With increasing litigation expenses, heightened regulatory requirements and broader role of chief legal officers, organizations today need to focus more sharply on defending corporate interests, avoiding harsh penalties, preventing fraud within the organization, reducing extended litigation periods and managing huge legal expenses.Download a Solution Brief
The corporate world has seen a multitude of new growth opportunities in the last decade and benefitted from them in many ways. A part of the flipside of this diverse global business environment is the legal aspect involved in corporate operations which turns more and more intricate as companies grow. Today legal officers, compliance officers and general counsels at corporate organizations worldwide are witnessing a strong upsurge in the amount of legal data, processes and activity parameters they need to track and maintain in order to manage potential litigations effectively.
Beginning in 2002 with the enforcement of Sarbanes-Oxley Act, Congress and federal agencies have added thousands of new parameters for corporate behavior to the already overflowing law books. “All this lawyerly activity has expanded the power, responsibilities and vulnerabilities of another set of lawyers, the chief legal officers, or CLOs, who try to steer corporations through the new legal labyrinth. For one thing, the CLOs have to read and try to interpret tomes like the 2,700-page Dodd-Frank Act,” comments George Melloan in his Wall Street Journal review of ‘Indispensable Counsel: The Chief Legal Officer in the New Reality’.
With the changing legal landscape, the impact of legal governance, risk and compliance management on corporate operations across industries has transformed hugely, forcing CLOs and general counsels to take more aggressive as well as holistic measures to handle regulations, laws, court actions and litigations along with the conventional corporate legal responsibilities such as managing product-liability or personal-injury lawsuits slapped by destructive social elements.
Challenges of an In-house Counsel
The corporate legal departments and general counsels are focusing their efforts on adapting to their new role and responsibilities in maintaining and improving the organization’s legal health. Some of the challenges they face are:
Hawk’s eyes to manage regulatory requirements and associated risks
In-House counsels are required to manage and coordinate compliance with a wide range of legal mandates such as Antitrust Laws and Employee Health and Safety Laws, Anti-corruption laws such as FCPA, UK Anti-bribery Act, Privacy Laws such HIPAA as well as FDA, FCC and other regulatory requirements.
Analysts believe that an average Global 2000 company today manages about 143 concurrent lawsuits and the average mid to large company handles over 20 ongoing suits at any given point in time, all resulting from regulatory violations. This alarming increase in the number of lawsuits and damaging litigations demands continuous monitoring and mitigation of legal risks.
Preventing losses and controlling costs of lawsuits
Research indicates that the average cost to defend a corporate lawsuit is over $1.5 million per case, including third party processing fees and legal review costs. With the increasing frequency of lawsuits and litigation threats, damage reward requests coupled with various whistleblowers incentive provisions, quantity and expense of litigation can go out of control.
Creating a robust litigation capability to defend corporate interest and prevent monetary and brand erosion losses to the organization are critical responsibilities of the new age legal department.
Managing regulatory examinations
A crucial part of legal compliance is managing numerous regulatory examinations, audits and investigations carried out by regulatory authorities such as SEC, FDA, CMS and so on. These audits and investigations involve proficient management of the appeals process, gathering compliance evidence, and collaborating with different stakeholders across the organization. Industries that are governed by information security laws and legal teams need to manage information security breach investigations and minimize the occurrence of breaches by implementing effective measures.
Navigating through the maze of laws and regulations, legal departments need to enter agreements in order to negotiate settlements and avoid prosecution. In case of regulatory non-compliance or fraud discovery, organizations need to pay heavy penalties; they could be barred from participating in certain government programs or even prosecuted, impacting reputation as well as revenue options.Corporate Integrity Agreements (CIAs), Deferred Prosecution Agreements (DPAs), Non-prosecution Agreements (NPAs) help negotiating settlements and give another chance to the organization to establish stronger compliance. Entering and managing such agreements involve several legalities, huge amount of data, detailed documentation and elaborate processes that legal departments must handle efficiently and carefully.
Managing the legal aspect of operations
Corporate operations involve a multitude of issues that have a legal angle to them. Taking the required measures for employee health and safety, ensuring that the company follows corporate code of conduct, stipulating that suppliers, vendors, partners and third parties comply with required regulations - these are some of the areas that can have serious legal implications on the organization’s interests. Failing to protect the brand and the intellectual property of the organization, ignoring certain regulations or code of conduct while conducting sales and marketing activities, working in silos where different departments are not collaborating in achieving legal goals - these can be some scenarios where the legal team needs to put in extra effort to achieve legal objectives.
