Managing Risk

Legal Risk Management

Businesses that do not comply with the law, or do not implement and adhere to effective systems of governance, internal control and audit, expose themselves to significant regulatory, legal and reputational risks.

For the first post, we would like to bring to our reader’s attention one of the most important factors in the success of a business: Effective risk management.

Risk management is the art and science of preventing risks, and minimizing and effectively dealing with risks if and when they arise. Rigorous risk management is an essential element of good governance.

The three pertinent categories of risk are briefly described below.

Regulatory risk

or “legislative and regulatory risk”, is the potential that a change in laws and regulations will materially impact a security, business, sector or market. A change in laws or regulations made by the government or a regulatory body can increase the costs of operating a business, reduce the attractiveness of investment and/or change the competitive landscape. Applied globally, regulatory risk means the risk of operating or investing in a country where regulatory changes may have an adverse impact on earnings or returns.

Regulatory risk occurs when an organization fails to comply with laws or regulatory requirements. These requirements exist in virtually every industry and are specific to it.

Legal risk

is the potential for loss that is primarily caused by:

  1. the uncertainty of legal proceedings and potential legal proceedings;
  2. a defective transaction or an unenforceable agreement; or
  3. a failure to adequately protect the business’s assets.

Where legal risk results from litigation, significant losses are possible regardless of whether a claim is successfully defended. Even a successful defence will incur substantial legal costs. Worse, losing a court case could expose a company to a considerable judgment award.

If a claim, whether an ordinary lawsuit, a derivative action, or a class action, is brought against a company and/or its directors, then management’s time and attention is diverted from running the business and earning profits. In addition, the out-of-pocket costs associated with the defense of the claim (legal fees, experts, public relations firms and other consultants) can be huge. Share prices can even be affected.

Reputational risk

is the potential for operational disruption or other damage to an organization resulting from a loss of its standing, reputation or trustworthiness. Some recent famous examples of companies whose reputations were damaged are BP, Toyota, Goldman Sachs, Enron, Arthur Andersen LLP, RIM and Maple Leaf Foods.

Regulatory and legal risk and reputational risk are clearly related. Defending and/or losing a court battle or not complying with laws and regulations may adversely impact an organization’s reputation. A variety of areas can be negatively affected if a business’s reputation is tainted. A loss of reputation may affect the organization’s customers, investors, market analysts, distribution intermediaries, alliance partners, regulators, the media, the general public or anyone who can have an impact on the organization.

For instance, an infamous business might struggle to attract new customers and keep existing ones. Consequently, revenue and profitability could decline.

A private company that is “de-valued” and that is part of a corporate group may find it harder to get capital infusion from its parent or to compete with other subsidiaries in the group for capital from the parent. It might even be sold off.

A public company might find it more difficult to raise funds in the equity markets if its reputation is tarnished.

These are just a few of many examples of the possible fallout from a loss of reputation.


To manage regulatory, legal and reputational risks, a successful organisation must first identify all potential risks, which comes from clearly understanding your business. The next step is to implement internal mechanisms and safeguards to minimise the occurrence of risk-inducing events.

From a legal perspective, the very first act of risk management in the life of a business is choosing an appropriate business structure. Whether a sole proprietorship, partnership (general or limited), corporation, unlimited company, or joint venture, the nature of the business structure could significantly impact the potential risks of the business’s stakeholders.

Depending on your business’s nature, stage of development and industry, identifying and managing risk varies in complexity. Dealing with risk is easier if you adopt a methodical and analytical approach.

This post gives information only, not legal advice. If you have a legal problem or need legal advice, you should speak to a lawyer. For more information about risk management fundamentals in your industry and for assistance in systematically analyzing your business to identify risks, please feel free to contact us.

Notary Public in Richmond Hill

Posted on by Behdad Hosseini
  • Post Archives