Legal compliance. The importance of availability of legal information for compliance and risk management. Presentation, November 2010, Amsterdam.

1. The current compliance issues in the Netherlands Sound legal information management as a condition for legal compliance and risk management

2. Positioning Legal Compliance and Risk Management within ERM The faces of the cube: Corporate goals Internal control steps Company layer Legal information management is related to: Compliance face – compliance with legislation and regulations Reporting face – reliability of reporting Operations face – e.g. authorization and proxies Enterprise risk management is a process, effected by an entity’s board of directors, management and other personal, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives and related projects, initiatives and day-to-day operating practices. Enterprise risk management (ERM): the COSO cube

4. Articles of association (bodies, authorities, decision-making)

5. Bylaws of supervisory board and of executive board

6. Charter Audit & Control Committee

7. Charter Nominating & Remuneration Committee

8. Executiveboard authorities within the group

9. Authorisation structure within the group

10. Company Code of conduct

11. Risk management policy

13. Competition law policy

14. Checklist annual accounts and annual report

15. Claim reporting and claim handling procedure

16. Liability insurance

17. Legal compliance program

18. Contract management

19. Acceptable contract standards and general conditions

20. Licences, brands, trade name, domain name

21. (online) company information as a basis for governance, compliance, risk management and working more efficientlyLegal compliance

22. Poor information management: Loss of time and lack of efficiency for staff Much duplication of work and often duplication of jobs half done Difficult information exchange between finance, legal, tax, compliance Rolling out the business control framework often turns into a theoretical exercise Resulting in low level of compliance and risk management 'for the record' Issues: information management is key

24. Frequent changesin management and employees

25. Being in control is instrumental: information process should not depend on individual employees; finance, legal and compliance are accessible from a single source (that is also updated)

26. Sound legal information management is now generally accepted as a condition for legal compliance: need to have

28. Tightening of legislation and regulations Supervisors have a more prominent role (DNB, AFM, OPTA, CBP, NMA etc.) Increased focus on directors' personal liability Expansion of claim culture (CANTAB survey/zyLab November 2010: 59% of legal decision-makers in large corporations acknowledge this trend and are concerned) Issues: trends in legal compliance risk

29. Legal compliance and risk management are not: to be just done as a sideline activity a ‘one-man show' of Legal to be done and forgotten but require: a well-considered structure of the process a sense of reality regarding the scope of the project access to information is absolutely key internal support and communication coordination between finance, legal, tax, compliance regular update and monitoring Conclusion

30. Legadex B.V. | Teleportboulevard 110 | 1043 EJ Amsterdam | Tel.: +31 (0)20 - 82 08 396 Amsterdam Trade Register no. 34303161 Rabobank Amsterdam 1270.63.846 | VAT NL 819508512B01 Email: info@legadex.com | www.legadex.com Thankyou for your attention