In the first of this two-part series, I identified some of the challenges that corporate counsel face. In this article I will look at risk and compliance management and solutions available to corporate counsel.
Risk and compliance management
It is important to gain a perspective of the wider, more inherent challenges to risk management on a global scale, through a clearly defined business risk and compliance strategy.
Risk information used to formulate the risk strategy can be obtained via many sources, including corporate counsel knowledge transfer and previous dispute experience, regulatory compliance early warning systems, compliance control functions and control risk self assessment, whereby employees self-evaluate their own risks and controls while a member of internal audit or risk and compliance independently facilitates and assesses.
Compliance risk management frameworks that incorporate legal risk assessments, focused monitoring routines and continual improvements to the compliance risk framework need to be enterprisewide and follow a clearly defined board-driven mandate.
Legal must establish a clearly defined process for identifying, assessing and reporting potential and actual compliance breeches, which help with future risk mitigation planning within the compliance risk management framework.
Regular global compliance training and relevant regulatory communications that focus on the needs of the company and specific jurisdictions that include corporate counsel input will help to embed a culture of compliance and ethical awareness.
Corporate counsel need to understand their enterprisewide legal and regulatory risks in order to contribute to the risk strategy of the business. A well-established system for facilitating this would be a fully integrated global compliance and risk framework that that all functional departments can use and update.
It highlights the importance of enterprisewide risk management and provides risk information on a global perspective that may be applicable to any functional group. It allows for accurate multijurisdictional risk assessment and can be used to track, manage and monitor risks across many jurisdictions. What can often be perceived as a small risk in one particular area, when connected with another, could have a greater impact upon the organization.
Additionally, the frameworks need to ensure that adequately measured risks with appropriate mitigation are in place across all areas that need to be disseminated through the entire organization.
Therefore, in order to ascertain and measure the level of risk within any organization, a policy, process or enterprise model is needed to determine the level of risk allowable within any given event. This, coupled with focused risk training and “top-down” communications, will help contribute to a fully operational enterprisewide system of compliance.
General consensus and current research shows that corporate counsel are becoming more proactive toward compliance by incorporating risk management methods to circumvent long and costly litigation, including:
- Early identification of regulatory compliance, ethical and legal risk issues
- Full contribution to the risk management process
- Improved understanding of the enterprisewide impact of compliance across multiple jurisdictions
- Communication and legal compliance training within companies
- Increased negotiation based on risk-informed outcomes to settle regulatory disputes
Improvements to these processes within any organization can benefit both the company as a whole and employee engagement.
Corporate counsel can play a key role in driving targeted compliance programs across multiple jurisdictions that incorporate good ethical and risk management behaviors.