Professional Documents
Culture Documents
Risk is now at the center of every conversation in the modern legal department.
Over four consecutive years of study in the annual General Counsel Report, in-house
counsel have expressed how they’ve been required to evolve and reinvent their roles.
Once seen only as risk mitigators, they have become strategic business partners and
have taken on an array of new responsibilities across a widening risk landscape.
Discussion of these changes in the general counsel’s role has been a cornerstone
throughout every edition of The General Counsel Report.
FTI Technology and Relativity engaged Ari Kaplan In a three-part series, The General Counsel Report 2023:
Advisors to continue the annual study of in-house legal Global Legal Departments Alleviate and Respond to Critical
department trends, challenges and best practices for 2023. Pressure Points will reveal in-depth insights across hot-
Between August and September of 2022, 30 chief legal button issues including:
officers from a range of industries and global geographies
were interviewed about their roles. Their responses were Increasing risk, demand and uncertainty: Pressure
compared to year-over-year analysis to illustrate the is increasing across nearly every legal function. One
current state of the in-house legal department, how it has respondent said, “The general counsel is now more of a
changed and what general counsel are focused on for the secretary of state for the CEO. There is a sense that a crisis
year ahead. can pop up in a geopolitical way that we [hadn’t thought]
about.” More than three-quarters of respondents said they
are experiencing a strain on legal department resources,
budget and/or capacity.
83.33%
Contracting 16.67%
100%
Data Privacy
62.5%
Disputes 37.5%
100%
ESG 66.67%
Evaluating new technologies / 75%
third-party providers 25%
66.67%
Governance 33.33%
Incident response 100%
(e.g. crises, data breaches, etc.)
33.33%
Internal investigations 66.67%
50%
Regulatory investigations 50%
Other business strategy and risk 100%
management activities
0% 20% 40% 60% 80% 100%
Increase Decrease
DSARs 10%
Fraud/corruption/employee
16.67%
misconduct
Government investigations 10%
IP theft/misappropriation 16.67%
“There are never enough resources and Meanwhile, respondents reported increases in numerous
types of matters that fall on the legal department. Notably,
there are a lot of late nights.” only roughly 6% said they are not seeing increases in any of
the areas listed. Areas with the biggest upticks included:
For example, some respondents acknowledged that the
world, and in turn the demands on the legal department, are − 60% are seeing an increase in new regulations that
fundamentally changing. Another reported challenge was require policy refreshes and additional headcount.
organisations moving faster than their legal departments,
− 47% are experiencing more contract management
with one general counsel noting, “We are experiencing a
demands.
strain this year in particular because of our explosive growth
rate. There is more work, and with cyber issues and disputes, − 33% noted a rise in M&A activity.
we have needed to ask for a supplemental budget.” − 30% reported increases in privacy violations and
notifications.
Another said, “We feel a lot of pressure to keep our
headcount and budget flat, but the requirements and − 27% mentioned increases in class action litigation.
demands on services from the legal department, and their
quality, is steadily increasing. We see more cases in our case
management system for the same amount of revenue. We
see more cases in regulatory matters and in data privacy and
data protection, but the pressure by the business to keep
expenditures flat is ever-present. We do not see a decrease in
revenues, but we do see that it is harder to create them.”
RISKS YEAR-OVER-YEAR
*As indicated by qualitative responses. Multiple responses allowed.
2021 2022 2023
Privacy, data protection, Privacy, data protection, Privacy, data protection,
security and/or data risk
65% security and/or data risk
46% security and/or data risk
56%
COVID-19 business and Compliance and Compliance and
workforce implications
19% regulations
36% regulations
40%
COVID-19 business and Uncertainty, instability
IP loss 16% 17% 40%
workforce implications and geopolitical concerns
Technology Employee and
modernization
3% employment issues
26%
ESG 20%
IP loss 3%
LUKEWARM READINESS
On a scale from 1-5 with 1 being “not prepared at all” and 5 being “very prepared,” how prepared are companies to handle the following issues?
