Creating a Legal Risk Framework

© 2021 Lexplosion Solutions | *Private & Confidential

1

Creating a Legal Risk Framework

© 2021 Lexplosion Solutions | *Private & Confidential2

“Enterprise risk management is .

a) a process,

b) effected by an entity’s board of directors, managementand other personnel,

c) applied in strategy setting and across the enterprise,

d) designed to identify potential events that may affect the entity,

e) and manage risk to be within its risk appetite,

f) to provide reasonable assurance regarding the achievement of entity objectives”*

Prologue

Committee of Sponsoring Organizations of the Treadway Commission (COSO) *This standard can be extended to managing legal risk

© 2021 Lexplosion Solutions | *Private & Confidential 3

Ideal Legal Risk Framework

Qualitative Model >

• Thorough Assessment

• Documented list of risk

opportunities

• Defined Risk Tolerance

• Categorisation and rating of risk

opportunities

• Structured risk control levels

• Well-defined roles and

responsibilities of all

stakeholders

• Documented Policies

• Constant evaluation

• Empirical Data

• Predictive Analytics

• Continuous Improvement

• Continuous awareness and

trainings

• Whistle-blower & incident

reporting options

Define & Identify

Assessment

Control & Execute

Report & Evaluate

Stage 01

02

03

Framework

Stage 02

Stage 03

Stage 04


Legal risk management is NOT azero-sum game. It does not have tobe all or nothing. Legal risk shouldbe managed to the best of theorganisations current ability andplans should be in place for risksthat cannot be managed


Stage 1: Define & Identify

5

Define Legal Risk

• Set strategy for defining legal risk across all risk opportunities –determine broad vs narrow focus of strategy

• Qualitatively demarcate areas of legal risk

• Document / record all legal risk sources & opportunities along with sources (Legal Risk Register)

Identify Ownership &

Boundaries

• Determine the 3 levels of defence

• Identify respective functions/departments at each level & personnel under each

• Identify overlaps and gaps and address them effectively or plan for contingencies

Set Parameters, Tolerance

Levels & Goals

• Determine risk appetite of the organisation

• Determine risk tolerance at individual and department level

• Create rules for distinguishing between acceptable and prohibitive legal risks

• Set quantitative goals & targets for controls & assessments


0

10

20

30

40

50

60

70

80

90

6

Source: Legal Risk Management | A heightened focus for the General Counsel – Deloitte Legal

Key Policy Areas Owned By TheLegal Function

-N

um

ber

of

org

aniz

atio

n s

urv

eyed

-


Stage 2: Assessment

Assess & Quantify Risk

• Determine following parameters of legal risk opportunities/events:

a) Likelihood & frequency of occurrence

b) Consequences of occurrence

c) Risk rating for individual /group risk opportunities/events

d) Risk controls/processes for mitigation

e) Risk treatment – to avoid repeat events

• .

• Assess which legal risks can be eliminated, avoided, limited, reduced, separated, transferred, diversified, accepted

Document Policies

• Define and document policies covering all legal risk events – includes statutorily required & internal requirement driven

• Assign roles & responsibilities for the 3 levels of defence

• Define action/penalty for violations – level of tolerance, disciplinary action & procedure, penalties, legal action

• Create SOP’s for implementing policies

Resource Allocation

• Based on earlier stage of identification, allocate resources for legal risk monitoring/reporting based on level, skill/experience, function, reporting

• Ascertain budgets and financial considerations for implementing framework

• Determine tech availability –in-house & outsourced

Internal Awareness & Trainings

• Assess training requirements for creating awareness & sensitivity towards risks

• Set standards for trainings• Set training timelines and

frequency for trainings


Indicative Risk Assessment FormatRisk Particular Compliance Contracts

Risk Item Non-compliance of HR/Labour regulations

Deviation from pre-approved clause provisions

Opportunities Each compliance requirement(6 per month)

Each instance of negotiation

Likelihood Medium High

Frequency 6 per month 5 per month

Consequence Upto Rs. 10,000/- fine and imprisonment

Bound to unacceptable/unviable terms

Impact rating High High

Controls Personal checklist, outlook reminders, storing proofs of compliance

Mandatory review by at least 1 senior legal/contract team member

Treatment & Mitigation Planning

Internal investigation & adding checker Enforcing template use & setting process for reviews

