Articles Posted in The Legal Aspects of Critical Enterprise Risk Management — A Gaping Hole in What Should be a Comprehensive Shield


Who Should Do What on Legal and Regulatory Risk?

The enterprise needs compliance systems and processes that provide early warning of legal and regulatory dangers, that trigger timely actions against those dangers, and that, ultimately, can prevent them from mutating into something worse. Those systems and processes should report up to the CEO, COO, CFO (a senior executive who possesses proven management capability), not to a general counsel or other practicing lawyer who lacks such capability.

One lesson of the Boeing 737 Max crashes, General Motors ignition switch tragedy, Blue Bell Creameries listeria outbreak, and dozens of similar compliance misses (see Part II of this IV-part series): in each case the C-suite was blindsided by a devastating legal or regulatory surprise, and Legal was excused from accountability for that surprise by an “ignorance defense” (Part III). Continue reading


As Part II of this four-part series illustrates, most C-suites and boards exempt the corporate law function from accountability for anticipating, preparing contingency efforts against, and decisively neutralizing — legal and regulatory dangers that have not yet mutated into full-blown lawsuits, agency enforcement actions, or some other catastrophe. In each of Boeing’s 737 Max crashes, General Motors’ ignition switch tragedy, and Blue Bell Creameries’ listeria outbreaks, this appears to have been the case.

The result in each situation was a gaping legal and regulatory hole in what should have been a comprehensive shield of company-wide, managed compliance. Leaving senior leadership open to being blindsided by devastating surprises.

In commenting on the General Motors ignition switch tragedy, former GE General Counsel Ben Heineman, Jr. has called this as the “ignorance defense”. Continue reading


Part I of this four-part series concluded: “So there is a gaping legal and regulatory hole in what should be a comprehensive shield of company-wide, managed compliance.”

Without experienced business leadership taking charge and managing compliance across the enterprise, and overseeing the systems and processes this requires, Legal is not accountable for any failure here. C-Suites and boards exempt their corporate law functions from any duty to anticipate, to make timely contingency efforts against, or to decisively neutralize, early-stage legal and regulatory risks. This allows such risks to mutate into full-blown lawsuits, agency enforcement actions, or other legal catastrophes before Legal turns its attention to them. Blindsiding senior executives.

Former GE General Counsel Ben Heineman, Jr. calls this the “ignorance defense”.

Consider three illustrative cases: Continue reading


Corporate law functions engage with critical enterprise risk in the same spontaneous, one-off manner that most individual lawyers do their work: ad hoc, case-by-case reaction to what someone else has already put in front of them. And that typically after an incipient problem has become a full-blown lawsuit, agency enforcement action, or other legal or regulatory catastrophe. (Attorneys can be brilliant, even heroic, at such fire-fighting.)

But unless a likelihood of calamitous lawsuits or crippling government corrective measures has been expressly red-flagged to the general counsel or some other lawyer, few C-suite teams or boards hold Legal accountable when they are blindsided by devastating legal and regulatory surprises. Former GE General Counsel Ben Heineman, Jr. calls this the “ignorance defense”. (In contrast to their dramatic and well-paid rush to a blazing building, lawyers don’t care as much about the hum-drum (and less well-paid) replacement of batteries in a smoke detector.)

So there is a gaping legal and regulatory hole in what should be a comprehensive shield of company-wide, managed compliance. Continue reading

In Part I of this two-part series I introduced Crew Resource Management — CRM — the basic aviation safety protocol as an effective tool to stop corporate misconduct at its source.

Several years ago I represented a pilot in an NTSB investigation. Working with three airline captains to prepare the case — they introduced me to CRM.

The ten-fold reduction in major accidents that coincided with CRM’s adoption between 1979 and 2009 was impossible to argue with (see Part I).

And Captain Sully Sullenberger of US Air Flight 1549 had written: “It was our CRM training that enabled my crew … to land on the Hudson River … and then safely evacuate 150 passengers ….”

Both aviation and business involve human beings working together.

And aviation isn’t the only sector where intimidation discourages effective communication and stymies teamwork.

Continue reading

Citing Wells Fargo & Co.’s “recent and widespread consumer abuses and other compliance breakdowns”, the Federal Reserve announced late last Friday that it, “would restrict the growth of the firm until it sufficiently improves its governance and controls”.

The Wall Street Journal called the Fed’s action “unprecedented”. Ian Katz of Capital Alpha said that it has, “put the fear of God into bank boardrooms across the country”.

As of this morning at least five Wall Street investment banks have shifted from bullish to downgrades on Wells Fargo & Co. following this news.

Serious consequences. And well-deserved.

But something less dramatic in this development may be even more significant for the business community.

The “I-didn’t-see-anything” defense to business misconduct may be under siege.

Continue reading

Contact Information