Who Should Do What on Legal and Regulatory Risk?
The enterprise needs compliance systems and processes that provide early warning of legal and regulatory dangers, that trigger timely actions against those dangers, and that, ultimately, can prevent them from mutating into something worse. Those systems and processes should report up to the CEO, COO, CFO (a senior executive who possesses proven management capability), not to a general counsel or other practicing lawyer who lacks such capability.
One lesson of the Boeing 737 Max crashes, General Motors ignition switch tragedy, Blue Bell Creameries listeria outbreak, and dozens of similar compliance misses (see Part II of this IV-part series): in each case the C-suite was blindsided by a devastating legal or regulatory surprise, and Legal was excused from accountability for that surprise by an “ignorance defense” (Part III). Continue reading