20 May 2019

Risk affects us all and we live in an increasingly risky world. Businesses need to understand risk, mitigate it and make the most of the opportunities it offers.

These were the issues discussed by a panel of legal and business speakers at Womble Bond Dickinson’s (WBD) ‘Disrupting Disputes 2.0’ spring event at the British Library. Chaired by the highly respected legal commentator, Joshua Rozenberg QC (Hon.), the panel took part in a highly interactive debate, introduced by Simon Lewis of WBD, which looked at a number of key questions on the way clients tackle risk from a variety of commercial, legal, technological, social and economic perspectives.

There were a range of views on offer, from local government, in the form of Alex Conway, assistant director at the Greater London Authority, to the Bar, in Chantal-Aimée Doerries QC, head of Atkin Chambers, and engineering, in the form of Alexandra Luck, a chartered engineer and cyber security expert Kieran Rigby, the global president for claims solutions at Crawford & Company, was equally well placed to discuss risk, having been involved in the claims arena after risk events had occurred for nearly 30 years.

The remaining speakers were Ellen Gregg, a senior trial lawyer and the vice chair of WBD’s US practice, and Nicki Shepherd, the general counsel of the firm’s UK practice, who both play active roles in managing client and internal risks, as well as, in Shepherd’s case, being responsible for compliance.

Significant sectoral risks

Rozenberg started proceedings by asking his panel about the sort of risks that are particularly significant in their chosen area, and how they assessed their impact. Their responses illustrated a wide variance, but also common themes, such as risk identification, assessment, and mitigation. Brexit, for example, was characterised as an unusual risk, one to be mitigated, while working with European funding or the performance of elections were seen as, by comparison, lower risk, institutionally, but higher risk, personally for Conway as the individual ultimately responsible.

Doerries, by contrast, focused her remarks on managing consequential, earlier, risks taken in the course of commercial relationships; these, she noted, could be “a design issue, or a funding issue,” but her imperative was “ensuring my clients are sufficiently aware early on that there may be a dispute, and understanding sufficiently early what the risks involved in that dispute are.”

As Gregg noted, in some industries, the risks of litigation are almost inevitable, such as pharmaceutical product liability claims. Lawyers, said Gregg, enter the picture when “risks have come to fruition”, into which “managing the risk of litigation is part of the costs of doing business”; indeed, Gregg noted, the scope of those risks had expanded greatly, to encompass regulatory proceedings, shareholder lawsuits, and mass tort claims.

Her colleague Shepherd, by contrast, stressed cyber-crime and the damage that may fall to the firm, should confidentiality be breached, safeguarding it against regulatory risk, as well as being aware of client risks, saying “we have got to look after our own, and also our clients.”

Luck mentioned reliance on technology as one source of risk; while it had improved efficiency, drove performance, increased productivity, and was increasingly embedded into business and personal life, it created risks from people with hostile intent, intent on acquiring data not meant for them.

Rigby, meanwhile, having made a career out of risk, mentioned both known risks, such as property and casualty risk, which were capable >of predictive analytics, but also new risks, such as climate change, issues around autonomous vehicles, and the risks of smart buildings and extended supply chains.

Gregg discussed the impact of such risks on large pharmaceutical companies, including the operational budget of her clients, such as staffing budgets. This involved, she said “a very significant analysis” individually as to the extent of the outlay, into which law firms were engaged, including strategies of how to mitigate risk, and settlement strategies.

Technology, noted Rigby, could help that process; the collection of data to assess risk was rather less difficult than processing the insights gained from it; properly analysed, data could deliver proper insights which have value for the risk management community; this was harder for pan-global risks, to which risk transfer models may be applied.

Mitigating and addressing risk

Rozenberg opened up the debate to consider the strategies appropriated to mitigating and addressing risks. That, he said, involved the quantification and early assessment of risk; to which process Shepherd added her own succinct insight; “it’s all about knowledge,” she argued, in understanding the risks faced, anticipating them, whether laterally, or otherwise, a sentiment shared by Doerries, who mentioned both the need for early legal advice and a sound litigation strategy, in “reassessing at a critical time, the likelihood of recovery, and the commercial consequences of what [clients] are doing.”

Risk review, Doerries argued, was as important as risk assessment, saying clients should “reassess at a critical time, the likelihood of recovery, and the commercial consequences of what they’re doing…. making sure that at each stage you reassess and have a strategy” for dealing with adverse circumstances.

Conway urged the use of a risk register to mitigate and address risks, relating it to his experience on elections, for example; while Luck stressed the sophistication of security-risks, and the need for a proper security infrastructure, “secure by design”, as well as appropriate learning behaviours; “The majority of cyber-security breaches occur because of poor personnel behaviour.”

