In conversation: Richard Brzakala, Director – Global Legal Services, CIBC

I was almost a unicorn when I first started working in legal operations 20 years ago. The concept of operations, though well-defined in other business functions, was not well understood among legal counsel. Only the largest and most sophisticated legal departments were using e-billing products or matter management, and only the most far-sighted GCs thought of their function as a set of systems and processes that could be improved by careful design.

Today, there are armies of people working in legal ops, supporting GCs in their attempts to improve the efficiency and effectiveness of the legal function. A big reason for that shift is that legal teams have come under increasing pressure to constrain costs and avoid unnecessary expenditure. Improving efficiency has become a second mandate of the GC role, one that sits alongside managing purely legal matters on the list of priorities for business. And so, inevitably, legal ops professionals have entered North American corporate legal functions, tasked with finding the latest and greatest things in the marketplace that can help improve processes.

The rise of legal ops has been accompanied by a rise in legal technology. The increasing sophistication of legal technology means that data is now starting to speak to us and reveal patterns that were previously hidden. For example, by leveraging data and information from billing systems, legal teams are better able to understand the inefficiencies in a process.

The marketplace for legal tech has matured and evolved so rapidly that it is becoming all but impossible for busy general counsel to keep up with developments. Covid has been a huge catalyst, increasing the speed with which we are moving into a virtual workplace, but the wind was already in the sails of the innovators, driving greater choice and competition in the space. What all of this means for corporate legal departments is far less clear, but there are some clear trends we can identify. 

The changing relationship between clients and law firms has been spoken about at length, but the significance of this change is still not widely understood. It feels as if there is a revolution taking place in the legal services industry, but the evidence for this is not appearing where many expected to find it.

While there has been a general tendency among businesses to shrink their pool of external firms, the impact of this has played to the advantage of many of the market’s most dominant players. In a typical panel only a small number of firms are ever likely to be deemed key strategic partners. While it is true that corporate legal departments are paring down their panels and moving more of their strategic work to a smaller constituency of firms, the firms that survive are the ones that have historically handled big class actions or M&A deals on behalf of a client.

These firms have reached that almost utopian state where price is rarely an issue. Clients are not going to nickel and dime them on invoices because they are deemed to be delivering true value. When it comes to appointing these firms, particularly on bet-the-company matters, the board of directors is standing behind their GC. In short, there is absolutely no evidence that the traditional elite will be disrupted anytime soon.

The mid-tier law firm space is perhaps more interesting. Clearly, these firms have been hit hard by disruption to the market: competitive pricing has become extremely challenging in a market where transactional work has either abated or moved to alternative providers. Meeting growing client expectations around information security is also much more challenging for smaller firms, particularly as concerns over cyber risk and handling of information have come into the limelight recently. This alone could lead to a firm being delisted from a panel.

At the same time, these smaller firms have the potential to be more agile. They can be more receptive to new ways of working, which is an advantage in a world where clients want to collaborate with and learn from their providers. It can be easier to form that sort of chemistry with a smaller firm.

There is a greater awareness, certainly among legal ops, that a firm is more than its partners. We want to know who works on project management. All people bring value to the organisation, and as much as we like and respect managing partners, we also now want to know the wider firm. It’s a very much a symbiotic relationship, which is exactly how it should be. Like any relationship, both sides need to put in the effort to make it work, but the rewards can be hugely beneficial for both sides.

In conversation: Damian Olthoff, General Counsel, PROS Holdings

Damian Olthoff

Since I joined PROS Holdings in late 2011, I have seen the company triple in size. Most of that growth happening during the last few years, so its fair to say we have been on an incredible upward trajectory.

PROS Holdings is an AI-based software business in the B2B space that optimises shopping and selling experiences. For example, we create the software that airlines use to price tickets. In a range of sectors and industries, we develop innovative software that services some of the largest companies in the world to deliver frictionless, personalised purchasing experiences designed to meet the real-time demands of today’s B2B and B2C omni-channel shoppers.

In 2015, we made the decision to pivot our on-premise software-based service to a subscription-based cloud software model. At that time, roughly two-thirds of our revenue came from licenses and professional services, so the move was a major change for our business model. Although not an easy transition, it was a necessary and successful move that secured a path to further growth.

As a result of this work, we were well positioned to work virtually using digital tools as a company, almost at the flip of a switch. Even so, when the pandemic hit the working culture of our organisation changed quite radically, and the legal department had to evolve at speed.

One important change was shifting the way legal interacted with business. When working in the office, it was common for people to swing past the legal department with their questions. In a virtual environment that opportunity does not exist, so it was something we had to adjust to very early. We were able to modify a service desk software system our company was already using and implement that for our legal team. Since people were already familiar with the programme it was very quick and easy to set up.

The results have been very positive, and it has certainly caused me to question why we didn’t think of doing something similar before. We have since built this out to handle all day-to-day legal matters. Now, instead of knocking on the legal team’s door, employees know where to submit their requests and how to track them in real time.

A secondary benefit of this approach is that it has given us metrics on the work we do. We can see who is working on a matter, the response time to the matter and we can easily review the volumes of work coming through. We can also scale by analysing the complexity of the work and the cycle time it takes to complete tasks. There have been a lot of benefits from adapting our processes.

The biggest advantage with going more digital is transparency. This system allows us to give great visibility into how matters are doing overall, and how they are being handled. It also allows us to see how much of what we are doing is actual legal work – as opposed to process work – and whether a matter can be handled more efficiently. This empowers our team to better delegate work and to focus on matters that require specific legal expertise.

Contract automation has also shortened the time it takes to put together standard agreements. We did some analysis and worked out that it takes a paralegal 20 to 30 minutes to put together a standard contract. If you take into account the volume of contracts the average business does, you realise pretty quickly that you will need a small army of people just to keep up with that side of things.