Control Evaluation Not effective. To implement dedicated software system

Not effective. To evaluate contract management software

Review Last day of next quarter Every 45 days


Typical Legal Risk Opportunities/Events

ContractsCompliance Litigation Intellectual Property

AuditsCompetition Thresholds

Regulatory Landscaping

Competitor & Market

Landscape

Conduct of

Individuals or

Counterparties


Stage 3: Control & Execute

10

Define Controls

• Define controls for every potential legal risk opportunity/event

• Group controls by type – preventive, detective & reactive

• Establish documented processes around every such control –revise/update policies, SOPs, process documents, improve training & communication material

Implementing Controls

• Involve all stakeholders and define controls for all legal risk opportunities as per identified Legal Risk Register

• Define ownership, oversight & execution responsibilities for all controls

• Prioritise controls based on risk rating • Determine assessment/review of all

such controls • Deploy tech solutions to the farthest

practical extent

Tracking & Monitoring

• Establish proof based reporting procedure

• Establish a committee/department for day-today oversight of controls

• Implement LegalTech products with legal risk focused solutions

• Establish escalation matrix


Specific Controls for Legal Risk Mitigation

Creating standard templates for contracts and prescribing playbook and process flow for deviations

Implementing contract management software for preventing breach related risks and to monitor deviation from templates in real time

Subscribing Updates services to stay up to date with ongoing changes and impact on legal risk

Implementing compliance management solution for monitoring compliance risk in real time

Standardisingbusiness team operations through SOP’s and trainings

Implementing litigation management software for monitoring litigation risk in real time, providing analysis of case outcomes, user performance & monitoring budgets

Conducting frequent, spot audits on business operations

Setting authorisation limits for spends, transactions

Procuring appropriate insurances for high legal risks

Driving trainings programs, recording trainings and evaluating attendees


Stage 4: Report & Evaluate

Board oversight

• Regular reporting to the Board & senior management

• Regular input and strategy from Board & senior management

Internal & External

audits

• Self and third party assessment

• Unit based, law-specific and activity specific audits

Data analysis & intelligence

.

• Identifying weak links

• Assessing corporate and individual performance

• Assessing true “cost of compliance” across resources, fees, penalties and others

Detailed reporting.

• Task completion details split by activity & status

• Risk assessment at activity and status level

• Reports split by entities, units, functions and departments

• Monitoring progress toward achieving pre-defined goals

Continuous improvement

• Evaluating reports to identify improvements in process, resource usage, cost-saving and implementing industry best practises


Summary

Define legal risk and its boundaries with other risk areas

Assess legal risk using a robust framework and define legal risk appetite at an individual and organization wide level

Create legal risk register recording all potential legal risk opportunities/events

Apply the three lines of defense model to ensure appropriate accountability, independence and assurance over legal risks

Create appropriate committees & report legal risks and the effectiveness of controls to the Board on regular basis

Use technology in the management of legal risk to provide broader risk and control oversight and real-time visibility across the organization

Create/review required policies, identify personnel & other resources, conduct appropriate sensitivity & awareness trainings

Involve all stakeholders & continuously evaluate the existing legal risk register and controls in place


Lexplosion Solutions has significant knowledge & experience in creating legal risk framework fororganisations of all sizes and across sectors. Lexplosion expertise lies in implementing thesesteps to create effective legal risk framework for its clients

Identify By carrying out a thorough assessment of the clients business operations and spread and using its own domain, Lexplosion determines the various risk areas and defines them as per its practice.

AssessThrough a series of questionnaires, calls, and review of existing policies and processes, Lexplosion determines the clients current and required metrics and particulars for an effective legal risk management framework and assists in designing the same

Evaluate Through use of its several LegalTech SaaS products, Lexplosion dovetails the created risk framework into the clients operations to ensure seamless, accurate and real-time monitoring and evaluation of the clients risk controls and framework

Report Based on rich and analytical data generated from reports through its products, Lexplosion counsels clients on success of the framework and advises on corrective or improvement actions.

How we can help?


