A Practice Note discussing key issues in global law department management and identifying practical tips and strategies for general counsel to more effectively manage the global legal function. Topics covered include the composition of the legal team and its reporting structure, alignment of legal services with business needs, building a cohesive team, global communication, engagement and retention of team members, training and resource allocation, consistency of legal services, performance appraisals, and legal and cultural differences.

As companies expand operations into the global These legal staff members may be integrated into a marketplace, they rely on their in-house law departments centralized global law department or may operate in to structure cross-border transactions and comply with decentralized pockets within their regions or business local law. To provide these legal services on a global scale, units. The company and its general counsel (GC) should many law departments have staff in different jurisdictions understand the scope of work covered and quality of and must find ways to efficiently and effectively manage services generated by these existing legal functions to their teams and resources. determine whether the composition and structure of the legal team meet the needs of the global enterprise. This Practice Note discusses key considerations and practical steps to take when managing a global law department. It addresses the assessment of the legal Assess Legal Team team, alignment of legal services with business needs, The GC should assess the global legal team by: reporting structure of the department, team-building and global communication, engagement and retention • Identifying all staff throughout the enterprise that provide legal services or support the legal function. of team members, training and resource allocation, This includes central law department staff and any consistency of legal services, performance appraisals, staff located in other US and non-US branch offices, and adjustments for legal and cultural differences. subsidiary and affiliate companies, operating divisions, While this Note focuses on managing law departments and other business units. based in the US with geographically dispersed legal • Mapping out where each staff member is geographically staff, many of the steps and issues discussed also apply located. to global law departments based in other jurisdictions. For a discussion of law department operations and • Determining their roles as attorneys, paralegals, management in general, see Practice Note, Law administrative assistants, or other staff. Department Operations: Overview. • Understanding the scope of their individual job duties. • Evaluating the qualifications, skills, strengths, and Understand State of Legal Function weaknesses of each staff member. Many companies add or inherit legal staff in different For more information on assessing the legal team, see jurisdictions following a cross-border merger or acquisition Practice Note, Practical Tips for New General Counsel: or during other expansion periods and reorganizations. Assess the Legal Team and Using Metrics to Measure

© 2021 Thomson Reuters. All rights reserved. Use of Practical Law websites and services is subject to the Terms of Use (static.legalsolutions.thomsonreuters.com/static/agreement/westlaw-additional-terms.pdf) and Privacy Policy (a.next.westlaw.com/Privacy). Managing the Global Law Department

Law Department Performance Checklist: Track Law –– recognizing where similarities in business activities Department Staff Productivity. across different locations allow for efficiencies in legal services; and Check Service Alignment –– considering licensing requirements and other legal The GC should determine if the company’s current practice restrictions in each jurisdiction. For example, some countries require in-house attorneys to carry legal staffing is effective and efficient in handling the local bar memberships while others do not. broad range of cross-border and local transactions and navigating the vast array of regulatory requirements • Determine if legal staffing and service are aligned to that apply to a multinational company. To make this business needs. The GC should: determination, the GC should: –– understand if the legal staffing at each location can • Identify the company’s overall legal needs. For adequately handle the workload at that location; example: –– determine if legal staff are over or underutilized, –– determine the geographic locations of all offices considering the best use of each staff member’s and employees and where business activities are time and skills (see Lean for Law: Legal Process conducted; Improvement Checklist); –– discuss with senior management the company’s –– ensure that work is properly allocated based on business goals and any strategic initiatives tied to legal specialty, skills, and experience and that those goals; legal staff are not competing with one another for clients; –– survey key business personnel concerning their day- to-day legal needs and any special projects that may –– solicit feedback from key business personnel on the require legal counsel (such as new product launches, quality of legal services (for a sample survey form, marketing campaigns, or strategic alliances); see Standard Document, Law Department Client Satisfaction Survey); and –– solicit feedback from legal staff on the company’s legal needs; –– identify any gaps in the legal talent required to address needs, mitigate risks, and achieve the –– identify the types of legal agreements most company’s strategic goals. commonly entered into by the company (for information on tracking the company’s contracts, • Consider different legal staffing models. The GC may see Practice Note, Contract Management: Overview: need to reorganize legal staffing to better serve the Maintain a Central Contract Register); business. For example, different staffing models may have in-house counsel: –– review the company’s intellectual property portfolio and the steps needed to protect those assets (see –– located at central headquarters; Brand Protection Toolkit); and –– stationed at regional and local offices (as local –– coordinate with compliance, internal audit, risk counsel, expatriates from headquarters, or a management, and other internal teams to conduct balanced mix of the two); an enterprise-wide risk assessment, develop a risk –– embedded in business units; profile, and understand the company’s risk tolerance (see Practice Notes, Practical Tips for New In-House –– organized by function or skill set; Counsel: Determine the Company’s Risk Profile and –– designated as subject matter experts to support Developing a Legal Compliance Program: Conduct specific legal issues across geographic and business an Initial Risk Assessment and Address Key Risks). functions, or • Recognize the specific legal needs of each business –– operate based on a combination of these models. location. This includes: –– understanding the nature of each location’s business Select Reporting Structure activities and the primary regulations that govern them (such as anti-bribery laws and regulations) There is no one-size-fits-all approach to organizing a (see Bribery and Corruption Toolkit); global law department and its reporting relationships. The reporting structure should optimize the global law –– knowing where revenue is generated, joint ventures are established, and third parties are engaged;

