For companies and individuals, the worst kinds of risks are those that are known to exist, but which can’t be fully grasped. Lurking in the shadows, these risks manage to inspire fear while also evading management. Compliance and legal risks fall into such a category, as executives of large companies consistently report being both highly concerned about these risks and ill-prepared to deal with them. In his article, “Legal & Compliance Risk in a Global World,” from the Compliance Elliance Journal, Peter Kurer, the former general counsel and chairman of UBS examines this paradox and offers some solutions for how the problem of compliance and legal risk can be better managed.
In his article Kurer first identifies the root of the problem, which he argues is globalization. Advances in communication and transportation technology have succeeded in creating a single, interconnected economy out of many politically independent parts. However, Kurer argues,
There is a very simple problem attached to all of this: many legal systems will govern any kind of activity of a global company in parallel. We call this legal pluralism and some observers rightly say that this has gone far beyond a battle of different legal rules and reached a situation which one might call legal postmodernism …This is a world where the law has become an amorphous and entropic system, where one is often hit by its force by pure happenstance.
Globalization has also produced what Kurer refers to as a Risk Society, in which individuals, businesses, and governments are constantly attempting to assess and mitigate risk. One way that companies have tried to do this is simply by hiring more subject area experts in the hopes of gaining the internal expertise needed to offer better risk solutions. The problem is, Kurer argues, these large teams of compliance experts may not represent an increased ability to mitigate risk, and staffing-up may simply create new and more complex layers of bureaucracy. “The traditional approach consists of adding ever more and different specialists to legal and compliance activities and in piling one process on the other,” Kurer argues, which “creates huge bureaucracies, makes all these busy experts and advisors happy, and smooths the many worries of the senior managers. But is this really in the best interest of global business? Is it up to the challenge of a rising tide of legal and compliance risk?”
The Compliance Elliance Journal
The Compliance Elliance Journal (CEJ) is an example of the continued growth of compliance as a specialized field. The CEJ is an open access e-journal that publishes articles aimed at practitioners, scholars, and students in the compliance field and offers a platform for compliance experts to share their ideas. Each issue of CEJ addresses a theme relevant to the compliance industry and contains topic articles, case studies, interviews, reviews, white papers, and “a student corner.” The first edition, entitled “Global Corporations in a World of Local Market Specifics: How to Create a ‘Glocal’ Identity of Compliance,” was published in the summer of 2015. The most recent edition, “Ambiguous Legal Issues in Internal Investigations and Audits,” was published in the winter of 2016.
Rather than more bodies, Kurer calls for more strategic thinking in combating risk. In doing so, he lays out a roadmap for addressing legal risk management in which he highlights the important role that company leadership must play in defining management strategies that are particular to the needs of the organization. In speaking to The Practice, Kurer expressed a sense of optimism regarding the future of managing compliance and legal risk.
I am optimistic because I am not alone with my thinking. Around the globe I see more and more companies switching their traditional approaches in this space to a more strategic method. Increasingly, companies govern the process from the top, arrange for a proper consideration of legal and compliance matters in the strategic business planning, employ experts other than lawyers and compliance officers in the risk management, and use both more technology and psychological knowledge to nudge employees into compliant and ethical behavior.