Legal Crisis Management Tactics and Techniques

What is Legal Crisis Management

Legal crisis management refers to the process of managing, mitigating, and resolving legal problems that an organization may face. It encompasses a wide range of activities designed to protect the organization’s reputation, financial well-being, and legal compliance when facing a legal crisis. A legal crisis can pose a significant threat to an organization, potentially impacting its reputation, financial stability, and even its operations. It can result in legal penalties, loss of business, or damage to relationships with customers, suppliers, or other stakeholders. Legal crises can also lead to increased regulatory scrutiny, management turnover, and a decrease in employee morale and productivity. Having a crisis management plan in place is essential for navigating a legal crisis. Such a plan provides a framework for responding to a crisis , helping to ensure that all stakeholders are informed and that the organization acts in a coordinated manner. Additionally, a crisis management plan helps an organization to be proactive in its response, rather than reactive, and to minimize any potential damage. A crisis management plan should be developed in advance of a crisis, and it should be regularly reviewed and updated as necessary. It should include provisions for identifying and assessing potential risks, establishing clear lines of communication, and assigning roles and responsibilities to key personnel. In summary, having a crisis management plan in place can help organizations to effectively navigate a legal crisis. By being prepared and having a clear plan in place, organizations can minimize the damage that a legal crisis can inflict on their business.

Recognizing Legal Crisis Drivers

While the word "crisis" is commonly used, few leaders fully understand what it means. A crisis is a significant threat to operations that can have negative consequences and impact on your reputation, your operations, your people or your bottom line. A crisis might also involve the potential of legal action, laws being broken or regulations being violated.
Almost all crises can be avoided. In fact, they are all preventable to varying degrees. All companies can build a strong reputation for handling themselves well during a crisis. Is everyone who comes into contact with your business a potential ambassador for the company? Can you say that you have a unified senior management team? Is your social media platform actively monitored and controlled? Are your communications networks up and running? Do you know what vulnerable spots exist with your company that could lead to a crisis?
Some common events that can trigger a legal crisis include lawsuits, investigative activity from regulators or compliance breaches. For example, in November 2017, Yahoo acknowledged the theft of over 3 billion user accounts, the largest breach of user accounts to date. That news came only weeks after Yahoo confirmed a 2014 breach of 500 million accounts and deepened the crisis associated with Yahoo’s sale to Verizon. Similarly, a company having significant cash reserves, a high profile CEO or founder, and dysfunctional leadership and/or a poor reputation may be more likely to be targeted by an unsolicited acquisition bid.
Regulatory action can also trigger a legal crisis. In July 2016, Fiat Chrysler paid over $100 million in criminal and civil fines to U.S. authorities to end a criminal probe into its failure to adhere to rules relating to vehicles being recalled for safety problems.
Compliance breaches can also present significant risks for companies. In March 2017, Siemens faced substantial fines arising out of international contracts. The final implementation of these fines was conditioned on the court walking back the fines if Siemens met a list of obligations.

Crisis Management Team Building

One of the most important factors in a successful legal crisis management undertaking is appointing an effective response team. Assemble your team early, even before a legal crisis, and leave room for your institutional knowledge to build. An increase in executive-level oversight regarding a crisis is sure to lead to a downpour of institutional memories, misfires, gut-feelings, emergencies, and anecdotal "intelligence." Anyone and everyone who is passionate enough will step forward, unsolicited and uninvited. Managing the team dynamics is challenging, especially if the team is in development when the crisis strikes. The most capable team members must be assigned specific roles and responsibilities early on. If your company employs or retains highly-regarded legal counsel, a PR specialist, and perhaps a media specialist, managing homogenous and educated professionals is not too difficult. On the other hand, the traditional roles and responsibilities (i.e., media relations and/or agency, PR, marketing, legal counsel) must adjust to include additional members of the C-Suite, or even outside the C-Suite, who have little or no experience with crisis management. However, when everyone seems to have an opinion, and is willing to share it, it’s the leader/creator of the crisis response team who is faced with keeping the peace, but not giving the impression of not hearing the "experts" at the table. The challenge is determining where to draw the line between listening to valuable input and shutting down noise. Just as PR professionals are often underestimated, incidents are not always what they seem. Legal counsel and C-Suite executive management must never forget this. That is why it’s important to build a well-balanced team, one that includes professionals who are experienced, both on and off the crisis response team, at managing personalities, getting the best from everyone at the table, while keeping a very close eye on time-spent and the end-game. The initial decision-making process must be done quickly, and without regard to hierarchy. PR must have the room to operate quickly, without doing the "chain of command" paper shuffle. If there was ever a time to put time constraints at the top of the priority list, this is it. As the saying goes, "time is of the essence." It is also essential in legal crisis management.

