If you happen to be in the consumer product business, especially children’s products, your world was rocked a few years ago when Mommy Bloggers—at first with almost no following—mounted a massive social media campaign accusing Procter & Gamble Pampers of causing serious chemical burns to children. It was a trenchant example of how the Internet has redefined risk—both current and future—for this industry.
If you happen to be in the energy business, an even louder thunderclap sounded when Colorado activists used their digital wherewithal to pass moratoria or outright bans on fracking. They used Twitter to promote anti-fracking documentaries, Facebook to target their messages, and YouTube to disseminate compelling visuals, not to mention search engine optimization (SEO) to control the story. Again, risk was redefined such that effective “enterprise risk management” (ERM) can no longer rely on traditional public affairs strategies to win the day in the Court of Public Opinion.
You can’t even sell melons without redefining risk. When a salmonella outbreak was traced to a cantaloupe farm, plaintiffs’ lawyers immediately bought up all the key search firms to dominate the litigation-related narrative.
These cases underscore the sea change transforming ERM. And, with this transformation, the role of GCs is likewise forever altered in terms of the responsibilities they incur and the skill sets they require.
At its root, the sea change is all about the reorientation of risk management from past/present to present/future. Hitherto, analysts labored to understand current exposures by probing the past for roadmaps and historical examples of organizations’ practices that worked well or that did not. Now ERM entails a bold new purpose—precognition. In past years, what “historian” could have warned of the mega-risk called data exposure or articulated best practices to handle systemic compromises threatening business’ very survival? By contrast, a “weatherman” could have read the tea leaves, looked at evolving technology trends and sounded warning shots about the need to prepare.
As the decisive agent of this change, the Internet both creates a universe of impending risks and the means by which to address them before they become real-time exigencies. If ERM is now all about precognition, the Internet is the crystal ball with which the soothsayers do their job.
The GC must be one of those soothsayers, key participants in the ERM agenda, simply because nearly all future risk will likely fall within the office of the general counsel’s purview. If GCs are to continue emerging as indispensable C-suite and boardroom advisors, the ability to read the Internet now defines their job description. Similarly, if they are to continue to evolve as business leaders rather than just legal scriveners, they must transform themselves from lawyers who, like most lawyers, are preoccupied with precedent and the past, to risk experts asking and answering the key question: What’s next?
We’ve clearly gone someplace beyond the law, and GCs must go there too. They must collaborate with ERM to cover all issues that could lead to problems, assessing trends and applying what they learn in the same way the brand team applies digital intelligence to sales.
This impact of the Internet should also have fortuitous ancillary consequences for the organization itself. After all, in a world where every facet of corporate operations is grist for the digital mill, silos are no longer practicable. Investor relations, for one, is all about online crystal balling: What is being said on the activist networks? Are regulators looking at new areas of enforcement? Who’s controlling the risk terms in the search engine? What are the “high-authority” bloggers saying?
As the digital crystal ball discloses stress lines across the whole spectrum of corporate operations, it’s the seamless corporate cultures that will best weather the inevitable storms ahead, “managing” risk in the fullest sense of the word.