E-business: design an effective legal strategy and risk management framework

Feature

posted 2 Oct 2001 in Volume 4 Issue 6

E-business: design an effective legal strategy and risk management framework

The emergence of the so-called 'internet economy'(1) and the e-business (2) revolution necessitate a different way of thinking about the traditional way in which legal advice is provided to clients of law firms. In fact, some aspects of the practice and management of law as we know it today has to be fundamentally realigned to face new challenges and new models of businesses in the electronic business environment.

I hold the view that as e-businesses become increasingly entrenched in the fabric of our economic life, lawyers must go beyond being good 'legal technicians' and transform themselves into effective e-business legal strategists in advising their clients as the latter make their inroads into the e-business world.

While legal issues do not drive e-businesses most of the time, it is often one of the critical success factors. I would suggest that we need a new way of thinking about strategising legal service delivery in e-business for three main reasons:

1. Things move at a much faster pace in the e-business world than they have been in the brick and mortar world. Technology develops at such a rapid pace and the turnaround time for e-businesses is extremely fast.

2. E-businesses have instant global reach. With present day internet and communication technologies, the time taken by a client to set up his e-business can be a matter of weeks and carried out on a global basis in an instant. Imagine a client with legal risk exposures in multiple jurisdictions.

3. In e-business and in the internet economy in general, intellectual property rights have become a key corporate asset, often with values far exceeding some traditional corporate assets such as land. But, bizarrely, advances in technology makes the violation of such intellectual property rights (example through copying) so much easier. And who is best placed to help secure, protect and exploit such assets (which are legal rights) if not the lawyers?

The confluence of these three factors requires that lawyers rethink their role as advisers in the e-business environment. The fundamental question lawyers have to ask themselves about their role in the new internet economy is how they can add their greater value to their clients' business value chain. To put it another way, what business value can be extracted by the clients from the legal management process that are often driven by lawyers themselves. This is quite apart from the traditional role of the lawyers in providing sound legal advice on issues such as compliance, risk avoidance and litigation management.

Just imagine lawyers simply providing the traditional type of 'reactive' legal services to their clients, that is, they get involved only when the damage has been done. By the time a new e-business model is set up and transactions are carried out across multiple jurisdictions, lawyers who simply react to changing demands of their clients instead of proactively trying to help their clients manage their e-business effectively would find themselves become increasingly sidelined.

I would suggest that in order for lawyers to better serve their clients in the e-business world, they would need to take that first step in rethinking how they should provide legal services at the strategic level. This requires a new way of thinking about legal management approach and its impact on the performance of the clients' businesses. I call this approach 'strategic legal management'.

What is strategic legal management?

In the context of e-business, I would define strategic legal management as a series of actions and decisions taken by lawyers (whether in-house lawyers or practitioners in their capacity as external legal advisers) that result in the formulation and implementation of an enterprise's legally-related plans (3) that are ultimately designed to achieve the enterprise's e-business goals. Strategic management is often proactive, future-oriented and focused on the long term.

Elements of an e-business legal strategy

A strategic legal approach to e-business would normally contain the following elements:

The need to ensure that the legal e-business strategy is in sync with the enterprise's overall business vision and strategy,
A proactive risk management framework (preferably a structured one),
Fulfilment of the compliance requirements at the regulatory levels both at home and across other jurisdictions,
The standard protection of legal and commercial interests, including assurance of enforceability of transactions, tax-efficient structuring of e-transactions,
The protection of assets (particularly intellectual property rights),
The exploitation of assets for commercial value (for example through licensing of intellectual property rights),
The need to have a programme of action to grow the enterprise.

A starting point in the strategic legal management review in e-business would typically involve answers to the following types of questions:

Where is the enterprise now in terms of its achievements of its strategic legal goals? (for example to be market leader in the exploitation of patents that would increase shareholder value or to proactively secure and defend its intellectual assets in jurisdictions where it could extract the highest business value),
Where would the enterprise want to go? (eg, what business position to stake out and what financial outcomes the enterprise wants to achieve in, say, patent management),
How would the enterprise would get there?

