Confluence of Legal, Risk and Compliance – Best Practices and Insights

January 12, 2015

meeting boardroom professionalsRecently Thomson Reuters hosted Leadership Council, a bi-annual event in which a cross-functional group of C-suite executives, including CMOs, CROs, CIOs, CTOs and others from large law firms and companies are brought together for a series of presentations and panel discussions. During panels, GCs, OGC executives, and Risk/Compliance heads share challenges and frustrations.

During a panel session, Risk and Compliance heads spoke to the changing regulatory landscape and what the current financial and compliance challenges mean for them practically, including the increasing complexity of tracking and adhering to the barrage of regulation. Participants included the MD, Deputy Head of Compliance for North America of a major global Financial Services institution, the SVP BSA/AML and Sanctions Compliance of a large US Financial Services organization, and the Global Director, Risk & Compliance of a large international Information Services and Media organization

Key takeaways for corporate counsel and compliance professionals include:

Regulatory Onslaught & Technology Challenge

Companies are tackling an increasingly large volume of new rules and regulations which they constantly need to track and analyze for impacts on their business. One organization performs Deep Dive Assessments on new regulations, testing and providing risk assessments for 880 global policies with 125 new regulations a day. They are heavily reliant on technology for this task to connect with 480 regulatory feeds – the Americas alone receive 200 updates a month. The team takes the feed, breaks it down, and sends it to compliance officers in each division for business discussions / decisions.

The sheer volume of regulations means the role of Compliance is becoming increasingly technical and there is a growing need for a single technology behind the scenes to help get things done and keep track of changes. As one panelist pointed out, “…currently no feed, no matter how good the product, covers everything…” Another panelist highlighted an RFP currently underway in their organization for a systemized workflow starting with Complinet data.  Compounding this issue is the growing Audit burden. Companies are constantly being audited internally and externally, and regulators now talk to each other and share information globally. Companies are being audited in an ever more global manner.  A panelist shared, “… I am always being audited for something – whether it’s by [our] own internal audit teams or an external agency, it’s just a way of life for us now…”

Need for Legal Guidance, not Just Know-How

Against this backdrop Compliance teams are more than ever needing guidance from their firms. As one panelist stated, “… a regulation doesn’t tell you how to apply it, it just says you need to.” Compliance teams want their outside counsel to deliver guidance on how regulations will impact their business and what decisions they need to take. As the panelists discussed, at the moment it seems that where compliance requires law firm involvement, the firms are hesitant. The law firms don’t want to be accountable for catching all regulatory changes and passing them on with advice. And the tendency for the firms to send regulatory alert e-mails is generic and insufficient. These briefings all stop short of telling the client what they actually need to do with the regulatory change. “Connect the dots – what does it mean for me,” seemed to be a shared sentiment.

This point mirrors the remarks made in the earlier GC panel,that clients don’t just need memos on law, but analysis on how the law applies to them. And this requires a deeper understanding of clients businesses to be able to draw those connections. Consultants currently provide this sort of guidance to their clients. However – and this was an interesting comment — consultants “parachute in and out whereas firms are partners” so it would be far more desirable to receive updates and advice on regulatory changes from outside legal counsel. What’s more, with so much competition in the market for typical legal work (e.g. litigation) driving down rates, if a firm could add regulatory advice to their offering it could in turn demand higher rates.

In addition, in-house counsel would like firms to be more proactive and go beyond simply tracking changes that have occurred. One panelist pointed out the following statistic, “90% of proposed regulations eventually become law, so wouldn’t it be wise for the firms track these proposals as well and get ahead of the game?”