“Issue spot”Start by re-framing the question!
Business success is all about risk taking (and failure is all about poor risk taking) – the key is to take well informed and well considered risks which fit within the risk appetite of the business’ stakeholders.
So it is not your job to spot potential risks – your job is to help the business to achieve its goals by setting its appetite to risk and then following that appetite accurately and consistently through informed, accountable decision making at the right level (for the size of the risk) and with a good audit trail.
The easiest way to think about the risk for each activity is to set a basic framework:
e g. scores of 1 (no likelihood) to 5 (certain) for “probability of risk”
“consequence” scored from 1 (none) to 5 (business threatening) – (typically categorised under headings like financial impact, reputational impact, legal and regulatory impact)
set an appetite for each area of the business e.g. “legal and regulatory risk” may be set at, say 4 (probability) x4 (consequence – e.g. a turnover based fine, loss of major contract, personal sanctions on officers of the company for their conduct in role) = 16 and any risk below that level is acceptable, above that level you need to find an effective mitigation to bring the risk below 16.
If you use a framework like this across your business, including in your advice, then you are not “blocking” you are helping people to “calibrate” their decision making. You are also helping to calibrate your own comments to make sure that they are properly researched, proportionate (i.e. valuable to say) and are explained in a way that other stakeholders will understand and accept.
This is much better than raising vague, uncalibrated concerns about other people’s business areas based on a partial understanding of those areas and their needs, issues and concerns which, in turn tends to leave those stakeholders uncertain what to do with your comments, frustrated because they need to do something with them because they have been raised, and frustrated with you for creating this issue for them.
Issue spotting is easier when you’ve been in the business for a while and have had time to build up a relationship with your internal clients. Having that hinterland allows you to know better when to get yourself into the process, frame advice in a way that speaks to your colleagues’ priorities and draw on previous advice/successful risk avoidance to make your case.
Where you don’t have that hinterland, an alternative can be to deploy practical examples from your experience elsewhere: “I’ve seen this come up before – here’s how we worked through/round it…. may-be we can come up with something that works for us?”.
In all cases, taking time to understand where the client wants to end up and why, is essential to work out an alternative route. Similarly trying to grade the legal risk in a meaningful way so they can weigh it in the mix with the other pros and cons.
It may be a question of drawing up sensible guidance to shape negotiations in a compliant way – which the other side of a transaction may also turn out to be grappling with. Mode of delivery can help – not many clients appreciate a lengthy note highlighting the risk and nothing else. Many will find a discussion followed up but a summary of next steps and mitigation more constructive.
Being willing to take the time to work through the practical implications of the legal advice is essential both to fully understand the context and get buy in to a solution.
There is an occasional – and generally unfair - tendency for in-house legal teams to be seen as the ‘business prevention department’ or as a ‘blocker’. See also CLL article Legal as a blocker – how to confront the perception.
To advise properly on any legal issue, though, you need to understand what is proposed, what the commercial objectives are, and why the strategy has been chosen. You will want to help the organisation reach its commercial objectives in a way that is legal, ethical, achievable, and doesn’t open up new and unexpected risks. You have a real advantage in that you are trying to spot risks from within the organisation, so it is likely that you or your colleagues have an understanding of what has been tried in the past, of how your business colleagues work, of the approval processes in the organisation, and how your legal team is regarded by the relevant operational team in the organisation.
The best starting point is to build on your relationship with the key individuals proposing the strategy – and to be involved at the earliest opportunity. What you want to avoid at all costs is coming late to the party and having to advise that the strategy doesn’t work because it isn’t legally compliant. Being involved as the project develops gives a much better chance of being able to influence early and effectively.
You might do this informally through your relationship management arrangements, or more formal processes if you sit on the relevant management team, if you help to develop approval materials for boards or investment committees, or are involved on the project team. In most organisations, key projects will have their own risk register, your involvement in the development – or at least review – of that risk register can be critical. At a broader level, if you can be involved with the design of approval structures, ensuring that legal is involved and effective throughout the design of a strategy is much more effective than receiving a fully-worked strategy that you then need to be changed.
Your tools in ‘issue spotting’ are the legal and operational analysis that you – and other members of your team – carry out on the relevant strategy, and have previously carried out on other projects in your organisation or structure. It is quite likely that there is some read-across from previous experience, and it is really helpful if you have ‘lessons learned’ from other projects, and can ensure they are shared with the project team.
One of the key ways to avoid being seen as a blocker is to intervene personally, early, and quietly wherever possible. If you need to give formal advice not to proceed, the chances are you are seeing the proposal at far too late a stage and will be embarrassing the business team involved, which will be the last thing you want to do. If you can, try to have earlier one-to-one or team engagements, can establish the facts, give your advice and identify alternatives. That way, by the time the strategy reaches the stage of formal approval, you can help the project team identify how the risks have been identified and mitigated, demonstrate that the strategy takes account of them, and give your formal endorsement.
