legal risk - new thinking
TRANSCRIPT
Legal Risk – New ThinkingDavid Woodnorth ComplyWith NZ Ltd
It’s mostly people doing the right thing…
› Culture
› Knowledge
› Resources
“Being smart about taking chances” D Hubbard, The Failure of Risk Management
Legal Risk Management
What is ‘legal risk’?
› the probability & magnitude of harm
› to our people, assets, brand &/or objectives
› involving a breach of Statutory, Contractual or other legal obligations
› Assumed rather than led› The Legal Team does legal risk › No deep clarity or visibility
“We’ve got good people”
“It’s just a burden for me”
Old School
› Fire-fighting & ad hoc › Reporting of low value (if any)
& non-reporting is incentivised
› Legal risk not part of BAU decision-making
“We don’t know what we don’t know…”
Old School
› Clear leadership
› It’s part of everyone’s job
› Clear who is responsible for what
› People know what they need to know
“This helps me to be better at my job”
New School
Proactive & BAU –participation & discussions
better decision-making
› Reporting is valued from the bottom up
› Valued as a performance driver & supports other business functions like HR, H&S…
New School
It’s a different type of conversation.
Here’s what a leading brand strategist discovered for us…
Getting Buy-in
The new paradigm of directors’ personal
liability creating a new focus on a wider, more
human set of governance driversEthical Behaviours • Environmental Practices • Reputational
Risk
Findings
Personal accountability is the new currency, but
the “single biggest challenge” facing boards
and senior leadership teams
Learnings
Technology and Health & Safety = the two big
issues dominating boards’ minds right
now
Findings
And people are simply ignorant of their
responsibilities even those at the very top (Who now have a whole lot more to lose)
Findings
Can we redefine the conversation &
language around the true benefits of getting
legal risk right?
The Challenge
“The value add is all about legal risk, it’s a trigger to have richer
discussions around better decision making”
Professional Director
Getting on top of legal risk ‘keeps
business managers current, fresh, and
builds expertise ‘where it should lay’
Findings
“It makes people think about preparation, …it
forces people to participate as ‘you’re the
ones that need to be compliant,
not us lawyers’”Commercial and Legal Manager
The Upshot
Getting compliance right is in fact an
educational, empowering HR tool in equipping staff to
be ‘best practice operators’
Drive greater education and participation in legal risk at the operations level of our business.
An Internal Value Proposition
Empower better decision making, create
better operators
The Conversation ShiftFrom: To:
Across the Business?
Deep Dive?
Scope
4 steps to enlightenment…What actually happens here?
What are the material legal obligations?
Who is responsible for what?
What’s in place to help manage these risks?
Identifying legal risk
Identifying legal risk – Initial Process
Project Scoping
• Scoping the client's requirements.
•Meet with Lead Contact to get client's priorities & intro to nature of the business.
•Get org chart for relevant areas, who will need to be talked to?
•Deliverables.• Finalisie project scope & plan
Create Responsibility template
• Initial review of suite of generic content / obligations for the context (i.e. the relevant operating environment).
• Identify client / project - specific compliance content that may need to be developed.
•Deliverables•Draft responsibility template
Optional: Prepare new compliance content
• Draft any required compliance obligations
• Consideration of any necessary modifications to generic content.
Identifying legal risk – Initial Process
Consultation & Initial Insights & Recommendations
•Consult with most senior managers first then move down into the detail
•Get buy-in
•Tease out detailed understanding of the nature of the operations,- lots of open questions
•Who responsible for what?
•Proposed obligation allocations (incl reasons for N/As)
•Possibly may lead to more drafting work
Finalise obligation allocations + draft Ops & Compliance Profile
•Finalise recommendations and document approvals
•Prepare draft Operations & Compliance profile – tells the legal risk story - circulate as draft
•Consult client and provide full sets of allocated obligations to each user to confirm allocations are correct
• Finalise obligation allocations
Set up of initial compliance reporting round
•New content, users, etc loaded onto ComplyWith
•Ops & Comp Overview loaded
•Survey settings loaded
•Communications prepared & approved
Optional: Individual users review obligation allocations
Identifying legal risk – Initial Process
First survey is conducted
•Should be completed in 2 weeks
•Assist with the running of the compliance survey.
•Assisting and monitoring survey completions
•Technical helpdesk for user support.
Compliance action-plans
• Initial reporting to the client on survey results highlighting non-compliance issues. Program-generated “exception report”.
•Support for client in developing and initiating responses to non-compliances.
Report on survey results
•Prepare a draft management report to the Senior Leadership Team and/or Board/ Audit and Risk Committeeon the survey process and outcomes.
Project review and feedback
•Review the project post-implementation.
•Seek and capture client feedback,
•Client given clarity about who things are going to work going forward.
•Assist client with feedback to participants
•Deliverables •Templates of participant communications edited in consultation to the client.
•Start planning for stage 2 implementation if required
Effective communication and project updates to the client and ComplyWith team
From talking to the business we have learned & recommend:
Do people know what they need to know?
How’s the culture & resourcing out there?
What we can do better & urgent fixes?
Insights & Recommendations
‘Repurposing’ the great things learned when identifying legal risk…
Helps everyone understand what’s going on, what needs to be done & by who
Context to specific obligation allocations
Can be used for inductions, training, reviews…
Tell the ‘Legal Risk Story’
Think audience first› Simple structure
› People› The physical environment› Inputs → Outputs
› Plain English & minimise jargon› Fine detail elsewhere› Pictures & diagrams are great› Circulate as a draft & seek input
Tell the ‘Legal Risk Story’
“What gets counted gets done!”
Culture is key for valuable reporting
Monitoring & Reporting
Monitoring & Reporting
The process provides value to all:
› Knowledge
› A ‘voice’ to people in the business
› Reinforces healthy corporate accountability
Monitoring & Reporting
Don’t waste people’s time
› Targeted & tailored
› Efficient – utilise technology if possible
› Great communication, follow-up & feedback
Monitoring & Reporting
Reports
› Who is the audience? › Important stuff in the first 2 pages
(max!)› Do not ‘filter’ bad news – clarity is key› What else adds value?
Questions & DiscussionComplyWith.co.nz twitter.com/ComplyWithNZ