creating a legal risk framework

© 2021 Lexplosion Solutions | *Private & Confidential Creating a Legal Risk Framework

Upload: others

Post on 15-Mar-2022




0 download


© 2021 Lexplosion Solutions | *Private & Confidential


Creating a Legal Risk Framework

© 2021 Lexplosion Solutions | *Private & Confidential2

“Enterprise risk management is .

a) a process,

b) effected by an entity’s board of directors, managementand other personnel,

c) applied in strategy setting and across the enterprise,

d) designed to identify potential events that may affect the entity,

e) and manage risk to be within its risk appetite,

f) to provide reasonable assurance regarding the achievement of entity objectives”*


Committee of Sponsoring Organizations of the Treadway Commission (COSO) *This standard can be extended to managing legal risk

© 2021 Lexplosion Solutions | *Private & Confidential 3

Ideal Legal Risk Framework

Qualitative Model >

• Thorough Assessment

• Documented list of risk


• Defined Risk Tolerance

• Categorisation and rating of risk


• Structured risk control levels

• Well-defined roles and

responsibilities of all


• Documented Policies

• Constant evaluation

• Empirical Data

• Predictive Analytics

• Continuous Improvement

• Continuous awareness and


• Whistle-blower & incident

reporting options

Define & Identify


Control & Execute

Report & Evaluate

Stage 01




Stage 02

Stage 03

Stage 04

© 2021 Lexplosion Solutions | *Private & Confidential4

Legal risk management is NOT azero-sum game. It does not have tobe all or nothing. Legal risk shouldbe managed to the best of theorganisations current ability andplans should be in place for risksthat cannot be managed

© 2021 Lexplosion Solutions | *Private & Confidential 5

Stage 1: Define & Identify


Define Legal Risk

• Set strategy for defining legal risk across all risk opportunities –determine broad vs narrow focus of strategy

• Qualitatively demarcate areas of legal risk

• Document / record all legal risk sources & opportunities along with sources (Legal Risk Register)

Identify Ownership &


• Determine the 3 levels of defence

• Identify respective functions/departments at each level & personnel under each

• Identify overlaps and gaps and address them effectively or plan for contingencies

Set Parameters, Tolerance

Levels & Goals

• Determine risk appetite of the organisation

• Determine risk tolerance at individual and department level

• Create rules for distinguishing between acceptable and prohibitive legal risks

• Set quantitative goals & targets for controls & assessments

© 2021 Lexplosion Solutions | *Private & Confidential












Source: Legal Risk Management | A heightened focus for the General Counsel – Deloitte Legal

Key Policy Areas Owned By TheLegal Function








n s




© 2021 Lexplosion Solutions | *Private & Confidential 7

Stage 2: Assessment

Assess & Quantify Risk

• Determine following parameters of legal risk opportunities/events:

a) Likelihood & frequency of occurrence

b) Consequences of occurrence

c) Risk rating for individual /group risk opportunities/events

d) Risk controls/processes for mitigation

e) Risk treatment – to avoid repeat events

• .

• Assess which legal risks can be eliminated, avoided, limited, reduced, separated, transferred, diversified, accepted

Document Policies

• Define and document policies covering all legal risk events – includes statutorily required & internal requirement driven

• Assign roles & responsibilities for the 3 levels of defence

• Define action/penalty for violations – level of tolerance, disciplinary action & procedure, penalties, legal action

• Create SOP’s for implementing policies

Resource Allocation

• Based on earlier stage of identification, allocate resources for legal risk monitoring/reporting based on level, skill/experience, function, reporting

• Ascertain budgets and financial considerations for implementing framework

• Determine tech availability –in-house & outsourced

Internal Awareness & Trainings

• Assess training requirements for creating awareness & sensitivity towards risks

• Set standards for trainings• Set training timelines and

frequency for trainings

© 2021 Lexplosion Solutions | *Private & Confidential8

Indicative Risk Assessment FormatRisk Particular Compliance Contracts

Risk Item Non-compliance of HR/Labour regulations

Deviation from pre-approved clause provisions

Opportunities Each compliance requirement(6 per month)

Each instance of negotiation

Likelihood Medium High

Frequency 6 per month 5 per month

Consequence Upto Rs. 10,000/- fine and imprisonment

Bound to unacceptable/unviable terms

Impact rating High High

Controls Personal checklist, outlook reminders, storing proofs of compliance

Mandatory review by at least 1 senior legal/contract team member

Treatment & Mitigation Planning

Internal investigation & adding checker Enforcing template use & setting process for reviews