Difficulties in implementing policies and procedures
Enforcement of policies and procedures and compliance with them, though a key responsibilities of the Chief Compliance Officer, are of interest to the Chief Legal Officer as well from the perspective of managing the legal implications resulting from non-compliance. Corporations end up spending huge amount of effort, resources and time on documenting policies and guidelines and implementing legal processes to ensure legally compliant business conduct for all directors, officers and employees.
Implementing these policies at enterprise level, mapping legal requirements to controls and policies, establishing procedures to match the policies, ensuring that they are being followed and aligning these policies to the changing legal, risk and regulatory environment remain grey areas for many legal departments of corporate organizations.
Manual methods to manage legal processes
Many legal departments document and manage legal matters manually by sending email messages and documents. Discovery functions such as tracking legal holds, collecting, archiving, and processing electronically saved information (ESI), conducting privilege and responsiveness reviews, and producing documents are some of the processes that are conducted manually in many corporate legal departments. These manual processes involve inherent errors and limitations impacting various areas such as the correctness of documents, managing contracts and related processes from a legal perspective, streamlining the investigation management processes, tracking changes in laws and regulations, managing and monitoring legal and compliance risks.
Holistic GRC approach to manage legal processes competently
With increasing litigation expenses, heightened regulatory requirements and broader role of chief legal officers, organizations today need to focus more sharply on defending corporate interests, avoiding harsh penalties, preventing fraud within the organization, reducing extended litigation periods and managing huge legal expenses.
Topmost priorities of a corporate legal GRC program
Chief legal officers often face the pressure to reduce costs and increase efficiency, while providing a very high level of legal support to the organization. Legal spend management includes managing not only external counsel costs, but also costs involving internal resources, e-discovery and other costs. CLOs are required to manage an extensive range of legal matters, holds, contracts, cases, class actions, legal risks, regulatory compliance, regulatory examinations, investigations, sanctions, agreements, audits, fraud and abuse cases, among others. Storing, maintaining and tracking documents, data and other evidence to ensure compliance and protection from legal hazards can appear overwhelming.
Legal management involves diverse types of issues such as discrepancies or non-compliance issues related to claims, accounts payable, intellectual property, information security and confidentiality, human resources, infrastructure management, risk management, internal audit, and more. To ensure appropriate understanding of the gravity of non-compliance consequences by all entities involved and to ensure cooperation for smooth processes, legal departments need to facilitate collaboration among these entities.
In their attempt to manage the legal processes which are speckled with such diverse challenges, organizations are looking at adopting a holistic GRC approach and implementing enterprise wide legal programs that integrate the various aspects of legal processes on a single GRC platform.
Based on the holistic GRC approach, the key components of an effective legal program that can help the in-house counsel departments are:
- Staying aligned with regulatory changes
The legal intricacies get more tangled as regulations change, as new stipulations are added and as the existing mandates are revised. When laws are altered, legal departments need to measure the impact of these changes through change-risk assessment, calculate the risk of getting into a legal tangle- and accordingly provide direction to the compliance department to modify the processes. A delay in implementing the required changes in compliance processes can lead to the organization getting caught unawares and facing harmful lawsuits, to say the least. With the multitude of new regulations and unpredictable changes to existing laws each year, legal departments are moving away from ad hoc monitoring of regulatory requirements to a systematic framework based on regulatory intelligence.
- Identifying and managing legal risks
Under a recent SEC disclosure requirement, a company must disclose the extent of the board's role in risk oversight of the company and the effect that the board's risk oversight function has on its leadership structure. The general counsel’s role is to assist the board of directors in the risk oversight function, support the board in overseeing actual or potential risks associated with the company's business, operations and practices, and to ensure that the basic corporate structure, governance documents and compliance environment of the company meet the evolving standards.
- Defining and implementing controls, policies and procedures
As legal risks are identified and assessed, appropriate controls are defined and implemented. These need to be reflected in organizational policies and transformed in to procedures that employees must follow for the legal health of the organization. As laws and regulations change, the compliance requirements are modified. Internal policies must be updated accordingly and made available to the concerned members and organization’s legal standards must be clearly established and distributed.
