Training colleagues: why it’s the best R.O.I. for an in-house lawyer’s time

On By Michael MilnesIn Legal Team Management

As we know, there are known knowns; there are things we know we know.

We also know there are known unknowns; that is to say we know there are some things we do not know.

But there are also unknown unknowns. There are things we don’t know we don’t know.

Donald Rumsfeld, former US Secretary of Defence

When it comes to risk assessment, Donald Rumsfeld had it exactly right with his explanation of “unknown unknowns”… 

 

We don’t know what we don’t know

Unfortunately, though, “not knowing” is rarely a defence for a business when it comes to a breach of a legal or regulatory obligation. 

How do most organisations manage their legal risk?

Organisations tend to need to engage legal help for two key reasons:

  • Proactive/preventative reasons.  The organisation’s management team wants to do something, and so wants to understand, minimise or avoid the legal risks of doing it.  This category might include doing a deal with a commercial partner, rolling out new technology or setting up a new process to comply with regulation.
  • Reactive reasons.  Something is happening to the organisation, and the management team want to know how best to respond.  This category might include being sued or investigated, or being threatened with sued or investigated.

Involving lawyers in the process, if not properly managed, can sometimes be time-consuming, expensive, and frustrating.  Common problems can include:

  • When engaging external counsel, high hourly fees and “bill shock” – where the final price doesn’t reflect the initial scope of work.
  • Lawyers might not understand the industry or the commercial drivers for the project. 
  • Legal teams can be under-resourced or under pressure – making them slow to respond or having to leave work until the last minute.

Not surprisingly, these service delivery problems tend to deter some organisations from involving lawyers until they have no choice.  A call to the lawyers is usually made late in a process.  It also assumes that the organisation has been able to identify that there is a legal risk involved.

This generally isn’t the smartest way for organisations to manage their overall legal risk profile.  If you think about a medical analogy – it’s the same as not knowing you have a health problem, or ignoring a problem until it becomes serious, and then only going straight to an expensive surgeon to get help.  This isn’t how we manage our personal health or medical risk.  Instead, we take preventative steps (diet, exercise and wellness) or we engage different levels of care as required (first aid, pharmacies, GPs).  And, even if we haven’t done it for a while, we know that being trained in first aid is a very good idea.  Indeed, organisations are required to have designated first aiders – and the level of their training is based on a risk assessment. 

So why is it that businesses often don’t approach their legal risk in this way?

Legal risk training gives a more effective ROI

In-house lawyers are busy people – there is never a shortage of urgent work that needs to be done, and priorities are always changing. But providing training on legal risk for managers and staff can provide a highly effective and leveraged return-on-investment. 

The returns include:

  • Lower risk of a mistake or legal contravention occurring.
  • The organisation avoids the costs of breach, such as penalties, damage to the organisation’s reputation, management distraction and legal costs.
  • Managers gain confidence in dealing with routine matters (reducing the need for lawyers to be engaged) and identifying when they do need to get help or ask more questions.
  • With knowledge of the legal requirements, compliance can be more easily embedded in the organisation’s policies and processes.  There is compliance by default. 

If lawyers do need to be involved, it will be quicker to go to the exact issues – rather than wasting time on basic issues.  The team is more likely to know the type of advice that they need and have a better idea of when and how best to access that help.

And if a breach does occur….

Although training should mean there is less risk of a contravention or liability, it can still occur.  Where there is a breach, the fact that the company has in place a training program can sometimes be relevant to the penalty being lower. 

For example, the Competition and Consumer Act (or “CCA”) is the national legislation that sets out the rules for commerce and trade in Australia.  One of the factors used by the Courts when deciding how serious a penalty to apply for a breach of the CCA is:

whether the contravening company has a corporate culture conducive to compliance with the CCA, as evidenced by education programs and disciplinary or other corrective measures

Re Trade Practices Commission v CSR Limited [1990] FCA 762 at [42]

Put simply – if something does go wrong, having evidence of having an effective training program in place is likely to lead to a lower penalty.

Under the Privacy Act, there are penalties if an organisation engages in a “serious or repeated interference with privacy”.  The Office of the Australian Information Commissioner (OAIC) is less likely to seek a civil penalty if the entity has taken its privacy obligations seriously such as by providing training. 

Other areas of common legal risk and cost for organisations include:

  • Emerging new regulation (such as modern slavery and foreign bribery risks).
  • Legal risks and disputes that arise out of everyday and routine operations (such as day-to-day marketing and business development, or entering contracts).

What are the options?

There are a range of options for organisations that decide to invest in training to improve their legal risk capabilities:

  • Appoint an internal champion.  Invest in a key person’s knowledge or skills – to be the organisation’s “legal first aider”.  It can be expensive to send people on external training courses, although some providers offer options that are open to the “public” and so shares the cost between multiple attendees.  The risk, of course, is if that person leaves, they take all that knowledge with them. 
  • Online training.  Online options are convenient, as they can be done at a desk and a time that suits the individual.  It also tends to be an affordable option.  In practice though, the effectiveness can be limited because people put it off, or don’t do it, and can be distracted as they click through the content.  There are no opportunities to ask questions, and sometimes the content has not been refreshed, so fails to capture the latest legal and commercial developments.
  • Small group training.  Provide a group of managers or front-line operational staff with a targeted small-group training session.  If the facilitator is an experienced lawyer, they will be able to answer questions specific to your organisation.  They will also be able to tailor the content to be relevant to your industry using case studies and examples.  Doing the training together as a small group gives the team a common understanding and a framework to use to discuss issues later.  It’s a great first step in raising awareness and compliance.  

If you don’t have enough people to make a small-group training session worthwhile, consider inviting a team from a key customer or key supplier to organise a joint session.  Both teams will learn, and it provides a great networking opportunity to strengthen your relationship.  Another option is to include the training as part of your next conference or team offsite day. 

Whatever option you choose, the organisation is making an investment in reducing its legal risk which provides a much better return.  It’s turning those “unknown unknowns” into “known knowns”.

Please note: The articles published on this blog are for general information purposes only. They are not legal advice! You should always obtain your own legal advice about your specific circumstances.

Leave a comment