When it comes to risk, the wisest in-house counsel and GCs have a more proactive approach instead of a reactive one.
”You can either be part of the cleanup crew or do stuff to avoid that cleanup situation altogether," says Gitanjali Faleiro, GC, Company Secretary & CCO at Greenhill & Co.
But this is easier said than done. Often, legal teams find themselves stuck in a vicious cycle of reacting to things as they come in, instead of actively anticipating and preventing problems. This impacts a critical aspect of the legal function’s role — risk management.
We interviewed a number of GCs, heads of legal, and leaders within the in-house legal industry to understand their approach to legal risk management in varying situations. In this article, we’ll take you through their advice and outline their strategy for becoming a business partner through the lens of risk management and mitigation.
#1 Start by understanding the risk tolerance
The very first step to an effective legal risk management strategy is to understand which risks actually matter to you and your company.
Jonathan Franz, Head of Legal at Crunchbase, puts it this way:
“To me, a risk only matters if it's material. If it’s immaterial, I don’t care about it.”
To be material, Jonathan explains, it has to meet two conditions:
- It has to be likely to occur.
- It has to be costly.
“If it's likely to occur but it's not very costly, I probably don't care. If it's unlikely to occur but, man, if that meteor hit the earth today, it would be bad — I also don't care. It's just not likely to happen.”
Meanwhile, Katayoon Tayebi, Associate General Counsel at FIGS, emphasizes the importance of understanding what risks your legal and business leaders are willing to take.
“Different leaders will have different views on how to determine risk, and understanding that risk tolerance is super important to your success. If you work for a growing company, for example, your general counsel and your business leaders may be more open to taking on more calculated risks.”
It becomes imperative then, according to Katayoon, that you effectively communicate potential legal risks to your business partners and collaborate on weighing the pros and cons of taking those risks.
“Your job is often explaining legal risk in a digestible way to ensure that the business is aware of what could happen and what the consequences of certain decisions may be. Think big picture. For example, even though a decision may not carry legal risk, it might carry PR risk. Being able to identify risks that impact the business (while not always ‘legal’ in nature) will help you become a trusted advisor.”
#2 Communicate and educate stakeholders on legal risk, the right way
The key to effective communication is understanding where the other person is coming from. For Legal, this starts with leaving the jargon behind and adapting to the business environment they operate in. Ryan Nier, GC at Pinwheel, weighs in on this:
“Even though you’re from legal, you can't speak legal jargon in meetings. Translate your legal opinion to an easy-to-understand business rationale. And for this, legal counsel needs to learn relevant business terms and KPIs. Translate into their terms, not just yours.”
Education is an important aspect in this collaboration. Business teams focus on results — and may not always know or understand the severity of risk associated with certain business decisions or initiatives. It falls on the GC to communicate and educate. Jonathan says:
“When you have different teams coming to you with questions and ideas that could impact risk, you have the responsibility to educate. For example, if your company’s finalizing an email integration, Product might ask what data they can access and how they can use it. Sometimes these ideas can be red flags from a legal perspective and you’re ethically obligated to put the right framework in place.”
#3 Avoid saying ‘no’ as an immediate response
Legal often gets a bad rap as the department of ‘no’, due to its efforts to mitigate as much risk as possible. But to be effective, Jonathan suggests a more pro-business approach.
“One of the ways I build trust is by demonstrating to stakeholders that we evaluate risk thoughtfully and intelligently. We understand we are not, for example, a closely-regulated Fortune 50 pharmaceutical company. So we have a bit more freedom, but we exercise it responsibly.”
As an in-house lawyer, your creative solutions to business problems, while maintaining a reasonable risk profile, are key to the success of both the company and its legal function.
“There are very few things in the world I will push the red button on, because almost anything can be answered without a full stop,” says Ken Priore, Atlassian’s former Director of Privacy.
To ensure you’re enabling the business the best you can within the risk matrix, Jonathan recommends framing your advice this way:
“The right answer is always ‘no, however…’ or ‘yes, but…’.” Always find a path forward.”
In fact, Charlotte Morgan, CLO at Adore Me, advises lawyers to take risks their competitors won't take.