By automating standard company contracts we enabled commercial teams to assemble their own documents, injected a level of transparency into the process, and allowed the legal team to focus on more strategic questions and less on standard operational work. When it comes to contract work, being able to flag and address non-standard terms in real-time is the next frontier.

Just like the GPS in your car, I believe in the future we will be able to use relevant data signals to navigate legal matters using AI. I do not think this will happen broadly in the next couple of years, but certainly it may in the next decade.

Implementing these processes did not happen overnight, but the impact has been transformational. Compared to a few years ago, the quality and sophistication of the work we do today can be attributed to capacity created from the implementation of legal tech.

We now have systems in place that allow us to track the common questions we have dealt with in the past. This is truly empowering. It means legal advice is based on real data and gives us all the conviction that what we are doing is not only reasonable, but also marketable. For a support function, it is incredibly powerful to be able to assign a dollar amount to the contribution you’re making to the bottom line.

Just as importantly, it frees up our capacity as in-house counsel to focus more on other things, whether that be data privacy, compliance, ESG or D&I. Lawyers are more than contract jockeys and they can add value to many areas of a business. Technology is liberating lawyers and giving them a renewed purpose.

Despite all the clear advantages technological innovation provides, the legal profession as a whole has been slow to adapt. The next step will come when legal software providers move their offering to target in-house practitioners. This tends to be an area of the market that is receptive to new ways of working, and we are already seeing a shift in the focus of software vendors.

I have encountered many conservative professionals in my time who are averse to change. But, as with everything, the moment will come when the pain of staying still becomes greater than the pain of moving.  We are not far from seeing that tipping point as the pace of change continues to accelerate, and GCs as a group are increasingly aware of this.

Ritankar Sahu, General Counsel and Head of Compliance, MAXpower Group

I serve as the general counsel & head of compliance of MAXpower Group, Asia’s leading gas to power specialist and a key developer, owner and operator of small-to-medium gas-fired power plants. I also sit on the Board of the MAXpower-Mitsui & Co., a joint venture which operates a separate group of power assets in Myanmar. In addition to providing strategic business governance counsel to the Board, my work involves advising on power projects, turnaround management, FCPA enforcement and special situations M&A. Prior to joining MAXpower, I was the regional corporate counsel for Jacobs Engineering Group’s Asia operations, based in Singapore and Mumbai. I have also worked for Norton Rose Fulbright, at the firm’s London and Abu Dhabi offices with a practice focus on energy projects.

For MAXpower, white-collar crime exposure means unfavourable exposure to laws on bribery, sanctions, export control, anti-money laundering, internal controls, audit standards violations, etc. The potential breach of certain anti-bribery legislation like the US Foreign Corrupt Practices Act 1977 (FCPA) or the UK Bribery Act 2010 (UKBA) may pose a greater risk than others. The FCPA is the single biggest legislation affecting anti-bribery compliance programmes globally. The complexity of the application of the FCPA (or the UKBA) is that it is not dependent upon the existence of any contractual arrangements that a company may have in place. We have to engage in an extensive dialogue across all ranks of employees to socialise our exposure.

The biggest FCPA concern in emerging markets is pressure to pay. We try to tackle both the supply and demand side (more so under kleptocracies) of the bribery problem through a concentrated effort of top-level leadership, tone in the middle, a robust code of conduct, a tactical internal conduct code training process, ground-level determination, and ingenuity. We also try to convey the message to employees that penalties for non-compliance are severe, including imprisonment, unlimited fines (typically fixed at tens or hundreds of millions of US dollars), debarment from public procurement contracts, company director disqualification, asset confiscation, disgorgement of profits, adverse reputational consequences and substantial legal costs. To have greater impact, our training materials focus on figures (i.e. potential economic disruption) and flesh and blood references from past individual prosecutions.

The four broad components of a successful compliance programme consist of an analytical enterprise-wide risk management framework taking operating environments into consideration, broad institutional assent from participants, control structures within which the leadership can act to stem breaches, and monitoring by independent specialised actors. As general counsel, I play the independent monitoring role. We train our senior leadership to comprehend (with the understanding that the message will flow down) that in the case of foreign laws and regulations like the FCPA, a subject company has no means to contract out of potential liability.

‘Pre-conceived notions of what actually constitutes “misconduct” can also impact compliance efforts.’

Extra-territorial laws (like the FCPA) lack public assent in most emerging markets, which adds to compliance challenges. Pre-conceived notions of what actually constitutes ‘misconduct’ can also impact compliance efforts. Through our bespoke training and targeted employee engagement processes, and try to challenge such countervailing social norms. We also try our best to secure workforce assent to the compliance programme and aim for an institutionalised acceptance of the bribery and graft problem. As general counsel, I know that what may work for the developed world will not always work for emerging markets, and hence we deploy a risk-based approach. We, as a company, also realise that an eco-system of zero corruption is an illusion.

It is often the case with general counsel (no different in my case) that their formal authority falls far short of their responsibility, and their success is dependent on others outside their own chain of command. Therefore, general counsel (who also have responsibility for compliance) need to be a jack of all trades and be savvy enough to drive through crucial compliance controls. The right relationships inside a company (including by having the CFO and the Head of Procurement on speed dial) are very important.

As part of our corporate messaging, we also highlight that business conduct training is simply not moral rhetoric, but that breaches of applicable law can cause major economic disruption leading to loss of jobs, amongst other real-world consequences. The company leadership has also committed to encouraging reporting mechanisms of potential violations by offering a sense of assurance to employees that no retaliation will occur, subtle or overt, to ensure that employees feel safe to report concerns. We also realise that inconsistent moral messaging can be confusing for employees if legally enshrined moral principles (or organisational value systems) conflict with their own socio-cultural beliefs, as shaped by local standards and ways of doing business. We are conscious that a sound code of conduct crafted with the right ethical considerations will boost the company’s long-term competitiveness.