Control Evaluation Not effective. To implement dedicated software system

Not effective. To evaluate contract management software

Review Last day of next quarter Every 45 days

© 2021 Lexplosion Solutions | *Private & Confidential9

Typical Legal Risk Opportunities/Events

ContractsCompliance Litigation Intellectual Property

AuditsCompetition Thresholds

Regulatory Landscaping

Competitor & Market


Conduct of

Individuals or


© 2021 Lexplosion Solutions | *Private & Confidential 10

Stage 3: Control & Execute


Define Controls

• Define controls for every potential legal risk opportunity/event

• Group controls by type – preventive, detective & reactive

• Establish documented processes around every such control –revise/update policies, SOPs, process documents, improve training & communication material

Implementing Controls

• Involve all stakeholders and define controls for all legal risk opportunities as per identified Legal Risk Register

• Define ownership, oversight & execution responsibilities for all controls

• Prioritise controls based on risk rating • Determine assessment/review of all

such controls • Deploy tech solutions to the farthest

practical extent

Tracking & Monitoring

• Establish proof based reporting procedure

• Establish a committee/department for day-today oversight of controls

• Implement LegalTech products with legal risk focused solutions

• Establish escalation matrix

© 2021 Lexplosion Solutions | *Private & Confidential11

Specific Controls for Legal Risk Mitigation

Creating standard templates for contracts and prescribing playbook and process flow for deviations

Implementing contract management software for preventing breach related risks and to monitor deviation from templates in real time

Subscribing Updates services to stay up to date with ongoing changes and impact on legal risk

Implementing compliance management solution for monitoring compliance risk in real time

Standardisingbusiness team operations through SOP’s and trainings

Implementing litigation management software for monitoring litigation risk in real time, providing analysis of case outcomes, user performance & monitoring budgets

Conducting frequent, spot audits on business operations

Setting authorisation limits for spends, transactions

Procuring appropriate insurances for high legal risks

Driving trainings programs, recording trainings and evaluating attendees

© 2021 Lexplosion Solutions | *Private & Confidential 12

Stage 4: Report & Evaluate

Board oversight

• Regular reporting to the Board & senior management

• Regular input and strategy from Board & senior management

Internal & External


• Self and third party assessment

• Unit based, law-specific and activity specific audits

Data analysis & intelligence


• Identifying weak links

• Assessing corporate and individual performance

• Assessing true “cost of compliance” across resources, fees, penalties and others

Detailed reporting.

• Task completion details split by activity & status

• Risk assessment at activity and status level

• Reports split by entities, units, functions and departments

• Monitoring progress toward achieving pre-defined goals

Continuous improvement

• Evaluating reports to identify improvements in process, resource usage, cost-saving and implementing industry best practises

© 2021 Lexplosion Solutions | *Private & Confidential 13


Define legal risk and its boundaries with other risk areas

Assess legal risk using a robust framework and define legal risk appetite at an individual and organization wide level

Create legal risk register recording all potential legal risk opportunities/events

Apply the three lines of defense model to ensure appropriate accountability, independence and assurance over legal risks

Create appropriate committees & report legal risks and the effectiveness of controls to the Board on regular basis

Use technology in the management of legal risk to provide broader risk and control oversight and real-time visibility across the organization

Create/review required policies, identify personnel & other resources, conduct appropriate sensitivity & awareness trainings

Involve all stakeholders & continuously evaluate the existing legal risk register and controls in place

© 2021 Lexplosion Solutions | *Private & Confidential 14

Lexplosion Solutions has significant knowledge & experience in creating legal risk framework fororganisations of all sizes and across sectors. Lexplosion expertise lies in implementing thesesteps to create effective legal risk framework for its clients

Identify By carrying out a thorough assessment of the clients business operations and spread and using its own domain, Lexplosion determines the various risk areas and defines them as per its practice.

AssessThrough a series of questionnaires, calls, and review of existing policies and processes, Lexplosion determines the clients current and required metrics and particulars for an effective legal risk management framework and assists in designing the same

Evaluate Through use of its several LegalTech SaaS products, Lexplosion dovetails the created risk framework into the clients operations to ensure seamless, accurate and real-time monitoring and evaluation of the clients risk controls and framework

Report Based on rich and analytical data generated from reports through its products, Lexplosion counsels clients on success of the framework and advises on corrective or improvement actions.

How we can help?

