GCs discuss managing corporate risk and compliance programs

Corporate risk and compliance is a top concern for today’s general counsel. According to a recent DLA Piper survey of those who registered to attend the recent Global Women’s Leadership Summit, about 80 percent of senior level in-house counsel respondents said the recent uptick in regulatory activity has affected their companies or industries.

Seventy percent of respondents said they see increased compliance and risk responsibilities falling under the legal department/general counsel (GC). Sixty-one percent of legal department respondents said they have had to expand their internal compliance functions. Nearly half of respondents said their companies have taken the next step and appointed a head of compliance.

In the Global Women’s Leadership Summit panel, “Managing Corporate Risk: Key Issues in Preventing and Navigating Through Crisis,” several legal department compliance executives discussed their best practices in managing risk for their clients.

Among the panelists’ top risk concerns were data breaches and cybersecurity. Both of these areas ranked No. 1 and No. 3, respectively, among survey respondents as the risks they anticipate having the largest impact on their company or industry within the next 12 months. With an increasing number of data breaches occurring each year, the panelists said companies must make prevention a primary focus.

Panelists advised that an organization must have a crisis management plan in place prior to a cybersecurity incident, and should immediately engage its outside counsel, security expert and outside communications advisory firm in this plan. They also agreed that quick transparency about the incident would mitigate legal harm. In other words, immediately communicate with the key executives, the board, federal regulators, foreign data privacy regulatory agencies and insurance providers.

They advised that GCs understand that security is not only about an organization’s information technology (IT) team. Every employee is responsible for the security and protection of a company’s assets, and training to that effect should be mandatory.

While cybersecurity and data breaches dominated the conversation, other issues raised included navigating the regulatory environment internationally, individual liability and managing the increasing cost of compliance programs.

All of the panelists agreed that one of the first things a compliance officer needs to realize is that if a company is big, “someone, somewhere is doing something inappropriate.” At the end of the day, GCs and compliance officers must be astute about balancing an organization’s risk with the business interest, without standing in the way of progress.