Regulatory compliance in the auto finance industry, or financial services in general, is challenging enough under “everyday” circumstances. Crisis scenarios only amplify opportunities for legal and compliance risks to slip past. However, advance attention to the carefully scripted interplay between corporate legal and compliance departments can calm the storm amid a crisis, and even encourage the kind of decision-making that serves organizations well under normal circumstances.
Drawing the lines for business as usual
Understanding the interplay between, and responsibilities of, the legal and compliance departments is important to delineating the relationship between the departments. The respective roles are typically divided as follows:
- Identify and interpret legislation, regulation and case law
- Communicate legal requirements and grey areas
- Assess and quantify legal risks
- Respond to business requests for legal advice
- Manage outside counsel
- Determine impact of applicable law to operations
- Operationalize regulatory compliance
- Develop policies, procedures and testing protocols
- Identify compliance challenges and seek legal advice
The nature of legal and compliance work imposes a substantial amount of overlap. One of the most substantial areas of shared duties involves the in-house teams’ relationships with external legal counsel from a support perspective. Knowing where the lines are drawn, and when it may be time to redraw them, can be essential for strengthening their respective roles.
Also inherent in these teams’ purview is the quantification of risk, the strategic evaluation of which risks may be beneficial to the business, and the ramifications of taking on those risks. In general, most legal teams rely heavily on their compliance colleagues for data and knowledge of operational details to understand a risk’s magnitude. A legal department can explain legal risk and the associated potential outcomes only with the compliance department’s organizational perspective on risk quantification.
Areas of overlap include:
- Translating complicated legal concepts into the “language of the company”
- Change management
- Issue spotting
- Breaking silos
Practically speaking, the most efficient businesses that have separate legal and compliance departments are set up in a way that these departments function cohesively and seamlessly, and work effortlessly with outside counsel. Because they are both in a position to view an organization’s “big picture,” these departments are also critical in identifying who needs to be involved in important decision-making or the development of a process.
Effortless choreography under pressure
From a crisis management perspective, the business decision-making process is compressed under the stress of short deadlines. This forces quick communications and seamless interdepartmental cooperation. A crisis may be a global pandemic (like we saw with COVID-19), a product recall, a data privacy breach, or new regulation that throws the industry for a loop. However, sharpened judgment and business clarity can positively transform the relationship between the legal and compliance groups — but only if the organization can capture the magic and build it into its processes going forward.
Effective crisis management starts with an effective crisis management plan. However, crises occur because no organization can predict every eventuality. Accordingly, crisis management plans should be broad enough to allow baseline processes to function under a wide variety of circumstances, and flexible enough to be changed as circumstances warrant.
Creating a baseline expectation of confidentiality
Take the example of preserving attorney-client privilege: The time to educate your colleagues about how to preserve the privilege is not during the middle of a crisis. During a crisis, anything not ingrained will be forgotten, or thought to be unimportant. Training and repetition of the key concepts in everyday communication is the only way to prepare for keeping crisis communications confidential. This training and dedication must start with executive leadership and filter throughout an organization.
Crises exacerbate the difficulties of preserving attorney-client privilege. Established working groups may expand to capture representation or knowledge from other departments. Employees who are not usually involved in sensitive discussions may find themselves included. And, most critically, company lawyers — seen as trusted business advisors — may be tempted to mix legal advice with business advice.
Basic practices that can create a baseline expectation of privilege include:
- Shrink the room. For example, if the company is holding a large-scale meeting at which all hands are on deck, limit the audience before sharing potentially privileged information or engaging in anticipated privileged discussions. On a videoconference, this may mean saving this content for the end, after everyone else has left the call, or hashing out the privileged discussions before anyone else joins the meeting.
- Mark all privileged documents. Especially during a crisis, in-house counsel may wear many hats, some of which are in a legal capacity and others relating to their institutional knowledge of the business. This is an expected role of in-house counsel, but it complicates the privilege analysis. Because these roles may blend, it can be critical for a company lawyer to clearly identify and separate legal advice from business advice. Not only will this support safeguarding their work as a privileged or protected work product, it is also a good reminder to other people at the organization to treat it as such.
- Call a time out. Particularly during chaotic all-hands meetings, lawyers owe a duty to their clients to call “time out” if the discussion is veering into privileged waters. The moment that an attorney fears that confidential material is not being treated properly, it is important to take those discussions offline and only include the people necessary to the issue requiring legal advice.
In a crisis, both legal departments and compliance teams operate in an atmosphere of improvisation and adaptation to overcome a challenge. Returning to the basic principles and best practices for collaboration can maximize the chances that the company will escape unscathed.
Jason Bichsel is a member in McGlinchey’s Consumer Financial Services Compliance practice group, where he focuses on auto finance, including consumer leasing and vehicle mobility services. He formerly served as corporate counsel at BMW Financial Services, the captive finance company for the BMW Group in North America.
Daniel Plunkett is a member and co-chair of McGlinchey’s Government and Internal Investigations practice group. In addition to his investigations work, Plunkett focuses on false claims act litigation for financial services and insurance companies.