Protecting a Business from Legal Risks is a Management Role — With Lawyers as Supporting Cast, Not as the Director

After 12 years running two divisions at Whirlpool Financial, and then as an executive at GE — and having been a business lawyer before that, and thereafter — I have reached this conclusion:

Protecting the business from legal risk should be entrusted mainly to management — with attorneys accountable to the CFO, COO, or some other P&L executive in a supporting role.

This goes against the legal profession’s prevailing outlook; and corporate practice has long conformed to that outlook:

“Management of legal risk is a job for lawyers”.

But that outlook fails to prevent legal problems; and it leads to ever-increasing legal spending.


Protection from legal risks is not primarily something that attorneys should oversee. Of course, this function necessarily includes the company’s selection, deployment, and direction of lawyers inside and outside of the business. But lawyers lack training or experience in managing a company’s operations.

(By the way, I’ve supervised the work other lawyers — as associate general counsel, and later as a senior executive directing outside counsel on deals or the conduct of litigation. But if these amount to “management”, they’re very different from what I had to learn and apply in running a corporate division.)

So what difference does it make that lawyers are not managers?

First, the company’s lawyers lack the authority and reporting relationships needed to fix broken operations — and those are what create legal problems in the first place.

Acts and omissions of employees and other agents are what result in civil liability, regulatory exposure, or criminal jeopardy. And these are outside the scope of what lawyers — acting in their capacities as lawyers — can control or even meaningfully influence.

So, once they’re called in to clean up a legal mess after the fact, inside counsel and attorneys in law firms are hamstrung in preventing a recurrence. And that’s assuming that the legal profession is even inclined to try to prevent a recurrence — which they are not (a subject for elaboration in a separate blog post).

Management authority is wielded by … well … managers. The sales person who makes a fraudulent representation to a big customer, the forklift operator who collides with some one in the warehouse, or the executive who practices racial discrimination in hiring — none of these individuals report (directly or indirectly) to in-house counsel or to the company’s outside lawyers.

Assuring that a past debacle doesn’t repeat itself and result in bad legal consequences — though this of course requires guidance from attorneys in a support role — places a far greater call on the operational skills and administrative authority possessed by management.

Second, the fact that lawyers are not managers predisposes them to accept the dysfunctional ways that their profession’s business model prices and organizes its work:   

  • Hourly billing — Maximizing price, and keeping the client in the dark about what that price is until it’s too late to disagree with it;
  • Over-staffing and duplication of effort; and
  • Insertion of inexperienced recent law grads alongside lawyers who are qualified to do the work.

CFOs, COOs, or other P&L executives need to take the lead here. Because, although attorneys are irreplaceable for making legal judgments, management expertise is mostly found among P&L executives.

In the next post I address more deeply the first of the two elements of effective legal risk management cited above:

Prevention of legal problems before they arise — and the management capabilities that requires. 

Contact Information