Whether due to serious potential litigation or simply because the quarter-end is near, management and boards need to evaluate legal risks and exposure often. Sometimes, a crisis may arise if an 8-K or press release needs to be prepared, but even routine filings can be stressful when the information needed to make estimates is not readily available or easily digestible.
This information is important not only for SEC filings, but also for each internal decision that management makes. Important decisions, such as disclosure or accrual, are based upon an assessment of legal risks. However, only risks that are known and understood can be fully integrated into the decision-making process. Board members and senior executives are generally scrutinized in light of information available across the entire company, even if this amounts to knowledge held by a single employee or outside counsel attorney. We can think of this “hidden” information as an Unknown Known from management’s perspective. Practically speaking, if the information is available but not provided to decision-makers, then it can result in more harm than help.
It’s therefore easy to see why management has a strong incentive and responsibility for developing and maintaining adequate reporting systems and internal controls around company information. Such systems and controls ensure the proper upward flow of information from individuals and divisions within an organization to management. When properly implemented, reports and dashboards can ensure that company-level information is directly available to management, avoiding the risk of poor business decisions, regulatory risk, and legal exposure. The end goal is that any and all legal risks Known to the company are Known Knowns to management.
Internal Controls and Legal Reserves
As we consider specific regulatory frameworks, it is important to remember that under ASC 450:
- Disclosure is not required if the likelihood of loss is remote.
- Accrual is not required if the loss or range of loss is not reasonably estimable or if the potential loss is not material.
Many companies have historically relied on these two exceptions for most of their legal risks. However, the SEC has increasingly required companies to “show their work.” The SEC is effectively shifting to a rebuttable presumption that disclosure and/or accrual is required, thereby requiring companies to contest this assumption through evidence.
Regardless of whether a company ultimately discloses and/or accrues an estimated loss, the decision must be documented and justifiable. This can often be done by explaining the periodic procedures that were undertaken to estimate potential losses, why subsequent determinations were made, and how the loss or potential loss distribution was estimated.
In the matrix shown above, internal controls are not operating effectively (or are not even in place) when risks, such as a potential legal liability, are known to the company but not communicated to management. The SEC has fined companies even when they should have known about and accrued for or disclosed potential litigation, but simply failed to do so due to poor internal controls.
Matter Management Systems Matter
So how does a company ensure that legal risks are properly recorded and accounted for? Enterprise legal management systems (ELMs) or legal project management systems (LPMs) provide structure for capturing known legal risks. The benefits of these systems depend heavily on how companies design, implement, and utilize them. If companies only record legal risks once they’ve developed into full-fledged cases, they are missing the opportunity to assess and manage risk at an earlier time. With these systems, companies may utilize internal advice or counsel records more effectively, such as if a quality control engineer tells the legal department about a problem with a batch of drugs that has already been released and could lead to a lawsuit if a recall is not issued. If a matter management system doesn’t capture this potential legal liability, then the company risks having known about a contingent loss and not acting on it with an assessment of whether to disclose and/or accrue.
Capturing Information for Reserves
The first step in capturing information is to record all matters in an intake or triage system, rather than waiting until they are material. This allows for a more thorough and thoughtful assessment of risk and estimation of potential loss. It’s impossible to set legal reserves if data about matters is never recorded in the first place.
In addition to ensuring that information is captured, it’s important to focus on recording the right information. Quality assessment of recorded information is dependent upon an organization’s data maturity and overall data strategy. Organizations that have only recently begun to capture matter data may not yet be ready to assess the quality of that information. Companies that have a large amount of data that’s been captured as part of the workflow process, on the other hand, are better poised to focus their attention on the quality of the data.
One straightforward way to record necessary information is to focus on the basics and to develop a standardized data model. This data model will facilitate the recording and reporting of data through the organization.
How to Encourage Legal Data Capture
Even the best structured legal management systems are limited by the quality and quantity of the data entered. How can organizations best encourage their personnel to enter pertinent information?
By incorporating rewards and competitive elements (“gamification”) into the legal data capture process, employees are extrinsically motivated to enter accurate, timely information. Internal leaderboards that display the names of the attorneys whose information is most timely or most accurate can encourage participation. These methods can help to prevent both last-minute data scrambles and low-quality data entry by rewarding positive legal data entries.
Culture and Best Practices
An organization’s data culture can play a large role in how seriously employees view their role in the data capturing process. Attorneys can benefit from quality data, but if the paralegals who enter the data know that it will never be used, they are less likely to spend time ensuring that the information captured is of high quality. Data-centric organizations that highlight the importance of data in the decision-making process are more likely to have practices in place throughout their organization that facilitate the capture and reporting of quality data.
Sometimes the best and easiest way to capture information is to remove the human element. By developing standard documents that utilize consistent fields, organizations can automate the data input process by using computer software to pull information from the standard documents and input it directly into the legal management system.
It may not be possible to standardize external documentation like docket information or demand letters, but these can often still be reviewed by software and automatically entered into systems.
The Risk of Reserves
There is an inherent risk when financial metrics, such as reserves or financial statements as a whole, are tied to individuals’ remuneration or compensation. Just last year the SEC took action against RPM International and its general counsel for failing to disclose and accrue contingent legal liabilities. The GC, who held $1.8 million in RPM stock and stood to lose if the stock price declined, failed to pass information about a governmental investigation on to upper management. While a discussion of internal controls related to financial statement reporting is beyond the scope of this post, it’s important for organizations to understand that certain individuals, or groups of individuals, may have misaligned incentives to properly capture and report information relating to legal reserves.
Much of our discussion up to this point has focused on the theory of accrual and disclosure of contingent losses, as well as the reserve setting process. In our upcoming posts, we’ll move into a more application-centered discussion. We will build off of the importance of implementing and utilizing the effective matter management systems discussed in this post. Without proper systems to capture matter information, the risk models we’ll introduce in our next post would lack all data inputs and be useless.