Kissing "Legal Risks" Goodbye

The concept of "legal risk" is meaningless and dangerous, and it marginalises company lawyers. It should be abandoned. The question that matters is not whether a risk is a "legal” risk, but how lawyers can contribute to managing the main risks of the company, whatever their categorisation may be.

The concept of "legal risk" is meaningless

Important risks - who is interested in the petty ones? - are always multidimensional. Major risks are not either and alone legal, or financial, or strategic, or reputation, or whatever else. They are legal and financial and strategic and reputational. It is pointless and irrelevant to define them as one-dimensional. Categorization of risks depends on the angle from which you look at them and depends on who is looking at them. A lawyer will see a legal risk whereas the CFO will see a financial risk and the engineer a technical one. Risks are simply risks. What is legal, financial, or strategic is the way you look at them. A risk is not intrinsically “legal” or anything else.

For example, an EU antitrust investigation may appear to be a genuine "legal risk". Indeed, it is about legal rules, it involves lawyers, and it costs legal fees: it is definitely a legal thing. But it is also a strategic risk: it may delay or block a merger, or require the sale of a business unit. And there is also a financial risk at stake: the penalty may amount to dozens of millions. What looks like a typical legal risk is actually a multidimensional one.

On the contrary, what appears to be the opposite of a legal risk may actually have a significant legal dimension: an engineering company builds a bridge. The collapse of the bridge is, at first sight, a technical risk: something that engineers should prevent and deal with if it happens. But lawyers will also be involved to draft the contractual liability and force majeure provisions in the contract, to negotiate an insurance coverage and, as the case may be, to manage claims by the victims and against the subcontractors. So, the collapse of a bridge, however technical it may appear, is just as much a legal risk.

This is why I don't find it very useful to base risk management on risk categories (legal, financial, strategic, etc.). It may look rational and logical, but it does not match real life. Everything is in everything, and "legal" cannot be isolated. Nothing of importance is all and only legal. A marriage (isn't that a risky venture?) is of course a legal thing (there is a contract), but it is also psychological, economic and social, just to name a few. It may be appropriate to talk about the legal aspects of marriage and the legal dimension of managing the risks inherent to a marriage, but calling marriage - or divorce for that matter - a "legal risk" simply does not mean anything.

The concept of "legal risks" is dangerous

Referring to risk categories such as legal risk or financial risk induces the idea that lawyers should deal with legal risks, finance people with financial risks, etc. This is a dangerous idea.

Assume a contract for a trans-Atlantic transaction, with a provision dealing with the USD/Euro exchange rate risk. The contract is submitted to the lawyer. The lawyer could say, "Exchange rate is a financial risk, not a legal risk, so I am not reviewing this provision". Or she could say, "I am only going to check whether this provision is legally valid and enforceable under applicable law." Both approaches would be perfectly in line with the idea that there is such a thing as "legal risks" and "other risks", and that the lawyers’ responsibility is limited to the former. But wouldn't the client - and rightly so - prefer a lawyer able and willing to look carefully at the provision, check if it is not only legally valid but also properly designed and drafted, economically fit, and technically sound? If the provision is legally OK (no law is violated) but nevertheless catastrophic for the company, should the lawyer just say, "this is a financial risk, not a legal one", and go on to the next page? Of course not.

A good lawyer should be able to not only assess the legal dimension of an issue, but also to understand and be relevant in the other dimensions. In a sales contract, force majeure can be seen as a meteorological risk. Does it mean that the lawyer should not deal with it? And if late payment is a financial risk (or an operational risk? Or a commercial risk?), does it mean that the lawyer should abstain from commenting on the provisions dealing with it? Non-compliance with technical specifications will often be described as a technical or operational risk. Should therefore the lawyer be absent from discussions on this subject?

The idea that lawyers should be dealing with legal risks, and that in a separate room the financial people should be dealing with financial risks, is nothing but an accurate definition of a highly dysfunctional, bureaucratic, and ineffective organization. Important risks are multidimensional, so managing them requires a multidisciplinary approach. Effective risk management demands a blend of competencies and viewpoints. Important risks should not be managed by one specialist only, whether it be a lawyer or someone else. Colleagues from different departments must work together. 

The concept of "legal risk" marginalizes lawyers

What is 100% legal, actually? Choice of applicable law, details of the arbitration procedure, and the so-called final provisions setting out that annexes are forming an integral part of the agreement? If a lawyer limits her focus to strictly legal stuff, she condemns herself to working on issues that are not of much significance, relevance nor importance to anyone else in the company. Eventually, she will pale into insignificance within her organization.

The better lawyers become knowledgeable about and involved in dealing with risks that are not primarily branded as legal. They have a deep understanding of financial tools, strategic options, business process, operations of the company, and the evolution of the business environment.

Lawyers who want to play a significant role in risk management must be able to understand the non-legal dimensions of the risks they are contributing to manage. How could a lawyer efficiently advise on the risks involved in the acquisition of a company if he has no idea about the strategy behind this acquisition, about the financing arrangements, and about the business of the target? Risk management requires a cross-functional approach, and as a lawyer you cannot stand out in a cross-team if you don't get what the financiers or the engineers are talking about. No need to be an expert in finance, strategy, marketing, operations and all the rest, but a solid “culture générale” in business is a must for effective risk management by lawyers.