Legal Exposure: What is it?
Legal exposure refers to the potential harm or risk that a company, organization, or individual might face in terms of legal action resulting from their business operations, professional actions, or failure to comply with statutory and regulatory obligations. Legal exposure can have significant implications, including financial penalties, damages, sanctions, and reputational harm.
For instance, businesses may face legal liability for violations of consumer protection laws, environmental regulations, tax codes, employment discrimination laws, data protection laws, product liability, or health and safety standards . Individuals in professional roles such as healthcare, legal, engineering, or finance are also at risk of incurring legal exposure through malpractice, negligence, or fraud.
Understanding potential exposures beforehand helps with legal compliance and risk mitigation. To protect themselves, businesses and professionals must institute necessary policies, procedures, and controls that minimize legal risks or mitigate the severity of potential legal consequences.
Factors Leading to Legal Exposure
Legal exposure can arise in a variety of situations, often stemming from the everyday activities a business engages in. Some of the most common causes of legal exposure are breaches of contract, regulatory non-compliance and potential liabilities in employment practices. The following are a few common occurrences that sometimes lead to legal exposure:
Contract Breaches
Contract breaches occur when one or both parties to a written agreement fails to uphold their side of the deal, whether by not delivering on goods or services or otherwise failing to do what they are required to do in accordance with the agreement. Sometimes miscommunication can cause parties to unintentionally breach an agreement; however, other times, parties deliberately intend to breach the terms and conditions of the agreement to further their own interests.
For example, suppose that a company makes a deal with an independent contractor for a construction project. The agreement requires the contractor to provide the necessary supplies and materials, while the company provides the labor and workers. If the contractor fails to deliver the material for the project and simply has the workers stand around and do nothing, the company would be within its rights to sever its relationship with the contractor under the terms of the agreement and potentially be able to sue the other party for damages.
Regulatory Non-Compliance
As government agencies around the world have clamped down on various industries, it has become more important than ever for businesses to stay compliant with a variety of regulations. Even if you operate in a highly regulated industry that requires you to pass extensive permitting and licensing requirements and even undergo quarterly or annual inspections, regulatory compliance programs (RCPs) are an essential aspect of maintaining a successful business. Failing to comply with RCPs can result in a variety of liabilities such as license revocations, fines and criminal charges.
Employment Practices and Liabilities
When it comes to employment, employers are responsible for maintaining a safe and healthy environment for their employees, as well as keeping careful records pertaining to their performance. This is essential for avoiding legal exposure related to worker injuries, wage and hour law violations and wrongful termination and discrimination suit. Employers must also be mindful of employee conduct that could result in legal exposure, such as harassment or defamation actions.
Determining Legal Risk
The next step in the legal exposure analytics process is an assessment of legal risk. A lot of the evaluation work in this area overlaps the fields of risk management and risk assessment, which you may have heard of more commonly.
On the audit side, assessing legal risk often involves a legal audit, or review of the existing relevant legal literature that could be brought to bear on the analysis of an exposure. In some cases, a risk assessment can be performed, which is a systematic examination of the likelihood and consequences of a given event occurring. From this, risk management tools are then applied to identify, control, mitigate, and/or avoid a specific risk.
It’s important to understand that risk and exposure are distinct concepts, and as a result, what is a relatively minor risk for one entity may be a significant and potentially catastrophic exposure for another. For example, an executive at a corporate subsidiary located in a high exposure jurisdiction may be facing a significant liability relating to a transaction the corporation is involved in, at the same time as the corporation itself may be successfully avoiding a high level of risk associated with the same transaction. Legal audits in the area of transactional risk often rely on published guidance from corporate and securities law advisory firms that provide information on the requirements of securities, corporate, and other statutes and regulations.
Monitoring tools are also used in assessing legal risk. In the context of legal exposures, monitoring tools may involve the ongoing tracking and publication of relevant legislative, regulatory, and judicial developments that could affect the relevant matter at hand. These systems can be either web-based or otherwise. Some legal counsel offer services in this area.