It is also important to realise that strategic legal or compliance personnel are not hired to be ‘liked’. Companies should remember that such personnel need to be respected as a voice of authority by employees of all ranks. In most listed companies, the chief compliance officer acts as an assurance for the public that the company is a good corporate citizen. Good compliance credentials will help in building public trust for the company.

Year on year, the world grows more tech-savvy. Most large in-house departments already use AI or automation tools in some form, and it does result in cost savings. From a white-collar crime angle, it is important to mention that the Criminal Division of the US Justice Department (DOJ) updated its memo on evaluation of compliance programmes in June 2020; this is a good reference document from a prosecuting agency setting out expectations on what a robust compliance programme should look like. The new subsection on access to data stresses the DOJ’s recognition that data access and monitoring is critical to the proper functioning of a compliance programme. Data analytics can help determine whether compliance failures are systemic or more aberrational. Such data can also help a company monitor investigations and discipline to ensure consistency, which the memo suggests is part of a compliance programme’s effectiveness. The focus on data analytics is thus a good indication that AI, machine learning and automation tools will play a more significant role in legal and compliance functions in the years to come.

Oliver Jaberg, Deputy Chief Legal & Compliance Officer and Director of Integrity & Anti-Doping, FIFA

Generally speaking, there is a trend with political and public pressure continuing to drive significant changes in white-collar law enforcement throughout the world. In my opinion, it is important for in-house counsel to be on top of things in this area and particularly when it comes to advising our internal clients with the view to mitigate risk. In particular, recent developments in relation to the COVID-19 pandemic have put a lot of pressure on colleagues at the forefront. We deem that it is our duty as in-house counsel to provide practicable legal advice to the business, and at the same time adequately addressing the legal and compliance risks.

Our first aim has always been to help our internal clients and members make decisions that are in line with the applicable regulatory framework. This includes policies relating to ethical conduct such as – in our case – the FIFA Code of Ethics and the FIFA Code of Conduct. We aim to provide them with the knowledge and tools needed to identify legal risks in advance and make decisions that adequately address these risks.

In sports, when it comes to integrity and compliance, I always tell our clients – which include players, referee officials and other stakeholders – that it is usually too late when we need to open investigations into alleged violations of rules safeguarding the integrity of sports. When we have to investigate misconduct, the damage is already done. So, with efficient, proactive and preventative measures, such as training, online awareness campaigns and so on, we can ensure that all those concerned know what the rules are, and are able to avoid – as much as possible – things going wrong. However, when things go wrong, it is also key that we ensure that issues are addressed in a timely and thorough manner and that we bring to justice those who don’t play by the rules and who are responsible for bringing our sport into disrepute.

Football, similar to many other aspects of business life, is not exempt from the risks of bribery and corruption. We have seen that different individuals and companies who have been involved in football have been found guilty, amongst other things, of bribery and corruption. In that respect, it is very important to have the right tools in place, including the right regulations and processes to address risks. Equally, it is important to learn from mistakes that have been made in the past and to avoid making the same mistakes again.

FIFA has undergone a very thorough and comprehensive governance reform process over the past years with the aim of addressing certain deficiencies that were discovered. As an example, we have strengthened and formalised our compliance function. We have further strengthened the system of checks and balances, including the implementation of terms of office, and segregation of powers of the different bodies of the organisation. Also, we have strengthened the function of our audit and compliance committee, which consists mainly of independent members. We have established a confidential reporting system or whistle-blower hotline in order to encourage a culture of speaking up and flagging wrongdoing, as it is discovered. We have established eligibility checks including integrity and background checks for all of FIFA’s committee members. We have further strengthened the processes in the context of the funds we invest to develop the game of football. We have enhanced our processes when we check on the service providers and third party vendors with whom we do business. We have also massively revamped our bidding processes for FIFA competitions, including the FIFA World Cup and the FIFA Women’s World Cup. We have also amended our policies to make them more user-friendly and relevant in everyday business transactions. These are only a few examples, but all this was, amongst other reasons, also done to strengthen our position in terms of anti-corruption and anti-bribery.

‘We have a paramount responsibility to do whatever we can to best protect the integrity of our game.’

When focusing on the game of football, we see that match-fixing and doping are highly complex problems that require very stringent processes. Of course, the actions committed by the perpetrators concerned are also corrupt conduct, and here specifically in the context of sports, such corrupt and illegal actions go against the very essence of the game; the integrity of the sporting competition is destroyed, as is with the case with the use of doping. But what is more, if the unpredictability of the sporting result is jeopardised, the sport is basically deprived of its very essence, which is not to know in advance of a competition who the winner will be. If this element is lost, no one will watch football matches in the stadiums or in front of the TV, and the commercial partners that are helping generate revenue, which is reinvested in the sport, will no longer be interested. It is a vicious circle and we have a paramount responsibility to do whatever we can to best protect the integrity of our game.

This is also why we work with many different stakeholders to address the challenges of doping and match manipulation and why we are also dedicating a lot of resources and also expertise and effort to address these challenges.

When it comes to compliance and due diligence, we as an organisation have enacted many different initiatives, processes and tools. For example, our code of conduct serves as a one-stop shop; it provides direct access to the code in all different languages, and it provides for different and direct links to relevant directives, training materials and templates, including contract templates. We also have in person training, for example, we organised a compliance summit specifically tailored to the needs and challenges of our 211 members associations, the football confederations and other stakeholders. In fact, we are currently planning our next compliance summit which will be held online in Autumn.

Overall, when looking into the future, I personally am convinced that legal tech and artificial intelligence will be highly relevant and beneficial for in-house counsel. We have already evolved quite significantly, compared to where we stood five years ago. But, I believe that we are still in the early stages and that the technological revolution for in-house counsel is just beginning. What I am convinced of is that we as lawyers and in-house counsel need to be open to innovation and technology, amongst many other things to enhance our risk management.

