Leading lawyers outline the challenges faced in managing and controlling risk in the wake of globalisation and ever more intrusive regulation
There are two types of approach to risk management. The first involves a complete lockdown, with lawyers and compliance staff barking at business executives: “The answer’s no. Now, what’s the question?”
Not surprisingly, a group of leading lawyers and other risk specialists gathered a few days ago in London for a roundtable discussion organised by The Lawyer, proclaimed not to support such a blinkered and draconian stance.
They at least purport to back a more flexible attitude that says eradicating all risk actually stifles business creativity.
As one roundtable participant commented, risk should be managed and controlled, with the best example of successfully doing so being Formula 1 racing. Despite the high-octane speeds and split-second decision-making, no driver has been killed in the sport for nearly 20 years. Indeed, our roundtable lawyer claimed that “F1 has less residual risk than angling.”
But not adopting the lockdown approach to risk by definition means more issues need to be managed and controlled – all of which tend to keep the professionals awake at night.
Top of the list for our panel is the breakneck speed of business globalisation. Operating in multiple markets means enhanced sales opportunities on the one hand but also getting involved in a web of multi-jurisdictional regulatory and legal regimes, any of which can trip up corporate executives.
“The sheer scale of regulation and conflicting regulation in different jurisdictions, and how it all operates for truly global businesses and in the virtual internet world is very difficult for any organisation,” commented one participant.
Bribery and third-party operatives cause considerable discomfort for risk managers. Third parties are crucial to businesses as they can provide the only navigate route through local customs and cultures. However, third parties can also be loose canons, prepared to pass the odd wad of bank notes here or a few crates of whisky there to grease the wheels with a wide range of emerging market bureaucrats and petty officials.
All well and good 50 – or even 40 – years ago, but in the 21st century governments in established economies take a dim view of flashing cash on bungs in emerging markets. And it is not just the US, with its 35-year-old Foreign Corrupt Practices Act (FCPA), and the UK with its more recent Bribery Act 2010, that the guardians of multinational corporate morals have to deal with. There are up to 25 jurisdictions with varying anti-corruption laws and investigation agencies for businesses to keep an eye on.
There are also tensions between legislation such as the Bribery Act and the FCPA and local laws in jurisdictions with a different perspective on business ethics. For example, the US and British legislation stipulates that if a company becomes aware that one of its third-party affiliates is involved in corruption, then it must terminate that relationship. However, cutting the link in, say, Russia, could result in the local player successfully making a breach of contract complaint to the Moscow authorities.
“In Russia,” commented one roundtable participant, “they can easily say you have to deal with a corrupt entity, because the authorities don’t care about the FCPA or the Bribery Act.” And, there is a plethora of other jurisdictions where businesses can find themselves at risk of being in the unenviable position of having to choose between violating either the US or UK legislation or local law.
Linked to that issue, is the tendency of some emerging market governments themselves to abuse regulatory and legal systems for corrupt ends. That normally takes the form of fabricating tax audits or criminal prosecutions with the sole purpose of extorting bribes or stealing business from multinational companies.
Protecting privilege in multiple jurisdictions is another major juggling act for in-house lawyers. It is challenging to collate information needed for a claim that might arise in several jurisdictions without landing in a position where the business is obliged to disclose information in a country where, had the information not been collected, it would not have had to be disclosed.
Closer to home, the UK’s transition to a “twin peaks” model of financial services regulation is a fresh headache for in-house lawyers in the field.
One roundtable participant pointed out that the emphasis of regulators “is changing dramatically, but quietly”. The recently launched Financial Conduct Authority and Prudential Regulation Authority are already exhibiting a “more intrusive” approach that is “pushing further and harder into businesses”.
A lack of legal knowledge on the part of middle management – or an outright resistance to seeking legal advice – is also a bugbear for in-house lawyers. Some roundtable participants criticised staff for striking contracts off their own bats without reference to the legal department. Although others pointed out that trying to apply too strict a regime in that area would only handicap business activity.
Contributing to the problem, say some, is that big business still thinks it can buy its way out of regulatory difficulties. Asked one participant: “What if Bob Diamond had been sent to jail?” It was a sharp -illustration that the former Barclays top banker and others implicated in the Libor rate-fixing scandal have only caused their employers to face financial penalties and that for many £250m is just a cheque and not a serious enough sanction.
Some hint that many risk issues can be, if not completely eradicated, at least significantly lessened through the ongoing miracle of modern technology.
Certainly a common theme of the roundtable discussion was information management and the proliferation of communication platforms.
“Wouldn’t it be nice if everything were dealt with exclusively via e-mails,” waxed one participant, highlighting the irony that electronic post is now seen in a romantic glow of nostalgia almost comparable to that reserved for the Penny Black.
Nonetheless, the core point for many businesses is a nasty bit of jargon known as “connectivity”. Can a business reach out its metaphorical fingers and connect to all the sources of information held across the organisation quickly and in multiple jurisdictions? Most can not; but in-house lawyers need to
be striving to gather as much information as quickly and efficiently as possible.
Paul Moore a non-practising barrister and founder of UK risk-management consultancy Moore Carter & Associates (co-chairman)
David Kemp executive director of legal policy at software technology business Autonomy, which since 2011 has been a subsidiary of San Francisco-based Hewlett-Packard (co-chairman)
Nausheen Ahmad head of legal at Pakistan’s Habib Bank
Anita Drew – senior legal adviser at British financial services company Prudential
Thomas Firestone senior counsel at Chicago-based global law firm Baker & McKenzie
Alec Heathcote risk director at London-headquartered insurance multinational Aon Service Corporation
Amanda Hamilton-Stanley general counsel at Scottish whisky distiller Chivas Brothers
Kevin Mutch group legal director at Cayman Islands-registered jewellery brand Fabergé
Tanya Nash a corporate partner at London-based law firm
Ince & Co
Patrick Norton an international arbitration specialist partner at Washington DC-based law firm Steptoe & Johnson
Melanie Ryan a financial services litigation partner at the recently merged transatlantic law firm Norton Rose Fulbright
Delphine Sak Bun legal counsel at French multinational technology company Atos