Controlling legal risk goes beyond the legal department, and in-house counsel need a pragmatic approach, without letting perfection be the enemy of progress. Prominent counsel Peter Zhang offers advice from his decades of experience

Controlling legal risks is a perennial challenge for in-house counsel. In a sense, managing legal risks isn’t very different from compliance management, although each in-house counsel has his or her own successful formula in legal risk control, depending on their industry. I want to share a non-exhaustive list of ideas that I have gained from my years of practice.

张波, Peter Zhang, Former general counsel, Sony Mobile (Greater China)
Peter Zhang
Former general counsel
Sony Mobile (Greater China)

Where are the risks?

Risk control begins with identifying the sources of risk, some of which are explicit, such as the sales team limiting resale price, while some can be judged only by in-depth case analysis. So, we have to pay more attention to those hidden risk sources.

Risk sources are identified in terms of links and chains, for example, product life cycle and full-process identification. While product life cycle identification is targeted at research and development, material procurement, manufacturing, packaging and transportation, sales and promotion, after-sales service and product recycling, full-process identification is targeted at recruitment, employment, on-the-job management, and resignations.

It is necessary to consider the nature of the industry to deal with legal risks. For example, special attention should be paid to anti-money laundering and anti-bribery for consulting businesses, while social media companies have higher data privacy and network security compliance requirements.

Companies that make frequent acquisitions must pay more attention to issues related to trade secrets and obligations of non-competition arising from integrations. For global businesses, the unique requirements of local markets where those businesses operate, such as localisation ratios and language habits, create legal risks.

Set realistic goals

Pursuing unrelentingly high levels of quality in everything is an excellent quality for lawyers to possess. However, there are no risk-free businesses, and no one can eliminate risks altogether. Therefore, the goal of legal teams is not to pursue zero risk, but to achieve a balance by minimising risk.

There are no one-size-fits-all control measures, and no in-house counsel can eliminate all risks through a single step. Business forms are constantly innovating, and neither legal regulations nor operating environments remain unchanged, therefore risk control measures must be dynamic and continuous.

Some measures also need to be forward looking. For example, if a law is being revised, we should make response as early as possible when we are formulating control measures, so as to prevent huge investment and difficulties in implementation due to the adjustment that may be required after the revised law takes effect.

Foster a compliance culture

An unavoidable reality is that some business departments regard legal risk prevention and control as a burden, or even an obstacle, for business development, especially in industries with strong competition, high pressure and fast pace. Even the best measures are hard to apply in such cases, so we have to be smart about implementing such steps.

It is necessary not only to adopt appropriate methods, but also to cultivate compliance culture and legal risk prevention awareness in the long term. Cultivating a compliance culture usually has a multiplier effect.

There are various ways to cultivate a compliance culture, and the most convincing way is to make full use of the harsh lessons from peers, because one case is better than 100 lectures. Therefore, in-house counsel should pay close attention to industry trends and cases of violation, especially high-profile cases that are high-cost crisis events for the involved parties, but free lessons for others to avoid mistakes. No executive wants to see his or her team’s behaviour exposed for violating regulations, and no company wants to appear on the penalty list.

When it comes to conventional measures, regular training and studying new laws and regulations can make the law speak, instead of the legal department. It is necessary to explain clearly what can be done and what is prohibited. For plausible matters, it is necessary to analyse and judge together with the legal department as soon as possible.

We can also consider sending newsletters to all employees regularly, which is a good way to keep reminding them of updates. Voices from the top play an irreplaceable role in an organisation, so in-house counsel should make full use of this method.

The voice from top is very common in foreign-funded companies. For other types of enterprises, legal departments should find more ways to get support from the top and let the top voice pass on their message to first-line employees, which is also the best practice to improve departmental co-operation, and a magic weapon to have these first-line employees complying consciously with regulations.

As far as training is concerned, tailor-made training topics are required for different functions – the sales team focuses on competition law and commercial bribery, the marketing department on advertising law and user data privacy protection, and the R&D team on training on intellectual property rights.

Partner with business

As an in-house counsel, you are first of all a good consultant on law, but also a good partner in business, not a stumbling block, which is the key to winning trust. Maintaining professionalism is the first step to building trust.

In-house counsel must always act with clear standing, in a professional manner, implement leniency and strictness as appropriate, show the legal position in an acceptable way, and put forward suggestions to pursue the balance between risk prevention and control, and business operations. When the prevention and control concept is translated into conscious compliance by first-line employees, risk prevention and control is no longer achieved by relying solely on the legal department.

Risk prevention and control is ongoing, and it is insufficient to prevent risks by relying only on the legal department. And irregular prevention and control is neither healthy nor sustainable. “No best, only better” is the most appropriate term for legal risk control. Only by constantly updating can the risks be controlled to a reasonable minimum level.


Peter Zhang is a former general counsel of Sony Mobile (Greater China), with 30 years of previous experience at various prominent high-tech multinational companies. Zhang is also a member of the China Business Law Journal Editorial Board