Steps to Legal riskmanagement

6

Berkman Solutions 10260 SW Greenburg Road, 4th floor Portland OR 97223 United States ! 1 (855) 517-2193 North America +1 (503) 517-4293 Worldwide !www.BerkmanSolutions.com info@berkmansolutions.com

Select a framework

Obtain organizational

commitment

Identify legal risks

Analyze legal risks

Evaluate legal risks

Communicate and advise

1Select a framework

Quantitative model Predictive analytics

Empirical, internal data Relevant external data

Validated external models

No risk management Incident response Ad hoc case management Constant surprise Assumed uniqueness

Qualitative model Expert based assessment

Empirical data Forward leaning

RISK MANAGEMENT

Objectives of the framework

!Simple but not simplistic !Scalable but not overbearing !Adaptable but with clear guidance !Practical but not regimented

R = p * LGE

!

Risk is the likelihood of consequences

!!

“…effect of uncertainty on objectives”

- ISO 31000

2Obtain just enough organizational commitment

!

Risk management is not all or nothing

Organizational commitment

!Scope: department, division, enterprise… !Subject: contracts, regulations, litigation… !Audience: management layer, functions… !Budget: time, money, staff…

3Identify legal risks

!

Discover and capture risks to identify risks for further analysis

Risk identification

!Find sources of risk !Recognize potential and actual risks !Record risks in a “risk register”

Find sources of legal risk

!Contracts !Regulations !Litigation !Structural changes

Contracts

Breach of contract !Non-enforceable rights !Unfavorable interpretations !Evolving federal and state law !Conduct of the parties

Contracts

!New or modified regulations !Regulator focus !Civil, criminal, injunctive remedies

Litigation

!Lawsuit based on conduct !Civil penalties !Equitable relief

Structural changes

!Fundamental industry norm !Sweeping changes !Alters competitive landscape

Recognize legal risks

!Hazards: physical harm !Events: single occurrence !Situations: enter new foreign market !Scenarios: counterparty does X, Y, or Z

Record legal risks

Risk register: list !Risks: name !Likelihood: simple scale !Consequence: simple scale !Risk rating: simple scale, combination

4Analyze legal risks

!

Risk analysis is about understanding the risks

Analyze legal risks

!Controls assessment: effectiveness !Likelihood: probability estimation !Consequences: impact analysis !Uncertainties and sensitivities: variables

Assessment of legal risk controls

!Contracts: exceptions, requirements tracking !Regulations: compliance, reviews, ratings !Litigation: insurance, training !Statutory changes: maybe not…

Likelihood of legal risks

!!Discovery: likelihood that other party learns Decision: likelihood of adverse decision

Likelihood of discovery

!Contracts: counterparty learns and sues Regulations: agency attention and review !Litigation: aggrieved party motivated !Structural changes: legislative, industry focus

Likelihood of decision

!Contracts: validity of legal theory Regulations: certainty of violation !Litigation: probability of adverse decision !Structural changes: certainty of adoption

Consequences of legal risk

!!!Damages: (primarily) economic loss (or gain) Frequency: number of occurrences

Damages from legal risk

!Contracts: agreed, implied fees and penalties Regulations: fines, penalties, orders !Litigation: range of damages, attorney’s fees !Statutory changes: operations, reporting, … !!!

Frequency of legal risk

!Contracts: form contracts, repeat behavior Regulations: single incident, business practice !Litigation: jurisdictions, plaintiffs !Statutory changes: jurisdictions, scope !!!

Uncertainties and sensitivities

!!Uncertainties: continuously reduce Sensitivities: use ranges !

Rating scales

Elaborate models create false sense of precision. !

Likelihood Consequences Risk Rating

4 – Highly likely (>75%) 4 – Substantial (> $z) 4 – Very high

3 – Likely (50 – 74%) 3 – Significant ($y – z) 3 – High

2 – Somewhat likely (<50%) 2 – Material ($x – y) 2 – Medium

1 – Unlikely (<10%) 1 – Insignificant (< $x) 1 – Low

0 – Unknown 0 – Unknown 0 - Unknown

Legal risk register, simple

Risk title to easily find and refer to item !Risk description to capture the scope !Likelihood rating with 5 point scale !Consequences rating with 5 point scale !Risk rating which is a combined rating !

Legal risk register, less simple

(the simple list, plus) !Risk control process, tool to prevent risk !Risk control effectiveness effect on rating !Risk treatment process, tool to change risk !Risk treatment effectiveness effect on rating !

5Evaluate legal risks

!

Make decisions and prioritize risks

Legal risk evaluation

!!Risk tolerance policy to draw the line !Risk treatment options for risks above the line

Legal risk tolerance policy

Legal risk tolerance policy

Legal risk tolerance policy

Legal risk treatment options

!!!Modify risks so that residual risk is tolerable !

Legal risk treatment options

Avoid by not starting or continuing !Increase to pursue opportunity !Remove source of risk !Change likelihood and/or consequences !Share with contract or insurance !!!

6Communicate & Advise

!

Think holistically; communicate clearly

20 Minute Risk Manager

!Avoid the inventory !Start with revenue !Identify major risks !Recommend action

Select a framework

Obtain organizational

commitment

Identify legal risks

Analyze legal risks

Evaluate legal risks

Communicate and advise

Berkman Solutions 10260 SW Greenburg Road, 4th floor Portland OR 97223 United States ! 1 (855) 517-2193 North America +1 (503) 517-4293 Worldwide !www.BerkmanSolutions.com info@berkmansolutions.com