The evolving nature of legal risk: Legal risk, as we once understood it, is changing. Companies need to be prepared to respond faster so that better choices can be made sooner.

by White & Case LLP
Contact

Over the past decade, many of the legal risks facing companies under US law have narrowed dramatically while others have proliferated. The advent of streaming news and social media means that local issues can become global concerns in minutes. The nature of risk is evolving, and more than ever, companies need to be prepared to do the right things faster—especially in assembling the right team so that better choices can be made sooner.

Risk today is a much broader and more complex concept than 20 years ago. It is global, diffuse and often transcends corporate boundaries. Anti-corruption and antitrust laws are far-reaching in their impact. It is now common for a regulatory investigation into a company’s operations in one jurisdiction to be followed by multiple investigations in others. A business disaster in one country now has the potential to hurt others in the same industry globally.

These new risks come with both legal and nonlegal drivers, and the two often move in different directions.

“The scope of US jurisdiction has been shrinking over the past 10 - 12 years, arguably in an attempt to make the US legal system less ‘imperialistic,’” says Owen Pell, a White & Case commercial litigation partner based in New York. “In stark contrast to earlier courts, the current US Supreme Court, under Justice Roberts, is interpreting the reach of US jurisdiction more narrowly, especially in cases where alleged wrong-doing did not occur on US territory and does not involve many or any US parties.”

In the landmark Daimler A.G. v. Bauman decision in January 2014, the Supreme Court issued a ruling that significantly limits where corporations may be sued for claims that do not relate to business they may do in the United States.

“Just because you are a multinational company doing business in the US doesn’t mean that you can be sued in the US for everything you may do around the world,” explains Pell. “Meanwhile, other recent Supreme Court cases, like Morrison v. National Australia Bank and Kiobel v. Royal Dutch Petroleum Co, have limited the territorial reach of substantive US law with respect to civil liability and certain areas of criminal and administrative liability.”

These rulings will significantly affect how companies can try to use their corporate structures to manage certain risks relating to US litigation. Using these decisions, companies could plan to separate or “ring-fence” certain risks: “By keeping certain management or officer functions abroad, companies may be able to limit their exposure to US litigation or certain types of investigations, even in the rarer cases in which individual executives are accused of wrongdoing,” explains Pell.

The effects of these rulings have already created one area in which companies can be assiduous in anticipating problems and managing risk, with a view toward prevention being better than a cure.

In the capital markets arena, one response has been an increasing number of European corporates making use of provisions under the US Securities Act—Rule 144A—to tap credit markets in the US while managing exposure to US lawsuits.

Rule 144A exempts offerings of non-US securities into the US from certain registration requirements under US securities laws. Also, US purchasers in such offerings must meet certain qualifications, arguably making it harder for those purchasers to bring certain types of US securities claims. A restricted offering into the US can be combined with an unrestricted placement of securities offshore under the provisions of Regulation S (Reg S), which can be held by holders outside the US.

10-12  years
The scope of US jurisdiction has been shrinking over the past 10 – 12 years, arguably in an attempt to make the US legal system less “imperialistic.”

European views on issuing debt into international markets are evolving, says Rob Mathews, a London-based partner in White & Case’s capital markets group: “To get the best investor base, you want to be able to sell securities into the US, but not be subject to US rules regarding liability to the extent they can be avoided. Rule 144A-Reg S deals mean companies don’t have to go through the time-consuming and expensive process of registration.”

A series of recent federal court rulings in New York has made it much harder for US investors in non-US securities to pursue US securities law claims. This will encourage more institutional investors outside the US with deep pockets to fund transactions denominated in US dollars. If more entities are issuing out of Italy or the UK, there’s now less reason to go through the laborious and riskier US registration process.

“The availability of significant investment capital outside the US creates an environment where large transactions can be structured to substantially mitigate the risk of exposure to US securities laws,” says Mathews.

