What does it take to lead through the wake of a pandemic and manage a corporate legal department on the threshold of tremendous societal, technological, governmental and organizational upheaval? It’s a question many chief legal officers (CLOs) and general counsel have been asking themselves and their peers throughout 2021. For some, the answer has been present all along in the choices they’ve made and in the resiliency they’ve maintained amid a never-ending stream of challenges.For the general counsel, endurance is now the name of the game in leadership. Endurance is described as the ability to exert energy and remain active over a long, sustained period of difficulty or unpleasantness while at the same time resisting, withstanding and easily rebounding from trauma or fatigue. It’s a quality that isn’t developed overnight, but rather requires prolonged training, discipline, practice, strength, steadiness and patience.
“As general counsel, I am being sought out for business model and strategy advice. Also, in connection with COVID-19 and as we try to grapple with returning to work, there is more of a need to adapt to an environment of flexible thinking and collaboration. As a result, the management of the job is introducing a new working environment in how we interact with each other and navigating wellness challenges.”
The demand that emerged in 2020 and 2021 for GCs to shift from their core responsibilities to strategic leaders across health and safety, technology adoption, employee development, diversity and other key initiatives served as a crash course in endurance training. This evolution in the GC’s role was covered extensively in previous editions of this joint annual examination of in-house legal environments and trends, The General Counsel Report, from FTI Technology and Relativity. For example, in the 2020 report, it became evident that the GC was no longer merely a risk mitigator, but rather a valued contributor to the organization. This was called into action during the pandemic and in 2021, when the GC absorbed a wide range of new duties.
FTI Technology and Relativity engaged Ari Kaplan Advisors to lead the study again for 2022, interviewing 30 GCs (between July 7, 2021 through August 19, 2021) from a range of industries about their roles and providing a year-over-year analysis of how their responsibilities are changing during turbulent times. Most notably, the findings revealed that the trials of the past two years were critical in empowering legal teams with the endurance they’ll need to face a myriad of emerging expectations and challenges that will soon dominate their time and resources.
In a three-part series, The General Counsel Report 2022: Leading with Endurance Through Risk, Culture and Technology Challenges covers three key areas of what can be described as a triathlon of challenges grouped into three distinct areas or events. Each demands endurance that will require CLOs and GCs to expand their breadth of understanding and accelerate positive change. Each installation of the report will share in-depth insights across:
- The Widening Landscape of Risk Management: The risk profile is rising dramatically for organizations of all sizes. GCs are increasingly concerned with a wide range of intensifying risks for which they are primarily responsible, including persistent data risks, expansive regulatory enforcement and privacy and security issues. Unfamiliar risk vectors are arising as well, including new types of employee-related disputes and ESG (Environment, Social and Governance) considerations.
- Culture Development and Team Management: The GC has become an official leader in company culture and employee matters, whether HR sits within their department. This relatively new responsibility is one that GC in our survey tend to embrace with enthusiasm, and many expressed their personal investment in helping support their people, drive engagement and contribute to progress in hiring and retaining more diverse talent. Still, even with their optimism, this role will require GCs to invest increasing amounts of time, energy and persistence to meet their goals.
- Technology Activation: Most – 87 percent – GCs are involved in technology buying decisions. They carry responsibility for the deployment of tools across their organization and within their legal department, as well as planning for broader tech-driven initiatives. They must also keep a pulse on the technological competence among their in-house professionals, outside counsel and litigation support teams, while overseeing training and education initiatives that improve technology optimization.
The Widening Risk Landscape
The spectrum of risks organizations will navigate in the year ahead has become hazardous. GCs are concerned with the impact of emerging data sources on everything from data privacy and security to compliance and e-discovery workflows. Creating strong governance with respect to data protection and preventing fallout from a data breach is another key area of focus, as is the belief that global regulators will become more active and stringent. The challenges that COVID-19 presents to the workplace, employee well-being and company financial performance continues to fall under the GC purview, and how the organization will meet ESG benchmarks has been added to the list of risks the GC must address.