The lawyers would then begin to chart the tasks for strategic legal management which typically involve the following steps:

Development of the enterprise strategic vision & mission (for example: to position the enterprise as the leading global patent leader),
Setting measurable objectives (to secure patent registration in key jurisdictions),
Designing and implementing the strategy to achieve those objectives,
Assessing performance during the execution phase.

At the senior management level, the translation of the strategic goals into specific plans of action in turn typically involves answers to the following questions:

What are the legal risk exposures and how can the lawyers help the client run the business without risks or with less risks?
How can the management of the legal affairs of the enterprise be carried out in a manner that would strengthen the enterprise's competitive advantage?
How to meet the expectations of the stakeholders of the enterprise (eg board of directors, shareholders),
How to achieve performance targets (eg, successful protection of intellectual property rights, successful defence of suit, etc) within a specified time frame,
How do we secure adequate legal protection without having to pay too much?

Finally, at the operational level where the day-to-day servicing of clients are carried out, the sort of questions raised are:

If we take this business direction or if we choose this business model, what are the legal requirements and how can this be achieved?
What sort of agreements should be drafted?
What specific terms should be included?
What are the chances of success in the claim against a certain party? (If this is a litigation matter).

Applying legal strategy

Now that we have covered the different levels that need to be addressed to evolve the parameters in the design of an e-business legal strategy, how does it apply in practice?

First and foremost, a strategic legal approach in e-business would invariably require that lawyers as advisers to e-businesses take a 'big picture' perspective, focusing on how legal strategy and techniques can better achieve their clients' business goals.

Take the following scenario as an example. A company may have assets such as its intellectual property rights that may be protectable and registrable. But there are a variety of strategies and complementary approaches that can be considered to obtain the best possible protection, and to enhance the possibilities of commercialisation of those intellectual property rights.

In this scenario, the lawyer could advise the client that while filing a patent allows the client to exploit it commercially through licensing, it is a limited protection strategy in terms of tenure (say typically for 20 years) when compared to maintaining the client's intellectual property rights in the form of a trade secret in which the 'tenure' of protection is indefinite. But maintaining that intellectual property right as a trade secret makes it relatively less exploitable as a commercial asset. So there are pros and cons that must be considered. However, it is essentially a business decision for the clients to make and the lawyer's role is to advise on the best course of action to take to achieve the client's business goals.

Take another example of how an e-business legal strategy can be put into practice. Say the electronic marketplace is rapidly evolving in a particular sector, for example, finance. The emergence of new technologies could give rise to new potential business models. Such business models could emerge overnight and businesses would invariably try to transform themselves to exploit such opportunities.

But if the legal compliance factor is not addressed proactively, the client may not be able to fully exploit the opportunity when it arises, and may even take unnecessary legal risks to gain first mover advantage in this e-marketplace. In this sort of scenario, an effective and proactive e-business legal strategy would ensure that the client is made aware of the compliance requirements at the time when it is required most, that is, in the preparatory or planning stage.

Managing legal risks in e-business

When it comes to the practical application of an e-business legal strategy, nothing can be more important than the role of lawyers in the design of an effective legal risk management framework for their clients. Given the nature of e-business as described previously, there is a need to design a proactive and structured legal risk management system that not only protects the client's legal interests, but one that would eventually help achieve the commercial objectives of the enterprise.

Lawyers will continue to play a critical role in advising their clients in managing such e-business risks, particularly those with cross-border transactions. Such legal risk exposures comes in the form of legal problems that e-businesses and their advisers often face in the form of liability issues pertaining to:

The formation of contract in cyberspace, particularly in jurisdictions where e-business legislation is either non-existent or unclear,
The need to protect intellectual property rights or e-assets such as patents, trademarks, domain names, copyrights and trade secrets,
Regulatory compliance with the laws and regulations in multiple legal jurisdictions,
The sheer complexity of managing different and varied legal risk exposures across multiple jurisdictions.

Need for structured risk management

As part of an effective e-business legal strategy, such legal risk exposures should and can be managed in a structured and proactive manner. It also helps if e-businesses themselves use information technologies (example in the form of software applications) that allow the enterprise to better manage its legal risk exposures across borders in a systematic way.

