Preparing for the Inevitable Black Swan
September 07, 2023
The ripple effects of a black swan event can spread across the globe and affect entire industries, like the COVID-19 pandemic or the 2008 financial crisis. The effects can also be confined to a select few companies or even just one, as in the case of a cyber attack or high-stakes regulatory investigation.
Regardless of scale, every company stands to experience a crisis sooner or later. The difference between survival and extinction often boils down to how effectively the company can react and how it handles the fallout. Increasingly, that puts the general counsel (GC) in the hot seat. Already focused on balancing legal and business risks, today GCs are also being tasked as crisis managers.
Risk as Resource
Companies must be highly attuned to their risk landscape — that includes where vulnerabilities exist across commercial, reputational, political and legal realms — to get ahead of potential incidents early. Conducting proactive risk assessments can identify and address threat areas. Developing robust plans to respond and testing these resources to ensure they can go live if needed, positions the company to not only mitigate, but minimize, business disruption when a crisis hits. The GC should have a prominent role in this process, sitting at the center of multi-functional response teams.
The proactive risk assessment starts with assembling a team drawn from across the organization, representative of collaborative senior leaders who are credible and influential leaders. This team should understand the cultural and risk nuances unique to the organization and be aware of strategy decisions and new lines of business that may expose the company to risk. The GC is integrated among them on equal footing both for legal acumen and as a strategic partner.
The risk assessment itself originates from this cross-functional approach and incorporates two essential processes. One requires monitoring risk shortcomings areas across functions and coordinating legal questions with the GC regarding mitigation or compliance needs. Ultimately, the GC and the corresponding team should aim to develop the ability to sense even small things that might impose broader risks, alert management to rising issues and quash them before they escalate. Team members also track leading risk indicators outside the organization that may foreshadow a black swan event.
The second process involves conducting regular tabletop exercises at least once a year. By staging simulations that gauge crisis response, organizations can surface weaknesses as well as overlapping roles and responsibilities. Everyone on the risk assessment team should attend these exercises.
Speed is critical throughout every phase of crisis response. Some crises become evident almost immediately, like a cyber attack or an operational incident. Others take time to grasp the implications, like a data breach or money laundering — or even a pandemic. The more effectively the GC can react with well-informed decisions backed up by strong communications and data, the greater chance of keeping events from spiraling out of control.
Accountability and Transparency
Every company should have a bespoke crisis plan, unique to its business lines, its industry and its people from top to bottom. While the GC will not have a plan for every conceivable scenario, the planning process is indispensable for both management and the board to leverage when the worst occurs.
First, a company must be prepared to demonstrate accountability to all stakeholders — be it lawmakers, law enforcement, legislators, regulators, shareholders or employees. The message delivered is that the company knows what happened, is taking corrective steps, and that it is committed to preventing the crisis from happening again.
The company should also aim to demonstrate transparency to the greatest extent possible. This requires open communication about the actions that are being taken, the methods employed, and the resolutions stakeholders can expect. Depending on circumstances, showing concern and compassion for those who are impacted is also vital. Throughout, proceeding with intention and integrity is paramount.
Build the Ecosystem
GCs are under unprecedented demands. In fact, 60% of GCs in The 2023 General Counsel Report from FTI Consulting and Relativity reported they are under such pressure that they continue to rely heavily on external service providers for resources and expertise.
A robust ecosystem of experts with industry experience who can partner with the GC in any scenario can alleviate pressure by providing real-time recovery guidance and counsel. For example, consider the substantial risk around complex data and privacy regulations: Responding to a breach demands an in-depth understanding of compromised data, its location and the required steps that must be taken after an incident. Should regulators be alerted, and if so, when? What about affected individuals?
A forensic investigator who knows where to find and extract metadata from a system or external “off-channel” communications (such as WhatsApp) used by employees can support litigation defense, for example. If data is stolen from a company subsidiary outside the country, an expert in cross-border compliance laws will be invaluable.
There are crisis communications to consider. A strategic communications professional who understands the timing around engaging stakeholders, and can leverage existing relationships with regulators to meet their expectations, can mitigate damage and buy valuable time for full response by the organization.
While no one can accurately predict when the next black swan event will happen, assessing risk early with the GC as full strategic partner can mean the difference between being trapped in crisis mode and recovering and rebounding.
About The Journal
The FTI Journal publication offers deep and engaging insights to contextualize the issues that matter, and explores topics that will impact the risks your business faces and its reputation.