Legal Risk – New ThinkingDavid Woodnorth ComplyWith NZ Ltd

It’s mostly people doing the right thing…

› Culture

› Knowledge

› Resources

“Being smart about taking chances” D Hubbard, The Failure of Risk Management

Legal Risk Management

What is ‘legal risk’?

› the probability & magnitude of harm

› to our people, assets, brand &/or objectives

› involving a breach of Statutory, Contractual or other legal obligations

› Assumed rather than led› The Legal Team does legal risk › No deep clarity or visibility

“We’ve got good people”

“It’s just a burden for me”

Old School

› Fire-fighting & ad hoc › Reporting of low value (if any)

& non-reporting is incentivised

› Legal risk not part of BAU decision-making

“We don’t know what we don’t know…”

Old School

› Clear leadership

› It’s part of everyone’s job

› Clear who is responsible for what

› People know what they need to know

“This helps me to be better at my job”

New School

Proactive & BAU –participation & discussions

better decision-making

› Reporting is valued from the bottom up

› Valued as a performance driver & supports other business functions like HR, H&S…

New School

It’s a different type of conversation.

Here’s what a leading brand strategist discovered for us…

Getting Buy-in

The new paradigm of directors’ personal

liability creating a new focus on a wider, more

human set of governance driversEthical Behaviours • Environmental Practices • Reputational

Risk

Findings

Personal accountability is the new currency, but

the “single biggest challenge” facing boards

and senior leadership teams

Learnings

Technology and Health & Safety = the two big

issues dominating boards’ minds right

now

Findings

And people are simply ignorant of their

responsibilities even those at the very top (Who now have a whole lot more to lose)

Findings

Can we redefine the conversation &

language around the true benefits of getting

legal risk right?

The Challenge

“The value add is all about legal risk, it’s a trigger to have richer

discussions around better decision making”

Professional Director

Getting on top of legal risk ‘keeps

business managers current, fresh, and

builds expertise ‘where it should lay’

Findings

“It makes people think about preparation, …it

forces people to participate as ‘you’re the

ones that need to be compliant,

not us lawyers’”Commercial and Legal Manager

The Upshot

Getting compliance right is in fact an

educational, empowering HR tool in equipping staff to

be ‘best practice operators’

Drive greater education and participation in legal risk at the operations level of our business. 

An Internal Value Proposition

Empower better decision making, create

better operators

The Conversation ShiftFrom: To:

Across the Business?

Deep Dive?

Scope

4 steps to enlightenment…What actually happens here?

What are the material legal obligations?

Who is responsible for what?

What’s in place to help manage these risks?

Identifying legal risk

Identifying legal risk – Initial Process

Project Scoping

• Scoping the client's requirements.

•Meet with Lead Contact to get client's priorities & intro to nature of the business.

•Get org chart for relevant areas, who will need to be talked to?

•Deliverables.• Finalisie project scope & plan

Create Responsibility template

• Initial review of suite of generic content / obligations for the context (i.e. the relevant operating environment).

• Identify client / project - specific compliance content that may need to be developed.

•Deliverables•Draft responsibility template

Optional: Prepare new compliance content

• Draft any required compliance obligations

• Consideration of any necessary modifications to generic content.

Identifying legal risk – Initial Process

Consultation & Initial Insights & Recommendations

•Consult with most senior managers first then move down into the detail

•Get buy-in

•Tease out detailed understanding of the nature of the operations,- lots of open questions

•Who responsible for what?

•Proposed obligation allocations (incl reasons for N/As)

•Possibly may lead to more drafting work

Finalise obligation allocations + draft Ops & Compliance Profile

•Finalise recommendations and document approvals

•Prepare draft Operations & Compliance profile – tells the legal risk story - circulate as draft

•Consult client and provide full sets of allocated obligations to each user to confirm allocations are correct

• Finalise obligation allocations

Set up of initial compliance reporting round

•New content, users, etc loaded onto ComplyWith

•Ops & Comp Overview loaded

•Survey settings loaded

•Communications prepared & approved

Optional: Individual users review obligation allocations

Identifying legal risk – Initial Process

First survey is conducted

•Should be completed in 2 weeks

•Assist with the running of the compliance survey.

•Assisting and monitoring survey completions

•Technical helpdesk for user support.

Compliance action-plans

• Initial reporting to the client on survey results highlighting non-compliance issues. Program-generated “exception report”.

•Support for client in developing and initiating responses to non-compliances.

Report on survey results

•Prepare a draft management report to the Senior Leadership Team and/or Board/ Audit and Risk Committeeon the survey process and outcomes.

Project review and feedback

•Review the project post-implementation.

•Seek and capture client feedback,

•Client given clarity about who things are going to work going forward.

•Assist client with feedback to participants

•Deliverables •Templates of participant communications edited in consultation to the client.

•Start planning for stage 2 implementation if required

Effective communication and project updates to the client and ComplyWith team

From talking to the business we have learned & recommend:

Do people know what they need to know?

How’s the culture & resourcing out there?

What we can do better & urgent fixes?

Insights & Recommendations

‘Repurposing’ the great things learned when identifying legal risk…

Helps everyone understand what’s going on, what needs to be done & by who

Context to specific obligation allocations

Can be used for inductions, training, reviews…

Tell the ‘Legal Risk Story’

Think audience first› Simple structure

› People› The physical environment› Inputs → Outputs

› Plain English & minimise jargon› Fine detail elsewhere› Pictures & diagrams are great› Circulate as a draft & seek input

Tell the ‘Legal Risk Story’

“What gets counted gets done!”

Culture is key for valuable reporting

Monitoring & Reporting

Monitoring & Reporting

The process provides value to all:

› Knowledge

› A ‘voice’ to people in the business

› Reinforces healthy corporate accountability

Monitoring & Reporting

Don’t waste people’s time

› Targeted & tailored

› Efficient – utilise technology if possible

› Great communication, follow-up & feedback

Monitoring & Reporting

Reports

› Who is the audience? › Important stuff in the first 2 pages

(max!)› Do not ‘filter’ bad news – clarity is key› What else adds value?

Questions & DiscussionComplyWith.co.nz twitter.com/ComplyWithNZ