Identification and mitigation of Legal risk for the long term sustainability of your organization.


Globally in response to greater regulation Corporates have moved to having better risk identification and mitigation on a holistic basis for the entity which now also includes an estimation of legal risk. Put simply identification of legal risk for a Corporate requires it to map areas of legal uncertainty where issues may arise.

These are generally said to be structural, regulatory, litigation, and contractual. Any of these areas can impede operations and impact on reputation.

Litigation risk and Contract risk are generally discussed within organizations. However in most instances litigation risks are addressed on a post facto basis. When Management meets the litigation lawyer to discuss the outcomes of the court case, it is already too late as control has passed from the Corporate to Court procedure. Possible outcomes and options should be discussed on a preventative basis when actions are being agreed by Management.

Contract risk mitigation focuses on drafting effective agreements and this approach tends to look at each contract in isolation and treat all contracts the same on the gravity spectrum. Certain contracts and counter parties require greater focus and management as the risks tied to these are greater for the organization. Financing contracts would be an example. These require certain technical milestones to be adhered to by the Corporate which if missed could trigger default provisions, which could have grave repercussions as all financing agreements have cross default clauses.

Identification of regulatory risks is challenging, and is generally not undertaken by Corporates and yet the effects could be immeasurable. The maxim that ignorance of law is not a defence is well established by law however Corporates do not have a comprehensive view of the laws which apply to them and therefore the risk of default is enhanced. Breach of law, be it insider trading by staff or environmental laws by the company may attract penalties and impact the reputation of the entity. Regulatory risk is a neglected area as in this case also, a ring fenced approach is adopted. Mitigation requires a mapping of relevant laws, baseline and then periodic audits with defined policies and internal control triggers to be in place. A lack of policies or non adherence to policies can pose an existentialist threat to an organization and yet Management leaves these tasks to individual departments or the Chief Internal Auditor.

Structural legal risk arises from fundamental changes in regulation, technology or the method of doing business in a particular Industry. An understanding of structural legal risk must inform the organization’s strategic plan. Fin tech for example was considered to be a disruptor for the Financial Sector and the telecoms were able to gain first mover advantage in mobile payments as the Banks were not geared up.

Managing Legal Risk

Most organizations in Pakistan manage legal risk in a narrow way through access to legal advice through either in house or external legal counsel or a combination. For most Companies in Pakistan having a small in house legal function has ensured speedier delivery of legal advice as the in house lawyer is able to handle routine matters or act as an effective coordinator between the business and external counsel for more complex matters. The trend is to employ lawyers with between 1 to 5 years of experience to work within the in house legal function. For young lawyers this move in house in most cases as the sole legal practitioner is intimidating as it is a move from a specialist legal environment ( of the law firm) with access to senior legal resources, to a more generalist sole practitioner role. The range of their advice is limited by their years of experience and exposure. Larger Companies who are able to attract and afford more senior resources would gain greater benefits which would go beyond providing routine legal advice or external liason services.

The model Globally is for inhouse legal counsel to be part business decision maker, part risk manager and part governance advisor. Experienced in house legal counsel would aid effective implementation as, based on their knowledge of law as well as the business, they would be able to anticipate issues early and work with the business proactively to address these. On the preventative, mitigation front they should be able to achieve internal commitment and to roll out a mitigation framework through framing of policies and training. These steps will make the organization future ready and aid sustainability. Legal risks cannot be eliminated however, these can be mapped and the organization should understand its tolerance limits to various risks. Certain risks can be mitigated.

Building Capacity to Manage Legal Risks

The in house legal function of your organization may not have the requisite expertise to work on larger legal risk issues. Law firms as well as Accountancy firms are not geared up to provide these services which require a broad legal cum business knowledge base coupled with an understanding of the particular organization as a One Size Fits All approach cannot be taken. There is a gap in the market and an experienced senior legal resource with General Counsel as well as Company Secretary experience could provide valuable legal consultancy and advice on some of the following matters:

  • Assisting business leaders with strategy and implementation of strategic decisions.
  • Advising on regulatory changes and structures to implement these
  • Setting up compliance programmes
  • Advising on internal policies and assisting in policy writing
  • Setting up of legal audit frameworks.
  • Staff training.
  • Creating vendor management frameworks.
  • Assisting in identification of legal risks for the organization as part of overall risk assessment.
  • Advising C Suite on governance structures and alignment mechanisms between Management and Board of Directors.
  • Strengthening the internal legal and corporate function thereby upgrading capacity.