Perspectives

A seat at the table

The roles of the legal department in corporate policy

The CLO’s role goes far beyond “mere” compliance with law. At many organizations, the CLO plays a key role in helping leadership understand the risks that policies are designed to address and the opportunities that they provide. Here’s where the CLO needs to have a seat at the table.

Legal entity management and the CLO

Companies are increasingly examining (or reexamining) their roles and policies in areas such as:

  • Environment, social, and governance (ESG) matters
  • Diversity, equity, and inclusion (DEI)
  • Privacy

They are doing so for several reasons, including expectations from investors, employees, customers, and other stakeholders, as well as regulatory requirements. Companies whose policies do not address these expectations or requirements may risk reputational and other forms of damage, affecting revenue, profitability, and the ability to attract talent, among other consequences.

Appropriate policies that are disseminated throughout the organization, interpreted, kept current, and consistently enforced may not eliminate these and other risks. However, they can mitigate them and create value at the same time, such as by assuring employees that polices are in place and informing them where they can be found.

Drafting “appropriate” policies is a critical step, but it is only a first step. Even the best policy will not mitigate risk or create value if no one knows about it, if questions about its meaning or interpretation are not addressed, if it is not kept current, or if it is not consistently enforced. As a result, organizations typically need to look beyond a policy’s creation and consider how its policies will be disseminated, interpreted, updated, and enforced once they are in place. Beyond that, publicly held and some other companies need to be able to communicate their policies and achievements in ESG, DEI, privacy, and more to investors and other stakeholders.

Where does the chief legal officer (CLO) and the legal department fit into this process? We suggest that they have a seat at the table—and that, sometimes, that seat needs to be at the head of the table.

DEI, ESG, and the legal department's role

A role beyond legal compliance

As illustrated previously, the CLO’s role goes far beyond “mere” compliance with law. At many organizations, the CLO plays a key role in:

  • Helping leadership understand the risks that policies are designed to address and the opportunities they provide;
  • Communicating to leadership the expectations of both external constituencies (including investors, regulators, customers, suppliers, and other stakeholders) and internal constituencies (such as the workforce);
  • Developing strategies to address risks and the expectations of those constituencies; and
  • Communicating to those constituencies how leadership is addressing risks and expectations.

Moreover, to the extent that CLOs oversee governance at subsidiaries, both domestic and foreign, they are in a unique position to perform similar functions with respect to policies on a global basis throughout the organization

Questions for the CLO and legal department

Who in your organization is responsible for informing leadership about risks, including those arising from ESG, DEI, or privacy matters? Who develops approaches to addressing these risks? If it is not you or the legal department, do you have a role (a “seat at the table”) in these processes?

Have you participated in demonstrating that policies such as DEI, ESG, and/or privacy can add value? If not, what might you do to become involved in that process?

What is your role, or that of your department, in developing corporate policies? Would you characterize this role as active (i.e., direct participation in developing these policies) or passive (i.e., limited to reviewing someone else’s efforts)?

How does your company provide training throughout the organization on its policies? What is your role (or that of your department) in that process? If it is limited, what actions might you take to enhance it?

Who is responsible for enforcing policies, including developing appropriate disciplinary actions, and seeing to it that they are applied consistently? If it is not you (the CLO) or your department, do you have any role in this process?

Do you enlist the support of other counsel (internal or external) to keep you abreast of legal and regulatory developments that may necessitate changes to your policies? If so, do you enlist this support in all jurisdictions?

Do you take proactive measures, through risk sensing or other means, to obtain real-time metrics and information related to reputational risks and noncompliance matters?

How does your company develop required and other communications around your ESG, DEI, and privacy activities to demonstrate that your company is “state-of-the-art” in these areas?

Fullwidth SCC. Do not delete! This box/component contains JavaScript that is needed on this page. This message will not be visible when page is activated.