© 2021 Lexplosion Solutions | *Private & Confidential 15


© 2021 Lexplosion Solutions | *Private & Confidential

4 Offices The Lexplosion Team Our Client Profile

• Kolkata

• Bangalore

• Mumbai

• New Delhi

50+ Lawyers

15+ Tech team

100+ Clients

250+ Engagements

13 Fortune 500 Clients

5 Fortune 100 Clients

LegalTech Pioneers


















Awarded cross-country

compliance mandate

Launched Audit/DD services VIC launched

Komrisk launched

Grows past 50 clients

Grows past 20 clients

Sets up internal IT


Launched Komplify

Grows past 100 clients

Launched Komplied

Launched Komlit & Komtrakt

Grows past 70 clients


© 2021 Lexplosion Solutions | *Private & Confidential

Audit Management Software

Compliance Management

Software for SMEs

Compliance Management Software for Enterprises

Contract Management


Litigation Management


Audits/Due Diligence Virtual In-house Legal ResearchContract

ManagementLitigation Analysis


▪ Comprehensive LegalAudit: Covering All /Some Module(s) andAll / Some Unit(s)

▪ Focused Legal Audit:For specific Law/ (s)

▪ Operating Unit Audit:Corporate OfficeAudit, Branch Audit,etc.

▪ Statutory Research▪ Case Law Research▪ Multi-jurisdictional

Statute Surveys▪ Research

Memoranda andOpinions

▪ General Advisory▪ Contract


▪ Litigation SupportServices

▪ Due DiligenceServices

▪ Compliance SupportServices

▪ Contract Draftingbasis Playbooks

▪ Contract Review▪ Contract Abstraction

and Summarization▪ Contract Risk


▪ Tracking LegislativeChanges & PreparingComparative Notes

▪ Review of Documentsfor Relevance,Materiality,Confidentiality, etc.

▪ Risk Categorizationon the basis of pre-determined criteria

© 2021 Lexplosion Solutions | *Private & Confidential

Partial list of our clients

18Private and Confidential

© 2021 Lexplosion Solutions | *Private & Confidential






Indranil Choudhury


Siddharth SinghCOO

Pramod BhasinInvestor

Srinivas KilambiDirector

Sameer BediDirector

• M.St., OxfordUniversity, UK

• SMP ,IIM Kolkata• B.A.LL.B. (Hons.)

National LawSchool of India

• LLB, Universityof Delhi, India

• B.Com (Hons.)University ofDelhi, India

• CA from ThomsonMcLintock., UK,

• B. Com (Hons.),University of Delhi

• LLM, ColumbiaUniversity, USA

• B.A. LL.B. (Hons.)National LawSchool of India

• B.A. LL.B. (Hons.)National LawSchool of India





• 23+ Years ofLegal/OperationalExperience

• Worked with GE,Genpact,Amarchand, &NDTV

• 22+ Years of LegalExperience

• Worked with GE,Genpact, Seth DuaAssociates

• Decades ofLeadershipExperience withGE and Genpact

• Founded Genpactand consideredfather of BPOindustry

• 23+ Years of LegalExperience

• Worked with GE,Genpact

• 22+ Years of LegalExperience

• Worked with GE,Ranbaxy

• Currently, Partnerwith SB Associates


e X




• WidelyrecognisedThought Leaderon Legal Issues

• Lexplosion’sRainmaker andSales Leader

• Rare Combinationof Lawyer +Process Expert.Six SigmaCertified

• Ensures smoothoperations/delivery

• Needs nointroduction!

• Supports inopening doors fortough clients

• Spends sizabletime on advisorysupport to us

• Legal Pundit.Works assounding boardfor our newproducts andservices

• Lawyer byprofession andSales person bychoice!

• Actively marketsour services topotential clients


Promoters and Investors

© 2021 Lexplosion Solutions | *Private & Confidential

HeadquartersLexplosion Solutions Private LimitedInfinity Benchmark, Floor 6, Office# 1, Plot# G1, Block - EP & GP, Sector V, Salt Lake, Kolkata- 700 091, IndiaT. +9133 40618083/84/85

Mumbai OfficeLexplosion Solutions Private LimitedAwfis, 10th Floor, Parinee Crescenzo, G BlockBandra Kurla Complex, Bandra East, Mumbai 400051, Maharashtra

Registered Office & NCR (Delhi) Lexplosion Solutions Private LimitedD-20 Hauz Khas, Ground Floor, New Delhi – 110016, India

Bangalore OfficeLexplosion Solutions Private LimitedRegus, CBD Bangalore, Level 9 Raheja Towers, 26-27 Mahatma Gandhi Road, Bangalore - 560 001, India

Visit www.lexplosion.inOr

Email to [email protected]


Contact Us

Lexplosion is also a Member Firm of Leading Indian Industry Associations