Is Your Legal Department Creating Organizational Risk?
At the 2017 Global Ethics Summit, put on by the Ethisphere Institute, Caroline Rees of SHIFT spoke on a panel about business and human rights. When asked about differences in stakeholder management approaches between European and U.S. businesses, and why U.S. companies are not as far along as their European counterparts, she highlighted that U.S. lawyers have a more dominant role.
When business leaders want to audit their supply chain, for example, lawyers often warn against such initiatives in the absence of a regulatory mandate. But, as Rees discussed, the existence of human rights risk in your supply chain is not a secret — it’s just a question of when and how it will be exposed.
Her comment reminded me of various anecdotes and conversations I have had with peers that similarly highlight how the lawyers, when pursuing their duty as zealous advocates, can be blind to the risk (and costs) thereby created. When it comes to ethics violations and scandals, many feel that the lawyers won’t allow them to have in-depth conversations about the underlying causes of the violation, for fear of creating or documenting evidence. One CEO of a large corporation said that after a scandal, the tendency often is to put a bag over wrongdoer’s head and walk him about the back door, thus depriving the organization any opportunity to learn about root causes or perceptive insights. The lawyers in turn point to the regulators and prosecutors, who will take advantage of existing evidence of to build a case against the company.
The Fraud Section of the U.S. Department of Justice Criminal Division recently published guidance on how they evaluate corporate compliance programs. The first item on their list: root cause analysis. They include a list of questions they expect companies to ask themselves about underlying misconduct, including an inquiry into systemic issues that were identified.
This is a sign that when determining discipline for organizations, prosecutors may take into account as a mitigating factor whether companies and compliance programs make an effort to ask systemic questions, even when it can expose weakness in an organization. Companies must conduct culture audits and identify ethics risk before they become bigger problems.
As a lawyer, I have deep respect for the invaluable advisory role of lawyers. It’s imperative that they are included in strategic discussions and that compliance with law be paramount for companies. I can also see, though, how unintended consequences can result from deference to isolated rules or legal practice without consideration of the bigger picture system in which they are intended to operate — where one could miss the forest for the trees. In particular, if the culture of lawyering is inhibiting companies and their employees from learning from mistakes and creating informational feedback loops, it could unintentionally stifle growth and innovation.
Decades of organizational behavior and management research shows that only by becoming a learning organization can companies truly unlock potential for innovation and the ability to maximize employee talent. A key ingredient for organizational learning is feedback and critical self-assessment — understanding where there are areas in need of improvement and subsequently embracing change. When it comes to ethics, it means being honest about proactively identifying where corporate culture and practice is misaligned with the values that the company otherwise espouses in its Code of Conduct or other formal communications.
Digging deeper into an organization’s practices and culture before problems arise may bring up uncomfortable issues, but sincere efforts could help manage company reputation in the long run. For many, it’s a balancing act of finding problems before they cause disproportionate damage, and protecting the company from the downside of those problems.
I don’t suggest that the dynamics described above exist in all companies. My hope is that businesses will be cognizant of when legal advice may inadvertently create organizational risk, understanding how to learn from mistakes, ethical and otherwise.