- Performing audits
Organizations need to ensure that regular as well as ad hoc audits are performed to examine if each legal risk is mitigated through an appropriate internal control and if all the gaps are plugged adequately. A systematic and closed-loop approach to managing the complete audit lifecycle and measuring the efficacy of internal controls is a mandatory step in achieving legal goals of an organization.
- Managing documents and contracts
Tracking negotiations with vendors and partners, maintaining a record of earlier contracts, creating detailed contracts that cover all requirements as well as stipulations and ensuring that the contracts adhere to business standards and objectives of the organization are some of the crucial steps in contract management. In-house counsel departments need to closely track parties, clauses, warranties, assignability, termination dates, notice provisions, and other important terms in order to make sure that the contracts are legally correct and do not contain any loopholes where the organization may face the danger of litigations.
- Educating and training staff on legal implications involved in their roles
Many regulations enforce certain restrictions on employee conduct and non-compliance with these requirements may lead to legal actions such as prosecution, elimination from certain government programs, imprisonment and more. The staff of the organization needs to be aware of these regulations, their implication for their role and the legal impact of non-compliant behavior on themselves, other entities within the organization as well the organization as a whole. The most common examples are anti-corruption or anti-bribery acts that demand employees to follow a certain code of conduct while dealing with government clients and stakeholders. Training employees on such regulations along with examples and situations related to their roles and creating awareness about regulations and their implications are some of the key actions towards adopting a proactive approach towards minimizing the chances of legal implications.
How MetricStream can help
Key metrics for a CLO or General Counsel to track
The foundation of a successful corporate legal program is to proactively and holistically manage myriad areas of GRC such as regulatory compliance, legal risks, regulatory examinations, investigations, sanctions, third-party contracts and organizational policies.
MetricStream provides a comprehensive framework to help organizations across industries streamline, automate and monitor important aspects of legal programs while combining best-in-class technology with relevant regulatory content. Built on the industry leading GRC platform, the solution enables efficient management of corporate legal program at multiple levels. MetricStream solution approaches legal program management in a holistic and proactive way by instituting robust GRC capabilities.
MetricStream solution supports receipt of various types of case entries such as anonymous forms on the web, batch uploads, direct entries into the solution portal as well as entries through hotlines by employees, suppliers or vendors. The solution workflow moves these case entries to the assigned investigator who examines the matter and forwards the investigation to the legal officer or attorney for a review, after which the case manager can review, sign off and complete the case. The solution enables the case manager to record important aspects of each case investigation such as case ID, event type, department where the case occurred, nature of the case, description, investigation details, investigator’s comments, witness details, settlement amount, among other details.
Regulatory Examination Management
MetricStream provides extensive support to CLOs through all the stages of examination: pre-examination phase, fieldwork, meetings with stakeholders, and implementing findings. When an organization receives the pre-examination letter, the structured workflows of the solution allow the CLO to determine business owner and stakeholders, assign them tasks, closely track the material or evidence while it is being gathered, review the collected material and deliver it for regulatory examination. The integrated platform enables stakeholders and regulators to collaborate and review the existing processes and submit explanations for preliminary findings. The company can receive and review the draft of examination report, and receive the final examination report within the solution. Tracking recommendations to check the outstanding matters that require management’s attention as well as executed points, ensuring that all the recommendations by regulators are implemented, developing and delivering the response letter to regulators are the final steps in the process that are supported by the solution through regulatory examination dashboards.
The solution enables management and reporting for sanctions such as Corporate Integrity Agreement (CIA). MetricStream offers an advanced, comprehensive system to efficiently manage all aspects of various sanctions that organizations are subjected to, ranging from risk assessment, to control testing and monitoring, to audit lifecycle management, to issue remediation, to reporting, to training. Connecting with internal applications, systems, employees, and the organization’s offices in different geographies, business units and functions, the solution institutes strong corporate integrity across enterprise. The highly sophisticated dashboards and reports allow close monitoring of programs for managing sanctions and agreements.