Strategic Legal Crisis Management Plan Development

A legal crisis management plan plays a key role in successfully managing any crisis. The foundation of such a plan begins with an assessment of the possible risks and vulnerabilities.
When developing a plan, law firms should take steps to:
Assess legal risks. When determining the possibility of a crisis, firms should consider the common legal and regulatory issues their clients face, such as employment discrimination, sexual harassment, wage and hour disputes, healthcare and consumer protection. Any crisis scenario should include an examination of the potential legal ramifications.
Outline procedures. A legal crisis management plan should contain clear procedures for managing a crisis. Attorneys and other professionals in the firm should have a written understanding of what they are responsible for in a crisis and what to do if problems arise. Those responsibilities should be broken into specific tasks and who is best suited to deal with each of them.
Identify possible scenarios. A legal crisis management plan must also address how to identify four different types of crisis:
Prepare communication protocols. A legal crisis management plan for a law firm also defines how communications will be handled in the wake of a crisis. Attorneys may need to communicate with regulatory agencies and other authorities; parties involved in a lawsuit on either side; and the media about a crisis. The communications plan should include contact information for witnesses, experts and third-party consultants on whom attorneys may need to call during a crisis.

Crisis-Based Communications

A well-curated communication strategy can be the difference between resolving a legal crisis seamlessly and letting it spiral out of control. Strategic communication is the art of zigging and zagging, using a mix of internal and external messaging that places value on transparency while respecting the bounds of confidentiality. Determining what to communicate and when is an essential first step in any communications strategy. Oftentimes, transparency is warranted, while at other times, context and control are paramount. Law firms that are in frequent contact with their clients and other attorneys during litigation tend to have greater confidence in the results and experiences of those cases. And for firms, communicating through an attorney’s publication often helps them in hiring new attorneys and acquiring new clients. Conversely, using confidentiality as a tool during a highly publicized investigation can aid a firm in controlling its narrative. At the same time, confidentiality allows firms to shape their communications in ways that can positively impact the way third parties perceive them. For example, confidentiality can: give clients, third parties, and even the press confidence that a company will proceed with their matters as effectively as possible and not in a haphazard way; and assure clients and other third parties that their case and your case are equally important. However, as important as confidentiality might be, the opportunity for transparency should not be overlooked, as doing so can pay off in ways that cannot be quantified. For instance, when general counsels and alumni of certain law firms have a conversation, impressions are often formed. Specifically, positive or negative impressions can be formed about a firm’s integrity and the nature of its representation. At the same time, general counsels often speak with one another, with alumni and with clients . Creating an overall impression that a firm is an asset rather than a liability can have a lasting impact on a firm’s reputation. Communications about client representations that are consistent with demonstrating a firm’s value will result in a more favorable impression of the firm among third parties. Thus, the value of transparency and consistency should not be discounted. Whether confidentiality or transparency is most appropriate, there are some tried-and-true techniques. First, consider who should be communicating information to others and what they should be saying. This can often be structured in a question-and-answer format. Second, consider where these questions and answers should be kept. Centralized communication is important to ensuring that those with access to them have the most current and accurate information. Third, consider who should have access to these materials and how they will be created or accessed. Careful planning can permit access to materials by those who are most able, while at the same time restricting access to those who are least able. Fourth, consider how questions and answers can be updated. Channeling and capturing questions and answers is a valuable practice that can be leveraged during a crisis. Fifth, consider identifying specific roles for individuals on the crisis team, as well as third-party contractors. For example, identifying a crisis communications team can help a firm monitor the current state of its communications and prepare for the future. Sixth, consider the importance of practice and rehearsal. With the many moving pieces that exist in a crisis, practicing and rehearsing specific roles can help everyone involved be prepared when it matters the most. Finally, remember that a crisis never occurs out of nowhere. Educating a firm generally on how to handle communicates during a crisis can help it weather any storm.

Crisis Compliance Consideration

Legal compliance is paramount during any crisis, as violations can further exacerbate the situation and result in long-term problems for your law firm. To avoid additional scrutiny, you must adhere to all requirements that pertain to your firm and your jurisdiction. Be certain that your reaction plan encompasses all relevant regulations to ensure that your focus can remain on the situation at hand, rather than worrying about compliance issues. Plan ahead to minimize compliance-related problems.
These regulations depend on the nature of the crisis, but one common requirement may be attorney reporting. In the event of a data breach that affects private information, for example, attorneys may be required to report the breach to the appropriate state authority. These requirements and standards of care vary by state, so those in charge must be familiar with them. Proper training and awareness campaigns that include compliance issues can help mitigate your risk.
Documentation must also be an important component of your law firm’s reaction plan. Keep track of your actions during a crisis, including who did what and when, and remember to save everything in an effective and organized manner so you can easily access them in the future.
In a worst-case scenario, your firm could face litigation over your handling of the situation. The possibility of litigation brings with it a host of difficulties, including the potential damage to your reputation, the outcome of the case, and the associated costs.
The American Bar Association has identified a few best practices for lawyers facing crisis-related litigation: If your law firm faces a crisis, it can be difficult to maintain your composure and avoid making hasty decisions that could worsen your situation. Understanding the legal considerations at stake, maintaining accurate documentation, and adhering to the relevant laws and requirements can help you to protect your firm throughout a crisis.

