© 2021 Lexplosion Solutions | *Private & Confidential2
“Enterprise risk management is .
a) a process,
b) effected by an entity’s board of directors, managementand other personnel,
c) applied in strategy setting and across the enterprise,
d) designed to identify potential events that may affect the entity,
e) and manage risk to be within its risk appetite,
f) to provide reasonable assurance regarding the achievement of entity objectives”*
Prologue
Committee of Sponsoring Organizations of the Treadway Commission (COSO) *This standard can be extended to managing legal risk
© 2021 Lexplosion Solutions | *Private & Confidential 3
Ideal Legal Risk Framework
Qualitative Model >
• Thorough Assessment
• Documented list of risk
opportunities
• Defined Risk Tolerance
• Categorisation and rating of risk
opportunities
• Structured risk control levels
• Well-defined roles and
responsibilities of all
stakeholders
• Documented Policies
• Constant evaluation
• Empirical Data
• Predictive Analytics
• Continuous Improvement
• Continuous awareness and
trainings
• Whistle-blower & incident
reporting options
Define & Identify
Assessment
Control & Execute
Report & Evaluate
Stage 01
02
03
Framework
Stage 02
Stage 03
Stage 04
© 2021 Lexplosion Solutions | *Private & Confidential4
Legal risk management is NOT azero-sum game. It does not have tobe all or nothing. Legal risk shouldbe managed to the best of theorganisations current ability andplans should be in place for risksthat cannot be managed
© 2021 Lexplosion Solutions | *Private & Confidential 5
Stage 1: Define & Identify
5
Define Legal Risk
• Set strategy for defining legal risk across all risk opportunities –determine broad vs narrow focus of strategy
• Qualitatively demarcate areas of legal risk
• Document / record all legal risk sources & opportunities along with sources (Legal Risk Register)
Identify Ownership &
Boundaries
• Determine the 3 levels of defence
• Identify respective functions/departments at each level & personnel under each
• Identify overlaps and gaps and address them effectively or plan for contingencies
Set Parameters, Tolerance
Levels & Goals
• Determine risk appetite of the organisation
• Determine risk tolerance at individual and department level
• Create rules for distinguishing between acceptable and prohibitive legal risks
• Set quantitative goals & targets for controls & assessments
© 2021 Lexplosion Solutions | *Private & Confidential
0
10
20
30
40
50
60
70
80
90
6
Source: Legal Risk Management | A heightened focus for the General Counsel – Deloitte Legal
Key Policy Areas Owned By TheLegal Function
-N
um
ber
of
org
aniz
atio
n s
urv
eyed
-
© 2021 Lexplosion Solutions | *Private & Confidential 7
Stage 2: Assessment
Assess & Quantify Risk
• Determine following parameters of legal risk opportunities/events:
a) Likelihood & frequency of occurrence
b) Consequences of occurrence
c) Risk rating for individual /group risk opportunities/events
d) Risk controls/processes for mitigation
e) Risk treatment – to avoid repeat events
• .
• Assess which legal risks can be eliminated, avoided, limited, reduced, separated, transferred, diversified, accepted
Document Policies
• Define and document policies covering all legal risk events – includes statutorily required & internal requirement driven
• Assign roles & responsibilities for the 3 levels of defence
• Define action/penalty for violations – level of tolerance, disciplinary action & procedure, penalties, legal action
• Create SOP’s for implementing policies
Resource Allocation
• Based on earlier stage of identification, allocate resources for legal risk monitoring/reporting based on level, skill/experience, function, reporting
• Ascertain budgets and financial considerations for implementing framework
• Determine tech availability –in-house & outsourced
Internal Awareness & Trainings
• Assess training requirements for creating awareness & sensitivity towards risks
• Set standards for trainings• Set training timelines and
frequency for trainings
© 2021 Lexplosion Solutions | *Private & Confidential8
Indicative Risk Assessment FormatRisk Particular Compliance Contracts
Risk Item Non-compliance of HR/Labour regulations
Deviation from pre-approved clause provisions
Opportunities Each compliance requirement(6 per month)
Each instance of negotiation
Likelihood Medium High
Frequency 6 per month 5 per month
Consequence Upto Rs. 10,000/- fine and imprisonment
Bound to unacceptable/unviable terms
Impact rating High High
Controls Personal checklist, outlook reminders, storing proofs of compliance
Mandatory review by at least 1 senior legal/contract team member
Treatment & Mitigation Planning
Internal investigation & adding checker Enforcing template use & setting process for reviews
Control Evaluation Not effective. To implement dedicated software system
Not effective. To evaluate contract management software
Review Last day of next quarter Every 45 days
© 2021 Lexplosion Solutions | *Private & Confidential9
Typical Legal Risk Opportunities/Events
ContractsCompliance Litigation Intellectual Property
AuditsCompetition Thresholds