About


4 Offices The Lexplosion Team Our Client Profile

• Kolkata

• Bangalore

• Mumbai

• New Delhi

50+ Lawyers

15+ Tech team

100+ Clients

250+ Engagements

13 Fortune 500 Clients

5 Fortune 100 Clients

LegalTech Pioneers

ABOUT US

16

2007

2008

2009

2010

2019

2020

2011

2012

2013

2014

2015

2016

2017

2018

Founded

Awarded cross-country

compliance mandate

Launched Audit/DD services VIC launched

Komrisk launched

Grows past 50 clients


Sets up internal IT

team

Launched Komplify


Launched Komplied

Launched Komlit & Komtrakt


KomsightLaunched


Audit Management Software

Compliance Management

Software for SMEs

Compliance Management Software for Enterprises

Contract Management

Software

Litigation Management

Software

Audits/Due Diligence Virtual In-house Legal ResearchContract

ManagementLitigation Analysis

17

▪ Comprehensive LegalAudit: Covering All /Some Module(s) andAll / Some Unit(s)

▪ Focused Legal Audit:For specific Law/ (s)

▪ Operating Unit Audit:Corporate OfficeAudit, Branch Audit,etc.

▪ Statutory Research▪ Case Law Research▪ Multi-jurisdictional

Statute Surveys▪ Research

Memoranda andOpinions

▪ General Advisory▪ Contract

ManagementServices

▪ Litigation SupportServices

▪ Due DiligenceServices

▪ Compliance SupportServices

▪ Contract Draftingbasis Playbooks

▪ Contract Review▪ Contract Abstraction

and Summarization▪ Contract Risk

Analysis

▪ Tracking LegislativeChanges & PreparingComparative Notes

▪ Review of Documentsfor Relevance,Materiality,Confidentiality, etc.

▪ Risk Categorizationon the basis of pre-determined criteria

https://www.lexplosion.in/products/komrisk-compliance-management-software/

https://www.komplify.com/

https://www.lexplosion.in/products/komplied-audit-management-software/

https://www.lexplosion.in/products/komtrakt-contract-management-tool/

https://www.lexplosion.in/products/komlit-litigation-management-software/


Partial list of our clients

18Private and Confidential


Qu

ali

fica

tio

ns

Indranil Choudhury

CEO

Siddharth SinghCOO

Pramod BhasinInvestor

Srinivas KilambiDirector

Sameer BediDirector

• M.St., OxfordUniversity, UK

• SMP ,IIM Kolkata• B.A.LL.B. (Hons.)

National LawSchool of India

• LLB, Universityof Delhi, India

• B.Com (Hons.)University ofDelhi, India

• CA from ThomsonMcLintock., UK,

• B. Com (Hons.),University of Delhi

• LLM, ColumbiaUniversity, USA

• B.A. LL.B. (Hons.)National LawSchool of India

• B.A. LL.B. (Hons.)National LawSchool of India

Ex

pe

rie

nce

• 23+ Years ofLegal/OperationalExperience

• Worked with GE,Genpact,Amarchand, &NDTV

• 22+ Years of LegalExperience

• Worked with GE,Genpact, Seth DuaAssociates

• Decades ofLeadershipExperience withGE and Genpact

• Founded Genpactand consideredfather of BPOindustry


• Worked with GE,Genpact


• Worked with GE,Ranbaxy

• Currently, Partnerwith SB Associates

Th

e X

Fa

cto

r

• WidelyrecognisedThought Leaderon Legal Issues

• Lexplosion’sRainmaker andSales Leader

• Rare Combinationof Lawyer +Process Expert.Six SigmaCertified

• Ensures smoothoperations/delivery

• Needs nointroduction!

• Supports inopening doors fortough clients

• Spends sizabletime on advisorysupport to us

• Legal Pundit.Works assounding boardfor our newproducts andservices

• Lawyer byprofession andSales person bychoice!

• Actively marketsour services topotential clients

19

Promoters and Investors


HeadquartersLexplosion Solutions Private LimitedInfinity Benchmark, Floor 6, Office# 1, Plot# G1, Block - EP & GP, Sector V, Salt Lake, Kolkata- 700 091, IndiaT. +9133 40618083/84/85

Mumbai OfficeLexplosion Solutions Private LimitedAwfis, 10th Floor, Parinee Crescenzo, G BlockBandra Kurla Complex, Bandra East, Mumbai 400051, Maharashtra

Registered Office & NCR (Delhi) Lexplosion Solutions Private LimitedD-20 Hauz Khas, Ground Floor, New Delhi – 110016, India

Bangalore OfficeLexplosion Solutions Private LimitedRegus, CBD Bangalore, Level 9 Raheja Towers, 26-27 Mahatma Gandhi Road, Bangalore - 560 001, India

Visit www.lexplosion.inOr

Email to [email protected]

20

Contact Us

Lexplosion is also a Member Firm of Leading Indian Industry Associations

http://www.lexplosion.in/

mailto:[email protected]

http://www.nasscom.in/

http://www.cii.in/