60 percent of GCs indicate concern over mounting risks.
One GC said, “The problem is that there are multiple areas of tremendous risk. One is on the employee side because retention affects legal, especially if HR reports into legal. Employee retention and engagement, including responsiveness to D&I and cultural issues…[Also], you cannot oversell the issues of data privacy, coupled with cybersecurity, which both are associated with data protection. It is not if, but when a breach will occur….”
Oddly, while new areas of risk have emerged on the GC radar, some that should continue be top of mind – such as IP loss or theft among remote workers – have dropped off. Additionally, when looking at year-over-year comparisons between 2019 and 2021, feelings of preparedness for key risks declined in every category. This suggests that with an elevated role and an expanding risk landscape, GCs are shifting priorities to give adequate attention to every issue.
Quick Look: Expanding Areas of Risk
2021 | 2022 | |
Privacy, data protection, security and/or data risk | 65 percent | 46 percent |
Compliance and regulations | Not mentioned | 36 percent |
COVID-19 business and workforce implications | 19 percent | 17 percent |
Technology modernization | Not mentioned | 3 percent |
IP loss | 16 percent | Not mentioned |
*As indicated by qualitative responses. Multiple responses allowed.
Year-to-Year Comparison: Risk Preparedness
On a scale of 1 (low) to 5 (high) how prepared is your organization for the following?
2020 | 2021 | 2022 | |
Data privacy laws and regulations such as GDPR and CCPA | 4.02 | 3.29 | 3.27 |
Information governance and data remediation | 4.03 | 3.26 | 3.20 |
Emerging data sources (social media, cloud-based file sharing, collaboration apps, etc.) | 3.77 | 3.00 | 2.90 |
Cyberattacks | 3.23 | 2.94 | 2.59 |
AI and machine learning | 2.67 | 2.10 | 2.10 |
Blockchain and cryptocurrency | 2.32 | 1.75 | 1.79 |
Data Privacy and Security
Data protection is a clear mounting threat in the view of 46 percent of GCs, and many shared similar sentiments to one GC’s comment that, “Data privacy and cyber, from regulatory, reputational and ethical perspectives, are top of mind.” Confidence, however, has not aligned with awareness. While in 2019, GCs felt reasonably well prepared across data privacy, information governance and security, scores have declined steadily, and most areas are rated at a moderate or low level of preparedness.
Many GCs interviewed said they see the shift to remote work as a driver behind heightened levels of risk and a decrease in preparedness. One said, “Information security and data risks haven’t changed, but have become more significant with employees working from home and the inability to implement the same controls as an organization could have while working from the office. Infosec risk is bigger than ever.”
Compliance and Regulations
Concerns over increased regulation and antitrust enforcement were shared among 36 percent of the respondents. One GC said, “We have a changing landscape with the new administration in Washington, D.C. We are seeing more interest in regulatory inquiries, and whether from a business standpoint, SEC, antitrust, DOJ, or EEOC, we are noticing more activity.”
Another agreed, and when asked about the most concerning risk, said, “It has to be the increased regulatory scrutiny over the past couple of years. I just feel like everywhere we turn regulators, such as the SEC, are emboldened. It is that increased regulatory scrutiny combined with a hyper-vigilance around reputational risk that everyone seems to have.”
Emerging Data Sources
While risk relating to emerging data sources such as collaboration platforms and cloud file sharing tools was not a topic of conversation during previous GC report interviews, more than one-third of GCs indicate high levels of concern about dealing with the explosion of emerging data this year. Emerging data sources are introducing a myriad of challenges for GCs in their approach to risk management, across costs, efficiencies, data privacy, information governance, compliance monitoring, security and e-discovery processes. And, in parallel with the rapid growth of the data footprint and related risks, preparedness for dealing with it is on a steady decline, with many GCs struggling to regain organizational control over their data following the shift to remote work.
