• DEFINITION –  Simply means “the risk to a business of an event occurring which brings about a legal consequence impacting the business”.


The days where risk management issues are all about the shareholders are over. There is also concern that institutions lack clarity as to the expectations of regulators in relation to legal and compliance risk management policies and techniques.  Key questions include how firms’ risk management functions relate to their compliance and legal departments; which professionals should be or are involved in the process; how lawyers, accountants and risk management professionals can work together best to manage legal risk; and whether there is any demand for a more holistic system of legal risk/compliance management.

Five steps to legal risk management


To be effective, legal risk management must be based on a thorough understanding of the business’ key activities, stakeholders and objectives and this can only be achieved by conducting regular legal audits and working with the business’ management team to analyse the risks, prioritise their management and anticipate the legal requirements of the business.

The audit will also facilitate the management of the “corporate memory”, essential for future due diligence exercises and the storage of key corporate data and documents, and it can lay the foundations for an ongoing compliance and risk management strategy.


In-house counsel cannot manage legal risk single-handedly. It’s imperative that the legal risks are communicated to the wider business to ensure they are supported and, vice versa, that the wider business objectives and demands are facilitated in the legal risk management strategy.

One way to achieve that communication is through legal risk awareness training sessions tailored to the audience within the business which is either most exposed to or best placed to handle the risk being communicated. Training sessions are a perfect opportunity for in-house counsel to demonstrate that they are working with the business (not against it), and are also a good pre-cursor to introducing new business guidelines to assist colleagues with the practical day-to-day management of the legal risks which have been identified.

Although some legal risks are stand-alone, don’t forget that many legal risks dovetail with financial, reputational, operational, political, regulatory and tax risks; so, legal risk management is just one part of a more broad risk management strategy within a business. It’s a challenge for those new to the role of in-house counsel to balance their risk-averse nature against both these other risks and the essential quality of risk-acceptance in any successful entrepreneurial business; but, once mastered, this skill will make the commercially aware in-house lawyer stand out in the crowd from those lawyers sitting in their ivory towers.


Underpinning any legal risk management strategy is the requirement for a comprehensive set of compliance and governance policies. Policy making is a key tool which in-house counsel have within their remit to positively influence the way in which business is conducted and to set the standard for expected behaviour. It is essential that all such policies have the buy-in and support of the management team, and that the legal department has a defined role in implementing and ensuring compliance with the policies.


The daily operations of a business always prove to be the most fertile ground for legal input. An abundance of legal consequences can be found in supply, manufacturing and distribution chains, protection of intellectual property rights, brand protection (online and offline), pending and threatened litigation, product liability, sales and marketing practice, insurance, property matters, employment and HR practice, industry regulation as well as company secretarial, board and shareholder matters.  Good working relationships with colleagues operating in each of these areas are essential for in-house counsel to play an effective and valued role within the business; the challenge is for the lawyer to be seen as part of the team, and not as an obstacle, to achieving operational outputs and objectives.


The individual character of each business will determine its exposure to legal risk and the management tools required to best handle that risk. Inherent to that is the balance of matching and managing internal and external legal resource, and indeed other professional suppliers to the business. The tough economic conditions are resulting in more businesses expecting their legal teams to reduce head-count and manage costs more tightly, but arguably against a back-drop of increased legal risk. A core skill of the in-house lawyer in today’s world is their ability to manage the risks in this more intense climate by better clarifying the role of the legal function within the business, demonstrating value-add and selecting, managing and getting the most out of their internal and external legal resource.

Every business will have legal risks peculiar to it, but taking the above steps will help manage the risks which are core to most. Please comment and share your experiences of legal risk management.

There may be many reasons for identifying and documenting risk. In order of increasing utility, these can include:

  • maintaining a record;
  • satisfying regulators;
  • repairing specific damage once a risk has crystallised;
  • repairing the underlying process once a risk has crystallised;
  • attributing financial impact to the risk;
  • allocating capital and resources to areas of the business;
  • influencing strategy and contributing value.

Every business will have legal risks peculiar to it, but taking the above steps will help manage the risks which are core to most. Please comment and share your experiences of legal risk management.