© 2021 Thomson Reuters. All rights reserved. Use of Practical Law websites and services is subject to the Terms of Use 2 Practical Law (static.legalsolutions.thomsonreuters.com/static/agreement/westlaw-additional-terms.pdf) and Privacy Policy (a.next.westlaw.com/Privacy). Managing the Global Law Department

department’s performance but may vary depending on • Centralized reporting. Whether located at factors like: headquarters or geographically dispersed, legal staff in a centralized reporting structure have solid line • The size of the company and its legal needs. reporting relationships up to the global GC at the parent • Its industry sector and the nature of its business. company level. This is the most common structure and often cited by law departments as a best practice. • The company’s geographic locations. • Decentralized reporting. In addition to a central • The organizational structure of the enterprise as a legal function located at the company’s headquarters, whole, including whether management and decision- legal staff in a decentralized reporting structure are making are centralized or decentralized. embedded within branch offices, subsidiary and affiliate The GC may have authority to implement widespread companies, operating divisions, or other business units. changes to the law department’s reporting structure These legal staff have solid line reporting relationships or may be limited to negotiating incremental changes to their respective business leaders. They function with internal stakeholders. In either case, the GC should relatively independently from headquarters but may consider if the current reporting structure helps: coordinate with the global GC on an informal basis. Some companies with large regional offices or diverse • The law department: business lines find a decentralized law department to –– provide legal advice and make legal decisions more be an effective structure. quickly; • Dual reporting lines. Legal staff may have solid line –– be more responsive to internal clients; reporting relationships to their respective business leaders for operational and workflow priorities. For –– deliver high-quality results; operational matters, such as legal budgets and external –– provide independent and ethical legal advice; counsel, legal staff may have dotted line reporting relationships to the global GC. This type of hybrid or –– reduce legal costs and wasteful duplication of matrixed structure involving multiple reporting lines has personnel, effort, or other resources; been increasingly popular among companies. –– be flexible enough to adapt to sudden regulatory or For more information on law department structures, see corporate changes; and Practice Note, Structuring the In-House Legal Department. –– provide career development opportunities and create job satisfaction for its staff. Compare Reporting Structures In selecting an appropriate reporting structure for the • The company: global law department, the GC should: –– reach its financial and strategic goals; • Consider involving a cross-functional advisory team with –– make cost-effective use of outside counsel (see Working human resources department members, senior lawyers Effectively with Outside Counsel Checklist); and from different regions, and key business managers. –– properly measure and appreciate the value of in- • Benchmark against other global organizations and peer house counsel and other legal staff. companies to determine industry and best practices. The most common reporting structures for global law • Weigh the potential advantages and disadvantages of departments involve: each structure outlined in the table below.

Structure Potential Advantages Potential Disadvantages Centralized • Reduced compliance risk. Centralized • Disconnection from the business. Reporting reporting may: Reporting into a global GC may: –– align lawyers with the company’s best –– lead to insulation from business clients interests rather than a business unit’s and create a law department silo; more narrow interests;

© 2021 Thomson Reuters. All rights reserved. Use of Practical Law websites and services is subject to the Terms of Use 3 Practical Law (static.legalsolutions.thomsonreuters.com/static/agreement/westlaw-additional-terms.pdf) and Privacy Policy (a.next.westlaw.com/Privacy). Managing the Global Law Department

Structure Potential Advantages Potential Disadvantages

–– foster professional independence –– cause confusion for internal clients if because lawyers report issues to the law they lack a single point of contact within department and not the business units the law department; they work with; and –– result in less familiarity with business –– minimize concern about lawyers having issues; conflicting positions with business –– cause lawyers to be less invested in leaders who decide their compensation helping clients achieve their objectives; and promotions. –– inhibit the law department from • Cost savings and efficiencies. With a developing expertise and familiarity centralized legal model: with local law issues; –– fewer lawyers may be needed to render –– cause lawyers to prioritize handling legal services across the enterprise, matters for personnel located at since lawyers can be deployed to the global headquarters over local provide support across regions and personnel; and businesses; –– result in slower decision-making if –– the law department can track legal deliberations need to move up the chain spend across the enterprise to of command in the law department identify efficiencies and make strategic hierarchy. changes; and • Tax issues. A centralized approach may –– lawyers can more easily share best create potential liability and tax issues practices and reduce duplication of if US headquarters is deemed to control work. operations outside the US. • Staff development and retention. With a unified law department: –– junior staff can learn from and be supervised by senior lawyers; –– work can be distributed to help lawyers develop skills and build on prior experience; –– lawyers may have more opportunities for career growth by assuming increasing levels of responsibility within the department; and –– the legal team may experience greater teamwork, cohesiveness, and job satisfaction. • Consistency in legal approach. A centralized legal model may: –– facilitate consistency in the company’s legal policy; and –– lead to increased uniformity in legal work product.

© 2021 Thomson Reuters. All rights reserved. Use of Practical Law websites and services is subject to the Terms of Use 4 Practical Law (static.legalsolutions.thomsonreuters.com/static/agreement/westlaw-additional-terms.pdf) and Privacy Policy (a.next.westlaw.com/Privacy). Managing the Global Law Department

Structure Potential Advantages Potential Disadvantages

Decentralized • Closer relationships with the business. • Increased compliance risk. Reporting into Reporting Reporting into the business may: the business may: –– facilitate partnership and trust between –– raise concerns about where the lawyer’s in-house lawyers and the business unit; loyalties lie, since the business leader decides compensation and promotion; –– promote the business unit’s acceptance of lawyers as members of the team; –– create a conflict for the lawyer who is part of the business but also oversees –– give lawyers a seat at the table as part its compliance; of the local management team; and –– affect the lawyer’s objectivity when –– encourage lawyers to develop weighing corporate risk against ownership of the business. business benefit; and • Better legal services. Reporting into a –– reduce the GC’s visibility into the legal local office or business unit may help risk of the local business. lawyers: • More inefficiencies. A decentralized –– better understand the challenges and reporting structure may: pressures faced by the business; –– prevent the law department from –– be more responsive to the needs of the developing a consistent approach to business; legal issues; –– develop more expertise in local laws; –– increase the difficulty of sharing best –– be more sensitive to local issues; practices; –– be more proactive about providing –– result in duplication of work; preventative advice; and –– require more lawyers and greater head- –– be more practical and creative in count cost to cover legal issues across providing legal advice. the enterprise; and • Greater efficiencies. A decentralized –– lead to less quality control over legal approach may: work, if lawyers are supervised by business leaders without legal skills. –– expedite decision-making; • Poor legal team development. Lawyers in –– provide the business with a designated a decentralized legal team may: legal contact and make legal advice more accessible to the business; and –– feel disconnected from the central law department at headquarters; –– promote continuity in legal expertise. –– have less exposure to senior management and corporate policy and strategy formation; –– have fewer opportunities for career growth, especially if they serve in an isolated function; and –– lack the mentorship and guidance from senior lawyers available in a cohesive law department.