What is structured risk management?

Structured risk management is a process of identifying and managing legal risk exposures and taking proactive steps within a clear framework to avoid and/or minimise such forms of legal risk liabilities.

Types of legal risks

There are essentially two types of legal risks in e-business - the direct and the indirect. The direct legal risks involves potential liabilities in relation to:

Compliance requirements at the regulatory level (both at home and in foreign jurisdictions in regard to the legislative and regulatory environment),
Contracting parties (breach of contract),
Third parties (example violation of intellectual property rights),
The enterprises' own employees in their dealings with third parties that may lead to potential liabilities for their employers.

Technical risks

The indirect legal risks in turn are those risks that flow from technical risks such as:

Poor system design or architecture that may result in system failure and leading to potential legal liability for the software developer for instance,
Computer viruses that may cause the whole network to collapse leading to legal liabilities of service providers,
Intrusion by hackers and other criminal activities like theft or corporate espionage, which leads to potential legal liability for both service and content providers.

For 'technical' risks, the focus of this article is on the legal implications that flow from it. To do this, we need to distinguish between risk events, its impact and its legal consequences. For example, hacking (the event) leads to security breach (an impact) and this in turns leads to potential legal liability exposure for the service provider for failure to assure security (the legal consequences).

The practical steps

So how does an enterprise carry out this structured approach in legal risk management and what should the role of lawyers be?

First, the enterprise must determine the awareness level at both the institutional (corporate) and personal (employee) levels.

Second, a legal risk audit should be carried out by lawyers across the enterprise covering every aspect of corporate work including review of documentation, seeking legal advice confirming compliance with prevailing laws and regulations and review of corporate e-policy including employee terms of contract.

Third, the risk exposures must be carefully identified and evaluated by senior management of the enterprise together with the guidance of lawyers. These exposures would then be prioritised in accordance with their gravity or seriousness. Trigger events should be clearly identified and warning mechanisms put in place.

Last, but not least, wherever possible, enterprises must use software or other such IT management systems that would help manage the whole legal risk management process in a systematic and productive way.

Components of a legal risk management system

Taking into account the above practical steps, the key components that constitute a sound legal risk management system can be summarised as follows.

An overall strategy has to be designed at the most senior level that meets and gels with the enterprise's vision and mission,
The enterprise risk management framework must decide on the methodology for proactive management of such legal risk exposure and decide on the acceptable level of risk tolerance. This framework should include the tools and the system for management and decision support,
There have to be tangible programmes to implement and manage these risk exposures,
There has to be the element of scheduled review, adjustment and constant monitoring of the changing legal and technical environment.
A budget for legal risk management must be set aside.

An effective e-business legal strategy and a well designed legal risk management framework will increasingly become a common feature in the portfolio of good corporate governance practices in e-businesses. All things being equal, investors are more likely to be prepared to pay a higher premium for enterprises with a coherent and effective legal strategy, as well as an auditable structured risk management framework.

Zaid Hamzah is an advocate & solicitor of the Supreme Court of Singapore and he is the managing director of i-Knowledge Technologies Private Limited, Singapore (http://i-knowledge.com.sg), a legal technology solutions provider. He is also an adjunct lecturer on strategic management of legal issues in e-business at the Graduate School of Business at the National University of Singapore. Hamzah can be reached at zaid@myelaw.net.

1. Component of the economy where goods and services are bought, sold and transacted using the internet as the main mode of delivery including related industries involved in the following four layers: IT infrastructure layer; applications or software layer; intermediary layer (eg, broking and marketplace provider); and the web commerce layer.

2. E-business is simply defined as businesses including commercial transactions (or e-commerce) that uses the internet as the main mode of delivery from marketing and promotion, sales closure and payment for goods and services.

3. The planning phase includes defining the enterprise mission, performing internal analysis and evaluating the external environment. During the implementation phase, legal managers for example would select an appropriate strategy based on the information gathered in the planning phase and translate the strategy into organisational actions.