Sergey Vitorov, Legal Compliance and Quality Director, BACIS, NOVO Nordisk

My role in Moscow is heading up the legal and compliance team. I am responsible for this whole area, which includes things such as: risk management, internal investigations, preparation and execution of compliance and legal plans, litigation, contractual work and really everything you can think of.

I am not aware of any multinational organisations nowadays which does not have a compliance policy and framework. Almost all of them have a compliance specialist or in-house legal person in place. In order to move forward, the biggest challenge nowadays is to foster a proper compliance mindset. This is so that people will not perceive compliance as merely a ‘tick the box’ exercise. That is the challenge that I believe remains in place in many parts of the world. Even many senior colleagues in large companies still view compliance as a ‘tick the box’ exercise. They view it as only being the responsibility of legal and compliance departments.

Obviously, corporate ethics is not only about compliance with applicable laws and regulations, it is also about sustaining the long-term business success of an organisation. It is up to us lawyers to understand technicalities. But when it comes to business clients, they have to understand the principles behind why specific rules were introduced. Also, the more our internal clients believe and understand corporate ethics, the fewer number of white-collar crimes will be committed, and in-house counsel will be able to dedicate their time to other important matters. Promoting ethical culture means not only constant training efforts in this direction, but also fostering the right mindset. It is important for us to ensure our clients will understand not only the letter of the law, but also its spirit, and the rationale behind a certain legislative provision, therefore enabling them to make the right choice in a dilemma.

When looking at my own team, further improvements can be made to promote ethical business culture. For instance: making legal and compliance functions independent from the business (solid reporting lines should flow into that function and not into business. Legal and compliance should have their own independent budget); making sure that legal and compliance directors are part of the management teams for respective business units; and when deciding where to hire a legal and compliance professional it is necessary to take into account not only business considerations (size of the business, its growth and profitability) but also a risk profile of a given jurisdiction.

When it comes to bribery and corruption and due diligence, the pharmaceutical industry is highly regulated. It inherently requires us to deal a lot with governmental officials (while registering products, running clinical trials, selling medicines to the government etc). Moreover, due to the state-owned nature of many healthcare systems, administrators in clinics and doctors can be classified as governmental officials from both the FCPA (Foreign Corrupt Practices Act) and UKBA (UK Bribery Act) angles. Thus, bribery risks are at the top of the agenda of international pharma companies. Due diligence risks primarily relate to the difficulties in identification of real ultimate beneficiaries in high risk jurisdictions (Latin America, CIS, Southeast Asia) due to the sophisticated techniques used by those who try and conceal real ownership.

‘Bribery risks are at the top of the agenda of international pharma companies.’

For instance, we had a case where the real ownership of one of our distributers was concealed. According to the official registers the shareholder of the company was person X, but it transpired that the real beneficiary behind was a completely different person. In fact, that person was a governmental official. This created a lot of legal risks. We hired a private investigator to run an in-depth compliance check mandated by our compliance policy and procedure. When we received the report from the investigator, we took a risk-tailored approach and discussed each and every red flag related to the situation. As a team we tried to find a meaningful solution. We then took it to the senior levels of our company so that management would be aware and endorse our actions, and offer their advice based on their knowledge and experience. We of course took independent legal advice as well. In the end we decided to run more enhanced due diligence checks over our critical high-risk partners.

Also, when it comes to crisis management, we have a very solid risk management framework in place which enables us to address crises in a speedy and coherent way. For example, we ran a whole risk assessment when things started to go off recently due to the coronavirus outbreak. We immediately decided to make all our sales calls virtual, even in regions where the government had not yet mandated it. Legally, it was permissible to do face to face meetings in some countries at the start of the pandemic. However, we considered the safety of our customers and our own personnel, and we decided to take everything virtual. We also created some new platforms, and as a result tweaked our compliance rules and procedures to the virtual working environment.

I think when we look to the future, white-collar crime is going to become more sophisticated. If we look back five or ten years ago, if a person wanted to defraud a company, he or she would simply use his or her credit card improperly. Now, corporate fraud is more sophisticated. People are becoming more underhanded when it comes to white-collar crime; it is getting harder to detect and prevent. In addition, the regulatory framework for the pharma industry is not getting easier.

Cyber-crime is also a growing risk area going forward. The main thing here is to make people aware of the core techniques that criminals can use. It is important to be on high alert and to no longer perceive the virtual world as not real; it is very much real. Also, people should not look at cyber-crime as purely the responsibility of IT. It is the responsibility of every employee and people should be trained to detect phishing emails and be aware of their VPN when sending corporate sensitive data.

When overcoming these future and current challenges, it helps when compliance and legal teams come together in a co-ordinated effort. They may be two separate functions, but a collaborative approach is best when preventing white-collar crime.

Seshani Bala, Group General Counsel & Corporate Assurance, Chartered Accountants ANZ

My past in-house roles were in fast moving consumer goods (FMCG) companies where I had international remit and exposure to the benefits of legal operations and using digital solutions in European and US markets. Having a cross-border perspective has really shaped my legal career and how I view in-house lawyering, particularly with respect to ensuring in-house legal teams join the data world so they can make data-driven decisions in this digital economy.

In terms of how I got to my current role, I have always loved problem solving and driving outcomes. When I was in high school I really focused on science and maths subjects, but decided I wanted a complete change when I entered law school at university. I ended up doing a combined Law and Arts degree at The University of Auckland and then did the usual ‘kiwi’ thing of working in large corporate law firms before heading off overseas for the traditional ‘OE’ (overseas experience).