MetricStream Solution provides automation capability for initiating, creating, reviewing and approving contracts. Contracts are stored in a common repository with adequate controls for versioning, check-in and check-out of documents. The solution allows the users to search the repository using various parameters such as parties, clauses, warranties, assignability, termination dates, notice provisions, and other important terms. Built-in checklists ensure that the contracts are adhering to business standards and objectives. CLOs can track the negotiations process to ensure that all the terms are incorporated and taken care of in the contract.
It is critical for legal departments and CLOs to identify legal risks proactively before these grow out of proportion and become dark dangers to the safety and interests of the organization. Protection of intellectual property rights, brand protection, pending litigations and litigation threats, product liability, non-compliance issues in sales and marketing practice, insurance, property matters, employment and HR practices, industry regulations as well as company secretarial, board and shareholder matters can pose legal risks that need to be identified, assessed based on financial impact of litigation and impact on sales, and managed appropriately.
MetricStream provides an integrated and flexible risk management framework for documenting and assessing legal risks, defining and assessing controls, identifying issues and implementing recommendations and remediation plans. The solution includes tools for risk assessment, analysis and monitoring such as qualitative and quantitative risk assessment capability, support for maintaining key risk indicators data, configurable risk calculators and risk heat maps.
The solution supports risk assessment based on typical scenarios and risk factors specific to the organization. The qualitative and quantitative impact of the risk can be evaluated and controls can be implemented based on various assessments. The performance of these controls can be closely monitored and assessed to ensure their effectiveness to mitigate the risk.
MetricStream provides a comprehensive audit system designed to help companies manage a wide range of audit-related activities, data and processes. Auditing the legal processes results in finding out gaps in the legal program if any and the risk accrued for the organization as a result of non-compliance and conducting issue remediation and corrective action. The solution provides end-to-end functionality for managing the complete audit lifecycle comprising audit planning and scheduling, development of standard audit plans and checklists, data collection, development of audit reports and recommendations, review of audit recommendations by audit entities and management and implementation of audit recommendations and remediation for a closed-loop compliance process.
MetricStream Solution supports identification of cases such as fraudulent activities and unethical practices through integration with hotline/whistleblowing systems to minimize the chances of legal implications. The solution enables organizations to establish and follow consistent procedures for capturing fraudulent and unethical cases, managing tasks, and reporting case status. The solution supports early assessment of cases as well as case investigation and tracking leading to an elaborate remediation or corrective action process. Clear visibility into aspects ranging from incident trigger to resolution time and type of issues raised enables the CLOs to foresee the risks and devise preventive measures in a timely manner.
MetricStream Solution enables effective management of the legal compliance training process by maintaining the course offerings and course descriptions for easy review by employees and managers, scheduling training sessions, providing feedback on instructors and course material effectiveness, maintaining training records and conducting gap analysis to ensure complete compliance.
The powerful analytics and reporting capability with graphical dashboards monitor training program effectiveness and give managers complete real-time visibility into the organization's training management system. At any given time, the legal managers have the complete picture of the company’s legal compliance awareness level.
The scope of training can include a basic level of compliance awareness for all employees, third-party training for suppliers and vendors as well as specialized and in-depth training for employees at risk.
- MetricStream Solution enables a sustainable and closed-loop program for compliance with all legal mandates, regulatory requirements and internal policies.
- The solution simplifies the tracking of all regulatory changes through automated alerts and data feeds.
- MetricStream enables streamlining the development, maintenance and communication of all legal policies and procedures across the enterprise.
- The solution ensures that legal compliance activities overlap but do not duplicate the work being done by Records Information Management (RIM), Information Technology (IT) and Corporate Compliance officers.
- MetricStream Solution allows CLOs to efficiently assess, analyze and track risks through configurable risk monitors and heat maps, as well as key risk indicators (KRIs) and key performance indicators (KPIs).
- The solution provides a quick access to all risks, controls, control assessments, policies and other critical information through centralized libraries with intuitive search functionalities.
- MetricStream enables a systematic and closed-loop approach to managing the complete audit lifecycle for measuring the efficacy of internal controls.
- The solution helps CLOs efficiently manage and track regulatory examinations, accelerate responses, and reduce the risks of non-compliance.
- MetricStream provides a centralized and real-time view of the legal processes across the enterprise to ensure accountability and transparency in a company’s processes, systems, protocols, structures, operations and controls.