But during this same period, other legal risks have increased, and they are not so easily ring-fenced. For example, many forms of government regulation have increased dramatically in the past 15 - 20 years. This is particularly true in areas like anti-corruption, anti-terrorism, anti-money laundering, economic sanctions, environmental compliance and banking regulation. These areas often include broad criminal and administrative jurisdictions and relate to how a company does business in certain markets—and alleged violations of law can often open the door to parallel claims for civil damages against companies.

In addition, many of the laws that have developed over the past 15 years have included provisions designed to increase corporate transparency. There have been enhanced disclosure regimes with prosecutors increasingly stressing that companies should report problems before the government learns of them, and whistleblower provisions encouraging corporate insiders to reveal information to the government. This makes it much more likely that problems, when they occur, will enter the public domain where they can quickly explode.

This enhanced exposure to certain types of legal risks brings into play nonlegal risk drivers that have changed significantly over the same period. Advances in technology and social media mean that when information is disclosed or leaks, or a crisis hits, companies no longer have the luxury of time to assess potential problems, determine strategy and respond appropriately. For example:

  • Transaction velocity has increased exponentially; as business moves faster, so the potential for damages will rise, with major incidents impacting both corporate and consumer transactions.
  • Increased velocity and networking also mean that businesses today face huge reputational risks, and brands can take a substantial battering in the wake of a corporate crisis. Moreover, when information breaks now, it tends to do so in ways that are nonlinear or asymmetrical, so that companies have much less time to marshal facts and decide how to manage information.
  • There is increased public and fiscal pressure on governments to intervene in domestic market business wrongdoing or disasters. Such interventions offer the added benefit of providing cash injections into national budgets, given that governments can impose large fines on corporations, for any number of violations.
  • Developing nations are attempting to replicate tools and mechanisms used in mature economies as a way to boost their budding legal and justice systems— for example, several Latin American and African nations are developing US-style tort claims systems. Whether you are a pharmaceutical company looking to do clinical trials or a mining company worried about potential groundwater pollution, the prospect of US-style tort litigation raises serious business issues.
  • The explosion in transparency has created a new risk—the risk that something becomes viewed as endemic rather than contained. If a bank is accused of wrongdoing or poor controls, it becomes easier for others in the industry to face crises as the entire system falls under suspicion. The old concept of a run on a bank in one city becomes a risk of a run on multiple banks in multiple markets—or a run on the currency of an entire country.

All this has created significant implications for corporate risk management. A new gospel has emerged: assemble teams faster, be nimble and be committed. This is not easy, and the premium on how to react is enormous.

15 – 20  years
Many forms of regulation have increased dramatically in the past 15 – 20 years in areas such as anti-corruption.

“It’s very difficult to train for disaster risk management, but it is worth the effort. Developing emergency contingency plans and conducting practice crisis management sessions will highlight strengths and weaknesses if those exercises are taken seriously,” says Greg Little, a White & Case commercial litigation partner based in New York.

The 2008 financial crisis showed how the risk equation has changed. According to Little, if the financial crisis demonstrated anything, it’s that an initial problem in New York can affect firms just as easily in Tokyo, London, Moscow or Dubai: “Not only must you pay attention to local problems, you must also coordinate with regulatory authorities and legislators in other countries—and they don’t all have the same laws, emphases or outlooks. A resolution in one place does not necessarily move the ball forward in other jurisdictions,” says Little.

Moreover, the drive toward greater transparency and accountability has multiplied the dimensions of serious corporate problems. “It’s about more than legal causation—which used to be the main focus,” adds Little. “Now, it may also be about corporate ‘responsibility,’ and the spectrum of risk has expanded to include, in some cases, societal and product market losses on top of criminal or civil legal exposure.”

A Scandinavian company with a product that is manufactured in China, tested in Africa and sold in Europe and the US could easily be faced with a US lawsuit arising out of regulatory problems encountered in Africa or the EU; these problems could undermine supply contracts and sales around the world and, if serious, cause consumers to question other similar products in the industry.

