Category: In-house

The accelerating shift from traditional on-premises information technology (IT) systems to cloud computing presents in-house counsel with a veritable obstacle course of compliance challenges and regulatory pitfalls. Virtually every industry today faces an expanding set of data security demands, while different countries often have their own unique privacy and data protection requirements.

Even global regulatory landscapes can change with the stroke of a pen, as with the recent invalidation of the long-standing Safe Harbor data transfer arrangement between the EU and United States. Today’s in-house counsel must master all of these requirements, explain them to their boards, and verify that their organization complies with them.

For a technology vendor, keeping a broad portfolio of feature-rich cloud services in compliance with an ever-changing regulatory landscape is a never-ending challenge. At Microsoft, our own lawyers engage daily with our cloud engineering teams to help them understand and implement the requirements of this complex and evolving regulatory universe. 

This article discusses technical developments that in-house counsel need to understand as they evaluate cloud services and Microsoft’s own experience working to meet the exacting legal and compliance requirements accompanying these developments. Our fundamental message is simple: the economic and strategic advantages of cloud computing make it impossible to ignore, but the transfer of responsibility over sensitive data and applications from customers to cloud providers requires the formation of a new framework for establishing and maintaining trust between these contracting parties.

Why the Cloud is Surging

The cloud really is a revolution, and it really will change the world. In fact, it is already doing so.

To understand why the cloud is different, we can divide the past half century of computing into four epochs.  The first was the epoch of the mainframe, behemoths so big and expensive they could only function inside dedicated buildings owned by giant corporations.  This epoch was dominated by IBM.

The second epoch was that of the PC, launched in the early 1980s by Apple, Microsoft, and Intel. These inexpensive desktop computers were first marketed to hobbyists and consumers, but soon swept the corporate world, penetrating even the smallest organizations. By the 1990s, evolved versions of the PC known as servers also came to stand alongside mainframes in corporate data centers. But these servers still lacked the power to handle the most important “mission-critical” tasks.

By the latter half of the 1990s, the third epoch of computing emerged with the connection of hundreds of millions of client and server PCs into a vast global network. Known as the Internet, this network made possible countless new applications built on the reality that any individual could now instantly communicate with any other individual or access the information and processing power of any other computer on the planet.

Although we think of the Internet as the foundation of our modern high tech world, in reality the Internet epoch was only a brief interlude. Over the past few years, it silently mutated into something new, which we now call the cloud. This new epoch is a combination of the previous epochs, but innovations in software and hardware make the cloud almost unimaginably more powerful than previous computing paradigms. After the extreme decentralization of IT brought about by the PC and the Internet, the cloud is all about the recentralization of the world’s data and computing power into a relative handful of “hyper-scale” data centers. A single one of these facilities may house tens or even hundreds of thousands of PC-like servers packed into energy-efficient, massively interconnected racks spread out over the space of a football field or more.

Within the next ten years, the majority of business applications and virtually all consumer applications will be served from perhaps a few hundred of these huge cloud data centers, located in all of the world’s major geographies. Owing to its tremendous economies of scale, on-demand usage model, and pay-only-for-what-you-use billing, the cloud will progressively make inroads into the IT infrastructure of nearly all enterprises.

The Cloud is Transforming the Compliance Landscape

On-premises IT systems will remain a vital part of enterprise computing for many years to come, especially to handle particularly sensitive data or mission-critical workloads. However, the cloud is disrupting even on-premises workloads. In the past decade, most enterprise IT organizations have embraced the software technique known as virtualization, which allows each individual hardware server to be shared by multiple “virtual” servers, thus yielding significant cost savings due to more efficient utilization of expensive capital equipment. Having first been virtualized, traditional on-premises data centers are now being “cloudified” by an additional layer of automation and management software that transforms these on-premises facilities into what industry analysts call “private clouds.”

The economic and strategic benefits of cloud computing are too large for even the most risk-conscious organizations to forego. Indeed, because the cloud will increasingly be a strategic asset for innovation and productivity for companies across the economy, almost every business in the future will be a digital business. 

But by shifting the permanent residence of data and applications to data centers owned by third parties that may be located in other countries or even on other continents, cloud computing introduces a level of legal complexity that requires a fundamentally new way of working and thinking by in-house counsel.

Meeting the Challenge of EU Data Protection Laws

Big data analytics will revolutionize the ability of enterprises to understand exactly what is happening in their markets and how to shape future outcomes. Such methods require enterprises to store and analyze vast quantities of data—so vast that the accepted term is “data lakes.” Realistically, such “lakes” of data can only be stored in the cloud and in many cases they will contain PII of customers and employees and will therefore fall under the strictures of data privacy laws, including the demanding new data protection laws recently passed by the European Union.

How can multinationals doing business on both sides of the Atlantic ensure that their strategic big data analytics programs will not run afoul of rules governing international data transfers? They should partner with cloud vendors who have spent years understanding what regulators require and how to implement both the technical and the legal components of a full-spectrum cloud compliance strategy.

Recent events demonstrate just how complex this challenge can be for enterprises that operate in multiple jurisdictions.

In October 2015, the Court of Justice of the EU abruptly invalidated the U.S.-EU Safe Harbor Framework, which was based on a 15-year-old agreement between the United States and the European Commission that had enabled thousands of enterprises to move personal information across the Atlantic while remaining in full compliance with the EU’s stringent data protection rules. 

At Microsoft, we had long recognized that the collapse of Safe Harbor was a possibility and had already taken steps to prepare. Starting in 2010, we assigned a dedicated team of several dozen lawyers and public policy professionals the task of creating a new cloud contract based on the standard contractual clauses—often known as “model clauses”—that the Commission established pursuant to the EC’s 1995 Data Protection Directive. 

Over a period of several years, our compliance experts met on numerous occasions with officials from the European Commission and the EU’s 28 member-state Data Protection Authorities (DPAs) to hammer out a solution. In April 2014, the European DPAs determined that the model clauses in our new enterprise cloud contract met their requirements for a valid legal framework governing international data flows. These clauses, which we now offer by default to all cloud customers, ensure that even without Safe Harbor, all personally identifiable information stored in the Microsoft cloud continues to meet Europe’s rigorous privacy standards no matter where it is located. 

However, it is critical for compliance professionals and in-house counsel to understand that compliance will always remain a moving target. The model clauses we introduced in our standard cloud contracts are themselves under challenge and may give way to new regulatory requirements, just as the U.S. government and the EU have recently negotiated a new agreement called Privacy Shield to replace Safe Harbor. This is an important step toward creating a new legal framework to enable data to move between Europe and the United States in way that satisfies the data privacy and security concerns of both sides. The Privacy Shield has been ratified by the European Commission and all EU member states, but is certain to be challenged in court. 

Building a Framework for Trust

Regardless of the outcome of Privacy Shield, enterprises will continue to grapple with changes in their legal and compliance requirements as they affect the use of cloud and other technology services. 

At a time when technology has outpaced existing legal frameworks that govern how confidential data is protected, and governments are struggling to balance public safety with the right to privacy, enterprises must work continuously to ensure that the services provided by their technology vendors retain the trust of all stakeholders—including governments, corporations and individual consumers. For members of the legal and compliance community, trust is especially important to ensure that their clients meet regulatory obligations and community expectations while reaping the economic and strategic benefits of the cloud. 

This Article was originally published in Issue 4.4 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

I have been working for Tesco for almost eight years, and when I joined the company, “compliance” was absolutely not a focus. We certainly followed values like “no one tries harder for customers,” but we did not know too much about compliance and about how important it should be for a well-organized company in the 21st century. 

A few years later we started getting more and more familiar with compliance and recognized fairly quickly its relevance for our business. Soon, there was not a single legal conference where compliance was not on the agenda. We had many discussions about the real meaning and value of compliance, and eventually we extended the scope of our discussions to encompass “ethics” and “ethical behavior” – we had many interesting chats about the differences between those concepts and compliance (I’ll come back to this point later in this article). If I look back to our “ethics & compliance journey” at Tesco now, I think these brainstorming and discussions can be seen as the initial phase of it. 

After recognizing the importance of compliance, we started to work on building various compliance programs. A Group Regulatory, Ethics, and Compliance Team prepared so-called “blueprints,” containing those items which needed to be implemented in order to establish a robust compliance system. At Tesco we have compliance programs in the areas of anti-bribery, fraud, competition law, information security, and people safety. We are currently working on our data privacy compliance program as well, which nowadays is a very hot topic and keeps many compliance officers awake at nights. We have some additional ideas in our heads as well, so I am sure that this phase will be a long-lasting one. 

I define this second phase of our ethics and compliance journey as the one where we set the basics (i.e., create the basic elements of an effective compliance program such as policies, guidelines, risk registers, trainings, communications, monitoring, etc.). There is no question how important this second phase is as without having a strong basis it is difficult even if not impossible to build a nice house on it. Though I certainly like doing compliance, I should admit that this part of the journey is sometimes quite dry and boring and I am sure that when people think about compliance, almost all of them have this part in their mind which makes compliance not the most popular topic.

However, there is a more exciting part coming after phase no. 2, which can be characterized by the following challenge: how can we build a nice house on that strong foundation? In other words, how can the robust compliance system we have created be embedded into the everyday thinking and behavior of our colleagues? Based on my experience I can say that no one should underestimate the relevance and the complexity of this phase. We find ourselves sometimes in a position where we are confident that we have a good compliance system (created in phase no. 2), but we still doubt whether our colleagues really understand our messages and follow our instructions. It is, after all, fairly easy to prepare a nice policy, but it can often be awfully difficult to implement it into the daily operations of the business. The bad news is that I do not know the key to success, if there is one. My advice is to continuously review your compliance programs and be very critical – which means that you should not be satisfied with the system itself but should ask yourself whether colleagues are really following the rules during their daily work. 

Let me share with you some additional tips which you can use to make your compliance program better. First, while reflecting on the changes of the risks – which should be done properly and in a timely manner – make your risk register live. Second, communication is never enough in order to raise awareness of the programme; in addition to e-learnings and face-to-face trainings for bigger teams, organize interactive workshops for smaller groups of colleagues where you can involve them more in discussion.

As you can see, phase no. 3 is a much more challenging but also more exciting part of the ethics and compliance journey, allowing you to deal with people and do your best to change their ways of thinking about ethics & compliance. This is the part where you can transform compliance into ethics and the pure program you have created into the ethical behavior of your colleagues which should be – I think – the ultimate goal of all compliance officers.

This Article was originally published in Issue 4.4 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

Compliance Matters

The role of the in-house legal counsel in recent years has become intensely intermingled with compliance matters, which are of huge importance for international corporations. For example, American companies place great importance on anti-corruption compliance, and the U.S. Foreign Corrupt Practices Act is widely known and complied with in Europe due to its extraterritorial application. 

Another area of importance is competition compliance. Competition authorities such the European Commission are quite active in investigating anti-competitive agreements and abusive behaviors of dominant companies. 

Furthermore, as part of compliance programs and processes companies are focusing on risks related to fraud, health and safety, data protection, and cyber crime.

A core reason for the enhanced compliance systems and processes are the heavy fines (e.g., competition law infringements may lead to fines as high as ten percent of the annual worldwide turnover of the undertakings), damage to reputation, and potential for director disqualification and even imprisonment that may result from violations.

Thus, it is logical that the role of the legal counsel is often combined with that of compliance officer as compliance matters have significant legal implications. 

Successful Compliance Programs

Companies and organizations should have a zero-risk appetite for breaking the law and violating the compliance programs in place. It is also vital that a company’s culture positively supports ethical and legal behavior.

A clear compliance program should be business-friendly and well understood. It is important both that the program be advocated from the top down, across the entirety of an organization, but also that there be bottom up buy-in from the business side.

The problematic issue with many compliance programs and processes is that they can be too heavy for the business to digest and sometimes create so much “noise” in the organization that employees lose sight of the essence of the message. They are often over-complicated with legal terminology and burdensome rules.

Our advice to companies is to establish a risk-based approach tailored to the specific needs of their organizations rather than a “tick box” compliance exercise. Many factors are relevant and should be analyzed, including the relevant industry, the external environment in the country, corruption perception, mentality of the people, and so on.  

In 2016 we at AVON in Central Europe piloted an interesting way to present the essence of the legal and compliance rules under the internal brand of “Simply Legal.” Our materials are business-friendly and straight-forward. They present the basic topics in a way that is interactive, funny, and easy to remember. 

As part of Simply Legal we created 60 second guidelines, DO and DON’T lists, videos and cartoons, and dawn raids guidance and instructions which are short in time and easy to remember. People learn while they have fun. The old-fashioned way of presenting long texts or power point presentation is far from catchy. People want it light and fast. In the digital era and with the dynamics we face in all industries and spheres, creativity is crucial to catch the attention of the business. 

Companies should ensure constant updates, contact points for advice and training, and Q&A sessions with their in-house legal counsel. 

Frequently, the legal counsel is supporting a Compliance department that is separate from the Legal department. The crucial element here is the communication and alignment between the two teams. 

Promoting an Ethical and Compliance Culture

Many companies understand the importance of ensuring that they comply with the law and promoting a culture of compliance within their business. Commitment to compliance is vital and an integrity culture should be promoted to employees so that it is integrated in their mindset and prioritization list. 

Here, apart from the trainings and other systems which may already be in place, another important component is a whistle-blowing system (sometimes called a Hot Line, Credo Line, Speak-up Line, etc.). Such systems allow for the free and anonymous reporting of improper behavior and practices within an organization. It is important that people feel free to use such lines anytime, anywhere, in any language, with confidence that no retaliation measures will be taken against them. 

Compliance Testing & Monitoring and Compliance Audits

Integral parts of successful compliance systems and processes are compliance monitoring and audits. Whether performed by internal or external auditors/monitoring teams, such reviews allow for a check on compliance awareness within organizations, the processes behind the rules and policies, and the overall success of a compliance culture’s implementation.

At this stage the role of the legal counsel is more that of an ambassador, enhancing the processes of testing and auditing by providing clarifications, explanations, and guidance to the auditing teams. 

This Article was originally published in Issue 4.4 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

It is good to have at least general idea of the answer to the question of where the added value of the legal department lies, otherwise you might become a very expensive administrator whose contribution to a company success is questionable. 

My experience as an in-house lawyer comes from work in legal departments consisting of up to four people. I have worked in long-established legal departments and those I had to create from scratch. The only common feature of the companies I worked for was that they were in a constant process of transformation, always entering into new businesses and new areas of risk, and thus constantly challenging their lawyers with additional work. Being overloaded with work, you have to ask yourself every day whether doing something is really valuable for the company or is just a simple administrative task better performed by someone else. 

How You Are (Dis)Organized

A lack of proper understanding of the legal department’s role results in it being overburdened with mundane and non-critical “legal” work. Quite often in this context “legal” means that the use of Microsoft Word instead of Excel or Power Point is required. This is a simple way to transform a legal department into extremely expensive administrators who do not create much (if any) added value in projects they are involved in, with a presence the company may find difficult to justify.

Unfortunately, there is no one good answer to the question of what the role of the legal department should be. It is evident that when you ask your colleagues they might have very different expectations in respect to the areas where in-house lawyers should support them. Some expect legal help with drafting any communication to third parties, some prefer to limit lawyers’ work and consult with them only regarding single sentences in an agreement without providing them any context. 

The different expectations are often related to the different set up of an organization; for instance, contract management often is assigned to the legal department not only directly, but also often due to the common understanding that if something is not clearly assigned to any other department, legal will handle it. To preserve capacity to work on tasks where your input has really value, you need to be assertive and decline (in a polite manner) all requests which are disruptive to work and related to a misunderstanding of the in-house lawyer’s role. 

Naysayer – No, I Do Not Think So 

Based on the questions asked about the role of legal department, I sometimes get the impression that many believe that an in-house lawyer’s job is primarily to say “no” every day. This is related to the outdated perception that a legal department consists of naysayers and deal-stoppers.

In the last ten years of my work as an in-house lawyer I am pretty sure that I did not say “no” to a deal more than a handful of times. My role is not to stop the deal but to find a legitimate way of doing it which also suits the company’s business model. If something important from the legal perspective needs to be highlighted, you need to do that, of course – and preferably at an inception stage of the project. In essence, by frequently saying “no” without proposing any legally safe and acceptable alternatives, you are failing in your role as in-house lawyer. You should be perceived as an enabler of projects, and as someone who helps find a legally safe way of implementing them. 

Of course, you need to understand what “legally safe” means, because doing business often involves a certain level of legal risks. Various companies have different appetites for the risks related to their activities. The companies I have worked for valued their brand perception and integrity of their employees, therefore a quite significant number of legal risks were ruled out by definition and without the need for a legal department to escalate them (e.g., regarding corruption, bribery, etc.). 

However, we all know that the law is not always clear, and – depending on a court’s interpretation – we may face some additional costs which can significantly impact the business model adopted for a specific transaction. The task of the legal department is not to make sure that this risk will be entirely removed (which is more often than not impossible) but to quantify the potential exposure and its likelihood in a way that can be understood by business, included in the business model, and constitute a basis for a business decision.

Longing For Crisis

The ultimate test for in-house lawyers usually comes during a time of crisis. This is the time when you should show legal knowledge, integrity, and business understanding. During crises there is often not enough time to fully utilize external lawyers (due to the dynamic situation), therefore in-house lawyers need to take much more pressure on themselves. 

Moreover, apart from legal knowledge proficiency in the use of Power Point and to some extent Excel is required to properly communicate with company’s executives. Apart from those technical skills, this also requires good understanding of the nature of the crisis and alternatives which are available to the company. 

A huge crisis does not happen frequently – but smaller ones are not unusual. This is (unfortunately) the simplest and quickest way to raise your profile within the company, as no-one questions whether an in-house lawyer adds value during a crisis or not. However, the downside is that failure to perform in the face of the crisis (or, of course, bring responsible for it), may be the simplest way for a lawyer to get fired – so there might not be a second chance. 

Business Adviso – Can You Learn This At 

Law School?

Nowadays business works together with in-house lawyers from a project’s inception to its end. In-house lawyers need to provide advice on the project’s structure and its legal ramifications, and may need to draft/review agreements. 

The main objective of the legal department is to find not only the way to implement a project, but also to implement it in the most efficient way, preferably with limited or no external legal costs. In-house lawyers also have to be aware how their advice impacts a project’s financials; i.e., they need to provide pragmatic advice considering both business outcomes and legal consequences. 

In order to have a broad business perspective and sound business judgement on top of their legal skills, in-house lawyers need to be connected with their business colleagues on a day-to-day basis. Only then can their advice provide added value for the business, as communication in financial terms (often related to short and long term gains) will be perceived by business as especially valuable. They should also be able to distill complex issues down to specific items and act sometimes as project manager, to bring all stakeholders together in order to work out a proper solution. 

Moreover, business advisory is the area where in-house lawyers are able to differentiate themselves from external lawyers who are often perceived as specialists in isolated areas of law but due to either lack of knowledge about a particular business or their obligation to protect their law firm from liability, rarely offer genuine business-strategy advice.

Summary

Even in most promising projects, in-house lawyers must make sure that the right thing is done (and escalated if needed) regardless of consequences. However, at the same time, in-house lawyers have to contribute to the bottom line of the company not just by preventing something that is wrong, but by proposing alternatives which are compliant with business models proposed for a given project. 

Of course lawyers are always required to do some firefighting, but by our presence in business coupled with pragmatic advisory and the promotion of compliance we need to ensure that the number of crises is kept to a minimum. If we can avoid being overburdened with mundane tasks that do not require lawyers (but no-one else wants to take care of) and constitute distraction from other tasks, we should be able to prove our value to the company and facilitate its success (despite the fact that performance measures for in-house lawyers are still in infancy, but that is a topic for a different article).  

This Article was originally published in Issue 4.4 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

The rapid transformation (one could almost say the revolution) of the world of legal services is a fact and has been taking place for some time now. In fact, I believe it is now gaining its full momentum. This transformation affects both law firms and in-house legal departments. It started several years ago with cost-cutting, as clients expected more and more for less and less: in-house legal departments from external law firms, and internal clients from in-house lawyers. More changes followed. 

It is no longer sufficient to have merely a traditional knowledge of the law. Clients (by whom I mean both law firm clients and internal clients of in-house law departments) expect lawyers to provide solutions to their business problems. Additionally, providing advisory services of a strictly legal nature is no longer sufficient: one must be familiar with and understand business, have (an increasingly broad) understanding of management, and look at problems at hand and their possible solutions strategically and with a broader view. Moreover, a lawyer must be able to work in a team and understand (although a number of us will find it difficult to come to terms with this fact) that there may be teams where he or she will not be the leader, but a member, and the matter will not involve a legal project but a business one. We must also bear in mind competences in the field of finance, project management, and IT. 

As if all that weren’t enough, start-up initiatives (whether independent or affiliated to large international law firms) are springing up like mushrooms, focused on automating selected legal services using advanced IT technologies or artificial intelligence. 

So many years – if not centuries – of the traditional model of prosperity … and now within just a few years the world has been turned upside down. 

Let’s be honest: March or die! There is no other way than to accept the changes and start benefiting from them. 

Frankly speaking, I welcome the changes with joy and relief; I could not wait to see them. I do not perceive them as a threat. Not at all! For me they are a fantastic opportunity to participate in an exciting venture, a great adventure, which offers me the chance to become a fully-fledged lawyer of the 21st century, providing services suited to contemporary (and future) requirements. 

I believe the key element of the changes is the people we work with – the members of our in-house teams. There are two good reasons for this: First, we cannot change anything without them; and second, it is these people that frequently force us to make the changes. 

The market is starting to be dominated by people commonly known as the Y/Millennial Generation. Let us not pretend that we don’t know: They also include lawyers, and we are either already working with them now or we are going to work with them in the near future. A lot has been said about the qualities of the Y Generation, how they differ from past generations, and why they differ so much from the X generation (which I am told I represent). I get the impression that these descriptions are dominated by an image and evaluation of the Y Generation, albeit not straightforwardly expressed, yet negative and formed from a distance, which presents them as somehow “extravagant” (momentarily, those describing them hope) compared to what is proper and normal.  

A number of my colleagues both inside and outside the legal profession look upon the Millennials with concern, and while some indulge them, most think that they will not make proper lawyers in the full meaning of that term, or committed lawyers, because a good lawyer has qualities and stands up for values that are the exact opposite of those of the Y Generation.

I think they are wrong. Millennials can make fantastic lawyers and members of our teams, if we just put aside our prejudices and stereotypes and are open to what they offer. 

Is there anything wrong or dangerous in these qualities? 

Expectations of the Millennials will force us to set clear goals, identify the sense in each task, and provide clear and immediate feedback, which can only increase efficiency. 

When work is a pleasure and fulfils our intellectual ambitions, we work better and are more willing to work, while new ideas come effortlessly. 

Freedom in the world of modern technology may open up paths for legal departments which until now seemed quite inaccessible. 

I believe in-house lawyers may accomplish a number of their back-office tasks equally effectively, whether sitting at a desk in the company’s office or working anywhere in the world with their laptops. Yes, I do believe a lawyer may be a digital nomad, why not?  And in this situation our colleagues are sure to accomplish their work-life balance. And since I am talking about the work-life balance: Do we really believe that work is more important than private life, family, and hobbies, and that leaving the office before 8:00 p.m. is unnatural? 

I have spent most of my professional life as an in-house lawyer, and the last few years as a GC, and from these perspectives – both as regular lawyer and manager of the entire department – I can say, with full confidence: Let’s treat Millennials as a gift and an enormous chance, for us personally, for our departments, and for entire companies. They can offer a fresh perspective, courage, and a new outlook on rules and values. They may force us to ponder our private lives and careers. They may help us change how our profession and its role in companies are perceived. And they will be one of the elements that will help us become successful lawyers of the 21st century.

This Article was originally published in Issue 4.4 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

The legal department is one of the support functions in an organization which is, or at least should be, constantly evolving together with the organization it supports. It cannot be too static or too inconsistent in its approach and way of handling the organization’s legal matters. 

Although the core structure of any company is its core business, its product, its service, or its go-to-market solution, the legal framework in which that product or service is created or offered and marketed makes the difference between a successful company that can focus entirely on its product or service and a company where its risk profile is always high. The ramifications are most visible once success starts knocking on its door. 

This success can have many forms. It can come either through a large investment or an extraordinary demand for the company’s business solution or product on the market. This triggers an almost instant cash flow and widespread interest in the field where it activates. While the form of success can differ for each company, the immediate consequence is the increased level of attention the company gets on the market from competitors, customers, media, and in the end, from relevant regulatory authorities.

The nature of the business determines the particular legal matters on which a company should focus. Thus we can distinguish among “vital company matters” and “general company matters.” Where we draw the line to make this distinction may, however, be a delicate matter with no obvious solution. A legal professional might insist that from a legal point of view these have the same importance and value for a company. Nevertheless, for management, certain matters are more important to the business of the company than others. Therefore, making this distinction should be a concern – not only for management but also for the legal department. Only once those “vital company matters” are properly addressed is the company able to shift its focus to the “general company matters” and work on both categories somehow simultaneously. 

This distinction is therefore extremely important for the General Counsel. It is not something that needs to be documented in processes or procedures because you cannot (as a legal professional will make sure to stress) actually differentiate among the legal matters that need to be addressed in order to be legally complaint. For example, it would be difficult to find a legal professional who could say that it is more important to make sure that company is tax compliant than that it is privacy compliant or that employment law issues in a company trump competition law risks. All these are equally important and compliance with the law overall makes a company successful and protected against potential risks and liabilities. The fine line that a General Counsel should address in his/her work is to understand which of these areas need to be focused on in the early stages of the business and which afterwards, when the company starts reaching its more mature stage. Should there be a matrix of focus points based on the likeliness of their occurrence, or should the legal department treat all issues equally, irrespective of the likeliness of occurrence and ignore the nature of the potential risks?

Either way the challenge for the legal function is constantly present. One way to address vital company matters and general company matters is to create appropriate mechanisms within the legal department that would allow it to timely predict potential legal issues and categorize them in order to prevent or contain any risks. In this way, the level of focus and resource allocation are properly made while an eye is constantly maintained on the newest technology developments. 

“It is not something that needs to be documented in processes or procedures because you cannot (as a legal professional will make sure to stress) actually differentiate among the legal matters that need to be addressed in order to be legally complaint. For example, it would be difficult to find a legal professional who could say that it is more important to make sure that company is tax compliant than that it is privacy compliant or that employment law issues in a company trump competition law risks.”   

These technologies have an essential role in the shift from a traditional conservative legal approach (which may be burdensome both on legal and on business) to a more modern and agile legal function. The implementation of technology is vital to a modern and effective legal department, allowing traditional types of work to be translated and performed by technological tools as smoothly as possible. There is a tremendous opportunity for legal departments to incorporate new technologies in their work. Risk assessments can now be made formally by the legal department in a company (or even within a law firm) using state of the art tools to improve its legal support for the benefit of the entire organization or its customers. For example, the implementation of certain tools such as those allowing for electronic signatures (e.g., Adobe Sign, DocuSign, etc.) may make paper-based contracts almost obsolete (though it is, at the moment, still far from being the rule in the industry). Contracts or other documents once agreed-upon can be signed by the parties wherever they are, provided that they have access to the Internet or a smartphone, with the help of these tools. Of course there may be certain legal limitations – but those mostly apply to documents that need a notarized form in accordance with specific laws (and even with respect to these documents it is conceivable that laws will evolve and will make them a thing of the past). As a result, a paperless approach needs to be the cornerstone of every legal department’s strategy, as it is advisable to prepare for and get on board with the latest technologies sooner rather than later. The development of automation tools, such as UiPath Robotic Process Automation Platform, can help with creative thinking on how to solve various repetitive tasks in the legal field by creating automatic workflows that can reduce burdensome human intervention, allowing legal professionals to focus on more important tasks. Meanwhile, cloud hosting solutions such as Google Cloud Solutions and other collaborative tools allow legal professionals to access their documents and drafts anywhere. 

The use of the most recent tools that technology has to offer is only one of the changes that can be implemented in a modern legal department. Another important challenge is to change of the mindset that legal is purely a support function. The legal department is a business partner in the company, and it should constantly highlight its role as such. The legal function can add value not only with respect to legal matters and prevention work which it is inherently tasked with but also with respect to the adjustment of internal company processes and procedures in order to make them more efficient. From this point of view, the General Counsel is a critical source of change and innovation, taking the company forward with minimal legal involvement. A company’s success goes hand in hand with openness and in-depth understanding of the company’s business by the persons in charge of the execution of its objectives, including the legal department. 

Another important characteristic of a successful legal department is effective collaboration with outside counsel. If the changes and overall approach of the internal legal department are not promptly adopted by the corresponding outside counsel, it can drag a project on for a very long period of time. It is essential to ensure that the constant evolution of the internal legal department is implemented also by its external collaborators. In this way, the external collaborators will not remain blocked in a conservative approach which would put a break in the evolution of the legal function of the company. The typical challenge the internal legal department faces in its work with external legal counsel is the mindset that the two are not parts of the same legal function. This leads to a dynamic where the internal legal department’s approach is closer to the practical and business side of the work, focused on being more adaptive, while the external legal counsel is more detached and risk-adverse on any issue on which their advice is requested. This often comes from a lack of understanding by the outside counsel of the actual issues facing the internal department and the solutions it needs, and until both sides are on the same page there can be a lot of back and forth, potentially leading to delays affecting the business of the company. 

It is true that it is the internal legal department’s task to make sure the external counsel understands the requirements and needs of the company, as well as to set the right expectations. This does not diminish in any case the proactivity which is expected from the external counsel in highlighting certain aspects and risks without waiting for action from the internal counsel first. Although the lack of visibility into the company’s internal operations by the outside counsel may indeed impact their capacity to proactively look for and propose solutions, there are ways of overcoming this issue, such as making the effort to engage more often with their legal counterparts from client organizations. It is often the case that the outside counsel views their involvement as limited only to a specific issue without making additional efforts to understand the business they support. Shifting from a reactive type of legal support to a proactive approach is the key factor of a successful internal-external legal teams’ relationship.

General Counsel set the tone for their teams – including both immediate internal people and also external advisers – by constantly seeking to improve and by using the latest tools available to work more efficiently towards fulfilling the company’s needs and objectives. 

This Article was originally published in Issue 4.4 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

The method of providing legal services has changed a great deal over recent decades. This is true both globally and in CEE, which has been integrating rapidly into the global economy. In this process, local subsidiaries in the region have absorbed key trends and practices from their Western headquarters, business processes have upgraded and developed, and business itself has become more cross-bordered and technologically advanced.

Legal functions cannot remain resistant to these changes either. Therefore, I would like to share my observations on key in-house developments across different industries in Ukraine and CEE over recent years.

First, there has been a migration of how the in-house legal role is perceived from goal keeper/”no”-sayer/ employee with weak business penetration to true business partner playing a more strategic role which can clearly add value. Now a best-in-class legal department is viewed as a business unit integrating “old school” legal support (things like contracts, litigation, provision of legal perspective/advice, corporate governance) along with newer responsibilities involving ethics & compliance and risk estimation and mitigation. The shift from a “solve my problem” approach to a proactive forecasting of issues and preventing risks seems to be a common trend. 

For sure, this has required expanding legal professional competencies. Traditional competencies, like drafting, negotiating, and litigation and mediation skills have now been supplemented by in-depth business knowledge, project management, and familiarity with the basics of finance, sales, marketing, communications, and relevant industry specifics. 

Knowledge of the legal process in isolation is no longer mainstream; lawyers are expected to integrate with their clients and be involved members of business teams. This requires additional education and coaching, of course – but the return on investment in this case is enormous. Lawyers with the necessary training and ability can be deployed through the introduction of legal business partnerships and involved early in the design and execution of key functions and business projects, initiatives, key kick- off meetings, and so on. 

Many in-house legal departments have introduced such changes as:

• Allocating work which does not necessarily require legal skill to other units (, one–type recurring disciplinary actions); 
• Allocating target resources such as budgeting and payment processing to technical functions;
• Simplifying the legal structure to reduce reporting lines and processes duplication.

Some General Counsels have introduced business concepts to evaluate individual performance within their teams such as setting business KPI’s as part of salaries and bonus plans and department and individual development plans. A common challenge involves changing the culture of work evaluation by training the team to measure results in quantitative terms like economic effects and cost and return ratios and to avoid legalese when speaking to colleagues outside the legal team.

The role of Chief Legal Officer in particular has, naturally, changed significantly as well. Now one can hardly find a company where the General Counsel is not a board member. The role of Head of Legal has three dimensions: (1) leader of a legal team; (2) solid business contributor; and (3) strategist. The General Counsel is expected to analyze and advise on issues legally, ethically, and objectively; and by this bring additional insights to key strategic decisions. 

Another trend worth noting is the increased globalization of business, which has increased the need for in-house lawyers to manage cross-border M&As, financial transactions, and compliance across multiple jurisdictions. In-house legal functions are expected to obtain knowledge about the FCPA, the UK Bribery Act, the basics of common law, and international litigation and arbitration – at least enough to allow them to organize and streamline working process with external counsel and to track performance and manage projects at appropriate levels of understanding.

Finally, yet importantly, there is the rapid digitalization of business and industry. As the amount of data has increased, and business processes have speeded up, legal functions need to seek software systems and solutions such as contract management systems, data search, online document storage, automatic document assembly and document sharing, and legal project management and matter management software.

All of this – the increased role and importance of in-house counsel to business processes, the globalization of business, and the expanding technological tools necessary – have resulted in the size of in-house legal departments growing as well. For instance, in Ukraine, in-house legal departments in many industries grew at a 100-200% rate between 2009-2016. Unsurprisingly, as those departments have expanded there has been a decrease in the amount of work externalized as well. This trend is driven by both cost- and process-effectiveness considerations, as in-house legal resources are much cheaper and in-house lawyers are much more familiar with their business and the relevant industry.

To sum it up, over recent years, in-house teams have evolved from traditional legal departments into integrated business functions that provide a wide variety of legal and commercial advice as strategic trusted advisers. It has become common practice for General Counsels to be a natural part of the C-Suite. The biggest challenge for legal teams is keeping the right balance between sometimes contradictory roles of true business partner and guardian of company integrity and reputation.

This Article was originally published in Issue 4.4 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

Years ago, when a group of in-house lawyers entered the elevator of a bank, someone would mock, “Wow, what a bunch of handbrakes!” While this did not personally happen to me, I am well aware that internal legal counsels are often referred to as “problem factories” or “speedbumps” – the couriers of bad news, best to be avoided. I must admit, this scorn was not without reason. But, should this necessarily still be the case? In my view, not any longer.

I am a banking lawyer. During the 17 years of my career, I have worked with a number of different employers and organizations. I started with the banking supervisory authority in Budapest, spent many years with an international law firm, and then worked as a sole practitioner. Most recently, I have spent many years now in the legal departments of several banks.

The common denominator of all my workplaces has been banking law, as I have worked on more or less the same type of deals and applied the same laws and regulations. The differences were more in the structures and approaches of the organizations I worked in. Each of them had a set of specific features which had to be taken into consideration when designing an efficient and seamless legal support system. None of these specifics concerned the knowledge of law or their application. They were rather about processes, operation, efficiency, and the right approach. In my current position we are striving to create a system which is a combination of all the best practices of my previous workplaces.

What are, therefore, the secret ingredients of a successful heavyweight legal team, regarded as a true collaborating partner by the rest of the organization?

Ingredients: The main elements of success for an in-housel team are multi-functionality and variety; in my view, homogeneity is always to be avoided. Diversity is a particularly important factor when selecting team members. And I do not mean this in the classical sense only (i.e. gender, family background, etc.). In a good team, the best qualities of different types of lawyers should be blended at an optimal level.

My experience is that the ultimate guiding principle of good external counsels is client focus, coupled with a service-providing mentality. Good external counsels do not think simply in terms of paragraphs of law, but attempt to understand the deal in its entirety, including its purpose and processes involved.  Then they will go to extremes to deliver results within legal limits. The forte of in-house counsels, on the other hand, is their intimate knowledge of internal operations, processes, organizational architecture, and behavior. They are often called for troubleshooting. They are the practical testers and implementers of contracts, thus they see the pitfalls and shortcomings of real life application of, for just one example, LMA-based lending documentations. They are perhaps less flexible than their external counterparts, but will also go to extremes to protect their employer’s interests. 

In my current team we have a wide variety of different skills. There are colleagues who have experience as external counsels who often have worked at international law firms, others who have gained experience in various banks, and some who come from outside the financial services sector. We have worked through economic booms and deep recessions (and everything in between), supported large transactions and foreclosed securities, and seen companies rise … and become insolvent.

Headcount. Staff headcount in legal departments can shift between two extremes. Some companies keep their in-house teams to a minimum and outsource all major items to external counsels. Some, however, take the view that only employees can be truly loyal, and accordingly operate with an inflated headcount. The first solution exposes the organization unnecessarily, as in my view taking ownership for the job at hand is increasingly difficult when the lawyer is remote from the organization. On the other hand, the second extreme creates inflexibility when planning costs and budgets. When not certain if a given headcount is right for the company at a given period, just ask yourself this: If this department was your own law firm, how many lawyers could you employ and afford to pay and also, would the clients be paying for the services of the selected colleagues?

With my team, we went for a middle of the road solution with regard to headcount design. We introduced a time sheet system which, on the one hand, gives daily information regarding capacity utilization, and on the other hand provides the ability to track actual changes of capacity requirements over the long term. Our internal resources allowed us the flexibility to work with external legal services as and when required. External counsels always co-operate closely with an in-house lawyer on our team designated to handle the file, thus ensuring the most efficient and quality assured legal support.

Organizing workflow.  Each and every lawyer has an area of law where he/she is particularly strong. Supporting business on a one-man-show basis is, however, dangerous. This can only work well as long as the capacity of the given person is used in a balanced manner or when he or she is not absent from work. The strength of a legal department can be found in team dynamics, flexibility, and seamless substitution of experts.  

We, therefore, implemented a core team support structure, whereby a business area is supported by two to three colleagues and each lawyer has several areas to support. This gives the business a balanced and even flow of service, while my colleagues enjoy a variety of different practice areas and peace of mind during their holidays.

Maintaining motivation. In the very likely event that the above “secret ingredients” allow you to put together a reliable and strong team, it is important that, going forward, the organization demonstrates a good level of commitment towards it, including in the provision of opportunities to improve professionally in the form of internal and external trainings and courses. In addition, frequent personal feedback and acknowledgements of performance have to be consistently applied both in formal and informal ways. Finally, based on personal trust, a better work-life balance needs to be promoted in the form of more flexible working schedules.  

In our team, colleagues work in a flexible working schedule; i.e., there is no strict “nine to five presence” policy. They have remote access to their workstations. They can organize their schedules of internal and external meetings and other activities. Sitting in the office is not an essential measure of discipline and performance. Having said this, timesheets, capacity, workflow/deadline management monitoring, and internal client feedback are increasingly and frequently used in order to ascertain that this system achieves its objectives.

As a final note, the evolution will always be a work-in-progress. The most important is to have a strategic vision, aligned with the wider corporate interests, which has to be pursued relentlessly while accepting that most probably it will always be a moving target in an ever changing environment.

This Article was originally published in Issue 4.4 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

In the 18 plus years I have been an in-house counsel I have had the opportunity to observe the evolution of that role. These days, in-house legal counsel do more than simply review contracts and provide legal counseling. We are no longer transactional clerks who merely approve what has already been done. General Counsels have evolved from being purely legal advisors to being strategic advisors. It is not enough now merely to provide guidance and business solutions on specific issues or resolve disputes that may arise. We must be forward looking business partners, seated at the table at which strategic decisions are made. 

Today’s environment is more complex and demanding, and the traditional way of working is no longer sufficient. We must learn to be more agile and flexible and to take manageable risks. This is the differentiation point for us from outside counsels. 

Since business and the number of internal clients is growing constantly, and there is naturally a commensurate increase in the work load – though the resources available to you may not have increased accordingly. The solution to managing this problem is empowering your team and internal clients to free up your time and focus on work that matters most. I always encourage my clients to share their expectations, fears, and plans in advance. The nature of my relationship with clients defines the level of service we can offer. Communication and trust is essential to be able for sustaining a smooth business relationship. Educate clients, create culture within business, so you can empower business clients. 

We should aim to support the strategic direction, growth, and productivity initiatives of the companies that we work for by providing proactive and effective legal advice in a timely and consistent manner.  I believe our role should focus more on ensuring that the business operates using sound governance that protects the company’s people, resources, technology, brands, and reputation. In order to do so we should develop a business acumen and understand how the business works. My philosophy is to treat my job/function as a business unit and have a functional mission which serves my company’s vision. 

In previous decades, the expectation was that the legal department would be staffed by experts, but the current trend is towards employing generalists while retaining a center of excellence within the function. Developing ourselves and broadening our knowledge is key. We have areas to master that we were not taught at school. Following legislative developments proactively by means of external networking definitely helps in this task. 

Another critical way that the in-house counsel’s role is evolving is the new focus on Compliance.  Non-compliance has an impact on the company’s financial results and reputation and sometimes even on individuals. The bar is getting higher every day. That’s why we should be pro-active in identifying areas of potential improvement by conducting self-gap & opportunity assessments. 

We should live the “acting like owners” culture and seek to simplify and standardize compliance systems and processes. With my team and the support of our company we implemented some tools which have helped us to be more productive and efficient. For example, we designed and implemented a tool that helps us to review and approve government dealings; an online review and approval platform for contracts; and a functional share-point site to allow business clients to obtain what they need with the guidance of available check-lists, cheat-sheets, and trackers. These days accessibility from offsite with smart phones makes the use of such tools easier and more user-friendly. These tools and platforms not only help us to review and respond to inquiries, but minimize the time we need to do so. Most multinational companies have at least quarterly reporting and internal compliance audits. These tools and mechanisms help us to be ready at all times.

Structured filing and record keeping is critical as well. In their absence, you risk getting multiple legal opinions on the same topic couple in different periods because you forget or cannot find what is already available. In addition, if you do not keep them available to others, then they leave the company when you do. Ensuring institutional memory is important, and in order to transfer know-how, you should keep those files available and accessible.

Of course if you manage a team, proactively deploying our people management and development routines throughout the year for business associates is also essential. 

Thus, what we do is more than lawyering. 