© 2021 Thomson Reuters. All rights reserved. Use of Practical Law websites and services is subject to the Terms of Use 5 Practical Law (static.legalsolutions.thomsonreuters.com/static/agreement/westlaw-additional-terms.pdf) and Privacy Policy (a.next.westlaw.com/Privacy). Managing the Global Law Department

Structure Potential Advantages Potential Disadvantages

Dual Reporting A matrixed reporting structure may: A matrixed reporting structure may: • Help lawyers stay connected to the • Not resolve the problems that exist in a business. decentralized reporting structure. • Reduce the risk of conflicts of interest. • Lead to confusion about the role of the business and the global GC in managing the lawyer. • Lead to confusion about what information the lawyer should report up each reporting line.

Build Cohesive and Effective Global policies to comply with local laws and customs. Policies may include: Team –– outside counsel retention guidelines (see Standard Whether the global law department is centralized, Document, Use of Outside Counsel Policy); decentralized, or matrixed, the GC is tasked with –– billing guidelines (see Standard Document, Outside continuously improving the quality of legal services Counsel Guidelines: Drafting Note: Billing); across the enterprise. To achieve this goal, the GC should take steps to connect the global legal team and equip it –– a records management policy (see Standard for success. Document, Document Retention Policy and Records Management Toolkit); Establish Common Goals and Objectives –– standard policies and procedures for requesting Sharing common policies, goals, and objectives can help contract review and approval (see Standard Documents, Contract Review and Approval Policy and align the members of a centralized, decentralized, or Contract Review or Preparation Request Form); and matrixed law department. Consider adopting: –– a contract management program (see Practice Note, • Law department vision and mission statements. Contract Management: Overview and Developing a A clearly articulated vision and mission can: Contract Management Process Checklist). –– unite the global law department with a common • A governance manual. Implementing global policies sense of purpose; around core governance matters gives the legal team –– inspire team members to do their best work; and a common framework and helps it apply a consistent approach when providing legal advice. Policies may –– center the team around a core set of ethics and address: values. –– corporate ethics and business conduct (see Standard • Common department priorities. Align the team Document, Code of Ethics and Business Conduct for a around the same priorities and a unifying strategic Public Company); plan. Empower them to tailor implementation to their local context so they can: –– conflicts of interest (see Standard Document, Code of Ethics/Conflict of Interest Policy); –– meet specific business needs; –– signature authorization and delegation of authority –– adjust for local and cultural differences; and (see Standard Document, Signature Authorization –– develop a sense of ownership and responsibility for and Delegation of Authority Policy); and team initiatives without feeling that all legal activity –– composition of the board of directors (see Article, needs to be dictated by headquarters. Board Composition, Diversity and Refreshment • Policies on law department operations. The global and Country Q&A Tool: Corporate governance and legal team can tailor law department operations directors’ duties).

© 2021 Thomson Reuters. All rights reserved. Use of Practical Law websites and services is subject to the Terms of Use 6 Practical Law (static.legalsolutions.thomsonreuters.com/static/agreement/westlaw-additional-terms.pdf) and Privacy Policy (a.next.westlaw.com/Privacy). Managing the Global Law Department

Facilitate Team Communication • Scheduling annual (or more frequent) global meetings or retreats for the full legal team so they can: Clear and constant communication enables the effective operation of a global law department by: –– meet their colleagues and build camaraderie and trust; • Promoting integration and teamwork. –– feel less isolated and form stronger connections to • Helping lawyers share knowledge with colleagues in the team; other jurisdictions. –– learn about cultural differences and develop cross- • Reducing duplication of effort and promoting the efficient cultural sensitivity; use of internal resources across geographic regions. –– contribute to and take ownership of the global law • Ensuring that corporate legal strategies are carried out department strategy; on a consistent basis. –– discuss common legal issues and solutions; and • Keeping staff fully informed so they can anticipate organizational and regulatory changes and be flexible –– share legal knowledge, resources, and best practices enough to adapt and respond to those changes. across regions. • Coordinating the legal team’s response to material • Holding periodic meetings for regional legal staff or issues that have broad corporate implications, such as regional law department leaders so they can discuss large financial exposures or reputational damage. issues of importance to the law department and cascade key takeaways and initiatives to their local teams. To improve communication among geographically dispersed legal staff, the GC should employ different Engage and Retain Staff strategies for the legal team to meet and connect. Consider, for example: Retaining top talent and motivating legal staff to be their most productive are integral to the effective • Having the GC or other senior counsel visit other offices management of a global law department. To minimize to establish relationships with local legal staff. Be aware turnover, encourage peak performance, and keep the of local holidays, events, and other significant dates team engaged, the GC should encourage ownership of (such as regulatory reporting deadlines) when planning projects and provide opportunities for legal staff to grow. any trips or meetings. For example, consider: • Requiring or strongly encouraging all legal staff to learn and speak English so there is a common communication • Promoting cross-regional and cross-functional language. collaboration. Having legal staff from different regions work together on projects can: • Setting up clear communication channels for legal staff to share resources across regions (see Equip Team for –– challenge staff to expand their skill sets; Success). –– give staff the opportunity to travel and work in • Promoting ongoing communication among legal staff international locations with multicultural teams; to build a sense of community. For example, consider –– facilitate team-building and the sharing of ideas having: across regions; and –– regularly scheduled telephone and video conferences –– provide a broader range of perspectives and and town hall meetings that alternate time slots to potentially yield more innovative solutions. accommodate staff in different time zones; • Empowering legal staff to make improvements. –– interactive webcasts where legal staff can present Survey staff for their ideas on: on and ask questions about current legal issues, business developments, and other relevant matters; –– areas of the law department they would like to see improved (for example, updating the law –– legal intranet sites; department’s technology) (see Practice Note, Using –– weekly, monthly, or quarterly law department Technology to Increase Law Department Efficiency); newsletters; and –– ways to make those improvements; and –– mentor programs or buddy systems that pair –– how they would prefer to be organized and managed. attorneys across regions.