The landscape on privacy and data protection makes it “The general risk is growing with the needs
difficult to stay ahead of it. Companies are not at the place
of anticipating these regulations and operating in a state of
of the business; as the business challenges
readiness.” Another lawyer explained, “[Data privacy] is a change, the corporate legal department will
dynamic area in which it is hard to stay current and staff for need to adapt and develop new capabilities.”
given the expertise required.”
To help their organizations level set and alleviate some of
“You are never going to be 100% compliant, these critical pressure points, general counsel are working
closely with executive leaders and their organizations’
so it is blocking and tackling.” board members to communicate risk and drive strategy.
Emphasis on Data Privacy and Security TO WHAT EXTENT ARE YOU COMMUNICATING
RISK TO THE BOARD?
Though none of the participants assigned a five to indicate
that companies are very prepared for either cybersecurity or No regular
data privacy regulation, 93% revealed that most companies communication
are at least somewhat prepared for these risks, assigning a
three or higher to each. 7%
13%
There is a perception that cybersecurity is a recognized risk 1-3 times 33%
area that most companies are addressing. “It is being taken per year Bi-monthly,
more seriously and companies are doing what they can to monthly or more
address it, including implementing systems to protect their frequently
data and hiring third parties to help them,” said one general
counsel. 37%
Quarterly
Despite these expressions of confidence and assurances
of preparedness, many conceded the high stakes and
ambiguity in this area. “The landscape is changing so
quickly, and an organization can never be fully prepared,”
said one participant.
They are also embracing their role as integral leaders on
As for data privacy preparedness, European ties, increasing important issues such as ESG and diversity, and fine-
investments and general familiarity with this subject are tuning their legal departments to optimize the use of
reasons that many gave for assigning a three or four, out specialists, automate where they can and establish resilient
of five, to characterize their overall vigilance. “This is a hot adaptability.
topic, so everyone is paying attention to it; there are entire
departments built around data privacy regulations now,”
said one participant.
Pressure Valves
Legal department leaders are responsible for an increasing
array of initiatives that combine several disciplines,
including business acumen, legal strategy and a talent
for adaptability. Each area for which they are responsible
has the touch point of risk. While managing risk is a
fundamental responsibility for law department leaders,
the rapidly shifting business climate, striking uncertainty
and the heightened focus on compliance in privacy, data
security, regulation and ESG have turned up the pressure.
Among the 79% of respondents who said they are ESG AS A BUSINESS PRIORITY
experiencing increased risk and/or strains on capacity
within their legal department, 100% listed ESG as a key area
driving rising demand. Additionally, 57% listed ESG among
their top five risk areas for 2023. Many of those who didn’t
rate ESG as a leading risk indicated it is still important to
their organization, with one general counsel stating, “ESG
is not necessarily a legal risk, but it is a priority.” 40%
No
In terms of DIB progress, most general counsel feel that
60%
their organizations are headed in the right direction. In
rating their maturity, 47% said they are either very strong Yes
or making positive strides, while the rest were evenly split
between feeling that their efforts were either moderately
developing or moving slower than they’d like.
It’s an imperative for so many because companies are being general counsel. “We are not preparing for it because of
measured in this area, and the quality of their efforts are the scrutiny; rather, we are preparing for it because of the
increasingly linked to their business success. “Investors will mission of our business,” noted a peer.
screen a company for ESG risk, and if you don’t score well
enough, they will not fund the company; customers are Still, many are acutely aware that their efforts are indeed
also increasingly asking ESG questions on RFPs, and if you increasingly subject to external scrutiny. “We invest a lot
cannot check all the boxes, you cannot succeed,” advised of effort into it and are very concerned about our ESG
one law department leader. ranking,” said one lawyer. “We are a young company and
there is a demand for the company to be social advocates
and make an impact; it is a company image and employee
“ESG does not reflect a significant risk interest issue,” said another.
if you deal with it.”
For some, the logistics of navigating ESG are more
For legal, this is critical because in-house counsel is confusing than embracing the fundamental values
often responsible for verifying much of this information. associated with it. “The challenge is organizing the data;
Legal teams discuss ESG during board meetings, allocate we are not concerned substantively, but we want to
significant sums to address it and assess their organization’s assign what we are doing into ESG categories,” said one
position. “We make sure that the legal team is looking at respondent. Another said, “I am concerned that we don’t
the evidence of the claims that are being published, and fully appreciate the extent of what ESG means aside from
also audit social media to assess the messaging,” said one diversity and inclusion.”
