Corporate law functions engage with critical enterprise risk in the same spontaneous, one-off manner that most individual lawyers do their work: ad hoc, case-by-case reaction to what someone else has already put in front of them. And that typically after an incipient problem has become a full-blown lawsuit, agency enforcement action, or other legal or regulatory catastrophe. (Attorneys can be brilliant, even heroic, at such fire-fighting.)
But unless a likelihood of calamitous lawsuits or crippling government corrective measures has been expressly red-flagged to the general counsel or some other lawyer, few C-suite teams or boards hold Legal accountable when they are blindsided by devastating legal and regulatory surprises. Former GE General Counsel Ben Heineman, Jr. calls this the “ignorance defense”. (In contrast to their dramatic and well-paid rush to a blazing building, lawyers don’t care as much about the hum-drum (and less well-paid) replacement of batteries in a smoke detector.)
So there is a gaping legal and regulatory hole in what should be a comprehensive shield of company-wide, managed compliance.
To cover this gaping hole — first — the CEO, COO, or CFO needs to take charge of compliance enterprise-wide, and manage the systems and processes this requires. Because compliance, on a company-wide scale, is a management task. One that calls for disciplines on an enterprise-wide basis. Not for the one-off, ad hoc, and — above all — reactive, methods by which lawyers in-house and in firms do their work.
Second, the CEO, COO, or CFO needs to make Legal accountable for what lawyers are best positioned to do in avoiding compliance catastrophes: identify legal and regulatory dangers in their early stages, prepare contingency efforts against them, and, ultimately, prevent nascent dangers from mutating into something worse. (Few lawyers do this on their own).
Until the corporate law function is made accountable to the CEO, COO, or CFO for the legal and regulatory components of critical enterprise risk management, the business risks being blindsided by preventable harm that Legal is best positioned to address in its early stages.
Coming in Part II of IV: Legal’s “ignorance defense”
Coming in Part III of IV: Opposing views of the “ignorance defense”
Coming in Part IV of IV: Give Legal the responsibility to identify and prevent incipient dangers