I really enjoyed the fast-paced M&A and private equity deal work in private practice, but I never got the opportunity to view business transactions across their life cycle, because I always had to move onto the next deal so quickly. I did a brief in-house secondment and loved it – everyone told me that once you go in-house, you will never go back! My first in-house role was as international general counsel for an FMCG company where I had remit for all legal matters across 43 markets globally. I gained wonderful experience about customer needs and how to provide business-ready advice. In my current role at Chartered Accountants ANZ, a professional membership body with over 125,000 members globally, I lead the legal, governance, risk, compliance and operational excellence teams which provide integrated assurance and enable the organisation to grow, react and adapt to a changing environment across Australia, New Zealand, Asia and the United Kingdom.

The privacy and cyber landscape is constantly evolving across the globe – we are seeing an increase in disruptive technologies, a move to digital delivery, the rise of the ‘no touch’ economy, the commercialisation of consumer data and consumer demand for delivery at pace. But in parallel, we are also faced with an increase in privacy regulation and the risk of cyber threats. In fact, in 2020, we’re experiencing a year like no other, as we all navigate through a global pandemic! Privacy and cyber security are front of mind as our business balances rapid digital transformation with ensuring our post-COVID operating model is relevant in this new world.

For example, the rapid change from an on-premise technology operating model to a ‘cloud model’ has resulted in a proliferating of data across platforms and increased external cyber exposure to corporate systems. This will surely increase to the point where data will no longer reside in a traditional on-premise location, changing how we manage and protect both cyber and data privacy forever.

‘Looking towards the future, I think in-house legal teams need to be much more tech savvy.’

Digital solutions are also key in managing areas like whistleblowing. Recent legislative changes support the trend towards whistleblowers being seen as a corporate asset and key to maintaining a culture of good corporate governance.

Businesses can have a good whistleblowing policy which contains anti-victimisation provisions and provide for anonymous disclosure but this needs to be operationalised – using a secure digital platform is the best way of mitigating risks in this space.

External counsel certainly do play a role when it comes to the investigations process, but that depends on the type of investigation. Some investigations need to be conducted under legal professional privilege and using an external firm assists with maintaining privilege. It also provides a level of independence, and external law firms are also able to offer practical guidance on how to manage an issue based on their experience with other clients and regulators. There are definitely benefits with using external counsel, but not with every investigation. A lot of things can be done in-house, so it really depends on the risk profile of an organisation and the cost/benefit analysis.

Looking towards the future, I think in-house legal teams need to be much more tech savvy. Innovation intelligence and being a quick adopter of technology is one of our legal team’s KPIs. Technology was previously a job for IT teams, now it is a whole of business function focused on protecting data. I think in-house counsel are well placed to show leadership in this space due to the privacy, governance and risk management responsibilities they have. In-house legal teams need to get a deeper understanding of technology and need to partner very closely with IT teams. There are huge opportunities for in-house legal teams to step up in this space – it’s an exciting time to be an in-house lawyer!

Enforcement Predictions for 2021

Since November 2020, white-collar defense lawyers have faced one question: will the Biden administration change US priorities when it comes to pursuing a range of economic crimes?

Generally, it takes a relatively long time for a new administration to have an impact on white-collar crime enforcement. White-collar matters often take a long time to process: cases that are not already being investigated can take months to appear on the radar, and the decentralised nature of the US system means that changes at the national level are often less consequential than appointments of US Attorneys at key offices throughout the country. In addition, the previous administration did not roll back on its enforcement pursuits to the extent many had anticipated. For example, aggressive FCPA enforcement continued through the last four years, in contrast to many expectations.  All that said, we expect the next four years will bring rigorous white collar crime enforcement across a spectrum of white-collar cases.

Early indications of the new administration’s approach can already be seen in the appointments made by various regulatory agencies, with Obama-era alumni returning to senior positions. Given the likelihood of similar appointments at the DOJ, the SEC, and other relevant regulatory bodies, the next four years could be marked by a return to the priorities set in the Obama era, which alone would mean an increase in the volume of white-collar work.

While it is still too early to judge exactly how the legislative and regulatory priorities of the new administration will impact business, existing features of the enforcement landscape will continue to have a big impact on international business.

First, we expect to continue to see a sustained emphasis on anti-money laundering enforcement, and the FCPA will remain one of the most important US federal laws for multinational companies. Second, sanctions and trade controls will similarly continue to exert a substantial influence on enforcement in the US and beyond, largely because – in the United States – there is rare bipartisan consensus on the value of sanctions as an instrument of national policy. One area we expect an uptick in enforcement is securities fraud investigations against both corporations and Wall Street institutions, both civil and criminal, as we expect the new Administration will be highly motivated in this area.  Lastly, the aftermath of COVID-19 will likely result in heavy scrutiny of potential fraud related to various COVID relief programs and in their related significant federal investment.

General counsel will need to mitigate these and other emerging risks in the coming months.

Compliance from home

Almost without exception, all major policies and procedures related to compliance presuppose that employees are physically present in an office; that employers know where data and other records are stored; and that compliance teams have the ability to directly monitor staff activity.

For many companies, the global pandemic has introduced new remote working environments where the physical presence of a company’s employees is largely uncertain, data may be stored across a wide range of depositories, and training is limited to formal interactions over webcam. For the past year, corporate compliance has taken on an entirely new identity.

Finding ways to ensure proper oversight of employees in a remote environment is a work in progress, and it remains to be seen how regulators will evaluate the measures taken by employers. Even without worrying about the stance regulators are likely to take, businesses must work out how to build and maintain a strong culture of compliance in a remote working environment. Establishing the right tone and culture is, of course, much more difficult without physical interaction; nevertheless, it is a challenge businesses and GCs must reconcile for the future.

Regulatory cooperation and conflict

For multinational companies, the list of potentially relevant prosecutorial authorities grows with every year. We continue to see increasingly aggressive white-collar enforcement in many countries around the world, accompanied by closer international cooperation among governmental authorities.

