2. Faculty
• General Counsel, Mid-Atlantic
Business Unit, Titan America LLC
Carl Peterson
• Associate General Counsel,
Dassault Falcon Jet Corp.
Stephanie Bortnyk
• Assistant General Counsel, Allegis
Group, Inc.
Allie Wright
• Attorney, Womble Carlyle
Sandridge & Rice, LLP
Sonny Haynes
*Disclaimer: The views and opinions expressed in this presentation and the accompanying
materials are those of the authors as individuals and do not necessarily reflect the views
or opinions of any of their respective employers.
3. Allocating Risk for Your Company:
Agenda
I. Traditional role of Legal Department in
Risk Assessment/Compliance
II. Current Environment – Recent
Developments
III. Survey Results - Introduction
IV. Approaches to Compliance and Risk
Assessment
V. Ethical Concerns Related to Risk
Assessments and Compliance
VI. Survey of In-House Counsel – Discussion
and Results – Playing the Feud!
VII. Wrap Up/Q&A
4. Allocating Risk for Your Company:
The Changing Landscape of Compliance
• Has historically been the norm
• But environment is evolving…
“Triage” Approach – Learn and Respond
• Began with financial reporting - Sarbanes-Oxley, Gramm Leach
Bliley, Dodd-Frank, etc.
• Recent developments = more comprehensive
Compliance Obligations Are Increasing
• DOJ/other agencies becoming more aggressive
• Holder Memo
• Thompson Memo
• McNulty Memo
• Filip Memo
Risks of Non-Compliance Also Increasing
6. Allocating Risk for Your Company:
Survey Results - Introduction
• Wanted to learn
“typical” in-house
risks
• How risks were
being monitored
• SLD focus
Survey Development
7. Allocating Risk for Your Company:
Survey Results - Demographics
# of Lawyers
1-3 4-7 8+
68%15%
17%
# of Support Staff
1-3 4-7 8+
84%
14%
2%
Specialists v. Generalists
Generalists Specialized
A Little of Both
49%45%
6%
Company Size
0-500 501-5,000 5,001+
43%
32%25%
8. Internal Audit Department (Separate from Legal)
Triage of Issues as they Arise (brought forward by the business or outside forces)
Outside Compliance Monitoring Vendor
Monitored/Addressed by Outside Counsel
Routine Legal Department Compliance Checks
45%
20%26%
8%
1%
Allocating Risk for Your Company:
Survey Results – Risk Monitoring and Compliance
9. • More clients/practice areas/responsibilities,
fewer attorneys/staff
• Shift from triage to forward-looking program
is vital
• A viable compliance program is a must
• Protect your company
• Protect yourself and executives
• Financial incentives
Legal Departments Are
Being Asked to Do More
With Less
Allocating Risk for Your Company:
Survey Results - Overview
10. • Strong internal controls
• Self-discovery/self-reporting
• Requires formal compliance
audits, risk assessments,
mitigation efforts, etc.
• Evidence shows that very few of
us have these practices in place
Limited Tools That May
Garner Leniency
Where To Start?
Allocating Risk for Your Company:
The Changing Landscape of Compliance
12. 0-5 Hallmarks 6-8 Hallmarks 9-10 Hallmarks
53%
13%
Allocating Risk for Your Company:
Ten Hallmarks of an Effective Compliance
Program
34%
13. ERM
CAS
(2003)
COSO
(2004)
RIMS
(2006)
ISO
31000
(2009)
“The discipline by which an
organization in any industry
assesses, controls, exploits,
finances, and monitors risks
from all sources for the
purpose of increasing the
organization’s short- and
long-term value to its
stakeholders.”
“A process…applied in strategy setting
and across the enterprise, designed to
identify potential events that may
affect the entity, and manage risk to
be within its risk appetite, to provide
reasonable assurance regarding the
achievement of entity objectives.”
“A strategic business discipline
that supports the achievement
of an organization’s objectives
by addressing the full spectrum
of its risk and managing the
combined impacts of those risks
as an interrelated risk portfolio.”
“A process that provides
confidence that planned
objectives will be achieved
within an acceptable degree
of residual risk”
Risk is “the effect of
uncertainty on objects
14. • Systematic process to identify and scale risk
• Can be applied to any area
• Prioritizes and manages risks as an
integrated portfolio
• Evaluation of portfolio through various lenses
• Recognizes that all risks are interrelated –
combination of multiple risks may exceed
sum of individual parts
• Involve risk identification/management in all
critical business decisions
In Plain English?
