The chain in the management of legal risks, exposing the organisation, its directors and executives to potential liability for breaches of legislation. Many have already introduced sophisticated approach to managing other business risks. They recognise that risk management is as much about identifying opportunities as avoiding losses. It is also good management practice. With personal liability for directors and managers and increasing fines for breaches of legislation such as the Commerce Act and the Fair Trading Act, it is critical that legal risk is addressed.
Awareness of legal obligations is the first step. Assessing the level of current compliance is next and the final step is the development of processes and procedures to comply with legal obligations and to monitor compliance within your organisation.
The laws that apply to most New Zealand businesses are those relating to employment, health and safety in employment, trade practices, privacy, intellectual property and company law obligations. But every business has different requirements. For example, those in the retail industry need strong focus on trade practices and consumer legislation.
Those in the manufacturing industry may place more emphasis on environmental law and intellectual property protection. So how can an organisation address legal risk? The most effective way is to develop legal risk management programme tailored to the business. This puts management and the board in control of the company’s legal risks. An effective legal risk management programme offers the following benefits:
* Legal protection for the organisation;
* Satisfaction that the legal due diligence requirements of directors and managers are being met; and
* Reduced exposure to high penalties and adverse publicity.
What is legal risk management programme?
The board is ultimately responsible for company’s strategic direction. It also has primary responsibility for governance and compliance. To successfully address the management of legal risks, the board needs to be committed to legal compliance. It must be equally committed to clear requirements for compliance from management.
A legal risk management programme provides the board with useful tool with which to achieve this. programme will provide the company with process to:
* Identify, assess, control and manage legal risk;
* Determine the current level of legal exposure of the organisation;
* Establish and maintain legal risk management system to achieve compliance; and
* Audit the system’s effectiveness.
A legal risk management programme utilising legal advisers involves:
* presentation to the board to explain the concept of legal risk management and the role of the board in ensuring the success of legal risk management programme in the organisation;
* The establishment of compliance committee to work with the legal risk advisers and report to the board;
* Facilitating workshops with senior management. Workshop participants will ideally come from all key areas of the organisation. Workshop participants help to identify and review the legal risks relevant to the business. They assess those risks and rate their significance to the business. They also identify and review current controls (if any) to manage those risks and rate how effective those controls are;
* Through the workshops the level of legal exposure for the organisation can be measured and reported. For example where the workshop participants rate risk as “high” (or otherwise unacceptable) and the control effectiveness as “poor” there is legal risk exposure finding. Such risk is given priority;
* An interim report by the legal risk advisers to the board outlining the legal risk exposure findings (based on the workshop assessments) and recommendations;
* final report (incorporating any recommendations from the legal risk committee) which makes recommendations for the effective management of legal risks in the organisation;
• The implementation of legal risk management system. The system will differ from business to business but will typically include:
– development of policies and procedures for compliance;
– identification of management and staff accountabilities;
– systematic identification and management of compliance issues;
– education and training for staff and management on areas of particular importance to the organisation; and
– process for regular audit and review of the system.
Barriers to commitment
Typically, the board and senior management will agree that actively managing risks is more responsible and effective than putting out fires. However they sometimes have to overcome some of the common reasons for not taking pro-active stand. These include:
• the board’s ‘buy-in’ to compliance is not complete and management may also have other priorities;
• procrastination – the temptation to defer taking action and incurring expense until it is necessary;
• confusion – sense of not knowing where to start with the development of such programme;
• lack of confidence in the effectiveness of ‘traditional’ legal compliance programmes;
• regarding ‘compliance’ as an intrusion, rather than actively seeking to develop compliance culture;
• no clear lines of responsibility within the business for compliance; and
• concerns about downtime and cost of staff training.
However none of these excuses withstand scrutiny if the company is faced with court action or the directors are facing personal liability as result of some avoidable breach. It is therefore advisable to focus on the advantages of legal risk management programme:
• maintaining ‘good corporate citizen’ image by preventing or minimising the chance of liabilities arising from breach of legal obligations;
• avoiding of personal fines and prison sentences for directors and managers for breaches of laws such as the Commerce Act, Fair Trading Act or Health & Safety in Employment Act;
• avoiding negative publicity;
• reducing resources allocated to staff and customer complaints;
• better client service by staff who are aware of the legal implications of their business decisions; and
• developing competitive advantage by early identification of changes to legislation.
Those responsible for an organisation’s performance must be prepared for all contingencies. They must understand the legal risks the organisation faces and take control of the management of those risks.
Rob Noakes is senior commercial partner at KPMG Legal specialising in the area of acquisitions, mergers and joint ventures. Carmel Byrne is partner in KPMG Legal’s corporate & commercial workgroup.