Legal leaders share strategies for monitoring and mitigating risk in the evolving business landscape
Risk management is among the top priorities for legal departments today, as they focus on anticipating and responding to risks facing the business in a wide variety of areas. Regulatory compliance, ESG challenges, reputational risk and data privacy and cybersecurity are just a few of the areas that pose increasing risks to businesses in the post-pandemic landscape.
Legal department leaders came together with risk and compliance experts to discuss the latest trends in risk management at the Canadian Legal Innovation Forum’s latest webinar on Mastering Risk for Legal Departments.
Geopolitical issues around the world together with spiralling energy prices in Europe and the increasing problem of climate change in a world still reeling from the turmoil of the pandemic are driving inflation and impacting supply chains for many Canadian companies.
“It’s important to have your supply chains aligned with global partners to try and bring things closer to friendlier economies so that you’ll have a reliable source of goods in the future,” said Rustam Juma, general counsel, corporate secretary and privacy officer at Eckler Ltd.
At Loblaw Companies, human rights issues are a major focus for Jennifer Jobanputra, senior director of compliance and ethics. The retail giant recently released a human rights statement.
“We are examining at a local level and an international level how we can ensure that our colleagues as well as our supply chain and the workers that work there are compliant with respect to human rights,” said Jobanputra. Environmental, social and governance matters have always been a priority for the legal department at Loblaw, but it has become even more significant since the company launched its ESG report.
ESG is a significant risk factor for businesses – both in terms of the trend towards decarbonisation, and a growing interest in the “S” part of ESG, according to Juma. Businesses should not lose sight of the need for racial equality and the MeToo movement, as well as social media risk, as employees use social media to express views which might be linked back to their organization, Juma warns.
Another major risk facing many businesses is fraud, bribery and corruption which tend to increase when the economy is under stress, according to David Meadows, senior managing director at FTI Consulting.
Trying to meet shareholder expectations in times of stress increases the likelihood of employees performing a wrongdoing.
“In the last six months I’ve seen a significant increase in internal investigations in this space, with things like whistleblower hotlines popping up, so it’s definitely something to keep an eye on,” said Meadows, who leads FTI’s Canada and US Midwest forensic technology teams specializing in eDiscovery, forensic data analytics, information governance, and digital forensics.
Keeping track of the changing regulatory landscape and new risks that may arise as a result is top of mind for businesses. Eckler’s risk management committee developed a risk register to identify and keep track of the many risks facing the company. In 2018, 24 risks were identified, but that number has now jumped to 48, Juma said. The register lays out the cause and effect of each risk, controls and mitigation measures, and it outlines who is responsible in each case.
"Developing a cohesive framework around risk is fundamental,” said Juma. “A natural extension of those exercises is to develop a risk tolerance or risk appetite score card to assess your organization’s tolerance to various risks, and to make sure it’s aligned with your strategy,” he added.
At Loblaw, the enterprise compliance team examines risks facing all the different verticals within the company on a quarterly basis to see if any new risks have cropped up due to changing regulations or new legislations. They bring these matters to the board and ask for feedback.
“The other piece we are always considering is how our business is evolving,” said Jobanputra. “Are there people changing within our business that could also impact risk, and how do we have to manage risk because of the business changes? Do we have to introduce new compliance verticals or eliminate certain compliance verticals?” The team also monitors the whistleblower hotline to see if there are any new trends.
