At UniSource, how do you communicate with the legal department in identifying issues and addressing them collectively?

I work more closely with our general counsel on a daily basis than with any other officer. I primarily work with legal on claims, contracts and various laws. Risk management self-administers liability claims; legal doesn’t formally get involved until they are litigated. However, informally I keep them advised of significant claims prior to litigation in order to both seek consultation and get them prepared if they go into litigation.

I also use the legal department’s research regarding risk identification and new issues. For example, in my development of procedures to handle potential data breaches, I asked legal to provide me research on our regulatory requirements for notifying those who may have been affected by a data breach. However, it is just one of several departments risk management needs to work with to complete the project. We will also be working with IT, customer service and our [executive] group on this project.

What advice can you give to other risk managers about the most effective way to interface with the legal department?

I have found at many different employers, corporate attorneys rarely have an in-depth understanding of insurance because it is rarely addressed in law school. Therefore, risk managers need to have confidence to step up as the insurance expert and not be intimidated by attorneys when addressing insurance matters.

It’s helpful to educate corporate counsel on the basics of insurance such as first-party versus third-party coverage, subrogation, etc. When advising why you take a particular position regarding insurance language in a contract, it helps to explain how an insurance policy will respond to specific loss scenarios. That’s when the light bulb goes off for attorneys.

Handling insurance education with corporate counsel can make or break your relationship. It needs to be done without being condescending or confrontational. If you initially approach counsel in a friendly, helpful manner, they will often admit they don’t understand insurance but appreciate your expertise, and it will be the start of a very good, long-term relationship. Conversely, risk managers need to admit to legal when they need help understanding some legal and/or important regulatory principles that will be the foundation for many future transactions.

William Montanez
Director, Risk Management
Ace Hardware

What are the top issues of 2012 that Ace’s risk-management department is working closely with your organization’s legal department to address?

Most of our legal issues are focused on vendor-indemnification agreements and contractual reviews. The risk manager reviews any significant contract that comes through Ace’s doors, whether a contract for materials that we purchase for resale or services that we purchase for IT, consulting, etc. Ace Hardware has a process that reviews the risk implications of every significant contract, and the legal department does the final review on the contract.

How do you communicate with the legal department in identifying issues and addressing them collectively?

We interact with the legal department from an insurance and contractual-compliance point of view, and the legal department notifies us about a case or a suit that is being filed where we need to get involved to explain our insurance policies and coverage triggers.

We communicate regularly and often with the members of our in-house legal team. We respect each other’s expertise; we know what the legal department’s viewpoint is, and vice versa. As we are fond of saying: “We don’t practice law, and they don’t practice risk management,” but we always consult one another.

Can you talk about an example where the two departments successfully worked through a situation with both legal and risk-management implications?

We introduced a Cyber Liability policy a little over four years ago that we developed with the IT team. We sat down with the legal department and discussed the various coverage triggers of the policy.

What advice can you give other risk managers about the most effective way to interface with the legal department?

Both the risk-management and legal department have to understand that there is value in both processes, although there are also borders between them. Make sure that everyone has the right motivation in place, because at the end of the day, our overlap is that we are both trying to protect the company. The workflow and relationships don’t develop overnight, but they eventually will if you are both willing to be transparent and open.