General Motors’ tardy response to ignition switch problems; Standard Chartered Bank’s wire-stripping of Iranian funds; and the News of the World’s misleading ‘lone wolf’ defence of hacking are all illustrations of the increasingly controversial role that the management of legal risk by in-house legal functions can play. Standard Chartered Bank’s in-house legal team advised on how they could ‘enforcement proof’ wire-stripping Iranian identifiers from transfers of funds into the US (and advised their organisation to clear these funds through a competitor bank) – they took a monumental risk with the commercial and reputational interests of the Bank. They apparently did so in the teeth of external advice but with the approval of the relevant risk committee (albeit we might debate how well informed that approval was). What is so noticeable about all of these problems is not only that they raise significant questions about the professional obligations of the lawyers involved, but that they show how an aggressive, risk comfortable approach to legal work can backfire to the significant detriment of the corporations and the corporate managers involved.
The in-house legal approach to risk has a low profile in academic and, until recently, professional debates about the in-house role, particularly in England and Wales. Our recent report ‘Legal Risk: Definition, Management, and Ethics’ looks at legal risk practices in large corporates here in the UK. It can be found on SSRN and UCL’s webpages. The report raises key questions about the role of in-house lawyers in balancing commercial and professional considerations; the readiness of in-house lawyers for the complex leadership and management tasks involved in legal risk management; and the extent to which professional ethics are embedded within those teams. Key findings include:
- There was no shared sense of the correct approach to legal risk.
- The in-housers we spoke to were not always clear or confident about their approach, or the best approach, to legal risk management
- There is a clear divide between those who take a, ‘I know it when I see it’ approach to legal risk and those who deliberately applied systems, foresight, thematic and strategic thinking around legal risk.
- Those interviewees with the most developed systems seemed most likely to see cultural dimensions to legal risk, with some emphasising the need to be authentically committed to the spirit as well as the letter of the law as part of a business commitment to compliance, legality and business ethics.
- There is a need for in-house teams to reflect on the extent to which processes of legal risk engage rigorously in assessment, mitigation, communication, monitoring and overall evaluation of legal risk management. Many of our interviewees did not have well developed approaches to each of these elements of a risk strategy.
- Some aspects of risk management may lead to overconfidence and approaches to mitigation which shift risk from the company to third parties, with the potential to raise questions about the appropriateness of this in certain circumstances.
- There is the potential for risk management to change risk appetite by altering perceptions of, and appetites for, risk. In general, risk management increased the appetite for risk because it increased confidence that risk was both understood and manageable. This opens up for debate the question: is risk management as robust as such confidence suggests?
- Objectivity and independence are necessary for risk assessment to be accurate and useful to the business but are in tension with the pressures on in-house lawyers to be commercial team players. These tensions are both overt and implicit. There are overt pressures and implicit biases at work which may sometimes undermine objectivity.
- Appetite for legal risk involves accepting, even welcoming, tolerance for conduct which may be, or even may be likely to be, unlawful. This is sometimes in tension with the professional obligation to promote the rule of law and the guidance to solicitors that they must treat the public interest in the administration of justice as definitive of conflicts between professional obligations.
- Such tensions also impact on corporate interests: there are relatively recent, serious conduct risk examples of allegations involving lawyers in and/or instructed by Standard Chartered Bank, the News of the World, Barclays, The Times newspaper, BNP Paribas and General Motors.
- The extent and nature of these public interest facing obligations are neither understood, nor well-articulated in professional practice generally, nor in-house practice in particular.
We are moving on to look at some of our findings in more detail and are considering how the ethical leadership function of in-house legal teams could, should or is being developed.
The preceding post comes to us from Richard Moorhead, Professor of Law and Professional Ethics at the Centre for Ethics and Law, Faculty of Laws, UCL London and Steven Vaughan, Lecturer in Law at the University of Birmingham. The post is based on their recent report entitled “Legal Risk: Definition, Management and Ethics” and available here.