I had an interesting conversation this week with an in-house lawyer about risk; legal risk. The annual review of the corporate risk register had come around again. The in-house lawyer was considering how to analyse the legal risks that she should raise with the corporate risk officer. It was a headache and she rang for advice.
What was a “Legal Risk?” We determined at the outset that most risks on the risk register had legal consequences; litigation would ensue, contracts could be cancelled and regulators stung into action. Although these are important issues, these were not “legal” risks in the true sense. They were consequences of other risks such as commercial, operational, organizational etc.
Fortunately, having done a lot of work on legal risk, I was able to point to the definition that I used. Based on the International Bar Association, I set out five categories of legal risk:
Litigation Risk – the failure by an organisation to properly conduct claim, defence or counterclaim;
Asset Risk – failure by an organisation to take steps to protect its assets;
Transaction Risk – the legal failure of a transaction or the failure by an organisation to enforce its negotiated rights;
Change of Law Risk – a change in the law that could cause a corporate entity or its activities to be prohibited or fail; and
Regulatory Risk – This is similar to Change of Law Risk with the added complication of regulatory policy and the regulator’s desire to use their powers.
It is important to understand the definition of legal risk for several reasons.
The definition is important when deciding who “owns” the risk; i.e. who handles it in an organisation. Ownership should lie with the in-house lawyer or legal team as they are best placed to manage legal issues.
Second, the duty of the in-house counsel will be to lead the discussion within the organisation on the commercial appetite for that risk. As I stated in other blogs, a risk presents a commercial advantage; either through opening up a new opportunity or because it is a risk that the organisation feels able to take. For example, I have encountered organisations that do not feel it necessary to have written contracts. The logic is that the contract is a relationship written down, so why contract with somebody where no relationship exists? They were prepared to trade off the security of a written contract against the delay caused by negotiating a document.
The third reason is of increasing importance. In a world that is moving from the physical assets such as raw materials, factories, machinery etc. to intangible assets – e.g. brand, knowledge, data – the law is growing in importance for protecting the economic value of the latter. The law for many organisations is now the protective fence around the main corporate assets. Any failure in legal risk means the fence is breached.
The role of lawyers in risk management increases every day.