Strategies to Mitigate Legal Exposure
Central to minimizing legal exposure is a comprehensive contract management system that allows you to not only record existing contractual obligations for suppliers, customers, partners, but also to easily see those obligations at a glance, particularly any onerous clauses that expose the business to unnecessary risk.
Legal exposure is a complex issue, and while having comprehensive contract management software is one variable in the equation it’s not the single point solution. It also involves being aware of the key clauses that can bring about legal exposure, such as: An annual analysis of customer, supplier and partner agreements with a view to understanding your exposure under breach of contract and to determine whether they are fit for purpose in relation to both the company’s operating strategy and any changes in relevant legislation should be considered.
Fostering a culture of compliance within your business that is supported by robust, updated and transparent policies mitigates risks, protects the integrity of your organization and ultimately minimizes legal exposure. An annual or bi-annual review of policies, procedures, practices and trainings ensures that every person in your organization is accountable for their actions.
The fine print of employment contracts, as well as internal policies and procedures should be reviewed in the same way that you do with your agreements with customers, suppliers and partners. In addition, regular audits (covered further down) and training (see point above) help to ensure that your employees understand which policies exist, how they must be adhered to and when.
These audits can offer your organization peace of mind by identifying processes that are working, those that aren’t, and those that need to be updated. Regular reviews of your processes and privacy policies ensure that the information your organization is currently collecting and storing is compliant to up to date legislation.
A final step all businesses should take to minimize legal exposure is to regularly review any changes in the legislation (country and/or industry) that may impact your company’s operations.
Insurance’s Role in Legal Risk Management
Insurance is a fundamental component of legal risk management. For individuals, insurance primarily takes the form of homeowners and renters insurance, along with auto insurance and possibly life and disability insurance. For businesses, insurance is much more complicated, and is tailored to the specific risks faced by that business. Some businesses have a general liability policy that covers all manner of things, whereas others require each type of risk to be insured separately. Insurance is not only designed to practically make the insured whole again by making them financially whole after a lawsuit or similar event, it also serves as a means of avoiding litigation by providing a defense for insureds when they are sued . For businesses that do have liability insurance, as soon as the business learns that it will be subject to a lawsuit within the scope of the liability insurance, they should forward the lawsuit to the insurer and/or contact them to request that they provide a defense. Sometimes, the insurer will deny coverage, in which case the insured should immediately seek legal advice to determine how best to respond. That being said, insurance should never be considered the only option. There are certain lawsuits, such as patent infringement suits, that are not generally covered by insurance, and directors and officers often find themselves personally liable for corporate actions that are not covered by insurance as well. All of this means that it is critical to undertake proper risk management at all stages of a business to avoid adding to the risk through an ill-advised course of action.
Case Studies: Analyzing Examples of Legal Exposure
To better understand and learn from legal exposure incidents, let’s take a look at a couple of case studies.
A Construction Contractor Fails to Pay for Litigation Costs
A general contractor agreed to pay its subcontractors after the project owner made partial payments. When the payment didn’t arrive in time, the subcontractors billed the contractor directly for the amounts owed. The contractor refused to pay, resulting in litigation between the subcontractor and contractor. The subcontractor won, and the general contractor then filed a counterclaim against its insurer, alleging that it should have been awarded fees and costs when the subcontractor recovered. The court disagreed, and instead found in favor of the insurer on all claims. The contractor must pay fees and interest charges under Florida’s Offer of Judgment Rule, as well as the costs and expenses incurred while suing the insurer. The contractor learned the hard way that certain requirements must be met to recover fees under the notice rule, and that failing to abide by those requirements can spill over and cause additional problems.
