatory agencies in these nations, investigate any and all potential issues of non-compliance that may arise, and then suggest ways to remedy these problems.
Top 5 compliance concerns – A broad consensus
The 2016 annual CLO survey by the Association of Corporate Counsel (ACC) paints a bold picture of a job that has become vastly more complex and arduous. More than 1,300 CLOs in 41 countries participated in the survey by ACC, a global legal association representing more than 40,000 in-house corporate lawyers in more than 85 countries. Their responses indicate five primary CLO concerns, ranked in priority order:
- Compliance with regulations in multiple areas
- Mitigating and managing risk
- Data protection and cybersecurity
- Rapid growth and changing environments
- Managing resources and budget to accomplish the workload
Mushrooming compliance responsibilities
With regard to the top compliance concern, Veta T. Richardson, ACC president and CEO, had this to say about the survey’s key finding: “An astounding one-in-three general counsel told us that their companies have been targeted by regulators in the past two years, reflecting the additional risk companies are exposed to as they increase their cross-border work and face a wider range of government scrutiny.”
Several CLOs in the survey elaborated on their mushrooming compliance responsibilities. As one put it, “The changing regulatory landscape is (our) biggest concern. We are seeking constant education and advice to remain compliant and also weigh in with regulators, when possible, (with regard to) proposed/pending legislation or regulations.”
A decade ago, CLOs focused predominantly on domestic compliance concerns. But as their companies became more global in scope, their compliance oversight expanded. Nevertheless, the breath and enforcement of regulations outside U.S. borders generally fell well below the stringent protocols in place domestically. This changed once the U.S. embraced the concept of “extra-territoriality,” the application of U.S. regulations in the foreign locales where U.S. companies now operate.
Once the U.S. passes a particular corporate governance requirement, it frequently compels other countries to respond with similar legislation. A case in point is FATCA (Foreign Account Tax Compliance Act), which imposes a new information reporting and withholding regime for payments made by U.S.-based companies to foreign financial institutions. In the wake of FATCA, the OECD (Organization for Economic Cooperation and Development) formulated the Common Reporting Standard (CRS), a global standard for the automatic exchange of financial account information among participating tax authorities.
What accounts for the increase in the number and scope of regulations and other corporate requirements? The answer is the post-9/11 and post-financial crisis resolve in many governments to reduce corruption, increase market transparency, and fight terrorism. For example, more than 6 billion people live in countries with a serious corruption problem, according to Transparency International.
The effect on in-house planning
This rigorous global compliance agenda is the new normal for CLOs. To be effective in their tasks, CLOs must stay on top of regulatory developments across the world on a day-to-day basis. The penalty for taking one’s eye off the ball is severe. Since the financial crisis, banks and other financial institutions alone have paid more than $230 billion in fines to multiple governments, making legal compliance one of the more crucial elements of a smoothly running business, at present.
The challenge, of course, is keeping up with it all – from the day-to-day to new levels of data protection, to increased regulatory factors. A redirect of resources and budget or even altogether new methods of addressing the growing list of responsibilities may be needed.
The ACC survey amplified a key compliance concern for many CLOs—the integrity and protection of their financial data. One CLO respondent commented that the person’s company was “concentrating its resources” and “reexamining its insurance policies” to improve its cyber data security and financial readiness in the case of a data breach.
Security issues have prompted an uptick in cases by the U.S. Securities and Exchange Commission against companies that had failed to establish government required cybersecurity policies and procedures, pursuant to Rule 30(a) of Regulation S-P under the Securities Act of 1933. The regulation details the procedures that regulated business entities must follow to safeguard their customers’ records and other private, sensitive information. Other countries have followed suit with similar rules.
A recent report predicts that the number of cyber crimes committed against businesses will increase dramatically throughout the rest of the year. As for the overall cost of data breaches against businesses, it reached an aggregate $3.79 billion in 2015, up from $3.42 million the previous year, according to another study. Yet another report projects that cyber crimes will cost companies $2.1 trillion before the end of the decade.
The ACC study affirms these trends as a key legal issue. “One in five CLOs say their organization has experienced a data breach within the past two years,” the study states. “While it is nearly impossible to prevent a data breach, it is important to have a response plan (in place) because many countries now require mandatory notification in the event of an incident.”
Managing the workload: A delicate balance
Such response plans merely add to the cost of compliance for legal departments. This may explain why less than half of the CLOs in the ACC survey have retained the outside services of a forensic company to support them in the event of a data breach.
Nevertheless, the onus is on CLOs to put in place strong risk mitigations despite limited or decreasing resources and budgets. This difficulty was expressed by one CLO respondent to the ACC survey, who commented on the challenge of “managing the workload of my department for a growing company that is focusing on keeping costs down while expanding at the same time.”
Obviously, budgetary issues require careful consideration of where best to allocate strained legal department resources. In this regard, many CLOs cited in the ACC survey are directing more capital to their internal staffing needs, while also pursuing such cost-containment measures as lowering and/or capping fees for outside legal assistance when absolutely required.
“I am taking steps to enhance in-house capabilities and skills to allow more matters to be handled internally,” one respondent commented. Another CLO shared his approach: “(We’re) staffing up our internal lawyers (using recruiters) and implementing internal procedures for legal and executive review.”
Smaller in-house teams are choosing to outsource work. As they evolve and grow, they don’t have the capacity to handle it all but can rely on outside experts to manage areas such as corporate transaction or post-merger integration requirements, business licenses and annual report requirements. They are also actively looking at the benefits of automation tools for entity management for alleviating the pressures of the timely and accurate delivery of legal services.
An additional tactic to help solve the capital-compliance conundrum is to invest in a central database of information tracking global entity records, regulatory actions and their dates of implementation across the globe. Not only does this reduce the need to staff up internally to attend to this, it frees up current legal staff to focus on more value-added work at the CLOs behest.
The bottom line is that legal compliance is sure to become a more onerous responsibility for CLOs, as more countries around the world follow the example set by the United States and other economic leaders. All of these external factors can have a significant impact on the in-house department’s strategic direction and planning processes. Processes and systems must be put in place to stay ahead of this information on a credible and expeditious basis.
To learn more about how CT can help you better manage your global compliance needs, contact a CT representative at 844-206-9032 (toll-free U.S.).