• Contact Details
• Subscribe To The NCHC Mailing List

In Business, Good Guys Need A Plan to Manage Legal Risks

January 2006 (For the Daily Journal)
By Diane L. Becker

The information in this article is provided only as general information, which may or may not reflect the most current legal developments. Therefore, the information is not provided in the course of the attorney-client relationship and is not intended to constitute legal advice or to substitute for obtaining legal advice from a licensed attorney.

Conducting a business in today’s legal climate is increasingly complex and treacherous. As new laws are enacted and existing laws are interpreted more broadly to entrap those engaged in improper and unscrupulous business practices, more pitfalls are created for the honest business person as well. Businesses have recognized that the risk of potential lawsuits, legal actions, or violations of law are a major aspect of every business environment and that survival in the business world requires knowledge of legal risk and how to cope with it. While business executives are familiar with many of the risks they face, all too often the more crucial risks related to potential legal liability escape their attention.

This article will discuss the nature of LEGAL RISK MANAGEMENT, and the functions and techniques of LEGAL RISK MANAGEMENT. While there are many different definitions of legal risk, for purposes of this article, legal risk is defined as the uncertainty of loss from litigation, threatened litigation and violations of law. Basically, all situations involving LEGAL RISK MANAGEMENT fall into two broad categories — speculative risk or pure risk. The distinction between these types of risk is significant since techniques to address speculative risk differ from those addressing pure risk. This article does not discuss speculative risk, which is the hoped-for possibility of gain or the chance of loss from a particular business activity. The reward for speculative risk taking is profit. In general, speculative risk may arise from a management decision, a political force, or a business innovation, based on a business activity by management. The basic characteristic of speculative risk is the possibility of gain or the chance of loss from a business activity.

Companies also are exposed to another major category of risks called "pure" legal risks. This article will address pure legal risks. Pure risks are the type of risks that are generally addressed by a LEGAL RISK MANAGEMENT PROGRAM. The major sources of pure risk in a Company arise from: (1) physical damage to assets, (2) indirect or consequential losses because of damage to property, (3) losses through fraud or criminal acts, (4) liability losses or loss of the Company's assets due to its responsibility for damage to others, and (5) loss to the Company resulting from death or disability of key employees.

The LEGAL RISK MANAGER is the individual responsible for seeing that the profit or assets of the Company are not unduly impaired by the occurrence of a legal risk that is outside the direct control of the Company. Stated another way, the LEGAL RISK MANAGER's basic job is to assure the financial solvency of a Company against the consequences of pure legal risk at the lowest possible cost.

The specific functions of the LEGAL RISK MANAGER can be expressed in five key steps:

1. Identification of the pure legal risks and speculative risks facing the Company.
2. The measurement of the financial impact of pure legal risk and speculative risks.
3. The classification as to frequency and severity of loss associated with any given pure legal risks.
4. The treatment of pure legal risks and speculative risks by various techniques with the minimization of their overall total cost as the prime objectives.
5. The reevaluation of the entire procedure in an effort to improve the procedures of identification, measurement, classification and treatment.

Identification of the various risks faced by a Company is the first step in the LEGAL RISK MANAGEMENT process. Certain legal risks will be readily apparent, however, many legal risks are much less obvious and require thorough investigation and analysis by the LEGAL RISK MANAGER. Examples of the less obvious sources of potential legal risk are the identification of the types of losses that may result from suits due to inadequate internal controls, or copying of intellectual property owned by other Companies, or losses that could result from lawsuits from employee wrongful termination claims, or losses resulting from inadequate protection of the Company's intellectual property. To aid in recognizing various types of exposure to loss, many LEGAL RISK MANAGERS utilize systematic approaches, including risk discovery checklists or questionnaires, financial statements and flow charts.

Assuming that all or the most pertinent risks have been properly identified, the next step in the LEGAL RISK MANAGEMENT process is to measure both the maximum possible loss and the maximum probable loss that can occur as a result of the identified exposures. The maximum possible loss is the greatest total loss that might be suffered if a loss occurred, while the maximum probable loss is the best estimate of the actual loss that would occur if the event happened. Measurement permits the LEGAL RISK MANAGER to categorize the implications of pure legal risks faced by a Company in terms of dollars and frequency.

Once the risks faced by the Company have been identified and the probability of loss estimated, both in terms of severity and frequency, the LEGAL RISK MANAGER is in a position to determine the best method or methods of handling each risk. The techniques available include loss prevention, risk retention (assumption), risk avoidance, and/or risk transfer. Loss prevention techniques are concerned with eliminating or reducing the frequency of losses and holding down the actual dollar loss resulting from any one occurrence. Since the existence of legal risk increases probability and seriousness of loss, the LEGAL RISK MANAGER will concentrate on the loss prevention area.

Risk assumption or retention is defined as the failure to take positive action to provide for the undesirable consequences of a legal risk or as taking actions to have the Company itself handle the risk. Risk assumption or retention arises from either: (1) the risk is neglected because its existence was unrecognized, or (2) the risk is considered carefully and a conscious decision is made to take no action or to retain the risk.

Risk avoidance is the outright avoidance of hazards and risk before they are ever assumed in the first place in another method of transferring risk.

Risk transfer can be accomplished in two ways. The use of commercial insurance is the most frequently used method of handling risk. The LEGAL RISK MANAGER will seek to transfer legal risk by establishing an economical and effective program of commercial insurance for the existing legal risks. With all the different types of coverages available, possible difficulties of placing the company or finding a reasonable market, the then-current insurance market with ever increasing insurance costs, and countless other problems, the LEGAL RISK MANAGER needs a systemized approach to developing an insurance program. Another important legal risk management technique is risk transfer to other parties through indemnity agreements, assumption agreements or liability limitation agreements. One of the prime methods of non-insurance transfer of legal risk is the contractual passing of the risk from one party to another by the use of a hold-harmless agreement.

An important phase of LEGAL RISK MANAGEMENT is a formal review and evaluation of the effects of the risk management procedures employed by the Company. The following questions should be answered in a formal appraisal of a Company's risk management policy.

1. Has the scope and magnitude of pure risk to which the company is exposed been analyzed and comprehensively defined?
2. Have all exposures to loss been made known to management, with recommendations for treatment?
3. Have abatement procedures and loss-prevention activities been evaluated as to their benefits and costs?
4. Are all functionally related departments aware of and alert to their responsibility in the risk management process?
5. Have studies been made on deductibles and self-insurance, as opposed to commercial insurance, for all discovered exposures, and have previous decisions concerning the use of insurance plans been analyzed from the vantage point of hindsight?
6. Have brokers' and agents' services previously used been evaluated?
7. Have claims been adjusted in accordance with contractual agreements?
8. Has the passage of time verified that risks have received adequate treatment and that the financial consequences of retained risks have not exceeded acceptable limits?
9. Have historical data files been kept so that the collected records of past decisions can be used in the formulation of new risk management procedures?

While the law has its “traps,” a LEGAL RISK MANAGEMENT PROGRAM can provide the benefit of avoiding many costly legal mistakes. There is enough stress in the day-to-day conduct of a business without adding more stress from careless legal activities and resulting legal liability. A carefully developed LEGAL RISK MANAGEMENT PROGRAM will make a company better able to avoid or minimize legal problems, if and when they do arise, and will facilitate the day-to-day operation of the business.

Ms. Becker may be reached at (805) 988-8307 or dbecker@nchc.com.