In many organizations, the role of the CLO is growing in significance and guides the enterprise beyond putting out fires on legal matters. It is expanding into a proactive role in legal risk management and preventative law, becoming a critical pillar in an organization’s risk management strategy. This requires that the CLO be an integrated role in the organization’s proactive governance, risk management, and compliance (GRC) capabilities.
Today’s CLO must have a full understanding of the regulatory, litigation, contractual, transactional, and intellectual property risks, how they relate to each other, as well as how they fit into broader GRC strategies. The CLO must be able to rely on a well constructed understanding of how legal risks fit into enterprise risk frameworks. The CLO has a critical role beyond the traditional stance as “protector” of the organization and its assets (via contract negotiation, litigation and interpretation of legal requirements) and now is an active part of the strategic planning that leads to achieving higher performance; what we call Principled Performance.
Legal must no longer be viewed as the “Department of No.” This is a unique occasion to serve as the hub for discussion about how best to balance the risks and opportunities presented by the organization’s decisions and actions. Today’s CLO must help lead the organization to higher levels of performance while assuring the board and other stakeholders that the company can also maintain Principled Performance and mitigate risk of legal exposure. This means the organization will take full advantage of opportunities that will help meet its objectives, while staying within the boundaries of laws, regulations, contracts, and corporate commitments.
As a key player at the center of the strategic team of the enterprise, the CLO must address wide-ranging stakeholder demands and concerns through:
- Leading the identification of legal requirements and interpreting the need for controls to address them
- Identifying legally or contractually required controls
- Monitoring contractually imposed requirements to ensure controls are correct in the context of the dynamic business environment
- Participating in design of the GRC program regarding confidentiality, access limitations, etc.
- Assessing potential impacts of noncompliance to determine correct level of control and allocation of GRC resources
- Designing escalation plans for issues and incidents — when should legal be involved right away, when does privilege have to attach, when does the board or external stakeholder have to be informed, and when does legal conduct certain investigations
- Identifying key risk indicators for GRC changes or consideration as they occur, which legal is aware of early due to its role in contracts or negotiations such as merger and acquisition activity, litigation and settlements, licensing arrangements, vendor/partner contracts, etc.
- Identifying actions that may have a cumulative effect; for example, settling an environmental noncompliance matter may cause government contracting debarment if not handled properly
And all the while, the CLO must embrace a strategic view that satisfies the demands of all these forces while keeping an eye on the prize — meeting the organizational objectives for value.
FOR FURTHER DETAIL PLEASE DOWNLOAD THE REPORT:
