Roundtable: corporate counsel

International trade and the way companies now conduct business – through agents, using outsourced services and, in many cases, working across a hundred or more countries – poses many challenges for businesses and their in-house advisers. Kicking off a Gazette roundtable on the subject, Dom Pickersgill, general counsel at the Institution of Engineering and Technology, relates a ‘terrifying statistic’ that underpins the need to stay on top of supply chain risks: ‘It takes an hour for a corporate scandal to get around the world, but the average corporate response time is 21 hours. If you haven’t got procedures in place so you are bulletproof, there could be almost an entire day where your reputation is being savaged.’

 The task of keeping a vast business network compliant is a current preoccupation of Thomson Reuters general counsel for intellectual property and science, Stephen Hartman. ‘We are launching our own supply chain risk management programme, whch involves training for  60,000 people in over 90 countries,’ he relates.

Thomson Reuters’ motivation is common to other attendees. Global companies are complex organisms and there are many points of potential vulnerability.

 Trevor Goodman, who heads the European legal team at global asset manager Legg Mason, explains: ‘We sign up external distribution partners who sell the investment funds that we build. The distribution partners are based in and outside the EU and the way this distribution chain is handled is very  important. Our reputation is at risk whenever we sign anybody up.’

US-headquartered IT company Unisys faces not dissimilar challenges, notes EMEA general counsel Pavel Klimov: ‘We’re doing business in over 100 countries around the world, using third-party providers of IT services and products, both on the supply side and also as our distributors and our partners.’ Front of mind, he adds, is ‘a large part of my territory, in which we use such external providers in the Middle East, Africa and Eastern Europe’.

Nick Wildgoose, insurer  Zurich’s global supply chain product leader,  trained as an accountant and is now a lawyer – perhaps the ideal skill set in this context. Zurich takes the issue sufficiently seriously to invest in annual research on the extent and causes of supply chain disruption.

‘We get 500 multinationals responding,’ he says. ‘The surprise, first of all, is how many have [problems]’, amounting to 70% of companies, Wildgoose notes, often involving scenarios where senior management are driven to ask: ‘Have we put the [decimal point] in the wrong place?’

‘It’s all about the supply chain now,’ he adds. ‘Not about [our]’ own “factories”… all of us around this table are dependent on third parties.’

That ‘disruption’ acquires its hardest edge where bribery and corruption is involved. Robert Amaee, now in private practice at Covington, was the Serious Fraud Office’s head of anti-corruption. ‘Third-party risk is certainly one of the greatest risks in this space,’ Amaee notes. ‘If you look at the enforcement actions [there have been], both in the US and elsewhere, you’ll see that the vast majority have involved allegations of wrongdo ing by a third party. That’s really what the prosecutors will be focusing on – whether it’s an intermediary; whether it’s an entity in your supply chain; whether it’s an entity in the distribution chain that does something you don’t want them to do.’

In the pharmaceutical sector, for example, ‘if you’re looking to engage intermediaries to interact with government officials on your behalf, in particular in higher-risk jurisdictions – for registrations, for getting you onto formulary listings and so forth – that is an area of heightened risk.’

I don’t think there is any substitute for knowing who you’re dealing with [personally]. You need to meet them and have a discussion – pick up any signs that concern you — Pavel Klimov, Unisys

In the UK, the Bribery Act was particularly notable for its inclusion of so-called ‘long arm’ provisions. Reflecting the importance of supply and distribution chains, Amaee notes, it included provisions on ‘associated persons’. This means ‘companies can be liable for the actions of their associated  persons – and that includes anyone who’s performing services for or on behalf of the company’.

On paper, the UK act is arguably the toughest legislation of its type in the world. But while it has required attention, Klimov says, systems already existed to guard against breaches of long-arm legislation. Notably, he adds, the US Foreign and Corrupt Practices Act (FCPA), in force since the 1970s. Compliance with the FCPA, like the Bribery Act, has at its ‘core… the obligations [of] knowing your supply chain and being responsible for the actions [within] it’, Klimov says. This needs to be ‘embedded in internal programmes, company philosophy and training,’ he adds.

Still, the Bribery Act was and remains, Klimov recalls, a prompt for companies ‘to look at how they conduct business, how they do due diligence, and how they assess the risk of getting suppliers – especially in remote areas in countries

that are not known for transparent business practices’.

For compliance professionals charged with managing risk, was the UK act helpful in highlighting the importance of this discipline? Up to a point, Klimov concedes. But he adds that the act also ‘introduced an additional burden’ on the legal function, especially concerning what comprises acceptable hospitality. That was badly explained, he believes.

Those provisions may not have been clear but they have certainly led to a change in culture and behaviour, Hartman says. In addition to having ‘our own controls that would stop certain invitations going out in the first place… many clients rule themselves out of being entertained’, he notes.

A legal and regulatory environment that is increasingly focused on corruption, combined with the risk of commercial disruption to supply chains highlighted in  Zurich’s research, mean that the emphasis on due diligence exercises has increased. That is true both at the point of inception of a working relationship and as an ongoing imperative.

Klimov gives an insight into Unisys’ method here: ‘Every supplier and distributor gets screened based on the information that is available in the public domain. If anything gets picked up, then further investigation ensues to see if there are other things we need to dig into.’

But this cannot just be a ‘system’,  Klimov cautions: ‘I don’t think there is any substitute for knowing who you’re dealing with [personally]. You need to meet them and have a discussion – pick up any signs that concern you.’ There may be cause for concern, he adds, ‘even if your computer tells you that everything is “green”’.

Technology is critical, Hartman notes, not least because it can meet the need to ‘get across an organisation of 60,000 people’. It is, he says, fairly inexpensive and able to run using existing resources, and to resemble existing IT systems and programs already familiar to staff.

He adds: ‘We’re about to launch a program introducing an online tool that people are required to use to bring partners on board. That will trigger screening, [including] a survey questionnaire. Depending on how that goes, there will also be a deeper level of analysis where this is warranted, and a decision from a central team.’

Goodman turns the group’s attention to ongoing management of the supply chain after due diligence is completed. ‘Once that distributor or other third-party entity is on board, how do you get fresh data on who the key personnel are in that organisation when there are changes?’

At the very least, he says, an annual review is necessary. In addition, he is concerned to keep up to date with industry developments – some driven by news events – that would prompt interim queries. This involves ‘the sales people staying close to their relationships and bringing that information back to base, so that everybody’s got a holistic view of the relationship’.

Financial appraisal of suppliers is another important element of risk management , says Wildgoose, who stresses that this is one of the more cost-effective checks that can be made.

Part of the challenge companies face internationally, Goodman notes, is cultural: ‘If you’re trying to negotiate a contract with a non-UK entity, [you need] to get them to understand what the Bribery Act and the Modern Slavery Act actually mean.’ What needs to be conveyed is ‘the obligation the legislation puts on you, and why you need to get those strong [reassurances] and warranties, for example’.

That process of education can be a precondition for meeting the standards that Amaee suggests can be necessary: ‘Your objective is to take proportionate and reasonable steps, including the necessary due diligence and the setting out of your expectations of the third party by getting as robust a language as possible into the contract, so that later on, if your third-party partner is found to have engaged in wrongdoing and you’re facing a regulator, you can explain that you took the steps that were reasonable in that circumstance’.

He also stresses the importance of considering negotiating the right to have a supplier or distributor audited; agreements on putting their high- risk people through relevant training; the right to termination of the relationship; and efforts to get their compliance certified on an annual basis.

He adds: ‘The expectation is that you don’t just leave it once you’ve engaged a third party. You should consider putting in place some form of supervision, some form of reporting back from the third party on the activities that they undertake on your behalf. The regulators will certainly expect you to have thought about this type of monitoring of and reporting from your key third parties. If you’re not putting certain provisions in place, then it would be a good idea for you to have an explanation as to why it was not appropriate or necessary to do so.’ It is a significant task, leading Goodman’s business to think about ‘how we can be more efficient about reaching out to clients’.

One might assume that, in all of this, there is a gulf between corporate counsel working in heavily regulated industries – where close oversight is compulsory and carries a necessary ‘infrastructure’ – and in-house lawyers elsewhere. But those present reflect that they share a common ‘driver’ that is discrete from legal and regulatory demands.

As Goodman puts it: ‘I think if we didn’t have the regulatory rigour, we’d probably still make sure we had the discipline in place.’

 Market segments  

The discussion turns to the related topic of what sort of external legal services the in-house departments present need to support their work, and how to source these in an international context. The soaring ambitions of global law firms may be making the headlines in the legal media, but viewed from an in-house perspective the narrative is not that of the indispensability of the global firm.

‘The legal market is changing very rapidly,’ Thomson Reuters’ Hartman says. ‘Technology and new business models are coming in at a pace that no one’s ever seen before.’ As a provider of legal information and services – as well as a client of the law firms it uses, which in turn are its customers – Thomson Reuters is a business that finds itself at the centre of that change.

Hartman’s colleagues are ‘saying very loudly’ that ‘the power is shifting to corporate counsel in the legal market and therefore a lot of what we are focused on [will] be to service the general counsel.

‘Obviously private practice is still the bulk of the profession,’ he adds, ‘but corporate counsel is where the action is.’

From his own position as a divisional general counsel, Hartman adds: ‘I’m very aware of the options and the way that the market is segmented. Instead of going to a law firm for everything, you can pick your offshore provider, you can pick your tech provider, your overflow provider, your provider for the big-ticket work and so forth.’ Negotiating that is a core function for the modern in-house lawyer, he suggests: ‘That sort of sophistication is something that a lawyer in-house can bring to the process.’

No one present uses the formal structure of a law firm panel. As Klimov puts it: ‘We take a “horses-for-courses” approach and we look at the particular issue in the context of the business problem and see, based on our experience, based on research, what law firm and which lawyer will be suited best for helping us with this matter.’

To be selected, Klimov suggests, law firms need to find ways to pay more than lip service to being ‘commercial’. ‘For businesses, legal issues per se have no relevance,’ he explains. Too commonly, he says, external legal advisers focus on ‘the resolution of legal issues without resolving the business issues’.

To be instructed – and reinstructed – firms need to ‘add value’ by ‘looking at the whole picture as a business problem and [seeing] what the enterprise needs to achieve … not isolating legal issues and just dealing with those’, he argues.

Goodman agrees, but also puts a heavy emphasis on service issues. Legal advisers must be ‘best in breed’ he notes, but beyond that also need to demonstrate, ‘being responsive, being able to work with us as a client. It’s amazing how often you have a very talented lawyer within a law firm who will give you pages and pages of advice. Actually, that’s not what I’m really looking for.  I really need it “zoned in”. I need them to work with us as a client’.  

Fitting with the client’s ‘admin needs’ should be a given, he adds – meeting requirements on billing and invoicing, sticking to estimates and being willing to negotiate fixed fees. He does not rely on firms’ ‘global’ offerings, he adds: ‘While they may have good lawyers in certain jurisdictions, I don’t think one law firm in this sort of environment can ever deliver everything you need. It is a question… of going out to the relevant experts that you can rely on and trust in the different jurisdictions where you’re operating.’   

Goodman’s comments on fixed and hourly rates leads the discussion on to its closing topic – billing and fees. Klimov sees developing parallels with the IT industry, which has largely moved from the hourly rate system still widespread in the law. In IT that changed, he notes, to ‘a fixed fee for the project’. It then moved on again, he says: ‘If we’re dealing with an airline the price should be per passenger boarded.  If we’re doing cheque processing in the UK, it would be price per cheque processed.  So we’ve had to make this complete shift in how we approach our cost base and how we calculate our charges.’   

Wildgoose sees a bigger relevant shift in the provision of external legal advice – if law firms are able to rise to the challenge of delivering it. Once a PwC accountant, he believes law firms need to get better at ‘packaging’ suggested solutions to client problems. ‘Can… the legal profession offer more pro-active insights?’ he asks. ‘The Big Four [accountants] … do that with a fair degree of success.’ This involves pushing case studies, he notes. ‘They come in and say, “we’ve done something similar for your colleague in this other company”.’

There is a danger, he concludes, that if traditional law firms do not move in to provide such a service, other entrants will.