Make sure you are consistently interested in, asking about and aware of the commercial strategy of the business. Be looking for opportunities to be able to say, “This is how legal can help the business succeed in its strategy”. That way, when there will inevitably, be times to advise caution or say no, it will be seen in the context of an informed and generally helpful approach. Also (and obviously) clearly explaining your reasoning, for what may be seen as negative advice, in terms that a non-legal person can readily understand.
Simon McCall - In-house legal consultant
There are two parts to this question, (i) how to spot risks with a commercial strategy, and (ii) how not to be perceived as a blocker when doing so.
I think the first part is easier than the second. It’s what you have been trained to do as a lawyer. If you are up to date with the legal issues in your field, and you understand the organisational and external (e.g., regulatory, market, financial) context, I find it’s usually pretty straight-forward to come up with a bunch of problems that might arise with a given strategy.
It’s the second bit that is challenging. If you do this badly you will be seen as a blocker, and I think rightly so. The legal team is there to help the organisation move forward with a good appreciation of the risks it faces and how to avoid or manage them. But this is also where you can get the most positive engagement and become a “go to” team within the organisation.
There are three things I try to do, accepting that time pressures may mean I can only do some of this or do it in a very truncated form.
First, I make sure I understand the strategy and show the commercial lead that I understand it. I usually start by asking the commercial lead what they are trying to achieve and why; then I try to replay it back in a one or two sentence summary, to assure them that I get it. I might put the strategy into the wider commercial strategy of the organisation by connecting it to other initiatives or by using the language the exec or board are using to describe our strategy.
Second, I try and do the first bit of the legal issue spotting in my head or privately by brain-storming the things that could go wrong. But rather than present a list of problems back to the commercial lead, I try to develop my thinking into a second stage i.e., a set of options that the commercial lead could consider that would take the strategy forward in a legally safe way, together with pros and cons, potential issues and possible mitigants. I only present options which are legal and where any legal risks associated with them can be effectively managed (this requires quite a lot of understanding of how your organisation works, so it’s easier to do the more you know). I call this a “legal by design” approach as it reminds me a bit of the privacy by design concept in data protection.
Third, I think it is good practice to make a recommendation of which option is best in the context of the strategy. I usually position that recommendation as “for discussion”, and then get the relevant stakeholders on a call and stress test my options, the thinking behind them, and my recommendation. Often the commercial and risk leads will bring different considerations to the table and together we settle on a different approach. That’s perfectly fine by me and I think it is a sign of the advice process working.
The feedback I have had using this approach is that it can actually be the opposite of a blocker. By flushing out issues and structuring a conversation around how best to address them, you can get better decision making and a better strategy.
Michael Phillips - Head of Legal (Advice and Central Functions), Schroders Personal Wealth
Issue spotting in commercial strategy is a key part of being an in-house lawyer. It is tempting to take the view that commercial strategy is outside of a lawyers remit for fear of stepping on others’ toes.
However, a key deliverable of in-house lawyers is applying the law with an awareness of how the business implements its strategy. This is where in-house lawyers add value. In-house lawyers have the advantage of greater opportunities than external lawyers to give input at the right time and explain what is possible within the legal framework for the business to decide what approach they will take to deliver their objectives.
Thinking about making connections with people, what processes you need to engage with, and which risks need to be raised is key:
- Making connections with people - an approach which has worked well in the past is finding ways to establish connections with stakeholders before a piece of work starts to demonstrate some level of understanding of the commercial strategy and how Legal can take a pragmatic approach. The aim is to make stakeholders more inclined to raise questions as they arise. This is not necessarily easy, and it doesn’t always lead to an instant result. However, it is often fundamental to getting early engagement.
- What existing processes do you need to engage with to ensure risks are raised early enough? - raising risks in a way that they are heard is easier if it is done through existing business processes. Have a think about whether there are there committees or steering groups that you could join, or whether an agenda item could be added as a regular reminder to engage Legal and ensure that this is not left too late.
- Deciding which risks to raise - judgment is key. Some risks have a higher likelihood of arising than others. It is the job of the in-house team to understand the focus and enforcement history of regulators and courts when applying the law to determine which risks need to be raised. Understanding how the risks fit into the bigger picture also helps with a decision on whether these are key risk items the business needs to spend its time considering, or whether these are points the legal and compliance teams need to monitor as part of a proactive level service.
Jonathan Friend - Senior Lawyer, Information Rights, BBC