“I made friends and learned about the cultures of countries I’ve never visited.”
Dr. Sam De Silva, Partner at CMS, won the 2021 CGIUKI Award for Governance Champion of the Year in recognition of his work representing the British Standards Institute as the ISO Working Group Co-Convenor for ISO 31022.
ISO 31022 looks at the management of legal risk. What are the headline principles of which governance professionals should be aware?
It’s important to highlight that legal risk is a broad concept that we tried to define as widely as possible. People generally think that legal risk is about compliance with laws – a company’s regulatory obligations – but it’s actually about much more than that. Our definition encompasses: contractual obligations, for example, to suppliers; tortious risk, such as if you owe a duty of care to other parties; or misrepresentation which is a risk to any organisation making statements or promises to third parties or the public. All of these fall under the umbrella of legal risk in the new standard.
The key principles are set out in section 4 of the standard and are based on the eight principles outlined in the general risk management standard – ISO 31000. They have been applied to the management of legal risk specifically.
The standard is relevant to any organisation; it’s not sector specific. The guidance included in ISO 31022 can be applied by governance professionals to help support any risk-management system, hopefully improving corporate governance and minimising the chance of failures. The new standard is intended to support a more structured and consistent approach to the management of legal risk.
What are the benefits of having this new standard in place?
The benefit of the new standard is that it provides a framework which can be especially helpful in organisations that are less confident in the management of legal risk. It’s an aide-memoire for the process and provides a number of templates to use when considering risk-related issues. There’s often an assumption that legal risk is the responsibility of the lawyers, but it needs to be managed throughout an organisation. Governance and risk management professionals need to be involved as well; it’s organisation wide.
Another benefit of the standard is that it can be used to demonstrate good governance and good process; if there is an issue, an organisation can say that they are following the standard which shows they have at least attempted to manage legal risk and not ignored it. Our hope is that, in the future, insurance companies, for example, may reduce premiums for those who are following the standard.
What were the challenges when it came to drafting the standard and how did you overcome them?
I expect the challenges were similar to those that would be relevant for developing any international standard, for example, trying to achieve consensus across representatives from more than 80 countries, taking into account cultural issues and different perspectives.
Another challenge was keeping it as broad as possible because different countries have different laws and different legal systems – in the UK you have common law, the French have civil law, Germany has a codified system of law. We needed to try to develop something that could be applied across many different legal systems.
It’s fair to say that, at the start, some countries didn’t see the need for a specific standard for legal risk management when the broader ISO 31000 was already in place; bringing them on board was a challenge.
By their nature, ISO standards are developed with international input. What were the challenges of working with colleagues from around the world and what were the benefits?
There were definitely challenges related to working across a variety of cultures. For example, in some cultures people are less forthcoming in meetings which meant that ‒ in some instances ‒ I thought that they had agreed to something in a meeting but I received emails subsequently indicating otherwise.
We were also working with a group where English was not everyone’s first language, and on top of that we had to manage the time differences which necessitated numerous conference calls at quite antisocial hours.
The different backgrounds of those participating in the process can come into play as well. Sometimes countries would present someone who was not an expert on legal risk per se but maybe a risk management professional or an expert in another subject matter. In those cases, it was important to educate those attendees on the nuances of legal risk to ensure that they were able to participate and contribute effectively.
A positive was that I got to meet a wide variety of people. Over the four-year process, I made friends and learned about the cultures of countries I’ve never visited, so there was a fun aspect as well. When developing ISO standards, there’s normally one face-to-face meeting each year with around four or five virtual meetings. During the process of developing the ISO 31022 I had the opportunity to attend meetings in California and Azerbaijan. The next meeting was going to be in Barbados, but we completed the work before that one took place.
When I started, I didn’t realise how much work would be involved, but I think it’s important to have the opportunity to put something back. It was interesting work, not just technically but also from a people management perspective – managing different personalities and styles; on reflection, I would do it again.
I understand that you are passionate about diversity and inclusion and these elements were critical in the development of ISO 31022. How did you promote best practice in this regard?
I tried to ensure that everybody felt that they had a voice. If people weren’t speaking up, I made sure to encourage them to participate. One of the advantages of the ISO development process being quite long was that it allowed time to build up the necessary trust among the group. I found that once people got to know one another and trusted each other they became more forthcoming and honest.
Have you learned anything from your experience co-convening the working group that has changed the way you approach your day-to-day work?
Never agree to drafting by committee!
On a more serious note, I gained a lot of experience in people management. Part of my role as co-convenor was to convince people to try to accept things that they didn’t entirely agree with. I had to persuade them that the point they were raising had been acknowledged and addressed to an extent, even if not fully adopted. In that sense, the work was quite reflective of my day-to-day job as a lawyer. When I am negotiating, that persuasiveness has proven to be quite useful. I’m a commercial lawyer so my role is about reaching an agreement between parties – it’s not usually a win–lose situation. That’s exactly what we were having to do when we were developing the standard. But usually I’m only dealing with two parties instead of 80 plus.
What advice would you give to any readers who are interested in becoming more involved in the drafting of standards?
If you’re interested, you should get in touch with the British Standards Institute. Their website lists all of the standards that are being developed and it’s simple to contact them if you want to get involved. I’d caution people that it is time-consuming and voluntary work but if you’re really passionate about a specific issue and think you could add value, I would recommend it. Anyone can come up with an idea for a standard – that doesn’t guarantee that it will get published ‒ but if you think that your sector needs a standard, you can submit a proposal that will be circulated for approval by the member countries and if there is agreement that it would be useful, it might be developed.