To make a long story short: We should champion the “lawyer as persuasive and integrated business counselor” operating philosophy. We should be more proactive than reactive in seeking to identify and address issues early enough to prevent the disruption and distraction and allow our businesses to be more successful and impactful. 

This Article was originally published in Issue 4.4 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

The phenomenon of globalization has impacted almost every field of personal and business life of this generation – and the position of Head of Legal is no exception. In order to understand the evolution of this role compare what football or basketball looked like 30 years ago to what they look like now: Almost like different games. 

We ask ourselves how can it have been so slow, why does the forward player not participate in defence and why the defenders do not run to forward positions, and so on. 

During this past challenging decade the role of the General Counsel has moved also, and is now almost impossible to compare with what was accepted as standard before. In the past in-house legal advisers dealt only with sets of questions from the legal side only, while a combined legal–business outlook on issues is now required. In simplified terms, this means that the commercial side of the coin should be combined with regulatory and legal risk awareness. To be successful, in-house lawyers must have a high degree of legal knowledge and vast business experience to help the company define its corporate objectives and long term strategy.

Multiple factors initiated this change of role. The financial crisis and the growth of cross-border business resulted in overregulation and more complex models of business. The global economic crisis changed how businesses are operated and how decision making processes are structured. The need to minimize costs added additional pressure on spending and consequently affected the amount and kind of external legal support available. Further, managing contracts and litigation risks meant that many more corporate (i.e., not simply legal) problems reach General Counsel than they did before the crises. And finally, digital strategies and tech-related risks – now prominent in all industrial development plans – now play a much more significant role than in the past.  

As the increasing number of regulations means a correspondingly increased threat of regulatory fines, and the risks related to litigation rise, the importance of the in-house team has never been greater. Management expects in-house lawyers to be up to date with new regulations – and, ideally, to possess a sixth sense on how and where regulations are going to be changed in the future – so companies can prepare and achieve competitive advantage. Prioritizing which regulations are most significant and pose the most risk, in this overregulated environment, combined with the multi-jurisdictional nature of many businesses, becomes a great challenge for General Counsel. The General Counsel’s task is impossible without a high level of support and trust not only from senior management within the company but also with regulators, government bodies, and other market participants. 

The General Counsel’s traditional core role in dispute resolution has experienced an evolution too, as a high level of strategic planning and approach to the process is needed. Risks should be considered proactively in order to avoid the high expense and inconveniences of disputes. Here as well the company relies on the General Counsel to look over the horizon and to anticipate the unexpected. Ensuring a proper information flow to the General Counsel and his/her substantial level of business knowledge, emotional intelligence, and previous experience are keys to success. Here the change is obvious; unlike the traditional structure, where the in-house team were alerted and involved only once disputes arose, General Counsels and their teams should now be in included in discussions from the very beginning. 

Additionally, the role of General Counsel in contract management is very important considering the ability of General Counsel to highlight potential problems which may appear during the lifetime of the agreement as circumstances change. In order to be on top of this task General Counsel must be aware of not only legal issues but also of commercial concerns related to the contract. In order to meet expectations, General Counsel must have both a deep understanding of the business but also the ability to explain to colleagues who are not lawyers what legal concerns may arise from the day to day operation of the contract.  Also, a good relationship and clear communication line between General Counsel and colleagues from business helps in building the trust that is key to the early identification of problems and the ability to avoid their escalation. If we compare and track the evolution of the General Counsel role we can clearly see that additional responsiblities have been added: Proximity to the business and much greater familiarity with the company’s business and objectives. 

Doing more with less is becoming the mantra of the post-crisis business environment, and control of legal costs is no exception. The focus is very much on cost reduction, including of course external fees, and creating an in-house team that can manage an increasing volume and complexity of work is important. As previously expressed, the enlarged scope of the activities expected from the General Counsel can only be produced by a strong and efficient team. To reduce costs in-house legal teams must now deal with legal matters previously handled by outside counsels. A first-class in-house team must be staffed with experienced lawyers who have a high level of understanding of the company’s objectives and are able to recognize the appropriate routes to achieve them. If such a team exists, outside legal costs can be controlled while the quality of rendered services remains the same. To achieve this, time is of the essence, because proper planning and succession must be introduced.  

Digitalization and various tech futures are tremendously transforming business nowadays. Depending on the company’s business model and strategy new hi-tech solutions are introduced almost weekly to increase revenues, improve customer experience, and manage operational risk. In the legal area tools for contract generation, search engines that provide answers to FAQ, dispute databases, and so on, have all been introduced to improve efficiency. Still, it is very important for General Counsel to understand how technology effects business and to recognize relevant risks. This new challenge can be especially problematic considering that most General Counsels do not have technical backgrounds.

With such a broad list of tasks and obligations it is understandable that the role of General Counsel is viewed as an ever-more integral part of the senior management team, necessary for obtaining advice on business issues from a legal perspective. Being part of the highest management requires some new skills as well. Finding the proper distance from decision making to preserve the independence to ask questions and challenge decisions when necessary is beneficial for the organization and General Counsel equally. In order to achieve this balance it is important that General Counsels are permanent presences in all high-level company bodies, though whether that means the board or executive committee or as a direct advisor to the General Manager or CEO is a question of corporate governance and structural set-up. Only in this way can the prompt and timely identification of risk be guaranteed, to allow for the identification of comprehensive solutions to be found. In addition, a high position in the corporate structure is more effective in promoting independence than in endangering it. Also, the General Counsel presence makes an important contribution to the discussion that must take place at the decision making level.

The evolution of the role is not final yet. We will probably see different football or basketball in the future too. As the world changes a new shape of the General Counsel’s role will certainly be introduced as well. General Counsel is not just a technical lawyer; he must be Master Yoda taking care of ethical obligations with perfect legal knowledge and a strong business outlook and be highly familiar with new technologies, so that he or she can effectively anticipate risks and prevent problems. In order to deal with this evolving business environment, new kinds of competencies are required and expected from the legal function. This new role is demanding, but undeniably useful in helping companies to shape strategy and achieve their corporate objectives. General Counsel should be recognized as the keeper of the corporate reputation and must help to create a work environment where legal risks arising from day to day work are identified and addressed. 

This Article was originally published in Issue 4.4 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.