2 minute read
Back Page Front Burner
Business Risk and the Evolving Role of the CLO
By Bobby Balachandran
Today, the role of a company’s Chief Legal Officer and General Counsel (CLO/GC) looks very different than it has in the last few years. Part of this is because the position of the CLO/ GC has shifted to play a bigger role in the success of the business. Having come from a position of primarily providing legal expertise, the CLO/GC is now a key figure in business strategy and oversees a much broader scope of responsibilities.
This means, in addition to overseeing the legal operations of the organization, today’s CLO also has to play a central role in ensuring that the company’s compliance and data governance capabilities meet all regulatory requirements — not to mention the other enterprise risks facing the company, such as data breaches, for example. Often, this means implementing appropriate technologies and processes to prevent risks from occurring, along with quickly addressing those hypothetical risks should they occur.
As the role of the CLO/GC continues to change and evolve, you will see that organizational structures are changing as well. A company’s privacy and security departments can no longer be siloed from legal or compliance. New business challenges—such as those that arise from the EU’s General Data Protection Regulation and the California Consumer Privacy Act, or effective implementation of a defensible data retention/disposition program—span organizational units. With more organizational lines blurring each day thanks to rules that increase in complexity, there are more opportunities to streamline processes, share technologies and gain greater efficiencies.
A good way to think about the CLO’s changing role is to think of that role as being responsible for overseeing and managing the legal governance, risk and compliance efforts for the enterprise. We refer to this as Legal GRC.
Legal GRC, in part, represents the culmination of the regulatory storm that has been brewing for decades. It’s a new landscape not only for the CLO/GC but also for data governance and data management practices at small, mid-size and large organizations everywhere.
Data is what ties all these new responsibilities together. How does an organization collect, store, use and secure its data? The answer to that question will ultimately determine the extent to which data poses risks, incurs costs and provides value for a business. In this way, Legal GRC can be seen as both a concise way to manage crossfunctional approaches to business challenges related to new legal, privacy and compliance regulations, and as a new data management philosophy.
GRC is also a new class of enterprise software, designed to seamlessly orchestrate the tasks and activities required to implement processes that will address new business challenges.
Just as siloed business units can no longer adequately meet business goals in this new environment, single-point solutions used only by certain stakeholders within the business must be phased out in favor of a unified platform that offers end-to-end solutions to the complex business challenges that are already here—and those that are still on the way.
Bobby Balachandran is the founder and CEO of Exterro, a fully integrated Legal GRC platform that addresses regulatory, compliance and litigation risks.
