At the CEE Legal Matters GC Summit in Istanbul, legal experts from across the region and beyond tackled the importance of crisis management – even when nothing is burning. Summit attendees were briefed on how companies can navigate gray areas, manage global supply chain disruptions, and, overall, be prepared for whatever comes their way.
Weathering the Storm
The ever-changing corporate landscape prompts companies to be prepared for any kind of potential crisis – at all times. From environmental disasters to accounting fraud, there is no shortage of risks that could cause management more than quotidian trouble – especially with the uptick of cybersecurity threats and attacks.
Discussing the essential notions of how companies can prepare for all that’s out there, legal experts from all across Europe sat down at the Summit and shared their insights during a panel talk that included Slaughter and May Partner Jonathan Marks and Associate Olga Ladrowska, TurkNet’s Merve Oney Barlas, Henkel’s Selin Evrem Pattni, and Domino’s Turkey’s Muge Bulat Cetinkaya.
To put the crisis management discussion into practical context, the panel introduced a fictional scenario. The scenario involved an employee unknowingly downloading ransomware from a phishing email, which resulted in company data being collected and the attackers demanding a substantial ransom payment in bitcoin. Ladrowska, who was moderating the panel discussion, observed that “various factors, including cyber-security threats, a growing culture of accountability, and increased regulation, mean that there is no limit to what the issue causing a corporate crisis can be, and in-house and outside counsel need to be prepared to respond to a variety of different situations.”
Discussing cybersecurity, the panelists stressed the importance of associated cyber insurance and its increasing momentum. “It can be difficult to obtain adequate insurance coverage,” Marks said, “seeing as how insurers worry about their own exposure due to high numbers of state-backed cyberattacks. Additionally, premiums are getting higher every time there is a cyber incident, so these two effects compound.” Furthermore, all panelists stressed that “companies ought to communicate effectively with their insurers and make sure they are within the terms of the policy they have. However, always be vigilant – the attackers may align the requested ransomware payment to match the level of insurance the company likely has.”
Providing for the existence of adequate insurance, having a plan in place, and reducing the risk of being hacked as a consequence, the panel agreed, is all part of a director’s duties within a company. “Businesses should make sure that directors are acting in accordance with their duties both before and during the actual crisis,” Cetinkaya stressed.
Focusing more on the specific framework within which in-house legal counsels find themselves during a crisis period, the panel participants concurred that speed and precision are of the essence. “Making sure that regulatory obligations are complied with by definition, informing the requisite regulatory bodies of the issue, as well as reaching out to customers and stakeholders immediately – this is what the crisis-reaction agenda should look like,” they said. Of course, there is much to do before the actual crisis strikes.
In the case of the cybersecurity attack example, the panel indicated that “providing cybersecurity training to employees would minimize the financial impact of the breach – preparing the groundwork for quick reaction over a multitude of potential issues is crucial.” Moreover, it was stressed that, consequently, the role of in-house counsel has shifted to a more specialized one on account of “highly regulated markets and the frequent cost-cutting measures that companies undertake.”
The panelists agreed that in-house counsels now have significant responsibilities that include “supervising executive committees, handling legal issues across industries, and serving as survival kits for companies in times of crisis,” Barlas outlined. “There is a much higher expectation of knowledge and expertise these days – as well as a much more evident need to work hand in hand with external counsel to provide quality legal advice.” For this reason, Barlas concluded that fostering relationships with external lawyers could lead to “ensuring that the right kind of external expertise is enabled.”
Supply Chain Management
Given the occurrences of the past several years, supply chain management has become increasingly complex, with businesses facing multifaceted challenges almost daily, including wars, transportation interruptions, raw material shortages, and the global pandemic. According to Henkel’s Selin Evrem Pattni, these challenges are impacting companies’ operations in different ways and require proactive measures to ensure continuity.
“With the wide plethora of particularities and specificities that global supply chain management structures face, it is advisable to have a diverse approach on the side of in-house counsels,” Pattni said. “Legal departments play a significant role in managing supply chains, requiring businesses to navigate different jurisdictions, local and regional regulations, and customer preferences, both in B2B and B2C operations.”
To ensure business continuity, Pattni advised engaging external legal experts at “crucial stages (i.e., sanctions, tax, and insurance requirements). Other than the traditional way of working, law firms are becoming more specialized in working within particular frameworks, at a level commensurate with how global markets are becoming more specialized themselves,” she said. “Developing their expertise in digitalization, including analytics, visualization, sensorics, and robotics, for example, allows law firms to better understand the potential risks and opportunities in supply chain management – which could provide the in-house legal team with invaluable help to navigate the operation.”
Indeed, Pattni went on to stress that the necessity for legal expertise is quite high, especially when it comes to “drafting supply contracts. It is essential that these are drafted with sufficient detail to avoid any misunderstandings and/or disputes that may arise,” she said. “Moreover, contracts should be reviewed on a regular basis to ensure they remain up to date considering the market dynamics and thoroughly compliant considering the frequently changing local regulations,” she concluded.
Operating in Gray Areas (in Highly Regulated Industries)
Another potentially problematic area to navigate a company through, from a legal perspective, is within highly regulated industries. With regulatory frameworks shifting continuously to keep up with the changes in technology and society, which are often dynamic and sophisticated, accurately identifying their gray areas can be a daunting challenge to begin with. Shedding some light on the matter during the GC Summit was Takeda’s Inan Ozcan.
“This landscape of complexity can make it difficult to know how to act, but it is important for businesses to take a proactive approach to ensure compliance and maintain ethical standards,” Ozcan said. She strongly emphasized the need to consider other factors beyond the law when navigating gray areas. “This includes government policies, regulators’ position papers, industry associations’ guidelines, administrative and criminal investigations, the warnings and penalties issued as a result of those investigations, room for lobbying efforts, and court decisions – to name but a few. Whereby, the tone, the depth, and the direction of all the above would be quite decisive and can bring guidance to assess the scope of risk appetite.”
Additionally, it is also important to understand cultural differences in the interpretation of the law, particularly when operating across borders and in diverse communities: whether it would be safe to “freely explore the alternative options and test our limits when a matter is not yet regulated, or we would rather expect the adoption of statutory codes of law to enlighten the manner in which to act in certain, numerus clausus, pre-determined areas of freedom” she stressed.
Acting in such a pre-emptive manner, however, is no small feat, and Ozcan stressed that a “disciplined approach to having established a good, functioning corporate governance model, proper decision-making mechanism, full clarity on the empowerment and accountability, and a commitment to doing the right thing” is paramount. “Businesses must also make a distinction between what is legal and what is ethical. This requires a focus on the values and principles that guide decision-making, rather than simply following the letter of the law,” she continued. “As laws and regulations continue to evolve and become more complex, the role of Legal is becoming more critical not only in adjusting the ways of working whilst navigating these changes in an agile manner, but also in unfolding the opportunities to implement and further expand the business strategies in restricted fields. It is up to legal professionals to stay informed and up to date on legal developments, while also considering the broader societal and ethical implications within the ‘living law’,” she concluded.
This article was originally published in Issue 10.7 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.