© 2021 Thomson Reuters. All rights reserved. Use of Practical Law websites and services is subject to the Terms of Use 7 Practical Law (static.legalsolutions.thomsonreuters.com/static/agreement/westlaw-additional-terms.pdf) and Privacy Policy (a.next.westlaw.com/Privacy). Managing the Global Law Department

The GC should then appoint a team to implement • Inventory available resources. Survey the legal team appropriate changes identified by the staff. during team meetings or using questionnaires to determine what resources are available to them and • Facilitating career development opportunities. what is needed. Resources may include: Provide opportunities for individuals to progress upward or move laterally within the corporate –– budget; hierarchy. For example, in: –– management support; –– larger law departments and companies, lawyers may –– staffing and expertise; assume greater levels of responsibility as managing attorneys or deputy general counsel (see Practice –– existing knowledge and document templates; Note, Role of the Deputy General Counsel) or even –– work space; move out of the law department into business roles; and –– technology; –– smaller law departments and companies with limited –– office supplies; and room for promotion, consider having local lawyers –– other workload support, such as outsourcing, become practice area specialists or regional experts offshoring, or alternative outside counsel solutions to broaden their opportunities for interesting work. (for example, see Practice Note, Secondment of • Organizing programs to keep team members Outside Counsel to Law Departments). engaged. Depending on its budgetary constraints, a • Create a global budget. Depending on the company: global law department may consider creating: –– the GC may administer a central legal budget that –– short-term regional exchange programs for lawyers absorbs the company’s legal costs; to immerse themselves in other internal legal functions and experience work in different geographic –– the business units may each control their own legal locations; budgets; –– periodic rotations of remote staff through headquarters –– legal costs may be managed by the law department to help them understand the corporate culture, bond and charged back to clients; or with the central legal team, and gain exposure to senior-level management; –– a combination of these approaches may exist. –– if feasible, long-term expatriate assignments with Regardless of the budget structure, the GC should relocation assistance; ensure that: –– secondment programs for lawyers to work with –– legal costs are closely managed, predictable, and local partner firms (for information on international reasonably consistent from jurisdiction to jurisdiction; secondments, see Practice Note, Secondment –– sufficient budget is available to provide the resources agreements: International and Standard Document, needed to support the workload; and Secondment agreement: International); –– resources are reallocated to meet a shortfall in any –– cross-regional assignments of legal staff for specific jurisdiction. projects, as needed; and For example, in a centralized structure, the GC should –– training programs for legal staff to build specific control and own the law department budget and the leadership and technical skills (see Equip Team for process of introducing cost controls. In a decentralized Success). structure, the GC should coordinate with the business to implement cost controls and ensure that adequate Equip Team for Success budget is allocated for the upkeep and support of local legal staff and initiatives. A successful global law department should have sufficient resources to match the service needs of each location. • Secure executive support. Executive support is vital Inadequate or poorly matched resource allocation can to the success and effectiveness of a law department. result in duplication of effort, inefficient performance, poor Senior management should: legal services, and low morale. To equip the legal team for –– provide strong, visible, and vocal support for the success, the GC should: global law department and its programs;

© 2021 Thomson Reuters. All rights reserved. Use of Practical Law websites and services is subject to the Terms of Use 8 Practical Law (static.legalsolutions.thomsonreuters.com/static/agreement/westlaw-additional-terms.pdf) and Privacy Policy (a.next.westlaw.com/Privacy). Managing the Global Law Department

–– emphasize the value that the legal function adds to across jurisdictions. Aggregating the information in a the company’s performance and success; and centralized database can help the company identify the highest-performing law firms and individual –– recognize the legal team’s role as trusted advisor and attorneys in different practice areas and geographic strategic partner. locations and eliminate low-performing law firms and For more information on building relationships with attorneys (see Outside Counsel Evaluation Process senior management and other internal stakeholders, Checklist, Using Metrics to Measure Outside Counsel see Practice Notes, Role of the General Counsel in Performance Checklist, and Standard Document, Executive Leadership, Practical Tips for New General Outside Counsel Evaluation Form); Counsel: Build Relationships with Stakeholders and –– establishing a list of preferred providers or having Practical Tips for New In-House Counsel: Understand selected local counsel on retainer to help the Internal Clients. business with everyday legal issues (see Working • Provide training. The GC should implement interactive Effectively with Outside Counsel Checklist: Create training programs for legal staff that, for example, use an Approved Outside Counsel List). Even if local case studies, promote group discussions, and involve counsel are ultimately selected by the local legal staff hands-on projects. These training programs should in partnership with the local business, there should focus on key objectives for the global law department, be central coordination to ensure that local counsel such as: have the experience and skills to match the needs of the business, an understanding of how local laws –– creating a common understanding of the company’s intersect with US laws, and the language ability to risk areas and its risk appetite; communicate with headquarters as required; and –– establishing a baseline position on legal strategy and –– standardizing the process for and terms and policy (see Ensure Consistent Service); conditions used in retaining outside counsel (for –– getting legal staff up-to-speed on applicable laws example, see Standard Documents, Request for and regulations, industry standards, and other Proposal (RFP) for Legal Services, Use of Outside customs and practices that affect the business; Counsel Policy, and Outside Counsel Guidelines). –– helping lawyers understand how local laws • Implement common technology. Centralized interrelate with US law; technology can improve efficiency and enhance alignment and collaboration across the law –– building a global-minded legal team. Consider having department. For example: team members, business managers, and outside counsel from different regions present on local legal –– a global document management system or central and business developments; and document repository can be used to gather and share knowledge and document templates to prevent –– developing business acumen, leadership skills, and duplication of effort; legal knowledge that can help team members do their work more effectively and provide leadership –– a document automation tool can be used to efficiently within the company (for example, see Practice generate standard legal documents from law Notes, Soft Skills for In-House Counsel and In-House department templates and create consistent work Attorney Development). product across the team; • Leverage the law department’s purchasing power. To –– a shared matter management system can help maximize purchasing power, the selection and retention the team communicate on current projects. It can of outside counsel should be aligned and centrally also help the GC efficiently allocate projects based managed. Steps to consider include: on legal specialty, skills, and experience, balance workloads, monitor the activities of individual lawyers –– if practical, negotiating volume discounts by and the matters they manage locally, review legal consolidating work with a core group of outside costs, and generate metrics to track productivity; and counsel and introducing other cost-effective arrangements (for example, see Practice Note, –– a central information hub, such as a legal portal, Alternative Fee Arrangements and Overview of intranet site, or collaboration platform can be used to Counsel Fee Arrangements Chart); highlight the tools and information available to the team and help lawyers across regions work together –– implementing an evaluation process to capture and on projects and share knowledge. analyze feedback on outside counsel performance

