Managing Crises: Improving The Legal And Compliance Relationship To Minimize Corporate Risks

McGlinchey Stafford

McGlinchey Stafford

Auto Finance Excellence - November 1, 2021

Regulatory compliance in the auto finance industry, or financial services in general, is challenging enough under “everyday” circumstances. Crisis scenarios only amplify opportunities for legal and compliance risks to slip past. However, advance attention to the carefully scripted interplay between corporate legal and compliance departments can calm the storm amid a crisis, and even encourage the kind of decision-making that serves organizations well under normal circumstances.

Drawing the lines for business as usual

Understanding the interplay between, and responsibilities of, the legal and compliance departments is important to delineating the relationship between the departments. The respective roles are typically divided as follows:


  • Identify and interpret legislation, regulation and case law
  • Communicate legal requirements and grey areas
  • Assess and quantify legal risks
  • Respond to business requests for legal advice
  • Manage outside counsel


  • Determine impact of applicable law to operations
  • Operationalize regulatory compliance
  • Develop policies, procedures and testing protocols
  • Identify compliance challenges and seek legal advice

The nature of legal and compliance work imposes a substantial amount of overlap. One of the most substantial areas of shared duties involves the in-house teams’ relationships with external legal counsel from a support perspective. Knowing where the lines are drawn, and when it may be time to redraw them, can be essential for strengthening their respective roles.

Also inherent in these teams’ purview is the quantification of risk, the strategic evaluation of which risks may be beneficial to the business, and the ramifications of taking on those risks. In general, most legal teams rely heavily on their compliance colleagues for data and knowledge of operational details to understand a risk’s magnitude. A legal department can explain legal risk and the associated potential outcomes only with the compliance department’s organizational perspective on risk quantification.

Areas of overlap include:

  • Translating complicated legal concepts into the “language of the company”
  • Change management
  • Issue spotting
  • Breaking silos

Practically speaking, the most efficient businesses that have separate legal and compliance departments are set up in a way that these departments function cohesively and seamlessly, and work effortlessly with outside counsel. Because they are both in a position to view an organization’s “big picture,” these departments are also critical in identifying who needs to be involved in important decision-making or the development of a process.

Effortless choreography under pressure

From a crisis management perspective, the business decision-making process is compressed under the stress of short deadlines. This forces quick communications and seamless interdepartmental cooperation. A crisis may be a global pandemic (like we saw with COVID-19), a product recall, a data privacy breach, or new regulation that throws the industry for a loop. However, sharpened judgment and business clarity can positively transform the relationship between the legal and compliance groups — but only if the organization can capture the magic and build it into its processes going forward.

Effective crisis management starts with an effective crisis management plan. However, crises occur because no organization can predict every eventuality. Accordingly, crisis management plans should be broad enough to allow baseline processes to function under a wide variety of circumstances, and flexible enough to be changed as circumstances warrant.

Creating a baseline expectation of confidentiality

Take the example of preserving attorney-client privilege: The time to educate your colleagues about how to preserve the privilege is not during the middle of a crisis. During a crisis, anything not ingrained will be forgotten or thought to be unimportant. Training and repetition of the key concepts in everyday communication is the only way to prepare for keeping crisis communications confidential. This training and dedication must start with executive leadership and filter throughout an organization.

Crises exacerbate the difficulties of preserving attorney-client privilege. Established working groups may expand to capture representation or knowledge from other departments. Employees who are not usually involved in sensitive discussions may find themselves included. And, most critically, company lawyers — seen as trusted business advisors — may be tempted to mix legal advice with business advice.

Basic practices that can create a baseline expectation of privilege include:

  • Shrink the room. For example, if the company is holding a large-scale meeting at which all hands are on deck, limit the audience before sharing potentially privileged information or engaging in anticipated privileged discussions. On a videoconference, this may mean saving this content for the end, after everyone else has left the call, or hashing out the privileged discussions before anyone else joins the meeting.
  • Mark all privileged documents. Especially during a crisis, in-house counsel may wear many hats, some of which are in a legal capacity and others relating to their institutional knowledge of the business. This is an expected role of in-house counsel, but it complicates the privilege analysis. Because these roles may blend, it can be critical for a company lawyer to clearly identify and separate legal advice from business advice. Not only will this support safeguarding their work as a privileged or protected work product, it is also a good reminder to other people at the organization to treat it as such.
  • Call a time out. Particularly during chaotic all-hands meetings, lawyers owe a duty to their clients to call “time out” if the discussion is veering into privileged waters. The moment that an attorney fears that confidential material is not being treated properly, it is important to take those discussions offline and only include the people necessary to the issue requiring legal advice.

In a crisis, both legal departments and compliance teams operate in an atmosphere of improvisation and adaptation to overcome a challenge. Returning to the basic principles and best practices for collaboration can maximize the chances that the company will escape unscathed.

This article was first published in Auto Finance Excellence, a sister service of Auto Finance News. McGlinchey is pleased to serve as the official Compliance partner of Auto Finance Excellence, providing insights and thought leadership through webinars, podcasts, and monthly columns.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© McGlinchey Stafford | Attorney Advertising

Written by:

McGlinchey Stafford

McGlinchey Stafford on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.