Regulatory Landscaping
Competitor & Market
Landscape
Conduct of
Individuals or
Counterparties
© 2021 Lexplosion Solutions | *Private & Confidential 10
Stage 3: Control & Execute
10
Define Controls
• Define controls for every potential legal risk opportunity/event
• Group controls by type – preventive, detective & reactive
• Establish documented processes around every such control –revise/update policies, SOPs, process documents, improve training & communication material
Implementing Controls
• Involve all stakeholders and define controls for all legal risk opportunities as per identified Legal Risk Register
• Define ownership, oversight & execution responsibilities for all controls
• Prioritise controls based on risk rating • Determine assessment/review of all
such controls • Deploy tech solutions to the farthest
practical extent
Tracking & Monitoring
• Establish proof based reporting procedure
• Establish a committee/department for day-today oversight of controls
• Implement LegalTech products with legal risk focused solutions
• Establish escalation matrix
© 2021 Lexplosion Solutions | *Private & Confidential11
Specific Controls for Legal Risk Mitigation
Creating standard templates for contracts and prescribing playbook and process flow for deviations
Implementing contract management software for preventing breach related risks and to monitor deviation from templates in real time
Subscribing Updates services to stay up to date with ongoing changes and impact on legal risk
Implementing compliance management solution for monitoring compliance risk in real time
Standardisingbusiness team operations through SOP’s and trainings
Implementing litigation management software for monitoring litigation risk in real time, providing analysis of case outcomes, user performance & monitoring budgets
Conducting frequent, spot audits on business operations
Setting authorisation limits for spends, transactions
Procuring appropriate insurances for high legal risks
Driving trainings programs, recording trainings and evaluating attendees
© 2021 Lexplosion Solutions | *Private & Confidential 12
Stage 4: Report & Evaluate
Board oversight
• Regular reporting to the Board & senior management
• Regular input and strategy from Board & senior management
Internal & External
audits
• Self and third party assessment
• Unit based, law-specific and activity specific audits
Data analysis & intelligence
.
• Identifying weak links
• Assessing corporate and individual performance
• Assessing true “cost of compliance” across resources, fees, penalties and others
Detailed reporting.
• Task completion details split by activity & status
• Risk assessment at activity and status level
• Reports split by entities, units, functions and departments
• Monitoring progress toward achieving pre-defined goals
Continuous improvement
• Evaluating reports to identify improvements in process, resource usage, cost-saving and implementing industry best practises
© 2021 Lexplosion Solutions | *Private & Confidential 13
Summary
Define legal risk and its boundaries with other risk areas
Assess legal risk using a robust framework and define legal risk appetite at an individual and organization wide level
Create legal risk register recording all potential legal risk opportunities/events
Apply the three lines of defense model to ensure appropriate accountability, independence and assurance over legal risks
Create appropriate committees & report legal risks and the effectiveness of controls to the Board on regular basis
Use technology in the management of legal risk to provide broader risk and control oversight and real-time visibility across the organization
Create/review required policies, identify personnel & other resources, conduct appropriate sensitivity & awareness trainings
Involve all stakeholders & continuously evaluate the existing legal risk register and controls in place
© 2021 Lexplosion Solutions | *Private & Confidential 14
Lexplosion Solutions has significant knowledge & experience in creating legal risk framework fororganisations of all sizes and across sectors. Lexplosion expertise lies in implementing thesesteps to create effective legal risk framework for its clients
Identify By carrying out a thorough assessment of the clients business operations and spread and using its own domain, Lexplosion determines the various risk areas and defines them as per its practice.
AssessThrough a series of questionnaires, calls, and review of existing policies and processes, Lexplosion determines the clients current and required metrics and particulars for an effective legal risk management framework and assists in designing the same
Evaluate Through use of its several LegalTech SaaS products, Lexplosion dovetails the created risk framework into the clients operations to ensure seamless, accurate and real-time monitoring and evaluation of the clients risk controls and framework
Report Based on rich and analytical data generated from reports through its products, Lexplosion counsels clients on success of the framework and advises on corrective or improvement actions.
How we can help?
