Evaluating, managing, and monitoring legal risk

Key aspects of ISO 31022.

By: María Lizeth Prado, Consortium Legal.

In an increasingly complex and ever-evolving legal and regulatory environment, legal risk management has become a critical component for companies. It not only strengthens business continuity but is also essential for executing sustainable development strategies.

In this context, a recurring question arises: Where to begin? An effective answer is the implementation of ISO 31022:2020 Legal Risk Management, published in May 2020 (“ISO 31022”). This standard, based on the principles of ISO 31000 Risk Management, provides specific guidelines for identifying, assessing, managing, and monitoring legal risks. Its design is adaptable to any organization and context, as it is not limited to a specific sector or industry.

ISO 31022 is structured into six chapters and five annexes, offering a systematic approach to mitigating legal risks. Among its key objectives are:

• Helping organizations achieve strategic results.
• Addressing legal risks systematically and proactively.
• Promoting due diligence and fostering continuous improvement.

I- Key Concepts

To understand ISO 31022:2020, it is important to familiarize oneself with the following fundamental concepts:

• • Legal risk: Refers to risks related to legal, regulatory, and contractual issues, as well as non-contractual rights and obligations.
  • Sources of legal risks: Include laws, contracts, non-contractual rights, and obligations.

II- Principles for Legal Risk Management

ISO 31022:2020 outlines nine key principles for managing legal risk, aligned with ISO 31000:

1. 1. Integration: Embedding legal risk management into governance and organizational processes.
   2. Structure and comprehensive approach: Ensuring consistency and thoroughness.
   3. Customization: Tailoring risk management to the organization’s unique context.
   4. Inclusiveness: Engaging stakeholders in the process.
   5. Dynamism: Adapting to changes in laws and operational environments.
   6. Best available information: Relying on reliable internal and external data sources.
   7. Human and cultural factors: Considering diverse perspectives in risk management.
   8. Continuous improvement: Learning from past experiences to adjust strategies.
   9. Fairness: Ensuring impartial decisions and managing potential conflicts of interest.

III- Legal Risk Management Process

The process described in ISO 31022 includes five essential steps, based on the ISO 31000 methodology:

1. 1. Establishing the context: Identifying the external context (applicable laws, stakeholders, jurisdictions, and market conditions) and internal context (organizational structure, assets, and existing legal frameworks).
   2. Determining legal risk criteria: Aligning the criteria with the organization’s strategic priorities and risk tolerance.
   3. Risk assessment: Involves identifying, analyzing, and prioritizing legal risks based on their likelihood, impact, and interdependencies.
   4. Risk management: Implementing legal, financial, and operational solutions. In this phase, the use of Key Risk Indicators (KRIs) is essential to measure the effectiveness of actions.
   5. Communication and monitoring: Ensuring effective communication of risks and their treatment while regularly reviewing action plans to address legal or environmental changes.

IV- Implementation and Resources Required

ISO 31022 emphasizes the importance of integrating legal risk management across all organizational levels. This includes clearly assigning roles and responsibilities, allocating adequate resources, and designing policies and training programs to increase awareness.

A successful approach also requires ensuring the availability of tools and technical expertise to manage legal risks, as well as fostering an organizational culture focused on prevention and mitigation.

V- Conclusion

ISO 31022 provides organizations with a solid and flexible framework for strategically and proactively addressing legal risks. Its implementation not only enhances a company’s ability to comply with regulations and legal obligations but also improves its resilience and competitiveness in an increasingly demanding environment.

At Consortium Legal, we have a specialized regional team ready to assist and guide organizations in implementing this standard. Let us help you turn legal risks into opportunities to achieve your strategic objectives.