One summed it up as, “This area is evolving so fast. Our data maps change frequently, and teams are constantly adding new applications. We have a good vendor management program, but the way our data is shared… how our systems interact…and our employees collaborate continues to change.”
Ongoing Pandemic-Related Issues
Just as COVID-19 has shifted through variants, so too have the business, legal and compliance risks associated with the pandemic. In 2020, GCs were thrust into what many described as embracing a chief medical officer role, focused on how best to support the health of their employees as well as the rapid shift of their workforces to remote environments. Now, some are worried about how the ongoing effects of the pandemic will manifest in supply chain issues, liability and labor disputes. Many are also trying to strike a balance between remote work and in-office policies, in conjunction with weighing and rolling out vaccination mandates. One said, “We are on the cusp of mandating vaccination to return to an office. This is an iterative issue.”
“The biggest change is how much more dependent the company is on legal’s involvement in ever-changing laws and regulations related to COVID-19. When new issues arise that are dynamic and impactful in the world, companies will increasingly rely on their legal teams to navigate any issues that present risk.”
Environmental, Social and Governance (ESG)
Another new issue emerged in this year’s study, with many GCs discussing their thoughts on the impact of increased demands for corporate responsibility relating to ESG. For example, one respondent said, “I am increasingly worried about ESG. Data privacy is the top risk, but ESG is the top trending risk and rising rapidly because of exposure in the future for corporations.”
While not previously referenced in our report, this year, now multiple GCs interviewed list ESG as one of their primary risk concerns. Another respondent expressed concerns in not only how ESG requirements will impact business and reputation, but also how regulators will handle it.
“Environmental, social and governance issues are so critical because [ESG] is a key series of themes in which investors are interested and regulators are becoming stricter about the clarity of the auditing nature of your reporting on these issues. If you don’t report correctly on ESG, it could be considered fraud and I am increasingly worried about that.”
Key Comments
- “It is becoming harder and harder to know how to protect your data or to allow people to be forgotten. It would be very helpful to have a federal standard.”
- “Data privacy is incredibly important, and I worry about the threat of breaching consumer data.”
- “You are at the mercy of what employees have built into their security at home. You also must be mindful of the reputational risks as well. As a GC, you need to have a process in place.”
- “There are a lot of unknowns. The sources of data are so disparate, and it is hard to track what comes into a company’s system. It is more confusing than email. Some of those systems are not fully aligned with a company’s system. For example, where do comments from a company’s Facebook page live? Often, this is an afterthought.”
- “Companies are not prepared for emerging data sources. As tools develop more quickly, you have to live with them for a while to fully understand the risks.”
Inside Takes
- Data risks persist, and when looking at data from the last three years, GCs are feeling less and less prepared to defend against increased levels of data risk heightened by the shift to remote work and accelerated use of emerging data sources. Many fear a headline-grabbing data breach on their watch.
- The impacts of increasing regulatory oversight, stricter competition enforcement, new compliance requirements and a patchwork of global regulations are making it harder for GCs to fulfill their core risk management function.
- The pandemic is not over and GC anticipate ongoing COVID-19-related risks across remote workforces, labor issues, vaccine mandates and more.
In 2022, the GC’s day-to-day of running a corporate legal department will be much like enduring a triathlon. Mitigating a rapidly widening landscape of risk is only one of several challenges GC will need to face with endurance in the year ahead. The subsequent installations of The General Counsel Report 2022: Leading with Endurance Through Risk, Culture and Technology Challenges will discuss additional insights across the people and technology challenges GCs and CLOs are currently facing or anticipating.
Methodology
During July and August 2021, Ari Kaplan personally interviewed 30 GCs from predominantly Fortune 1000 companies. Nearly 57 percent have revenues that exceed $1 billion, and 70 percent have more than 1,000 employees.
Most were in telecommunications and technology (40 percent); and 13 percent were from life sciences; 13 percent from manufacturing; with the remainder from construction, energy, retail, real estate, consumer products, R&D and advertising/marketing industries.
Visit www.FTITechnology.com for Parts 2 & 3 of the Report.