Allocating Risk for Your Company:
Enterprise Risk Management
15. • ERM concepts can be
replicated on a smaller
scale
• DOJ Guidance – smaller
companies with fewer
resources can still
comply
• If a program meets
these three criteria, it
will provide for
detection, prevention,
and remediation
Allocating Risk for Your Company:
Small Law Department – Other Compliance Methods
17. Step 1 – Set parameters for ranking
Value Risk Grade Probability
1 - Very low < $10k < once every 10 years
2 - Low > $10k > once every 10 years
3 - Medium > $100k > once a year
4 - High > $1m > once a month
5 - Very high > $10m > once a day
Step 2 – Survey risk/probability
Allocating Risk for Your Company:
Create Your Own Assessment
18. Step 3 – Tabulate Survey Results
Allocating Risk for Your Company:
Create Your Own Assessment
Risk
Description
Activity Risk Grade Probability Risk Value Grade
Value
Probability
Value
Employment
Law
Union 2 - Low 2 - Low 100 10 10
Social Media 3 - Medium 3 - Medium 10000 100 100
Co-Employment 3 - Medium 3 - Medium 10000 100 100
FLSA 4 - High 4 - High 1000000 1,000 1,000
Overtime 3 - Medium 3 - Medium 10000 100 100
Discrimination 3 - Medium 3 - Medium 10000 100 100
Employee Safety 4 - High 5 - Very High 10000000 1,000 10,000
19. •Who is your client?
•What do you do with
information uncovered?
•Attorney/client privilege
protection?
Unlocking Potential
Ethical Concerns in
Preparing a Risk
Assessment
Allocating Risk for Your Company:
Small Law Department – Risk Assessments & Investigations
20. • What about risks that might be
uncovered?
• Something significant?
• Serious enough to warrant outside
counsel engagement?
• Ethical rules to consider:
• Rule 1.6: Confidentiality of
Information
• Rule 1.13: Organization as Client
• Rule 4.1: Truthfulness In
Statements To Others
• Rule 8.4: Misconduct
Allocating Risk for Your Company:
Risk Assessments & Investigations
21. • Client Confidences
• Routine business
audits v. audits to
determine need for
legal advice
• What about internal
investigations?
Model Rule 1.6:
Confidentiality of
Information
Allocating Risk for Your Company:
Small Law Department – Risk Assessments & Investigations
22. • (a) A lawyer employed or retained by an
organization represents the organization
acting through it duly authorized constituents
• What about…
• Conflicts of interest?
• Upjohn warnings?
• Report up, but do you always report out?
Model Rule 1.13 –
Organization as Client
Allocating Risk for Your Company:
Risk Assessments & Investigations
23. • Do not fail to disclose material fact when disclosure
needed to avoid criminal or fraudulent act
• Do not knowingly make false statement of material
fact or law
Model Rule 4.1 – Truthfulness
in Statements to Others
• Defines “professional misconduct”
• Refrain from deceit, dishonesty, fraud, or
misrepresentation
Model Rule 8.4 – Misconduct
Allocating Risk for Your Company:
Risk Assessments & Investigations
24. Allocating Risk for Your Company:
Playing the Feud – Labor and Employment
Edition
• Fair Labor Standards Act
• Employee Safety (OSHA/MSHA)
• Overtime Rules
• Co-Employment
• Social Media Issues
• Union Activities/Persuader Rule
POLL QUESTION –
What do you believe
survey respondents
identified as the
“highest risk” labor
and employment issue:
26. Allocating Risk for Your Company:
Playing the Feud – IT/Data Protection Edition
• Increased Role of Legal in Data
Compliance
• Data Management/Retention/Deletion
• Cybersecurity (Breaches/Hacking)
• Unstructured Data Control
• IT Infrastructure (aging/new
technology)
• EU Privacy Mandates
POLL QUESTION – What
do you believe survey
respondents identified as
the “highest risk” IT/Data
Protection Issue:
28. Allocating Risk for Your Company:
Playing the Feud – Legal Department
Management Edition
• Establishing/Maintaining Business
Relationships
• Enterprise Risk Management
• Identifying C-Level Risk Tolerance
• Identification/Retention of Talent
• Protection of Privilege
• Conflicts of Interest
POLL QUESTION – What do you
believe survey respondents identified
as the “highest risk” Legal Department
Management Issue:
30. Allocating Risk for Your Company:
Playing the Feud – Supply Chain Edition
• Supply Chain Transparency
• Foreign Privacy Laws
• FCPA Compliance
• Re-Export Concerns
• OFAC Compliance/Sanctions
List
• Ethical and Social Compliance
POLL QUESTION – What
do you believe survey
respondents identified as the
“highest risk” Supply Chain
Issue:
32. Allocating Risk for Your Company:
Playing the Feud – Ethics Edition
• Client Identification/Conflicts of
Interest
• E-Discovery/Litigation Management
• Legal Outsourcing/Unauthorized
Practice of Law
• Communications with Represented
Parties
• Preserving Privilege and Work
Product Protections
• Personal Liability/Obligations
Regarding Reporting
POLL QUESTION – What do you
believe survey respondents identified
as the “highest risk” Ethics Issue:
34. Summary Overview
Changing Environment = Changing Approach
Survey Your Landscape
Open an Ongoing Dialog with Business
Consider Legal as well as Business Risks
Review/Adopt Compliance and Risk Monitoring Plans
Incorporate Compliance Efforts into Business Routine
Create a Defensible Position