At the same time, conflict of laws between jurisdictions is becoming more common, meaning multinationals must navigate a world where they face competing laws in different markets. For example, US authorities have come to recognise that companies are limited in what they can lawfully do to cooperate when an enquiry requires the production of European data. Governmental authorities will be pushed to cooperate ever more closely because US authorities often will only be able to obtain necessary data only from their foreign counterparts.  As a result, multijurisdictional investigations will increasingly be coordinated between the different national bodies involved in investigating and prosecuting a case.

The more white-collar crime is viewed as a matter for collaboration among national regulators, the more likely a jurisdiction will expect its laws to play some part in mitigating the alleged misconduct. As any multinational legal or compliance team knows, misconduct often occurs in countries that do not have a well-established judicial system or, in some cases, effective rule of law. This situation makes the resolution of any potential compliance issues in such countries challenging at best.

Additional complexity can result by “blocking statutes” increasingly prevalent in certain jurisdictions, effectively prohibiting compliance with US sanctions. This creates a challenge for GCs of multinationals, who must navigate an increasingly interconnected world while also adhering to sometimes completely incompatible sets of laws and regulations.

General counsel will need to be sophisticated at navigating the relevant laws to avoid trouble. The world is becoming more complicated and risks to businesses are growing. This means their advisers will have to find unique solutions to a host of difficult challenges. The days of rolling out the same playbook for every problem are over.

Above all, GCs should remember the first law of compliance: when problems arise, one cannot ignore them in the hopes that they will disappear. At minimum, GCs will need to identify and act on potential problems as soon as possible. Waiting to see how something evolves is no longer an option in a world where every country has the ability to bring sanctions, and coordination among international regulators is the norm. Pick up the phone and call someone who can help you avoid compliance problems that will prove far more expensive than taking the necessary actions to prevent them.  And, when an investigation arises, GC’s will need experienced counsel who can ensure the company cooperates when appropriate, but who can also advocate aggressively, when necessary.

Authors:

Douglas Greenburg, Global Chair of the White Collar Defense & Investigations Practice, is a partner in the Washington, DC office of Latham & Watkins LLP

Benjamin Naftalis, Global Vice Chair of the White Collar Defense & Investigations Practice, is a partner in the New York office of Latham & Watkins LLP

Nathan Seltzer, Global Vice Chair of the White Collar Defense & Investigations Practice, is a partner in the London office of Latham & Watkins LLP

Leanne Geale | EVP, General Counsel, Corporate Governance and Compliance | Nestlé

Everything we do at Nestlé is rooted in our core values of respect: respect for people, respect for the planet, and respect for diversity and difference of thought. Nestlé has one of the most diverse consumer bases of any company, with activities in nearly 200 countries globally. There is no way to understand that consumer base if we do not embrace diversity in our operations, looking at things from different perspectives to get the best outcome possible.

When I joined the executive board in 2019 I was conscious of how seriously the company takes its commitments to D&I and was excited to propel the D&I programme forwards. While I see my role more as a supporting force to the broader company initiatives, there is still a lot that a GC can do to help drive change.

It starts with being purposeful with your own team, asking: Is it diverse enough? Are we building the right culture? Are we benefiting from diverse thought and approaches? How do we know? Are we actively identifying areas where we might be short? If so, how can we fill those, whether through external hiring or searching harder within the organisation?

The freedom to speak up

To get the best out of your people, you need to create an environment where they feel free to speak up. This underpins more than diversity and inclusion. Business methodologies from Lean to Six Sigma teach us that when teams are empowered to speak up, they improve performance; likewise, the ability, freedom and trust to speak up can enable strong safety and compliance cultures. A culture that supports D&I also supports innovation and idea generation and. allows you to examine a problem or opportunity from multiple perspectives and ultimately find the most robust answer.

Leanne Geale
Leanne Geale | Nestlé

For a legal function, having the freedom to speak up is doubly important. An environment where people feel comfortable to express what they feel is ethical or the right thing to do enables my team to act as a guardian of our core values more effectively. Targets and metrics are important ways to measure progress, but they are not the end goal. Creating a welcoming and open culture should be the first concern of any GC.

I am also a big believer in creating a working environment where everyone can bring their full self to work and perform at their best. Ultimately, strong performance and inclusive, collaborative behaviours are the most valued and valuable to a complex multinational organization.

Not-so-hidden talent

For female lawyers, the advice I commonly give is to just be yourself. Don’t try to fit in a mould. Build on your strengths and use those strengths to create a more inclusive environment. Christie Smith, the former vice president of inclusion and diversity at Apple once said the most important thing you can do to promote diversity is to say hello. That is a very powerful idea. That one simple gesture creates an environment that is more inclusive in an instant.

Even if you are not in a leadership position you can be a leader in everyday circumstances. For example, if you notice there are people who haven’t had a chance to speak, you can create space for them and encourage them to give their views. That way we can all be leaders in creating an inclusive environment.

Beyond that, I am proud to support Nestlé’s goal of having at least 30% women among its top 200 managers by 2022. That is an ambitious goal, but our approach has been to say, “We have almost 300,000 employees globally; with more women at the top, we reinforce our inclusive culture, make Nestlé an even better company and contribute to shaping an equal society. All of this helps drive our business performance.”

When the UK introduced a similar target for female representation on UK company boards, it was a success. I remember one board chair commenting that it’s amazing how many qualified candidates you can find once you look. That is often the case: the talent is there, you just need to change how you are looking for it.

To succeed

The biggest step you can make as in-house counsel is to get out from behind your desk – even if it’s a virtual tour. You need to visit operations, understand the business rationale, and see how things work on the ground. Whether you’re at a mine, at a retail gas station, or in a supermarket. That gives you a more holistic perspective and allows you to contribute more meaningfully, not only in a legal sense but in a broader commercial sense.