© 2021 Thomson Reuters. All rights reserved. Use of Practical Law websites and services is subject to the Terms of Use 9 Practical Law (static.legalsolutions.thomsonreuters.com/static/agreement/westlaw-additional-terms.pdf) and Privacy Policy (a.next.westlaw.com/Privacy). Managing the Global Law Department

For information on implementing and using technology consistent service across the enterprise. In designing the to increase law department efficiency, see Practice framework, the company should consider: Notes, Using Technology to Increase Law Department • Involving key stakeholders (such as local management, Efficiency and Designing and Implementing Legal human resources personnel, and works council members) Technology Roadmaps. who understand cultural differences and local laws and • Benchmark against other companies. Survey other customs. Make adjustments to the framework to address companies (such as thought leaders, industry pioneers, those differences, such as adjusting the way performance and peer companies) to learn about their cost-saving information is gathered, appraisal discussions are held strategies and practices for improving legal services. with employees, and individual legal staff goals are set For example, find out: (see Consider Legal and Cultural Differences). –– what metrics they are measuring; • Having both the GC and the business units weigh in on performance, compensation, and bonus allocation for –– how they facilitate global communications within the legal staff. In a reporting structure that is: law department; –– centralized, the GC has primary responsibility for –– what global polices they use to manage the the appraisal process. However, soliciting feedback department; and from internal clients can help the GC assess areas –– how they cultivate and retain their legal staff. like business orientation, teamwork, and overall effectiveness; or Ensure Consistent Service –– decentralized, the business manager with a direct reporting relationship to the legal staff has primary For a global law department to be a trusted partner to responsibility for the appraisal process. However, the business, the GC should ensure there is consistency in involving the GC can promote consistency of the legal services provided across the enterprise. The law performance and equitable treatment across regions. department should: It also helps tie geographically dispersed legal staff to the central law department. • Deliver quality work product. • Standardizing the criteria used to evaluate legal • Be responsive to clients’ needs and committed to staff both at headquarters and in other locations. meeting their expectations. Performance criteria and expectations should be clearly • Demonstrate integrity and high ethical standards. An communicated to all legal staff and their managers. ethical and compliant culture should be the foundation • Gathering performance information in multiple ways, of the global law department. Each team member including: should be held to the same standards of accountability regardless of jurisdiction. –– internal metrics that measure legal staff productivity (see Using Metrics to Measure Law Department • Understand the lawyer’s gatekeeper role at the company. Performance Checklist); • Ensure there is consistency of legal policy, strategy, –– evaluation forms completed by the business (see and position so the company speaks with one legal Standard Document, Law Department Client voice. Satisfaction Survey); • Provide training so the legal team has a common –– 360-degree feedback from clients, outside counsel, understanding of how to address corporate risk and and peers; and legal issues (see Equip Team for Success). –– self-appraisals submitted by individual legal staff. • Have a succession plan so there is a seamless transition when legal staff, including specialists and local lawyers, • Taking steps to ensure the appraisal process complies leave the company (see Practice Note, Law Department with local employment, data protection, and other laws. Succession Planning). For example, –– the company may need to implement certain security Create Performance Appraisal Framework measures to ensure any use and transfer of employee A standardized framework for conducting performance data (including appraisals) complies with local appraisals of the legal team can be used to ensure privacy and data protection laws; and

© 2021 Thomson Reuters. All rights reserved. Use of Practical Law websites and services is subject to the Terms of Use 10 Practical Law (static.legalsolutions.thomsonreuters.com/static/agreement/westlaw-additional-terms.pdf) and Privacy Policy (a.next.westlaw.com/Privacy). Managing the Global Law Department

–– in some countries (such as France and Germany), run afoul of data privacy laws in some countries if it the company’s works councils must approve the implements the standard discovery or recordkeeping performance appraisal framework before it can be process used in the US. For an overview of legal systems introduced. in select jurisdictions, see Country Q&A Tool: Legal systems. For more information on conducting performance reviews, see Practice Note, Conducting Employee Performance • Legal background. Attorneys in common law versus Reviews. For a sample performance review policy and civil law systems may have different understandings of an employee appraisal form, see Standard Documents, legal concepts, approaches to legal issues (such as the Performance Review Policy and Employee Performance practicality of their advice), client management (such as Evaluation Form. the speed of their response), and drafting styles. Legal staff across jurisdictions should be trained to share a common understanding of the company’s legal policies, Consider Legal and Cultural playbooks, and expectations for legal service, while Differences accounting for the differences in legal background and custom. To be effective, a global law department needs to have • Perception of the lawyer’s role. In some jurisdictions, both global awareness and local sensitivity. The GC the local business may view lawyers as processing should consider the legal and cultural differences that agents or administrative experts rather than business may affect how: partners. The GC should: • The law department operates in different jurisdictions. –– understand what the local perceptions are; • The GC sets performance expectations and manages –– educate local management on the law department’s the legal team. role and how they can effectively partner with in- house counsel to advance the business; and Adjust Legal Practices Across –– determine what other steps are needed to change Jurisdictions local perceptions (such as focusing on early wins to What may be legal and good practice in one jurisdiction get the business unit’s buy-in). may be illegal or unnecessary in another. For example, • Appetite for legal risk. Depending on the social context the GC should consider differences in: and enforcement environment, the appetite for legal • The application of attorney-client privilege. In some risk and approaches to handling risk may vary across non-US jurisdictions, such as the EU, communications jurisdictions. For example, in more risk-averse cultures, between the internal client and the in-house lawyer the business unit and local legal staff may be less are not protected. Because of this, the law department willing to try new approaches, make quick decisions, or may need to change how it handles certain matters. tolerate uncertainties in a proposed course of action. For example, with internal investigations, the law The legal team must be locally sensitive to this risk department may want to: appetite and be able to balance enterprise goals with local expectations. –– engage outside counsel to increase the chances that privilege applies; and • Contract drafting. The global law department may need to balance centralized consistency (using a single –– change the level of coordination and information- global template) with localization needs (accounting for sharing between its US and non-US in-house counsel. country-specific requirements). For example, in some For more information on attorney-client privilege, see non-US jurisdictions: Attorney-Client Privilege and Work Product Doctrine –– contract parties may expect legal forms to be Toolkit and Practice Note, A world tour of the rules of shorter than is the US norm, especially in civil law privilege. traditions or less litigious cultures. Lawyers in those • Judicial process. Differences in litigation procedure jurisdictions may meet resistance and be seen as and evidence rules may require the law department over-lawyering if they propose US-style forms that to adjust its strategies and expectations for budget, cover every contingency; and timing, and staff allocation when handling litigation in –– local laws may require country-specific forms or different jurisdictions. For example, the company may terms for certain transactions. For example, in China

