What is Legal risk?
Legal risk is the risk arising from failure to comply with statutory or regulatory obligations.
Basel II classified Legal risk as a subset of Operational Risk in 2003. There is no standard definition, but there are at least two primary/secondary definition sets in circulation.
Legal risk is the risk of loss to an institution which is primarily caused by:
- a defective transaction; or
- a claim (including a defense to a claim or a counterclaim) being made or some other event occurring which results in a liability for the institution or other loss (for example, as a result of the termination of a contract) or;
- failing to take appropriate measures to protect assets (for example, intellectual property) owned by the institution; or
- change in law.
Legal risk is the risk of financial or reputational loss that can result from lack of awareness or misunderstanding of, ambiguity in, or reckless indifference to, the way law and regulation apply to your business, its relationships, processes, products and services.
There are two dominant approaches to defining legal risk:
- One is a broad definition of all business risks with legal consequences. This defines “legal” risk as significant legal consequences that flow from actions attributable to the business;
- The other is narrow, defining legal risk as risk originating in legal work product or legal uncertainty (which in turn has significant business consequences).
Some definitions extend legal risk beyond strictly legal consequences (e.g. the risk of prosecution, regulatory action, claims or the loss of contractual or intellectual property rights) and look to:
- reputational concerns (especially, how a company’s approach to legal obligations may be interpreted by non-legal audiences, most often captured in the idea of ‘aggressive’ tax avoidance); and,
- intra-organisational culture (e.g. should the definition of legal risk encompass not just complying with the letter of the law, but also complying with the spirit of the law?).
The potential loss that may occur to an investment as a result of insufficient, improperly applied, or simply unfavorable legal proceedings in the country in which the investment is made. For example, a country may have inadequate bankruptcy protection or, in an extreme circumstance, the government may be able to seize property without provocation. On the other hand, legal risk exists even in countries that operate under the rule of law: a court, for instance, may find against a company in a given lawsuit, creating a precedent for other companies with similar operations.
Legal risk areas can for example be grouped as follows:
- Compliance with legislation;
- Intellectual Property Rights;
- Litigation risk, risk related to the process associated with existing and potential litigation.
Types of Legal risk
Legal risk can be divided into categories of specific legal risk and generic legal risk. Specific legal risk is the chance, for example, that a contract between two parties would be considered unenforceable under the controlling legal authority (e.g., a contract involving the commission of a crime). Generic legal risk involves situations where there is no clear, controlling legal authority or where the law is unsettled on a particular issue. Catastrophe bonds and other recently developed insurance derivatives face generic legal risk because the legal and regulatory environment affecting these instruments is not yet subject to any clearly defined controlling authority (e.g., should a “cat” bond be regulated as insurance, an investment, or both?).
Legal risk is the potential for losses due to regulatory or legal action. There are several major types of legal risk:
- Regulatory Risk. A risk of changes to regulations that result in new compliance costs.
- Compliance Risk. The potential for fines and penalties for an organization that fails to comply with laws and regulations.
- Contract Risk. The potential for a partner, customer or supplier to fail to meet the terms of a contract resulting in losses. Contract risk can also result from your failure to meet the terms of a contract resulting in penalties or legal disputes.
- Non-contractual Rights. The potential for a third party to infringe on its non-contractual obligations to you. For example, a competitor who infringes on your patents.
- Non Contractual Obligations. The potential for you to infringe on a third party’s rights such as trademarks or patents resulting in legal costs and penalties.
- Dispute Risk. The potential for a legal dispute to arise as a result of your business activities.
- Reputational Risk. The potential a decline in reputation due to legal actions. For example, if regulators charge a company for breaking the law the company may lose customers, employees and investors due to damage to its reputation.
Legal risk management
Legal risk management refers to the process of evaluating alternative regulatory and non-regulatory responses to risk and selecting among them. Even with the legal realm, this process requires knowledge of the legal, economic and social factors, as well as knowledge of the business world in which legal teams operate. In an organizational setting, risk management refers to the process by which an organization sets the risk tolerance, identifies potential risks and prioritizes the tolerance for risk based on the organization’s business objectives, and manages and mitigates risks throughout the organization.