21% 21%
41% Slightly Environmental
Somewhat Prepared
Prepared 48%
General 14%
31%
Social
Moderately
Prepared 17%
Governance
specific efforts and needs. Key responses on this point Increased budget 23%
included: New roles/ more headcount 43%
Relying on law firms 60%
− “We will be looking for a new hire with a litigation Relying on outside
60%
background.” service providers
Technology 53%
− “We have a new hire focused on privacy and data 0% 20% 40% 60% 80% 100%
protection, which you need to bring in-house.”
Multiple responses allowed.
− “We have all started wearing extra hats in the legal
department and assigning a range of responsibilities
to different members of the team, so we need to find
professionals willing to take on additional duties.” 47% are hiring specialists into
the legal department
Hiring and providing better training for their teams is a
priority for many, with 43% of respondents indicating that
they are adding new roles and/or staff members to support The approach of leveraging existing talent beyond their
their department. All the while, they continue to face original remit was another example of the need for
competition for talent. flexibility within the legal department. One respondent
said, “We are looking at the roles that we have and are
“We have seen a drastic increase of 25-30% in compensation evaluating whether they could be supplemented or re-
requirements for in-house attorneys,” noted one general purposed; if they cannot, then we would add professionals
counsel. Another explained, “The legal teams and to the team, but that is not an option now given budgetary
compliance teams need to be operational and stretch out constraints.” Another added, “I have converted a paralegal
beyond just being lawyers; it is a different skillset than they into a legal operations professional and an attorney into a
traditionally have, so law departments need to provide compliance specialist.”
better training.”
employee resource group focused on empowering women A Stabilizing Force
in manufacturing, and are being much more intentional
about promotion with an eye toward diversity, inclusion Legal departments sit at the heart of their organizations,
and belonging,” added another. and their influence has dramatically expanded in
recent years. With that, they have taken on a range of
When asked to describe the maturity and progress of their responsibilities across ESG and DIB issues, from risk
DIB programs, the participating general counsel split into management, to communications, to value setting, to
three categories. One group characterized their programs refining recruitment strategies and implementing best
as advanced while another recognized the need for growth practices. As demand increases across these and an array
while celebrating recent progress. The remaining group of other areas, general counsel have a big task, but also
acknowledged that their programs are in the early stages an opportunity to continue serving their organizations as
and need additional support. impactful strategic leaders.
“In a very short period of time, the organization
has changed significantly and it has seen a strong
progression,” one lawyer said. “We are far along; we are
a beautiful reflection of our society, which makes me
very proud,” added another. “We are far ahead of many
other global organizations, from the board to all of our
employees,” said a third.
“We are allocating more internal time and external spend company, which has a rigorous and uniform approach
with law firms and providers to address the increasing that a specialized team manages; the company monitors
risk landscape,” advised one general counsel. “As a global it closely, and it is a significant area of concern,” said one
company, there is a limit to how much we can do internally, general counsel.
so we are leveraging outside resources, and our outside
counsel costs have increased,” echoed another. Some also use software to support management of outside
resources. “It needs to be automated, because for most
“We are always trying to find efficiencies in how we work enterprises, there is a long tail of vendors,” explained one
with resources that we already have; in many ways we respondent. “You need to define your vendor requirements
want to use data across the organization to see where we and use a proper vendor management system; we recently
are spending our time to identify which matters require a launched an application that includes all of our outside
lawyer’s support and where we can use other resources.” providers around the world and rates them on various
factors to establish some control on how those vendors
Given the high-stakes nature of the legal department’s position themselves,” said a peer.
reliance on external tools and providers, general counsel
are also focused on vendor risk management. Ninety-seven
percent of respondents said their organization has some type
of vendor risk management protocol. However, approaches
vary significantly, and 20% said responsibility for these
“We see more money going
programs does not sit within the legal department, but towards vendors and outside
rather with an enterprise-level risk management team, the
IT department, a supply chain group or the purchasing unit. counsel that help us
Those chief legal officers who have oversight apply
manage risks.”
varying levels of scrutiny, from incorporating vendor
risk management into their compliance efforts, to simply
requiring that vendors generally adhere to all applicable
laws. “Vendor risk management is a high priority for the
Several, however, cited the expense of new tools and the buying new tools, we want to use what we already have.”
need to maximize the value from prior investments as “We are not investing in new technology, but are expanding
barriers to procuring additional technology in the next our use of the tools that are in our existing portfolio,”
year. For example, one general counsel said, “Instead of echoed a colleague.