© 2021 Thomson Reuters. All rights reserved. Use of Practical Law websites and services is subject to the Terms of Use 11 Practical Law (static.legalsolutions.thomsonreuters.com/static/agreement/westlaw-additional-terms.pdf) and Privacy Policy (a.next.westlaw.com/Privacy). Managing the Global Law Department

and Mexico, detailed employment contracts are law department should balance internal pay equity required, contrary to standard practice in the US against local market conditions to attract and retain where only short offer letters are used for general local talent. The law department also should tailor employees (see Country Q&A Tool: Employment and performance incentives to align with cultural values. employee benefits: Question 7). For example, in planning an incentive program, consider: • Retaining outside counsel. Outside counsel in non-US jurisdictions may have different approaches to taking –– whether the local culture values and expects work, delivering work product, and managing time. For monetary bonuses, recognition and status awards example, outside counsel in other jurisdictions may take (such as a larger office or more prestigious title), or work even if a conflict exists, because they can assign other forms of recognition and reward; different lawyers to those matters. The legal team –– how to allocate awards; and should be aware of these differences and clearly address them and any other corporate expectations before –– whether team or individual incentives would work engagement. For general considerations when drafting best. an engagement letter, see Engagement (Retainer) • Diversity and inclusion. Emphasizing diversity can Letter: Practical Considerations Checklist. For guidance help the law department recruit and retain better talent on working effectively with outside counsel, see Working that possess the background and skills to understand Effectively with Outside Counsel Checklist. multiple cultures, share best thinking from their local countries, and deliver more creative results for the Reflect Cultural Awareness in Managing company. Ensure that diverse legal staff: Team –– integrate into a corporate culture that encourages The GC should understand how legal staff in different diversity; jurisdictions may expect the department to be managed –– have the same opportunities for client exposure, and how they respond to performance incentives. For growth, and development; and example, consider how the law department should approach: –– receive targeted mentoring and guidance from senior legal team and business unit members. • The use of titles. The company may have a naming convention or consistently use certain internal titles For a discussion of policies and programs that law to maintain equity across the enterprise. However, departments can use to recruit, hire, and retain in certain markets, these internal titles may be diverse employees, see Practice Note, Increasing Law confusing, convey a different status than in the US, or Department Diversity. For a discussion of policies and be considered a demotion. To attract and retain local programs that law departments can use to increase talent, the law department may need to be flexible diversity at their law firms, see Practice Note, Increasing by, for example, allowing different titles to be used on Law Firm Diversity. business cards to meet local staff expectations. • Communication and teamwork. Understand the • Compensation awards. While a consistent cultural norms and local values that may affect how performance appraisal framework should be used the GC should manage and communicate with team across the enterprise for evaluating, promoting, and members in different jurisdictions. For example, terminating legal staff, equal compensation in all consider if local staff prefer and value: jurisdictions may not be realistic or desirable. The –– explicit or implicit communications; –– individualism or teamwork; –– direct negative feedback or indirect negative About Practical Law Practical Law provides legal know-how that gives lawyers a better feedback; starting point. Our expert team of attorney editors creates and maintains thousands of up-to-date, practical resources across all major practice –– consensus or top-down decision-making; areas. We go beyond primary law and traditional legal research to give you the resources needed to practice more efficiently, improve client –– confrontation or avoidance; service and add more value. –– organized time or flexible time structures; or If you are not currently a subscriber, we invite you to take a trial of our online services at legalsolutions.com/practical-law. For more information or to schedule training, call 1-800-733-2889 or e-mail –– task-oriented or relationship-oriented work [email protected]. structures. THOMSON REUTERS INSTITUTE

2021 State of Corporate Law Departments The global COVID-19 pandemic: A catalyst for accelerating the change agenda Executive Summary

For most corporate law departments, 2020 will be remembered as a year where everything was turned on its head. Law department leaders had previously helped guide their departments through recessions, sales shortfalls, and restructurings, but never a global pandemic. However, the after-effects of 2020 will likely contain as many positives as negatives; and, if department leaders are smart, it should act as a catalyst for accelerating the change agenda in 2021 and beyond. 2021 State of Corporate Law Departments 3

1 3 1 3The5 four1 3main5 effects1 3 of5 the1 pandemic3 5 on corporate law departments: 2 4 R 2 41. RIncreased2 and4 evolvedR workload2 4 R — Eight2 times4 asR many law departments experienced a surge in workload as experienced a dip. Further, they supported their organizations in reinventing business operations to varying degrees and breaking through barriers which would have previously been 1 3 5 1 3considered5 1 insurmountable.3 5 1 This3 dynamic5 changed1 3 the5 composition of work from business-as-usual to crisis management. 2. Shifting demand for external support — Corporate law departments’ demand for external 2 4 R 2 4counselR at2 law4 firmsR fell by 2.5%2 4 in 20R20, as2 many4 casesR and deals stalled. However, rate increases put in place by law firms at the start of the year along with a shift to using more senior partner-level contacts for crisis support meant that revenue for most law firms still grew overall in 2020. 3. Many traditional law departments struggled to adapt — Many traditional law departments lost time while their more modern counterparts were able to adapt to changing conditions much more quickly. Strategies such as investing in technology and establishing remote working practices were vindicated. 4. Safeguarding became a much higher priority for law departments — From keeping the organization afloat to mitigating risks emerging from the pandemic, the mandate to safeguard the company became paramount during the crisis. More than 40% of law departments have put in place new dispute prevention measures, on top of what they already had in place.

