The document discusses the evolution of legal risk management from traditional reactive approaches to a proactive and inclusive model emphasizing corporate culture and accountability. It highlights the importance of identifying legal risks, clarifying responsibilities, and empowering employees through education and compliance to improve decision-making and operational efficiency. Furthermore, it suggests strategies for effective communication and monitoring to reinforce corporate accountability and enhance organizational performance.

1. Legal Risk
– New Thinking
David Woodnorth
ComplyWith NZ Ltd

2. It’s mostly people doing the right thing…
› Culture
› Knowledge
› Resources
“Being smart about taking chances”
D Hubbard, The Failure of Risk Management
Legal Risk Management

3. What is ‘legal risk’?
› the probability & magnitude of harm
› to our people, assets, brand &/or
objectives
› involving a breach of Statutory,
Contractual or other legal obligations

6. › Assumed rather than led
› The Legal Team does legal risk
› No deep clarity or visibility
“We’ve got good people”
“It’s just a burden for me”
Old School

7. › Fire-fighting & ad hoc
› Reporting of low value (if any)
& non-reporting is incentivised
› Legal risk not part of BAU decision-making
“We don’t know what we don’t know…”
Old School

8. › Clear leadership
› It’s part of everyone’s job
› Clear who is responsible for what
› People know what they need to know
“This helps me to be better at my job”
New School

9. Proactive & BAU –participation & discussions
better decision-making
› Reporting is valued from the bottom up
› Valued as a performance driver & supports
other business functions like HR, H&S…
New School

10. It’s a different type of conversation.
Here’s what a leading brand strategist
discovered for us…
Getting Buy-in

13. The new paradigm of
directors’ personal liability
creating a new focus on a
wider, more human set of
governance drivers
Ethical Behaviours • Environmental Practices • Reputational Risk
Findings

14. Personal accountability is
the new currency, but the
“single biggest challenge”
facing boards and senior
leadership teams
Learnings

15. Technology and Health &
Safety = the two big
issues dominating
boards’ minds right now
Findings

16. And people are simply
ignorant of their
responsibilities even
those at the very top
(Who now have a whole lot more to lose)
Findings

17. Can we redefine the
conversation & language
around the true benefits
of getting legal risk
right?
The Challenge

18. “The value add is all about
legal risk, it’s a trigger to
have richer discussions
around better decision
making”
Professional Director

19. Getting on top of
legal risk ‘keeps business
managers current, fresh,
and builds expertise
‘where it should lay’
Findings

20. “It makes people think
about preparation, …it
forces people to participate
as ‘you’re the ones that
need to be compliant,
not us lawyers’”
Commercial and Legal Manager

21. The Upshot
Getting compliance
right is in fact an
educational,
empowering HR tool in
equipping staff to be
‘best practice operators’

22. Drive greater education and participation in legal risk
at the operations level of our business.
An Internal Value Proposition
Empower better
decision making, create
better operators

23. The Conversation Shift
From: To:

25. Across the Business?
Deep Dive?
Scope

26. 4 steps to enlightenment…
What actually happens here?
What are the material legal obligations?
Who is responsible for what?
What’s in place to help manage these risks?
Identifying legal risk

27. Identifying legal risk – Initial
Process
Project Scoping
• Scoping the client's
requirements.
•Meet with Lead
Contact to get
client's priorities &
intro to nature of the
business.
•Get org chart for
relevant areas, who
will need to be talked
to?
•Deliverables.
• Finalisie project
scope & plan
Create Responsibility
template
•Initial review of suite
of generic content /
obligations for the
context (i.e. the
relevant operating
environment).
•Identify client /
project - specific
compliance content
that may need to be
developed.
•Deliverables
•Draft responsibility
template
Optional: Prepare new
compliance content
• Draft any required
compliance
obligations
• Consideration of
any necessary
modifications to
generic content.

28. Identifying legal risk – Initial
Process
Consultation & Initial
Insights &
Recommendations
•Consult with most
senior managers
first then move
down into the detail
•Get buy-in
•Tease out detailed
understanding of
the nature of the
operations,- lots of
open questions
•Who responsible for
what?
•Proposed obligation
allocations (incl
reasons for N/As)
•Possibly may lead to
more drafting work
Finalise obligation
allocations + draft Ops
& Compliance Profile
•Finalise
recommendations
and document
approvals
•Prepare draft
Operations &
Compliance profile –
tells the legal risk
story - circulate as
draft
•Consult client and
provide full sets of
allocated obligations
to each user to
confirm allocations
are correct
• Finalise obligation
allocations
Set up of initial
compliance reporting
round
•New content, users,
etc loaded onto
ComplyWith
•Ops & Comp
Overview loaded
•Survey settings
loaded
•Communications
prepared &
approved
Optional: Individual
users review obligation
allocations

29. Identifying legal risk – Initial
Process
First survey is
conducted
•Should be completed
in 2 weeks
•Assist with the
running of the
compliance survey.
•Assisting and
monitoring survey
completions
•Technical helpdesk
for user support.
Compliance action-
plans
•Initial reporting to
the client on survey
results highlighting
non-compliance
issues. Program-
generated
“exception report”.
•Support for client in
developing and
initiating responses
to non-compliances.
Report on survey
results
•Prepare a draft
management report
to the Senior
Leadership Team
and/or Board/ Audit
and Risk
Committeeon the
survey process and
outcomes.
Project review and
feedback
•Review the project
post-
implementation.
•Seek and capture
client feedback,
•Client given clarity
about who things
are going to work
going forward.
•Assist client with
feedback to
participants
•Deliverables
•Templates of
participant
communications
edited in
consultation to the
client.
•Start planning for
stage 2
implementation if
required
Effective communication and project updates to the client and ComplyWith team

30. From talking to the business we have learned
& recommend:
Do people know what they need to know?
How’s the culture & resourcing out there?
What we can do better & urgent fixes?
Insights & Recommendations

31. ‘Repurposing’ the great things learned when
identifying legal risk…
Helps everyone understand what’s going on,
what needs to be done & by who
Context to specific obligation allocations
Can be used for inductions, training, reviews…
Tell the ‘Legal Risk Story’

32. Think audience first
› Simple structure
› People
› The physical environment
› Inputs → Outputs
› Plain English & minimise jargon
› Fine detail elsewhere
› Pictures & diagrams are great
› Circulate as a draft & seek input
Tell the ‘Legal Risk Story’

33. “What gets counted gets done!”
Culture is key for valuable reporting
Monitoring & Reporting

34. Monitoring & Reporting
The process provides value to all:
› Knowledge
› A ‘voice’ to people in the business
› Reinforces healthy corporate accountability

35. Monitoring & Reporting
Don’t waste people’s time
› Targeted & tailored
› Efficient – utilise technology if possible
› Great communication, follow-up &
feedback

36. Monitoring & Reporting
Reports
› Who is the audience?
› Important stuff in the first 2 pages (max!)
› Do not ‘filter’ bad news – clarity is key
› What else adds value?

37. Questions & Discussion
ComplyWith.co.nz
twitter.com/ComplyWithNZ