The role of the in-house team in a fully-aligned, value adding environment is much more than ensuring the reactive deployment of legal expertise to answer specific queries from colleagues.
While this may seem a statement of the obvious, the steps in the transition from a reactive resource to one that is proactive and value adding is not always obvious.
Working with a company's marketing department provides an interesting case study. Marketing professionals perceive themselves as creative, dynamic, fast moving, "tuned-in" and at the cutting edge of presentation and ideas. Without slipping into stereotypes, they are likely to assume that lawyers perhaps do not deploy similar skills in their work.
Back to First Principles -- Defining Your Role and Collaboration
A legal team is part of the assurance function:
This is important to promote and to establish both the collaborative and oversight roles when supporting "front line" colleagues such as those working in marketing.
The contextual messaging is, in effect, to promote the fact that every business has a corporate responsibility to comply with laws, regulations and court directions.
The legal team may promote this by using language such as: A responsibility therefore to protect all our people from the consequences of failing to understand or comply with the law and to ensure that all we do is based on our values. We want our business to be a success; successful for ourselves, our families and our communities. Success is a shared and collective effort. Within all the complexity that is inevitable in today's regulated, competitive and scrutinized world this effort will be facilitated and protected by ensuring the legal team will proactively help shape policy and process so that every part of all we do is assuredly compliant and empathetic to running a sustainable, responsible, competitive and successful business.
Beyond this, it is then crucial that the legal team define their role appropriately. The signature profile of a high-performing in-house legal team is as follows:
- Legal services will strive to meet known legal need -- doing the day job well.
- While identifying any unmet legal need -- so keeping across all that the business does, confident of priorities.
- Crucially managing the legal risk environment -- anticipating change, balancing risk, reputation and compliance.
- While seamlessly building resilience -- creating the tools and training programs to keep the business competitive and compliant.
- Always ensuring that the team does the right work at the right time in the right way -- integrated, relevant and timely.
The reason to establish this sort of framework is that it provides a narrative for conversations with colleagues. Instead of the conversation revolving around, for example: "Will you please sign-off the press campaign by 4 p.m. today?", the background dialogue will be about:
- Plans for campaigns this quarter, next quarter, etc.
- Providing frequently asked questions guidance notes to give a broad "dos" and "don'ts" for colleagues.
- Understanding how repetitive activity can be used to create templates, process, specific guidance notes, training sessions, etc.
- Establishing tolerance to risk at different levels of exposure and creating agreed policy positions that all colleagues are comfortable to work within.
All of this ensures a much healthier, collaborative and constructive approach where roles and expertise are recognized and respected. In essence, this is about seeing the relationship between a highly pressured operational function that must be supported to drive the business forward, but in such a way that it is compliant.
If described in risk terms, the dialogue with colleagues is to understand the significance of the approach to risk assessment and risk management.
While at the level of executive management and the board room, the imperative for regulatory and statutory compliance is usually understood and expected, at all other management and operational levels within any organization, there is a tension between operational efficiency, political expediency and success on the one hand, and strict adherence to the myriad compliance requirements on the other.
In understanding why there is this tension, compliance becomes much more than a mechanical process de-fined by statute or regulation -- it is also a significant exercise in communication.
A legal team that can therefore devise the right framework and the supporting communication strategy will help ensure the success of the preferred compliance solution and therefore the effectiveness of that solution.
The starting point is to represent risk assessment and risk management as being two parts in a compliance equation. This equation balances the relationship between identifying the threats from risk that can damage the business (which is risk assessment) and the processes, training and audit regimes that can be put in place to combat those threats (which is risk management).
So in the equation compliance "C" is achieved when: C x (process + training + audit) > the threats to the business.
What Is Effective Risk Management?
For the legal team, the challenge is to ensure that a compliance regime has all three elements of:
- an appropriate process (empathetic with business processes, but visibly compliant);
- the right level of training (clear, deliverable and useable); and
- an audit role to ensure that both process and training are working effectively.
All three elements need to have focus and clarity of thought. It is not good enough to concentrate on one element at the expense of the other two. This is, however, just one part of the equation, the second part, "the threats to the business", must also be understood and explained if the risk management proposed by the legal team is to work. This is, therefore, the risk assessment element of the equation.
What Is Risk Management?
Risk assessment is two distinct issues and both have to be addressed.
- real threat; and
- perceived threat.
We can define this as the relationship between hard indicators and soft indicators. The hard indicators can be assessed by any lawyer with relevant expertise but the soft indicators can only be properly assessed by lawyers with a detailed knowledge of both the industry sector and the business itself.
The function of the hard indicators is to define the boundaries within which the business must operate; the soft indicators are more to do with the tolerance to risk within the business and therefore how close to those boundaries the business wishes to operate.
It is because there is this interpretative element in risk assessment that the tension between operational drivers and compliance is a predictable conflict and one that has therefore to be managed. It also explains why within the business or organization at different levels of responsibility and control there will be different responses to risk assessment. So what are the issues that help to define the soft indicators?
- economic perceptions of the cost of compliance against the mischief that can be caused;
- customer perception of non-compliance;
- regulators' perception of non-compliance;
- past experience (good or bad);
- board level perception of non-compliance;
- operational level perception of non-compliance; and
- the industry standards (i.e., what is the competition getting away with?).
By articulating a sense of risk tolerance against each of these soft indicators, the legal team can build a map of different but related interests, how they play against each other and what weight should be given to each of them respectively. The legal team can therefore use their expertise to define the hard indicators balancing, for example, the possible civil and criminal sanctions, issues of reputational risk and the risk of litigation to give the framework within which to assess the soft indicators.
The soft indicators then give the scale of tolerance within the framework that defines how close to the edges of the framework the business wants to be. This turns compliance from being an exclusively mechanistic, empirical exercise to one that has an organic element. This realization alone leads to a more open dialogue around compliance issues and is a benefit in itself.
Any head of marketing will be delighted to see such thoughtfulness, flexibility and understanding and it is in appreciating this level of sophistication that a legal team moves from being an unreasonable "blocker" to a valued facilitator.
It is very empowering and will help push the legal team to a position of trust within even the most hardened of environments. It presents a very straightforward means of beginning to define a visibly business empathetic compliance regime, highlighting as it does that risk assessment is as much a function of understanding one's own business, as it is an application of legal expertise. The framework thus created becomes a dialogue with marketing colleagues that can be shaped to need and which supports the communication requirements as well.
< Back to Home