As we enter 2021, the challenges continue but many corporate law departments are now prepared — at least for what they have experienced through the pandemic. Many department leaders have formed a new adaptable mindset and have shown the efficacy of a remote working practices model. Legal budgets are likely to be further stretched, of course, as business-as-usual comes back to full force alongside rising work levels coming out of the dynamic COVID-19 environment and related disputes.

Any gaps in the industry’s modernity have been laid bare, and law department leaders have a unique opportunity to continue the rate of change in 2021 from how we worked in 2020. Forward-thinking law departments will be using this time to invest in the technology, processes, and smart resourcing required to optimize value and effectiveness from their current budgets.

Indeed, corporate law departments are in a unique position to drive more fundamental change across the legal industry and beyond in a number of ways, such as i) holding themselves, their organizations, and their suppliers accountable to new, modern standards; and ii) seeking authenticity in approaches and assigning hard targets in areas such as client service, efficiency, diversity and inclusion, sustainability, and broader corporate social responsibility. 2021 State of Corporate Law Departments 4

How will this report help you? Compare your approach to handling the pandemic with that of your peers. Learn how to remain adaptable amid continuing uncertainty. Critique your own department against a new framework of a successful law department that includes metrics, spend benchmarks, talent management, technology improvements, process redesign, external counsel management, and culture development. 1 3 1 3 5 1133 5 11 3355 11 3355 1 3 5 1 3 5

2 4 R 2 4 R 2244RR 2244 RR 2244 RR 2 4 R 2 4 R 1 3 5 1 3 5 113355 11 3355 11 3355 1 3 5 1 3 5

2 4 R 2 4 R 2244RR 2244 RR 2244 RR 2 4 R 2 4 R

Data sources Acritas Sharplegal Acritas, part of Thomson Reuters, has been researching senior in-house counsel across the globe for 14 years. This study incorporates responses gathered from more than 2,000 telephone interviews, each lasting approximately 30 minutes, including more than 600 in the U.S. The topics covered include legal spend, sourcing patterns, experiences with law firms, and general market trends. Additionally, this year the report looked in detail at the impact of the global COVID-19 pandemic on corporate law departments. For law department leaders, participation in the study enables them to access peer benchmarks on spend, proportion of budget allocated externally and internally, and team size. Please contact Kayleigh Lowes at [email protected] to schedule an interview.

Thomson Reuters Legal Department Operations (LDO) Index 2020 Thomson Reuters® Legal Tracker has surveyed legal operations professionals for five years, examining the changing landscape in the corporate legal field. In 2020, Legal Tracker surveyed corporate attorneys and legal operations professionals on their spend management plans and sophistication, department priorities, the maturity of their legal operations, and their staffing and diversity plans. The report also provides a listing of the most commonly used metrics for law department operations and best practices used by leading organizations. In total, 223 law departments, including those of 81 companies in the Fortune 1000, responded to the survey in June 2020, and their information was combined with Legal Tracker benchmarking data, comprised of more than $90 billion in legal spending from more than 1,450 law departments.

2021 State of Corporate Law Departments 5

Section 1 — Impact of the global COVID-19 pandemic

Early stage of the pandemic As a result of the pandemic crisis, 58% of corporate law departments experienced a surge in workload, more than eight times the number of departments that experienced a reduction. Unfortunately, this work increase came at the same time as rapid-fire budget cuts across many organizations, as department leaders sought to protect the financial viability of their business models as revenues fell. In fact, nearly five times as many law departments suffered budget cuts as saw budget increases. This meant the shift to ‘more for less’ in legal spending moved from a desire to an imperative.

Nearly 58% 7% as many law increased workload decreased workload departments suffered budget cuts as saw budget increases. 6% 29% 5x increased legal decreased legal budgets/spending budgets/spending

Overall, corporate law departments’ outside law firms stepped up to this challenge. Many law firms redirected their knowledge sharing efforts to help organizations understand the legal impacts of the pandemic and provided both general and tailored advice for clients, in the form of e-newsletters, webinars, and knowledge portals. Many law firm partners offered their clients hours of free advice, often beyond their core areas of expertise to better help clients think through the issues, implications, and potential solutions they were now facing. As these conversations were conducted remotely, from home to home, relationships between in-house and externalDisputes counsel — next became 6 months more personal compared and to were pre-COVID strengthened as a result. During all this, corporate law departments had to deal with new and different challenges, as four different workstreams emerged: 7% 1. Complying with COVID-19 mandates 2. Establishing remote working procedures 18% Higher 3. Maximizing operations 40% Same 4. Minimizing potential damages Lower Don’t Know

35% 2021 State of Corporate Law Departments 6

Four key workstreams coming out of the COVID-19 pandemic

Workstream 1 Workstream 2 Workstream 3 Workstream 4 1 3 1 3 Compliance5 with1 dynamic3 5 Enabling1 effective3 5 1 Maximizing3 5 operational activity Minimizing potential COVID-19 requirements home-working within dynamic environments damages

• Employee safety • Hardware • Continuity in supply chain • Resolve labor matters • Business operations • Access to info systems • Logistics • Monitor risks 2 4 R 2 4 R 2 4 R • Communication2 4 toolsR 2 4• CustomerR continuity (contracts, regulatory compliance, counterparty) • New processes • Review customer contracts • Mitigate disputes • Sufﬁcient resources • Ability to deliver products • Maximize government • Engaged people and services 1 3 5 1 3 5 1 3 5 1 3 5 1 3 5 aid support Objectives • Measure productivity • Maintain cash ﬂow • Preparing for staged return 1 3 1 3 5 to (new)1 normal 3 5 1 3 5 1 3 5 2 4 R 2 4 R 2 4 R 2 4 R 2 4 R • Low impact on business • Established home-working • Innovative culture • Adopt reason and activity patterns • Adaptable workforce compromise • Single state operation • Adequate tech infrastructure • Available supply chain • Early attempt to settle Strong Position • Digitally enabled

