Can disasters be predicted? Not always, but in-house counsel can play an important role in mitigating some of the potential legal, financial, regulatory, and reputational perils faced by their companies.
Take the Alberta floods in June, estimated to have cost the province up to $2 billion due to problems such as infrastructure damage and pipeline shutdowns.
The scale of the flooding was unprecedented, but even uncontrollable business risks can be mitigated, says Janice Odegaard, senior vice president and general counsel of Canada’s largest energy firm Suncor Energy Inc., based in Calgary.
“Suncor can’t prevent a river from overflowing, but can identify there may be a business continuity risk if there were a disaster that prevented us from accessing premises, or compromised security systems,” she says.
Equally, companies at the mercy of commodities prices can work through different scenarios, such as a sudden pricing drop, and integrate these into their business plans.
Is it an in-house lawyer’s role to focus on financial risks? “A lot of risks are very interlinked,” Odegaard argues.
An operational incident can easily have legal implications. For example, an oil leak could precipitate an environmental, or health and safety, hazard.
Being aware of a company’s broader business environment is all part of the evolving role of general counsel, she argues.
Odegaard monitors potential risks associated with new policies or legislation on the horizon by looking at data provided by industry bodies and speaking with general counsel in other companies.
She also has regular discussions with people working across the business, in order to assess the severity of various risks.
“Different people may bring their own perspectives to bear and it’s really important you have an overall [company] approach,” she says.
Mary Martin, vice president, general counsel and corporate secretary at Metrolinx, agrees tackling risk in a proactive way that addresses operational issues requires regular discussions with a range of people, including key decision-makers.
“Look at it as a team initiative which goes beyond the type of risk management lawyers are trained to address, such as contract terms and conditions which
appropriately allocate risk,” she advises.
It is important the general counsel is either a member of the senior executive team or has regular access to those on that team including the chief executive, chief finance officer, and operating division heads.
Board directors must be kept apprised of any developing circumstances that may pose risks to the organization’s commercial interests and — at least as importantly — its reputation.
“Board members often devote time to public sector agency boards with little or any compensation. They quite rightly do not want to be associated with any
circumstance of which they are unaware and which affects reputations of the organization and those representing the corporation,” Martin says.
Metrolinx deals with a full range of commercial risks. These are associated with running the GO Transit service; employing a large workforce — including unionized staff; overseeing the construction of large capital infrastructure projects in urban environments; relying on complex technology arrangements using third party technology or services, like the PRESTO card; and being involved in start-up business units such as the express rail connection between Union Station and Toronto Pearson International Airport.
As an agency of the provincial government, Metrolinx must also respond to concerns raised by the public and other interested parties such as municipalities and the auditor general.
Courts look at the level, type, and quality of community engagement in assessing any liability relating to construction activities, and Metrolinx also feels “it is the right thing to do,” says Martin.
The agency also sought intervener status earlier this year at a Supreme Court of Canada appeal on an injurious affection case, Antrim Truck Centre Ltd. v. Ontario (Transportation), in order to gain clarity on the laws around balancing private and public interests during public infrastructure projects.
Many companies refer to their risk assessing process as an “enterprise risk management system,” meaning it runs systematically through the organization and is regularly discussed by the board.
York University, in Toronto, takes this approach. The university’s director of legal services Christine Silversides explains how risks lurk even in the supposedly calm and cerebral university sector.
For example, York has a diverse population with relatively high numbers of both Jewish and Muslim students, and is a hotbed for political rallies and demonstrations, particularly over issues concerning the Middle East.
Silversides works closely with security staff to help prevent clashes, without using inappropriate force. “We find that we’re in the public eye a lot because of those demonstrations,” she says.
A recent furor was sparked after a demonstration on campus led to the university banning a group called Students Against Israeli Apartheid.
“There are always external groups — Jewish groups, Palestinian groups — who are looking at what we’re doing and whether we’re in any way dampening protests, whether we’re encouraging them, that sort of thing.”
Silversides provides a yearly risk management report to the board but argues it should be a year-round process. “It’s not about filling in forms and closing the binder and putting it on the shelf. It’s all about discussions and day-to-day conversations with people.”
This can be challenging in a physical environment in which departments are spread out across a fairly large area, so it’s vital to “work really, really hard” at building relationships and trust, Silversides says.
As well as making the effort to meet with individuals before issues arise, she gets together with each department formally at least once a year to discuss whether the legal team could do anything extra to help mitigate any risks, and whether departmental staff need to be trained in certain issues.
“I always have my ear to the ground on what’s coming out, and I have education sessions for faculty and staff at the university so they’re aware of what types of legislation are going to affect them, and how they may need to change or not change.”
E-mail bulletins provided by external counsel are an effective way to stay on top of potential emerging risks, she finds.
International operations can be a particularly risky area. Daniel Bourque, senior corporate counsel and chief privacy officer at Xerox Corp. Canada, says more and more of his company’s business is being outsourced overseas.
Services must be maintained, but geography can make overseeing the processes, and keeping a handle on potential danger areas, more difficult.
Bourque says: “We need to get a hold on laws in different jurisdictions — which laws apply, and how we handle the issues.” Disaster recovery plans are put in place so the company is prepared for any incident that may arise.
Being a subsidiary of a U.S. firm brings additional challenges, especially because the biggest risks facing Xerox are related to privacy breaches, and the U.S. lacks overarching privacy legislation such as Canada’s Personal Information Protection and Electronic Documents Act.
This means the U.S. is not classed as a “Safe Harbour” country by the European Union and firms with international operations must undergo a certification process to prove they will safeguard clients’ privacy.
Bourque says methodically assessing risk in this way is highly valuable. “In this day and age, where everything is more and more almost exclusively held in electronic media, it focuses you to think about what it is we’re doing and how we handle information.”
York University also recently experienced the challenges of mitigating risk in an international environment when a researcher received a federal grant for work in Kenya that involved constructing a school.
This was around the time of the March general elections and, as Silversides acknowledges, “Kenya’s not necessarily the most politically safe environment.” Around 1,200 people were killed and 600,000 displaced in the aftermath of the previous election, in 2007.
The university had a long list of risks to assess, including: “What kind of risks are we taking by sending our people, by having a school built on land in Kenya? What’s the land title system in Kenya like, how do you own land in Kenya, how do you make sure the money is flowing through to the right people and being used for the things it’s meant to be?”
In the end, a decision was made that staff would not visit the country, and York paired up with a local university, that had a better understanding of the legal system, to build the school and take on a share of the risk.
Risk management is not the same as being risk averse; the in-house counsel role is to find ways to move business goals forward.
The solutions will only come from regular interaction with colleagues, a determination to make risk management a priority, and the open-mindedness to tackle risks that lie beyond one’s immediate legal comfort zone.
As Silversides says: “I know that a lot of organizations have their beautiful little risk management policy that goes on the shelf. It hasn’t developed into an organic collaborative culture. That’s the key . . . a lot of it is personality.”