It is evident in today’s global and economic environment that corporate counsel still view regulatory compliance as one of their highest legal risk areas, and when coupled with the increase in regulatory action, it is now presenting legal departments across the globe with many different challenges.
It is pushing the need for organizations to develop and embed fully functioning risk and compliance frameworks that service numerous internal departments, including legal, across multiple jurisdictions around the world and in accordance with differing regulatory regimes.
Furthermore, the impact of regulatory compliance changes on the whole organization now needs to be considered in unison with those once considered as purely legal risk, widening the scope of those involved in establishing the risks.
In order to facilitate this, in-house legal teams, risk management functions and operational business units must work together for the benefit of the whole enterprise.
To meet some of these demands, the role of in-house corporate counsel has continually evolved, with responsibilities being expanded to include providing advice and guidance on regulatory compliance and ethical issues, and contributing to the development and implementation of risk management programs.
There are many views on the processes that global organizations adopt to establish and manage their associated risks, particularly those of a regulatory and compliance nature.
Detailed below are some of the challenges that corporate counsel and the organization need to consider:
1. Amount of regulatory change: The volume and increasing complexity of regulatory change has gained momentum over the past five years, particularly in the U.S. (Dodd-Frank Wall Street Reform and Consumer Protection Act) and in the U.K. and Europe (Financial Services Authority and the continual stream of European Union Directives and Basel Accords).
The issue of keeping up to date with emerging, new or updated regulatory information and then disseminating this to various global jurisdictions is difficult and, if not managed appropriately, can have limited effect, be overlooked and cost time and resources.
2. Compliance records: Within the U.S., and gradually more on a global scale, accountability for a company’s compliance records lies with corporate counsel, however the management of these records normally falls outside of their control, and maintaining a regulatory view on a global scale is difficult, if not impossible.
3. Cultural change: The level of potential challenge to introducing a more risk-enabled culture across a global company is possibly the real obstacle to overcome, rather than the actual method used for risk management.
4. The markets: Uncertainty of the markets and continued overregulation in the financial sectors are continuing to damage customer perceptions and reduce shareholder value.
5. Global reach: The volatility in the Middle East and the growth of the emerging markets—Brazil, Russia, India and China—are all adding pressure to companies and corporate counsel to have a firm view and handle on all regulatory compliance risks spanning their jurisdictions.
6. Reputation: Companies are increasingly aware of the importance of maintaining their reputations during regulatory or compliance disputes, and all functional areas need to consider reputational risk mitigation.
The second article in this two-part series will look at risk and compliance management and solutions available to corporate counsel.
Global risk and compliance management solutions
How corporate counsel can contribute to effective, enterprisewide risk strategies
In the first of this two-part series, I identified some of the challenges that corporate counsel face. In this article I will look at risk and compliance management and solutions available to corporate counsel.
Risk and compliance management
It is important to gain a perspective of the wider, more inherent challenges to risk management on a global scale, through a clearly defined business risk and compliance strategy.
Risk information used to formulate the risk strategy can be obtained via many sources, including corporate counsel knowledge transfer and previous dispute experience, regulatory compliance early warning systems, compliance control functions and control risk self assessment, whereby employees self-evaluate their own risks and controls while a member of internal audit or risk and compliance independently facilitates and assesses.
Compliance risk management frameworks that incorporate legal risk assessments, focused monitoring routines and continual improvements to the compliance risk framework need to be enterprisewide and follow a clearly defined board-driven mandate.
Legal must establish a clearly defined process for identifying, assessing and reporting potential and actual compliance breeches, which help with future risk mitigation planning within the compliance risk management framework.
Regular global compliance training and relevant regulatory communications that focus on the needs of the company and specific jurisdictions that include corporate counsel input will help to embed a culture of compliance and ethical awareness.
Corporate counsel need to understand their enterprisewide legal and regulatory risks in order to contribute to the risk strategy of the business. A well-established system for facilitating this would be a fully integrated global compliance and risk framework that that all functional departments can use and update.
It highlights the importance of enterprisewide risk management and provides risk information on a global perspective that may be applicable to any functional group. It allows for accurate multijurisdictional risk assessment and can be used to track, manage and monitor risks across many jurisdictions. What can often be perceived as a small risk in one particular area, when connected with another, could have a greater impact upon the organization.
Additionally, the frameworks need to ensure that adequately measured risks with appropriate mitigation are in place across all areas that need to be disseminated through the entire organization.
Therefore, in order to ascertain and measure the level of risk within any organization, a policy, process or enterprise model is needed to determine the level of risk allowable within any given event. This, coupled with focused risk training and “top-down” communications, will help contribute to a fully operational enterprisewide system of compliance.
General consensus and current research shows that corporate counsel are becoming more proactive toward compliance by incorporating risk management methods to circumvent long and costly litigation, including:
- Early identification of regulatory compliance, ethical and legal risk issues
- Full contribution to the risk management process
- Improved understanding of the enterprisewide impact of compliance across multiple jurisdictions
- Communication and legal compliance training within companies
- Increased negotiation based on risk-informed outcomes to settle regulatory disputes
Improvements to these processes within any organization can benefit both the company as a whole and employee engagement.
Corporate counsel can play a key role in driving targeted compliance programs across multiple jurisdictions that incorporate good ethical and risk management behaviors.