Legal Crisis Management Case Studies

A high-profile data breach at a major international hotel chain in 2014 exposed the credit card information of millions of customers. In the aftermath of the breach, assume the company faced a multi-faceted crisis with immense legal challenges, requiring crisis communication and legal crisis management in the season when the holidays were approaching. The company could have put itself through an agonizing six-month or more "let’s find someone to blame" process, issuing conflicting statements and omitting important information, compounding potential litigation and reputation damage. Instead, they engaged us at the start of the crisis on a flat fee basis. We devised a comprehensive response strategy for the company: established our retention as counsel to protect the integrity of our work; conducted forensic investigations to determine the extent of the breach and timing; worked with the insurer and assisted in negotiating coverage; advised the board of directors, audit committee, and senior executives of the company; monitored the media coverage; assisted in vetting law firms; assisted in retaining a credit-monitoring service and forensics firm; worked with in-house and outside counsel to prepare the various required filings; assisted in developing the messages for stakeholders and shareholders; handled the company’s media relations; and negotiated the methodology by which merchants would be reimbursed for the company’s liability to those affected by the breach. One year after this pro-active approach was implemented and remained in place, there is no evidence that the collective effort had a negative impact on the company’s revenue. As evidence, two months after the breach was disclosed, the company reported a 13 percent increase in net profit compared to the previous year. The company did not make a single material misstatement during the entire process, managed to mitigate its legal liabilities and obtained far greater indemnity with its insurer than anyone expected. During a three-year period in the late 1990s and early 2000s, more than 20 banks in three continents fell victim to cyber-attack. The financial loss to the banking industry was estimated at $13.6 billion in 2002 alone. Since then a number of lawsuits were filed on behalf of the banks in various jurisdictions, not only against the hackER(s), but also against the banks, and most notably against those banks’ insurers, for failing to pay their claims as a result of the cyber-attacks. We represented each of those banks in the cyber-insurance litigation and continue to represent several banks in that litigation. It took us years to litigate those cases to force the insurers to pay the claims that they were refusing, citing cyber-exclusivity policies that were becoming broader than ever before. In one case, we settled our portion of the case with our client’s insurer and saved our client several million dollars. Two other banks have also reached settlement with their respective insurers in the same year. Some of those insurers have been defaulted against and others continue to litigate testimony of bankers. We anticipate additional settlements in the near future. We developed a proprietary method for resolving these disputes more efficiently and effectively. We developed the media crisis communications plan for the commencement of these cases, and as a result, received repeated accolades for that plan.

Effective Legal Crisis Management: Future Trends

Looking ahead, the landscape of legal crises will continue to evolve. Businesses must be prepared for emerging threats that arise from advancements in technology, changes in the regulatory environment, and shifting public concerns. By staying ahead of these trends, organizations can better navigate the challenges that lie ahead. Technology will play a significant role in shaping the future of legal crises. As more information becomes available online, businesses will be vulnerable to a wider range of threats, from cybersecurity breaches to data privacy violations. The rapid pace of technological change means that organizations must be agile and adaptable, ready to respond to new challenges as they arise. Companies must also be prepared for the legal implications of new technologies, as regulators grapple with how to handle complex issues such as artificial intelligence and blockchain. Regulatory changes will also be an area of focus for businesses in the coming years . As governments respond to new issues and challenges, they are likely to impose stricter regulations on businesses. This may require companies to alter their business practices and to focus more on compliance. Additionally, there may be an increase in litigation as businesses challenge new regulations in court. Innovation will be crucial for businesses as they seek to adapt to the changing environment. Organizations will need to be proactive in identifying and addressing potential legal issues. This may involve investing in compliance programs, developing new technologies, and seeking out new markets. Additionally, businesses will need to be adaptable, as the landscape of legal crises will continue to shift. In conclusion, the future of legal crisis management will be characterized by change and uncertainty. Businesses will need to be prepared for new challenges and to be proactive in their responses. As technology and regulation continue to evolve, companies must be ready to tackle the legal issues that lie ahead.