The General Counsel Report 2023: Global Legal Departments Alleviate and Respond to Critical Pressure Points
Incident response
75% 19% 6%
(e.g., crises, data breaches, etc.)
Other business strategy and risk management activities 43% 35% 13% 9%
Workloads Across a Wide Spectrum the previous two years of The General Counsel Report,
there appears to be a more engaged conversation about
As workloads have shifted and law department future use. Separately from the general counsel who said
leaders have enlisted help from internal and external they are looking at automation as a solution for capacity
professionals, much of the focus is now on contracting, constraints, 57% said they expect to increase their use of
with one-third of the participants reporting that they AI over the next few years.
spend at least 40% of their time in this area. Half spend
more than 30% of their effort on these issues. “There is “Law firms have for years been using AI in
an increase in transactions related to contracting, and
document review, and it is a matter of time
that is where many organizations are hiring,” explained
a participant. “We have scaled our sales team so we for that to expand to the corporate legal
are doing more with contracting, but we are trying to department. Though, you still need a human to
templatize our efforts to spend less time and be more offer judgment and wisdom, as you cannot have
efficient,” added another. a machine do everything.”
Most are otherwise spending 10-20% on compliance
monitoring, data privacy and information governance,
among other tasks. “We seem to be spending more time THE FUTURE OF AI
on vendor disputes or more litigious employees,” said one Do you believe you will increase the use of AI in
general counsel. the coming years?
This year, 20% advised that they are using some type of
AI, with a specific focus on either contracts, e-discovery
or privacy. While this number is steadily down from
2021
Professional Distancing
While most general counsel concede that their teams have 67%
thrived while working remotely over the past few years, No
45% advised that their organizations have experienced new
challenges associated with remote work. “We anticipate
an increase in the risk of data management because of less
oversight during the 50% of the time that the legal team is
not in the office,” said a participating lawyer. Several organizations are also experiencing more human
resources issues alongside remote work — issues that often
fall to the legal department.
“We are still learning what hybrid work
means and should mean, including the tools “The biggest challenge is to determine whether we should
allow employees to work from anywhere in the country
and strategies that work to engage employees.” given the need to comply with laws across the nation as
opposed to in our local jurisdiction,” said one participant.
In fact, 30% advised that prolonged remote and hybrid “It is hard to manage performance given that you are trying
work have directly influenced how they address their to balance trust of employees with overtly monitoring and
regulatory compliance and data privacy risks. “Whenever proctoring what they do. Ensuring that people are doing
you operate remotely, it adds risk similar to people working their jobs and that managers are following up regularly
in transit while traveling; the bigger risk is in effective is an issue,” added another. “We’ve had an increased
communication and collaboration,” summarized a leader. number of employee relations issues in the form of claims
Methodology
From August 2022, through September 2022, Ari Kaplan personally interviewed 30 leaders serving as the general counsel or
chief legal officer of their organizations. Forty percent work in organizations with more than $1 billion in annual revenue,
and 60% work for companies with more than 1,000 employees.
16.67%
$1.1 billion to 26.67%
$5 billion 1,000-4,999
16.67%
$5.1 billion to 23.33%
$10 billion $251 million to
36.67%
$500 million
Fewer than 500
13.33%
Less than 20%
$100 million 10,000+
6.67%
13.33%
13.33% 10%
Greater than 5,000-9,999
$10 billion
3.33%
$101 million to $501 million to 500-999
$250 million $1 billion
WHICH OF THE FOLLOWING BEST DESCRIBES YOUR ORGANIZATION’S PRIMARY BUSINESS ACTIVITY?
Construction 3.33%
Manufacturing 20%
Retail 3.33%
Transportation 3.33%
0% 10% 20% 30% 40%