Rigby mentioned Black Box Thinking, written by an airline pilot, following the unnecessary death of his wife in an operating theatre. The focus is about challenging professionals, and not allowing them to hide behind professional defensiveness; in the book, this is demonstrated to be for the good of all with much reduced errors, and reduced mortality rates in a healthcare environment.

Rozenberg then discussed these themes with his panel, citing contemporary instances such as litigation following airline crashes, class action settlement discussions, or significant infrastructure disputes, in a lively exchange of views in which Gregg, Doerries, and others all added their thoughts.

Implementing and addressing risk strategies

Next up, Rozenberg said, was the third question: “What issues commonly arise when implementing risk strategies and how are they addressed?” Conway gave a simple and clear answer; it was not to ignore the biggest risks, such as Brexit, resilience, and to prepare, adequately, for issues like a ‘No Deal’ exit, or flooding, and the like, saying that the UK government, from the Mayor’s perspective, “could have done a fair bit more” in preparation for ‘No Deal’.

Shepherd’s response was to flag up the pace of change; being prepared to take an adaptive approach, focusing on significant risks, constant assessment of the same, while minding the potential for uncommon risks to arise.

Those uncommon risks, said Rigby, such as one-in-a-century events, were happening rather more frequently than might be welcomed, such as flood; while mitigation strategies can be adopted, the use of technology could only go so far; others, he said, “needed the support of the state to effectively mitigate”, particularly with climate change, for example, government support for flood defences, or defences against state-supported cyber-attacks.

Luck stressed the need to make security welcome, accessible, and maintaining it. Despite being fairly rare occurrences, with admittedly high consequences, she made the point that malicious actors were ensuring a fusion of circumstances which they can exploit, which was, she noted, “quite a different risk to manage”. She told her audience: “You cannot eliminate security risk. You’ve got to accept that whatever you do, [risk] is going to be there. Accept that it is generally a rare occurrence but has a high consequence. But have an appropriate and proportionate response to it.”

To that debate, Gregg and Doerries added their own nuances. To Doerries, the importance of documentation; and speed of response were critical factors, “make sure the right people are in the room, recognising and assessing risk… and you give yourself the time to do that, before implementing [a decision].”

Opportunities and advantages in managing risk

Rozenberg, closed panel proceedings with his last question: on the opportunities that are offered by a high risk scenario, and how we can take advantage of them. For as Shepherd said, “Every risk involves benefits,” as risks should not stifle growth; she explained “If you properly assess risk, you can support that growth agenda, by building an infrastructure around it, to help gain the goal successfully; risk can be good.”

If Luck was more nuanced on this particular question, given that high risk scenarios were not great, from a security perspective, she said there are benefits to managing those risks, such as costs savings. For, as Gregg herself said, while fear motivates, “if you can use it in a positive way, if that risk does create some level of anxiety, it will help you change behaviours.”

Business risk, at a strategic level, could be a motivator, helping to define, and refine one’s activities; it could help one win a case, said Doerries, that one might otherwise lose; there was, for example, a risk assessment as to witness selection and deployment, which could require both justification and defence.

Conway, for his part, was – as a public servant – by definition, risk adverse - and acknowledged that risk management, by testing, could reduce the risk of known electoral faults, but also perhaps overlooking new risks. Risk transfer, said Rigby, was also changing; there were new risk transfer models, surveying the insurance options from parametric insurance, by which insurance was paid at a pre-determined value, and if an event occurred, the mere triggering of that event warranted a pay-out. Others were catastrophe bonds, offered by a range of providers, including traditional insurance carriers.

The discussion then moved to questions from the audience, which ranged from those defining climate changes as a risk dwarfing all others, on which there was no consensus from the panel, to the correct processes to identifying decision-makers, in what was a highly interactive debate, informing the audience on a range of related perspectives and scenarios.

Fittingly for a client audience, the audience also raised the question of the tools are available to mitigate the cost and risk of litigation such as alternative forms of retainer, as well as the use of technological solutions to do so.

Gregg told her audience the firm were using “technology very effectively to help manage not only the cost, but the outcomes [of litigation] and to create a predictive analytics model” in certain cases; she said “we use technology aggressively from matter management to the discovery process”, such as e-discovery, document review and production, predictive coding, and analysing statistical information.

The panel noted an increase in in-house lawyer recruitment, alongside relationships with outside law firms, which means “they can be more proactive and compliance focused internally”, before it gets to litigation, alongside consolidation of legal relationships, so they could be “experts on their company, and the industry… that client and their business, so that they are more aligned with them.”

There were risks that would be inherent to certain decisions – it was commonly acknowledged that of the various Parliamentary options for enabling Brexit, all were seen as riskier, in some sense, than the status quo of remaining - and discussion on the potential permutations of Brexit closed the event, following which Lewis thanked the panel, Rozenberg, and event staff for their work.

To view the PDF version of this article, please click here.