On an interpersonal level, it’s about asking yourself the right questions continuously: how you can help someone, how you can create space where people feel free to share their experiences and collaborate, or how you can share your knowledge and experience and open doors for people to progress their careers.

Jennifer Salinas | Executive Director of Global Litigation | Lenovo

“This is what a lawyer looks like”

I have always been a strong believer in the value of engaging with communities directly. During my time as president of the Hispanic National Bar Association (HNBA) I made community engagement my mission. HNBA representatives would go into schools in primarily black and brown communities wearing these t-shirts that had “This is what a lawyer looks like” printed on them and the kids would say, “Wait, you’re a lawyer?”. It was awesome to see that we could change their perceptions of what a lawyer looks like and make them realise they can do this job.

When I think back to my own experience of education and entry into law, I can see how useful that sort of awareness would have been. I am always very open about my experiences because I want people who find themselves in a similar situation to know these experiences are not incompatible with a successful career. I went to law school with a baby and graduated top of my class!

I was raised in a predominately Latino community where young women were not necessarily encouraged to pursue an education. I was the first person in my family to graduate high school. I married young and had my first baby when I was in college. I didn’t have any guidance on which college to apply to or any of the important questions students should take for granted: What do you want to pursue? Is this the right school? Is this the best school? Frankly, I based where I was going to study on its proximity to my boyfriend.

At college, and especially at law school, it was very, very lonely. I didn’t feel like I belonged. If you are from a background where higher education is not the norm you carry a kind of imposter syndrome around with you. Even now, after a successful 20-year career that sense of being an outsider occasionally lurks back in. Every so often I will hear a comment and think, “oh my gosh, maybe this was all just a lucky streak”. Rationally, I know that is not true, but it is something I know a lot of minorities have to deal with in the workplace, and it was certainly something I had to deal with in my early career. I was surrounded by people who did not look or sound like me, and who very likely did not have the same experiences as me.

I was a Hispanic woman, married with a kid; I just didn’t fit the mould of a successful lawyer. At law school, I was counselled by the career service team not to mention that I had a child when applying for jobs. I had to pretend to be someone I was not, and went through the first few years of my practice as a lawyer almost as two separate people living parallel lives. But I’m not someone who ever backs down. I used negative comments and prejudices to fuel me. Besides, as a young mother there was more at stake than just myself. The ability to fail was not n option.

More than a ‘diversity hire’

Majority communities can have a hard time understanding the sense of isolation or otherness that comes with being a minority in the workplace. Any complaints are seen as an attack on affirmative action programmes and minority-inclusive hiring practices. This is missing the point. As diverse candidate you naturally approach an interview thinking, “Am I here as a potential diversity hire? Does the company want me because of all the things I’ve done, or does it want me because I am a woman, and especially a woman of colour?” This is not a case of being paranoid, ot is just reporting the facts.  As any minority will know, people actually do say these things.

A few years ago, I was at a dinner with a law firm and we got to talking about a particular judge who was African American. One of the partners dismissed this judge’s experience on the grounds that he was, “an affirmative action hire”. He was discussing a federal judge who went to a phenomenal school, yet felt comfortable using that language.

A couple of years later we had a partnership retreat that included a D&I component. When it came to questions from the audience, I stood up and told this story. The lawyer who had made those comments was in the audience and knew exactly what I was talking about. I wasn’t going to publicly name and shame him, but it was my way of demonstrating the point that someone will sit through a discussion of D&I without being aware of this hypocrisy, or of how outrageous and damaging these beliefs are. This sort of prejudice in the legal profession is far more widespread that is commonly acknowledged.

Leading by example

If you want to judge whether a company is truly diverse, look at the makeup of its wider management. Don’t just look at the diversity and inclusion committee, which is where you tend to find diverse people – look at who the decision-makers are and whether they are diverse. Then ask, what does that company consider a diverse team looks like? Is it just having a woman on the board, or is it a real mix of people who have got there because the company is prepared to promote talent wherever it sees it?

In that sense, it is incredibly refreshing to work at a global company like Lenovo, where I deal with a diverse set of people from all over the world. We have a CEO who is compassionate and passionate about all issues that concern underrepresented or disadvantaged people. At the start of the pandemic, he put his own personal money and effort into sending laptops to poor communities throughout China, with a personal letter from him to the recipients.

When Black Lives Matter took off, we held some really honest townhall meetings to discuss how staff felt about the movement and what more could be done to improve the workplace. We held roundtable discussions where people were free to ask bold questions about how we were going to deal with the issues BLM raised, or to make sure that all our people felt included. Not only that, but the company matches our financial contributions to social causes one to five, which made a big difference.

That commitment to D&I bleeds through everything at Lenovo. I don’t feel like my gender or my ethnicity has any bearing on how people approach me as a lawyer. Corporations are doing so much better with diversity and inclusion than law firms in the US. Law firms could really learn a lot from their clients.

The 0.2%

Of course, counsel we can say that law firms need to change until they’re blue in the face. Let’s focus on actions rather than words. In a role where you are looking at candidates, dealing with vendors, or spending money, you have the power to effect the kind of change you are preaching. Leaders in any senior-level executive position have the power to move the dial, and there is a duty to be very intentional when it comes to diversity.

I am proud to say that my entire team is diverse. I require all my outside counsel to have a diverse team. We request biannual reports giving the various demographics within the team, and more importantly we check what role each lawyer will play on a particular piece of work. Diverse talent needs to have an actual, critical, material role in the work, it can’t just be somebody who is there for optics.

One thing that I absolutely know for sure is that until we can give equal access to underrepresented communities, and particularly to black and brown communities, we are going to find ourselves dealing with these issues in the law continuously.

The legal profession remains of the least diverse professions in the US. Just 5% of lawyers are of Hispanic heritage, even though such people make up about 18% of the population. In the IP space it is even worse. Latinas make up less than 0.2% of IP lawyers. Just think about that number for a second. A community makes up about 18% of the US population accounts for less than 0.2% of IP lawyers.  That level of disparity is not something that will change without intentional efforts on the part of GCs and senior counsel.