An Approved (But Outdated) Bankruptcy Plan Can Come Back to Bite
In another example, a popular restaurant made a Chapter 11 bankruptcy plan back in 2012. Under the plan, the restaurant was permitted to make royalty payments to the franchisor according to a formula devised in a previous agreement. The bankruptcy court approved the plan giving no indication that a new royalty formula would be required. However, in early 2015, the Bankruptcy Court determined that royalty payments under the old formula would not be approved. The restaurant found itself facing insolvency, and why? Because of uncertainties about how the restaurant/plan would affect future royalty obligations. It turns out that the restaurant is not the only one affected. In fact, 80 other franchise locations across the country were affected by the outcome of the bankruptcy action. Even though bankruptcy had improved the restaurant’s profitability, the case reminds us that even when a plan is approved, there can still be lasting consequences.
A Broker Mishandles Privacy Policy Changes
In this case, an insurance broker had a privacy policy that did not comply with the Security and Exchange Commission’s Privacy of Consumer Financial Information Final Privacy Rules for Broker-Dealers. The broker obtained the client’s consent to the non-compliant privacy policy. The broker also failed to notify clients about changes to the privacy policy, which incidentally, were made 4 years prior to the SEC Official Notice and Reporting Date. The consumers filed a class action lawsuit and the SEC slapped each member of the management team with sanctions. Ultimately the case resulted in the broker being forced to surrender its Broker-Dealer Registration in 2008. It’s a significant lesson in making sure that policies are up-to-date, that everybody is aware of these policies and processes, and that changes are communicated to key stakeholders. In some cases, it can make sense to work with external committees that can help with compliance and prevent incidents like this from happening.
A Healthcare Provider Hired a Manufacturer to Produce a Form On Their Behalf
In this case, a healthcare organization hired a manufacturer to print a form that was in a ‘green format’, which the hospital intended to use to comply with the Health Insurance Portability and Accountability Act (HIPAA). They classified the form as ‘Confidential,’ but the printer ended up distributing hundreds of thousands of the forms without putting them in any security envelopes. It also sent them to physicians outside of the hospital network. The tapes had information on patients, for example: Social Security numbers. The Chicago Tribune had the ability to expose the process, and ended up making the incident known. The next thing that happened was that a suit filed against the manufacturer and hospital alleging invasion of privacy, negligence, and violations of various state consumer fraud and privacy protection acts.
Legal Exposure and Risk Management: What’s Next?
The future of legal exposure and risk management can be traced to emerging trends both at home and abroad. Globalization is one important trend. International business laws and emerging markets are becoming more and more prominent in the U.S. courts. In 2000, 11 percent of U.S. securities class actions involved a foreign issuer and only four percent involved a foreign national. By 2012, those percentages had more than doubled to 23 percent involving a foreign issuer and eight percent involving a foreign national.
Another major trend centers around the growing complexity and pace of businesses. Miscommunications and misunderstandings about risk further aggravate this issue when it comes to ownership because an ownership stake does not always mean that the company or its assets must be included in securities or accounting reports or that the owner has control over the entity and its activities. Many times, unless there is frequent internal dialogue between the parties, parent companies will not even know that a subsidiary is conducting business. This apparent ignorance creates a business risk to the parent company as well as legal exposure.
The increasing volume and variety of high-volume class action suits is yet another source. For instance , from 2016 to 2017, the number of securities class actions increased 44 percent. In addition, the number of IPO-related class actions tripled during that same time period. The volume of securities class actions, especially those focused on M&A issues, is widely expected to remain high.
Changes in consumer attitude are also to blame for legal exposure. While historically consumers have acted as victims or plaintiffs, recent data shows that less than three percent of consumers will file a claim for restitution. A much larger proportion will instead choose to voice their grievances on social media, in negative reviews, or to the media. If retaliation from consumers continues to trend this way, it could impact how businesses prioritize products and services and could result in legal exposure concerns.
Emerging technologies will be another big driver of legal exposure in the future. For example, many businesses still ignore the use of artificial intelligence in contract analysis and drafting. This is a big mistake as using artificial intelligence to assist with contract analysis and predictive analytics can help businesses avoid costly and time-consuming litigation.