Legal Governance, Risk Management, and Compliance or "LGRC", refers to the complex set of processes, rules, tools and systems used by corporate legal departments to adopt, implement and monitor an integrated approach to business problems. While Governance, Risk Management, and Compliance refers to a generalized set of tools for managing a corporation or company, Legal GRC, or LGRC, refers to a specialized – but similar – set of tools utilized by attorneys, corporate legal departments, general counsel and law firms to govern themselves and their corporations, especially but not exclusively in relation to the law.[1] Other specializations within the realm of governance, risk management and compliance include IT GRC and financial GRC. Within these three realms, there is a great deal of overlap, particularly in large corporations that have legal and IT departments, as well as financial departments.
Contents |
Legal governance refers to the establishment, execution and interpretation of processes and rules put in place by corporate legal departments in order to ensure a smoothly-run legal department and corporation.[2]
Legal risk management refers to the process of evaluating alternative regulatory and non-regulatory responses to risk and selecting among them. Even with the legal realm, this process requires knowledge of the legal, economic and social factors, as well as knowledge of the business world in which legal teams operate.[3] In an organizational setting, risk management refers to the process by which an organization sets the risk tolerance, identifies potential risks and prioritizes the tolerance for risk based on the organization’s business objectives, and manages and mitigates risks throughout the organization.
Legal compliance is the process or procedure to ensure that an organization follows relevant laws, regulations and business rules.[4] The definition of legal compliance, especially in the context of corporate legal departments, has recently been expanded to include understanding and adhering to ethical codes within entire professions, as well. There are two requirements for an enterprise to be compliant with the law, first its policies need to be consistent with the law. Second, its policies need to be complete with respect to the law. The role of legal compliance has also been expanded to include self-monitoring the non-governed behavior with industries and corporations that could lead to workplace indiscretions.[5] Within the LGRC realm, it is important to keep in mind that if a strong legal governance component is in place, risk cannot be accurately assessed, nor can the monitoring of legal compliance be carried out efficiently. It is also important to realize that within the LGRC framework, legal teams work closely with executive teams and other business departments to align their goals and ensure proper communication.
Legal Consistency is property that declares enterprise policies to be free of contradictions with the law. Legal Consistency has been defined as not having multiple verdicts for the same case [6] . The antonym Legal Inconsistency is defined as having two rule that contradict each other.[7] Other common definitions of consistency refer to “treating similar cases alike”.[8] In the enterprise context, legal consistency refers to “obedience to the law”.[9] In the context of legal requirements validation, legal consistency is defined as, " Enterprise requirements are legally consistent if they adhere to the legal requirements and include no contradictions."[10]
Legal Completeness is a property that declares enterprise policies to cover all scenarios included or suggested by the law. Completeness suggests that there are no scenarios covered by the law that cannot be implemented in the enterprise. In addition, it implies that all scenarios not allowed by the law are not allowed by the enterprise.
Enterprise policies are said to be legally complete if they contain no gaps in the legal sense. Completeness can be thought of in two ways [11] : Some scholars make use of a concept of ‘obligational’ completeness such as Ayres and Gertner.[12] According to this usage, a system or a contract is ‘obligationally’ complete if it specifies what each party is to do in every situation, even if this is not the optimal action to take under some circumstances. Others discuss ‘enforceability’ completeness in the sense that failing to specify key terms can lead a court to characterize a system as being too uncertain to enforce (May & Butcher v the King 1934),[13] and hence a system may be complete with respect to enforceability. This leads to the following definition: enterprise regulations or requirements are legally complete if it specifies what each party is to do in each situation while covering all gaps in the legal sense.[10]
Initial interest in LGRC was driven by corporate legal departments, particularly after the financial crisis of 2007-2008 and the resulting likely regulatory climate.[14] Like the Sarbanes-Oxley act, legal industry thought leaders saw a need for a new framework for legal GRC, and borrowed heavily from IT, RIM and other industries to try to come up with new, clear processes and rules to make navigating the choppy waters of the post-financial crisis legal world go as smoothly as possible.
The Legal GRC Center for Innovation is a nonprofit institute for the advancement of the concepts and applications of Legal GRC. The LGRC Center for Innovation serves as a forum for legal industry leaders to discuss and determine ways to systematize and streamline governance, risk management, and compliance within the legal industry. The membership of the LGRC-CFI is made up of a group of [thought leaders] in the legal, business, IT, and RIM fields. They meet in online forums and at periodic conventions and summits to determine best practices for Legal GRC. The LGRC-CFI also publishes a blog and several industry-specific white papers regularly. The LGRC Center for Innovation addresses legal governance, risk management, and compliance exclusively.
The Institute On Governance (IOG), although it does not address LGRC exclusively, is a useful resource for knowledge on governance in general, and has collected some significant basics about legal governance online. The IOG is an independent, Canadian, nonprofit [think tank] founded in 1990 to promote better governance for public benefit. Through our research and services we help public organizations and societies realize their objectives by putting good governance into practice.
The Association of Corporate Counsel ("ACC"), formerly the American Corporate Counsel Association ("ACCA"), is an association of in-house counsel, attorneys who work for corporations. The association publishes the magazine ACC Docket and arranges one of the United States’ largest annual meetings for in-house attorneys. ACC was founded in 1982. It currently has more than 24,000 members from over 10,500 corporations in 77 countries.[1] The ACC does not address LGRC exclusively, but can be credited with laying some foundations for corporations – the original practitioners of governance, risk management, and compliance – and legal departments to begin to work together on overarching issues of governance, risk management, and compliance.