In-house legal risk challenge widens - new rules set to make conduct risk part of legal risk
Draft rules published by the European Banking Authority (EBA) in June 2014 would require European banks to quantify broadly-defined legal risks as part of their regulatory-capital calculations. They will force in-house teams to redraw risk-management plans, but may help banks manage the massive costs of conduct breaches - an average of over £50bn a year for ten international banks between 2008 and 2013.
January 08, 2015 at 09:02 AM
6 minute read
In-house counsel tasked with managing legal risk have interesting times ahead, with the new European Banking Authority rules set to strain resources and potentially force a review of legal risk categories and risk models
Draft rules published by the European Banking Authority (EBA) in June 2014 would require European banks to quantify broadly defined legal risks as part of their regulatory capital calculations. They will force in-house teams to redraw risk management plans, but may help banks manage the massive costs of conduct breaches – an average of over £50bn a year for ten international banks between 2008 and 2013.
The rules, which could be phased in as early as 2016 as part of the Basel III implementation plan, would extend the scope of legal risk to include what many banks see as conduct risk – a significant change, as many organisations treat these risks as separate categories.
The European banking community raised points around the form of loss and scope of the definition in their September 2014 response. But it would be no surprise if the final rules were to enshrine the idea that conduct issues be included in the scope of legal risk.
The legacy of mis-selling scandals and tighter capital requirements
The rules (Article 312 of Regulation (EU) No 575/2013) extend the scope of legal risk and attempt to formalise the way in which legal risk losses will be captured.
Draft rules focus on the technical detail of how AMAs (Advanced Measurement Approaches) apply to own-funds calculations and capital requirements. They are part of a swathe of regulations that include Basel II – the first to define legal risk as a specific category of risk – aimed at tightening banks' capital requirements.
The EBA appears to want to make sure that legal-risk losses are included in regulatory capital calculations. Article 4.1 states, with emphasis added, "operational risk events related to legal risk, and the related losses, shall be included within the scope of operational risk for the purpose of calculating the AMA [Advanced Measurement Approaches] regulatory capital".
New definition means more work for in-house teams
The EBA definition of 'legal risk' runs as follows:
"the risk of being sued or being the subject of a claim or legal proceedings due to non-compliance with legal or statutory responsibilities and/or to inaccurately drafted contracts. It also includes the exposure to newly enacted laws as well as to changes in interpretations of existing laws."
The draft rules extend this to include "events triggered by legal settlements", and, crucially "events related to decisions made by an internal competent decision-maker but breaching legislative or regulatory rules, internal rules or ethical conduct". The rules go on to mention specific "operational risk events" that seem informed by recent history:
• Aggressive selling.
• Interpretations of legislative or regulatory rules which prove to be against industry practice.
• Refunds to customers.
Whatever the final form of the new rules, there are two reasons why they are likely to mean extra work and uncertainty for in-house counsel.
Firstly, many banks treat conduct risks separately from legal risks. Making the former a subset of the latter will mean a shake-up of risk models and risk functions.
Secondly, the EBA rules will require legal departments to take a proactive approach to risk modelling and quantification. You will need to consider how your business operations interact with legal standards, and quantify expected and potential losses from circumstances where that interaction may fall outside the letter or the spirit of the law.
Banks must incorporate conduct risk into their legal risk framework
If conduct risk becomes part of legal risk, in-house counsel must be able to incorporate it into their legal risk framework, and be comfortable in their ability to quantify and manage it.
Many conduct issues are the result of poor understanding, or a lack of awareness, of how legal standards (law and regulation) apply to business operations, products and services. In-house legal teams are ideally placed to advise on how operating practices may fall outside of legal standards.
The EBA rules highlight the risks of aggressive selling, misinterpretation of legislative or regulatory rules, and mass refunds to customers as examples of lega risk related events that must be factored into regulatory capital calculations.
And the scope of regulator concern is increasingly clear. Regulators expect firms to trade in goods or services that have a clear value for the customer. And in the case of retail financial services, to check in advance whether customers will get a net benefit from buying the product.
Get the basics in place ahead of tight regulatory deadlines
It's hard to predict when new regulations will have to be in place, and the exact requirements of the new rules. But you can be certain that the regulators are turning a one-way ratchet: rules and reporting requirements will only get tighter.
In-house teams can put the basics in place now. Take this opportunity to be more proactive in your approach to legal risk management. This will help you meet current regulations more efficiently, and make future changes easier to deal with.
We recommend that in-house teams focus on four themes:
1. Build a legal-risk management framework. The goal is a consistent, robust framework that will help you identify legal risks, and that highlights those legal risks that relate to ethical culture and conduct.
2. Analyse the financial impact of getting legal risk management wrong. Implement scenario analysis to estimate expected and potential losses, and reduce heuristics in risk impact estimates.
3. Crunch the numbers. Aggregate loss data into meaningful categories and reports, and define your appetite for legal risk.
4. Put basic measures in place. Test for awareness of legal risk and decide how to identify and monitor key risk-indicators. Use data to educate and support frontline staff; help them take the right decisions and minimise future losses.
Matthew Whalley is head of the legal risk consultancy at Berwin Leighton Paisner. For more on implement effective legal risk management, click here.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllLatham's magic circle strikes, pay rises and EY's legal takeover: the best of Legal Week over the last few weeks
3 minute readJob losses, soaring partner profits and Freshfields exits - the best of Legal Week over the past two weeks
3 minute readMagic circle PEP hikes, the associate pay conundrum and more #MeToo - the best of Legal Week last week
3 minute readTrending Stories
- 1Decision of the Day: Judge Reduces $287M Jury Verdict Against Harley-Davidson in Wrongful Death Suit
- 2Kirkland to Covington: 2024's International Chart Toppers and Award Winners
- 3Decision of the Day: Judge Denies Summary Judgment Motions in Suit by Runner Injured in Brooklyn Bridge Park
- 4KISS, Profit Motive and Foreign Currency Contracts
- 512 Days of … Web Analytics
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250