© 2021 Lexplosion Solutions | *Private & Confidential
4 Offices The Lexplosion Team Our Client Profile
• Kolkata
• Bangalore
• Mumbai
• New Delhi
50+ Lawyers
15+ Tech team
100+ Clients
250+ Engagements
13 Fortune 500 Clients
5 Fortune 100 Clients
LegalTech Pioneers
ABOUT US
16
2007
2008
2009
2010
2019
2020
2011
2012
2013
2014
2015
2016
2017
2018
Founded
Awarded cross-country
compliance mandate
Launched Audit/DD services VIC launched
Komrisk launched
Grows past 50 clients
Grows past 20 clients
Sets up internal IT
team
Launched Komplify
Grows past 100 clients
Launched Komplied
Launched Komlit & Komtrakt
Grows past 70 clients
KomsightLaunched
© 2021 Lexplosion Solutions | *Private & Confidential
Audit Management Software
Compliance Management
Software for SMEs
Compliance Management Software for Enterprises
Contract Management
Software
Litigation Management
Software
Audits/Due Diligence Virtual In-house Legal ResearchContract
ManagementLitigation Analysis
17
▪ Comprehensive LegalAudit: Covering All /Some Module(s) andAll / Some Unit(s)
▪ Focused Legal Audit:For specific Law/ (s)
▪ Operating Unit Audit:Corporate OfficeAudit, Branch Audit,etc.
▪ Statutory Research▪ Case Law Research▪ Multi-jurisdictional
Statute Surveys▪ Research
Memoranda andOpinions
▪ General Advisory▪ Contract
ManagementServices
▪ Litigation SupportServices
▪ Due DiligenceServices
▪ Compliance SupportServices
▪ Contract Draftingbasis Playbooks
▪ Contract Review▪ Contract Abstraction
and Summarization▪ Contract Risk
Analysis
▪ Tracking LegislativeChanges & PreparingComparative Notes
▪ Review of Documentsfor Relevance,Materiality,Confidentiality, etc.
▪ Risk Categorizationon the basis of pre-determined criteria
© 2021 Lexplosion Solutions | *Private & Confidential
Partial list of our clients
18Private and Confidential
© 2021 Lexplosion Solutions | *Private & Confidential
Qu
ali
fica
tio
ns
Indranil Choudhury
CEO
Siddharth SinghCOO
Pramod BhasinInvestor
Srinivas KilambiDirector
Sameer BediDirector
• M.St., OxfordUniversity, UK
• SMP ,IIM Kolkata• B.A.LL.B. (Hons.)
National LawSchool of India
• LLB, Universityof Delhi, India
• B.Com (Hons.)University ofDelhi, India
• CA from ThomsonMcLintock., UK,
• B. Com (Hons.),University of Delhi
• LLM, ColumbiaUniversity, USA
• B.A. LL.B. (Hons.)National LawSchool of India
• B.A. LL.B. (Hons.)National LawSchool of India
Ex
pe
rie
nce
• 23+ Years ofLegal/OperationalExperience
• Worked with GE,Genpact,Amarchand, &NDTV
• 22+ Years of LegalExperience
• Worked with GE,Genpact, Seth DuaAssociates
• Decades ofLeadershipExperience withGE and Genpact
• Founded Genpactand consideredfather of BPOindustry
• 23+ Years of LegalExperience
• Worked with GE,Genpact
• 22+ Years of LegalExperience
• Worked with GE,Ranbaxy
• Currently, Partnerwith SB Associates
Th
e X
Fa
cto
r
• WidelyrecognisedThought Leaderon Legal Issues
• Lexplosion’sRainmaker andSales Leader
• Rare Combinationof Lawyer +Process Expert.Six SigmaCertified
• Ensures smoothoperations/delivery
• Needs nointroduction!
• Supports inopening doors fortough clients
• Spends sizabletime on advisorysupport to us
• Legal Pundit.Works assounding boardfor our newproducts andservices
• Lawyer byprofession andSales person bychoice!
• Actively marketsour services topotential clients
19
Promoters and Investors
© 2021 Lexplosion Solutions | *Private & Confidential
HeadquartersLexplosion Solutions Private LimitedInfinity Benchmark, Floor 6, Office# 1, Plot# G1, Block - EP & GP, Sector V, Salt Lake, Kolkata- 700 091, IndiaT. +9133 40618083/84/85
Mumbai OfficeLexplosion Solutions Private LimitedAwfis, 10th Floor, Parinee Crescenzo, G BlockBandra Kurla Complex, Bandra East, Mumbai 400051, Maharashtra
Registered Office & NCR (Delhi) Lexplosion Solutions Private LimitedD-20 Hauz Khas, Ground Floor, New Delhi – 110016, India
Bangalore OfficeLexplosion Solutions Private LimitedRegus, CBD Bangalore, Level 9 Raheja Towers, 26-27 Mahatma Gandhi Road, Bangalore - 560 001, India
Visit www.lexplosion.inOr
Email to [email protected]
20
Contact Us
Lexplosion is also a Member Firm of Leading Indian Industry Associations