An intelligent strategy would be to consider risk-limiting strategies ahead of time, consider who needs to be involved within the company and, when the crisis hits, invest early in developing both case theories and expert analysis so that as much as possible the spectrum of potential risks is viewed more widely and dealt with aggressively rather than passively or reactively.

“You have to ask, where is the damage going to arise? Where will my adversary think it is most advantageous to bring actions? You need to consider ways to focus the dispute on a jurisdiction where your chances are most favorable, whether with suppliers, subcontractors or customers,” says Little.

“It also means being creative; is it better to wait for the other side to initiate action or do you have a more favorable forum where you might be proactive? Is there a jurisdiction where we should self-report or settle first? These are not always simple questions.”

Fifteen years ago, according to Little, there was a tendency to think that if you were right on the facts and right on the law, then in the long run you shouldn’t have problems. But there are now so many stakeholders, each with their different interests that go beyond legal liability, that being right on the facts and the law in the long run may not be enough to protect a business.

“You can’t just consider the technical legal arguments,” he says. “You also need to think about public perceptions, dealing with the media, shareholders, legislators and regulators. To add to the challenge, in the age of social media, you can’t say one thing to one group and send a different message to another because everything you say will be out in the public immediately. Consistency is key.”

What this means is that there is now more of a premium on assembling the right team faster—and making sure  that your team covers the broader range of stakeholders than used to be at the table when legal problems developed in a slower, more linear fashion.

“Bringing outside counsel in earlier, including to help coordinate different constituencies within and outside the company, can do a great deal to help gauge and manage rapidly developing risks,” says Pell.

He adds that “compressed timelines and rapidly changing facts make it smarter to engage consulting experts sooner than in the past, because even before litigation breaks out, understanding how different or shifting facts may impact the shape of investigations or claims, or how insights into the economics of an industry may change potential claims or damages, has huge value to a company in managing risk.”

Another potential shift in legal risk management is emanating from the rise of so-called industry ombudsmen taking over duties from the courts, which are increasingly deemed too slow and expensive.

You can’t just consider the technical legal arguments. You also need to think about public perceptions, dealing with the media, shareholders, legislators and regulators
Greg Little, partner, New York

In Europe, a pan-continental claims system, similar to the US tort system, is slowly forming, shifting dispute resolution from the courts to alternative dispute resolution (ADR) mechanisms. Professor Chris Hodges of Oxford University’s Centre for Socio-Legal Studies chairs a committee that is looking into creating a European claims system for dissatisfied consumers.

“Arbitration is outside the courts and has a different architecture to the court system. That’s being used in a wide range of circumstances from straightforward commercial arbitration, through international arbitration to dealing with consumers and online traders,” says Hodges.

Industry ombudsmen are viewed by the businesses they represent as a viable means of resolving their customers’ complaints.

“Companies are finding modern versions, some set up by statute, such as various financial ombudsmen, and some created by industry bodies, such as Germany’s insurance ombudsman set up 14 years ago. These ADR systems are being expanded into a pan-European framework as a result of the EU Consumer ADR Directive of 2013,” says Hodges.

The rise of consumer ADR creates the potential for a different means for resolving certain types of disputes, in ways very different from how we think about court cases.

Taken as a whole, these are seismic changes that are recalibrating the nature of risk and risk management. Companies need to keep abreast of these shifts and constantly look for what is over the horizon.

“Companies know that wherever they do business, they experience risk,” says Pell. “They can start to think about separating their risks, about how they can use their corporate structures, and even insurance, strategically. There may not be a manual, but there is still much that they can do in advance to be prepared to do the right things and ensure they make the right choices when time is short and pressure is high.”

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© White & Case LLP | Attorney Advertising

Written by:

White & Case LLP
Contact
more
less

White & Case LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):
hide

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.

Security

JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at info@jdsupra.com. In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at: info@jdsupra.com.

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.