“It's a highly competitive world out there and when you're up against incumbents like our parent company, Victoria’s Secret, who have an outsized market share, you need to be willing to take risks that they can't or won't take in order to stay alive. Being at a start-up, especially a failing start-up, made me realize the importance of those risks.”
#4 Understand your leverage during negotiations
Before heading into negotiations, it is important that you clearly understand your leverage with the customer and are aligned with your business partners. This will enable you to adapt your negotiation strategy, understand where you might need to acquiesce, and evaluate risks with more of a business perspective.
Adam Glick, VP of Legal Affairs at Front, says, “Larger customers are traditionally going to be more risk-averse. They're not going to be as flexible, and they might want to use their contract paper. So, you need to consider how to apply different levels of risk tolerance to those discussions. And you actually might need to acquiesce on some provisions that are important to you in an effort to get the negotiation completed.”
But while larger companies may not be as flexible, it doesn’t mean that you have no leverage against them during negotiations. Celaena Powder, VP of Legal at Seismic, offers a slightly different perspective here.
“When it comes to deals with enterprises, we often think, ‘This is a really big name and there's no way that we have any leverage against them.’ But that might not be true. If a customer goes through a nine-month RFP, they don't want to do another 9-month RFP because the liability cap is slightly different. Consider what you bring to the table and how much they like you. What did they go through to get to this point? And try to use backchannels to keep legal intervention to a minimum.”
Celaena emphasizes on the key role your cross-functional relationships, especially those with your sales AEs, play here. They know the people on the other side of the table the best, and effective collaboration with them can help you secure the best terms possible for the business.
“Before the big calls, we do the internal strategy to get aligned and figure out what we can provide on the legal side to get better commercial terms.”
#5 Strategically budget legal’s time and plan for surprises
Megan Neindermyer, CLO of Apollo.io, stresses on the importance of leaving room for unforeseeable risks when developing the legal roadmap.
“If you're at a start-up, for every 3 projects you plan for Legal, 2.5 come at you by surprise. No matter how well prepared, how big your legal team, or how mature the company, there will be things that you can't anticipate. Because on that risk matrix, there are 100 different risks, from employment to data privacy to contractual to bank system collapse. As a legal team, budgeting for the surprises as well as for the day-to-day is a really delicate balance.”
#6 Mitigate risks with forward-looking policies
The tech landscape is constantly changing, and it requires a certain level of agility from modern GCs to keep up with these changes and protect the business with forward-looking policies.
A recent example of this would be the AI boom. Ken Priore mentions the importance of creating policies around AI use within the business to empower employees in their use of AI while also protecting the business, its customers, and partners.
“When considering the adoption of AI tools, organizations must assess the risks associated with data use.”
Many AI tools have the capacity to ingest and process vast amounts of data, raising concerns about data privacy and security.
“With generative AI, you can't really define what the use cases are right now. So, to ensure people aren't coming to legal for every test use case, you can just create a sandbox to let them explore and come to you when they're ready to expose something to the customer or they've got a product behind it. It's going to create a better environment for both your technologists and for you.”
#7 Turn Legal into a process-oriented business enabler
In the business world, it’s all about efficiency. Legal can often be slow-moving, and for good reason. Rushing through decisions, especially legal decisions, can deal a lot of damage to the business, both monetary and reputational.
However, the smartest legal teams place value on functioning as a business unit rather than the traditional legal department.
“If you're on a two or three day turnaround time — or heaven forbid, a week’s turnaround time — your stakeholders will start working around you,” says Jonathan. “All of a sudden, there will be a ton of stuff no one ever shows you and you'll find out after the fact that the company did that partnership, made that commitment, or signed that document with risky language without any legal review.”
To ensure you’re not overlooking risks due to flawed processes or lack of collaboration with your business partners, setting up a centralized system to manage your contracts is critical.
For Nadia Louis Hermez, Legal Ops Manager at Next Insurance, “using a CLM tool was the only viable solution, if they wanted to avert risks before they turned critical.” She adds that “every stakeholder sought quick contract approvals, but they were unfamiliar with the review and risk assessment process associated with contract approvals."
By implementing a contract lifecycle management system like SpotDraft, you can not only track all your contracts and associated risks in one place, but also enable your sales team with pre-approved contract templates — helping them close deals faster without leaving yourself open to risks.
Request a demo to see how a CLM can help with your legal risk management strategy.