Of course, we need to think about what constitutes “diversity”, that diversity programmes are truly inclusive and not alienating any group. I have thought about this many times. Should we make diversity an economic issue, for example? Communities of colour are disproportionately poorer, but many other groups face socio-economic exclusion. The reality is this: white privilege is still white privilege. We need to address the disadvantages inherent to being a person of colour in the United States before we can look at bigger issues.

It is also a problem we can solve. Black and brown communities are abysmally underrepresented in the legal profession. As GCs we may not be able to change everything, but we can change that.

Luis-Xavier Hernández | General Counsel, Data, Privacy & Digital | Unilever

For GCs, the very first question you need to ask yourself is how much of a diverse and inclusive mindset you have as a leader. Only then can you successfully analyse how diverse and inclusive your current team is, both with respect to hard numbers but also in terms of its culture.

Luckily, I work for a company that is perhaps one of the most diverse in the world. This helps tremendously when looking at the composition of teams, but most importantly at the culture of the organization.

Diversity and Inclusion brings more value than most people think. Companies with successful D&I cultures grow faster, stronger and more sustainably. D&I attracts the best talent, it provides a much stronger management base that takes into account a more robust view of business, society, customers and consumers, and it allows you to contribute to positive change in society.  At the end of the day, we are here to leave a better place for the next generation. Embracing diversity and being inclusive will certainly contribute to that.

Luis-Xavier Hernández | Unilever

Deploying D&I policies on a global scale is one of the biggest challenges for any type of global corporation, particularly one with a footprint like Unilever’s. We have to understand that a diversity and inclusion agenda means respecting different cultures in different parts of the world. It is hard to come up with a rigid approach to certain metrics that may have varying degrees of relevancy in different parts of the world. You have to really understand and cater for that, because the main reason for having a diversity and inclusion agenda is to make sure that every individual in the company has the exact same opportunity to succeed as anyone else. To do that, you need to cater for realities and cultures in different places.

From my perspective, values rest on universal principles that should apply everywhere, like treating everyone in the organization with respect, providing equal opportunities no matter the gender, race, age, religion, sexual orientation or any personal beliefs.  Living and breathing these values makes us richer, stronger, and more united in every corner of our organization.

While it could be challenging to drive consistent metrics across regions with their own cultural characteristics and idiosyncrasies, I think the best way to reconcile that tension is to ensure that values are never compromised, no matter the circumstances.  That to me is a must and reflects the culture of your organization.

Better business in the digital sphere

As head of Unilever’s legal team overseeing data privacy and digital, I frequently find myself balancing the value of certain data related propositions with the complexity and cost required to execute them in a legally compliant manner.  It always comes down to finding that reasonable balance. What I have found helpful is to start our assessments by asking the question ‘what is the purpose of collecting personal data, in this case related to diversity and inclusion?’ This data point will lead to other relevant questions about proportionality and transparency but understanding the purpose works an effective gate and it’s definitely a strong start.

Most large organization have stats and metrics to measure their diversity and inclusion efforts, but few people realize how complicated and sensitive it is to process such information. When it comes to diversity and inclusion, most personal data is considered sensitive personal information, and for a good reason. The potential harm to the individual is heightened compared to other types of personal data, and as such organizations need to think very carefully about how such data is collected, used, and protected. The stakes are high.

From a data privacy perspective, the rules governing what sort of data organizations are permitted to hold will only get tighter. The entire ecosystem, from individuals to regulators and lawmakers, is taking more interest in use and misuse of personal data. That means we need to be ahead of the game and think through how and why we collect information. But there is an even more important question to be considered. The question of ethics.

Transitioning from what is legally required to what is ethically expected is a challenging but powerful journey that I think all players in this space should consider. It’s not only the right thing to do but also what most stakeholders would expect in these times. .

Ultimately, we want to be compliant with data protection laws while helping advance our D&I agenda, do the right thing for our employees, for the company, and for the whole ecosystem of partners, suppliers, customers, and consumers. I want to make sure that any information we collect is strictly necessary to achieve the ultimate purpose of advancing our D&I agenda and do something that is aligned with our corporate values and high ethical standards, while protecting individual privacy rights.

I think data and digital professionals will continue to face the challenge of finding the right balance between supporting legitimate business initiatives and remaining in compliance with the spectrum of regulations on a country-by-country basis – including sometimes outdated regulations.

Unilever is one of the leaders in the brand safety movement, which concerns itself with ensuring that our brands are presented to consumers in safe environments and of course a key part of this effort is holding media outlets and agencies accountable for that. It’s not as simple as it sounds though,  mainly because the digital space is formed of so many different players that it has become a complex, non-linear ecosystem. However, I believe that  all players but in particular the most influential ones have a degree of social responsibility to improve the digital ecosystem in the interest of millions of viewers who consume media and as a consequence advertising.

I have the privilege to serve as a board member of the Better Business Bureau National Programs Inc, a globally recognized organization that fosters consumer trust in advertising which is the reference point in the United States with regards to self-regulation and many other globally relevant programs. The BBB National Programs is a great example of an organization that really has the consumer interests at its heart. It truly stands for transparency and fairness in advertising. As such there is very much similarity in values between Unilever and the BBB National Programs and that’s why I accepted the board role without hesitation.

It has been a great experience being part of BBB NP’s board, it has given me an invaluable platform from which I can contribute my experience and passion for certain topics and perhaps shape in some way or form the strategic agenda of the organization. It has also given me an external perspective of the market place, consumers, and companies in many different industries. As GC, I have learned that having an external perspective of the world and the industry where your company operates is an invaluable enabler of a diverse vision. It also energizes me to continue to drive positive change.