• High impact on business • Rigid environment • Frozen legal activity • Suspended hearings activity • Traditional culture (notaries, regulatory agencies) • Inﬂexible counterparties • Multi-state, multinational • Requirements for F2F Weak • Inadequate tech

Position operations • Sickness in team

How corporate law departments dealt with the impact of the global COVID-19 pandemic Budget allocation R Organizations were faced with a set of varyingand challenges, managementR depending primarily on their business R R R 2 4 activity and geographic2 reach. This4 dictated how the Pandemic impacted their revenue2 and business 4 2 4 2 4 operations and how many different sets of COVID-19 regulations they were dealing with — across different geographies. Attracting and Culture engaging talent “I think there’s been a disproportionate increase in workload. Consultations to understand what force majeure is, to understand the implications of the pandemic, what effects it can have and, especially, the high degree of regulation which has beenStrategic introduced goals, in the country. At the end of the day, being a federation, with 32 states, plus the federation,related there metrics, are 33 entities issuing regulations every day, as well as local authorities, which complicatesand matters.” reporting — Transport, Mexico 1 3 5 “The amount of 1work has been overwhelming3 because5 we’ve had to do a lot evaluating1 of 3 5 1 3 5 1 3 5 contingency planning optionsExternal [relating to] employments, possibilities in multiple countries and also counsel Technology and business continuity for countriesmanagement where we have operations but havesystems lock downs.” — Technology/Media/Telecom, U.S. These challenges also varied depending on how ready law departments were to adapt to virtual Process working and how creative they were in findingoptimization solutions to what would previously would have been considered untenable solutions. This meant that within a law department, its existing technology, established working practices, and culture made a big difference in how ‘fit’ the department was to handle the crisis. Were department leaders scrambling to order laptops and make systems accessible from numerous remote locations? Were in-house lawyers trying to find couriers to send out physical documents rather than being able to access and work on documents online? How well were they able to collaborate with colleagues? Were department leaders adept at crisis management and using modern approaches such as design thinking to find innovative solutions? “We are a department that is very used to working remotely, furthermore we are a department R that provides services at a global level; the internal clientR is not always in our offices so normally all R R R 2 4 communication2 is always remotely4 with them.” — Healthcare, Switzerland 2 4 2 4 2 4 2021 State of Corporate Law Departments 7

“So, for us we see that there is a huge willingness to embrace the change that COVID has driven. 58%We have remote working, we have7 full% IT support, we have extended hours for people who are home increased workload 58% decreased workload 7% “It’s difficult to be working.increased — Healthcare, workload Hong Kong decreased workload as efficient without “Productivity and efficiency have declined significantly as most of our legal workers are working having all the % % 6 % 29 % same kit at home, increased legalfrom home.”6 — Technology/Media/Telecom,decreased legal U.S.29 budgets/spending increased legal budgets/spending decreased legal including things budgets/spending budgets/spending like printers that allow you to print Minimizing disputes arising from the pandemic hundreds of pages of documents. So, Law departments are familiar with a constantly changing disputes environment. Recessions, for I think it’s going example, often lead to a more litigious environment as aggrieved parties become more desperate to be difficult to to assign blame and stem previous losses; whereas, in buoyant times, such finger-pointing becomes do more complex less prevalent. work without that With all the disruptions arising from the pandemic, especially the strain the crisis has put on infrastructure. contracts, many senior in-house counsel teams anticipate an uptick in dispute activity. There’s some stuff we physically can’t In total, 40% of law departments predicted that do because we spend on disputes would be higher over the next New measures aimed at preventingDisputes — disputesnext 6 months compared to pre-COVID don’t haveDisputes access — next 6 months compared to pre-COVID New measures aimed at preventing disputes six months than pre-pandemic levels, twice as to files without 5.6% many as foresee lower spend levels. people going 5.6% 7% into the offices, 7% Overall, the mindset and strategies of corporate law departments over the previous few years which doesn’t 18% Higher really fit into the 18% Higher were laid out for all to see — and their external 40% Same Yes Same government’s 40%Yes Lowerlaw firms were in much the same boat. 39.8% Lower 39.8% Don’t Know recommendations No No Don’t Know so that stuff’s all Don’t KnowDon’t Know put on hold for 54.6%54.6% New measures aimed at preventing disputes now.” 35% New measures aimed at preventing disputes New measures35% aimed at preventing disputes 5.6% — Technology/Media/ 5.6% Telecom, UK 5.6%

Yes 39.8% Yes Yes 39.8% No 39.8% No Top COVID-19 dispute prevention measures No Don’t Know Top COVID-19 dispute prevention measures Don’t Know Don’t Know 54.6% Contract review/renegotiation 30% 54.6% Contract review/renegotiation 54.6% 30% Compliance with new regulations 27% Compliance with new regulations New policies 21% 27% New policies 21%

Communication with customers/clients 13%

Communication with with suppliers/vendors customers/clients 10% 13% Further,Top COVID-19 40% of dispute these departmentsprevention measures are taking Guidance to help catch issues early Top COVID-19 dispute prevention measures Communication with suppliers/vendorsTop COVID-19 10% dispute 10% prevention measures additional steps to prevent disputes; however, Contract review/renegotiation 30% Communication/transparency with employees 9% Guidance to help catch issues early 10% 55% said theyContract are review/renegotiationnot. 30% Contract review/renegotiation Compliance30% with new regulations 27% Amendments to waivers 4% Communication/transparency with employees 9% The most commonCompliance with preventative new regulations measures 27% Compliance with new regulations 27% New policies 21% cited included reviewingNew or policies renegotiating 21% Amendments to waivers 4% New policies contracts, 21% taking a robust approach to ensuring complianceCommunication with pandemic-related with customers/clients regulations, 13% Communication with customers/clients 13% Communication with customers/clients 13% and implementingCommunication with new suppliers/vendors policies. 10% Communication with suppliers/vendors 10% Communication with suppliers/vendors 10% Many departmentsGuidance to help are catch also issues stepping early up 10% Guidance to help catch issues early 10% Guidance to help catch issues early 10% communicationsCommunication/transparency with employees, with employees customers, 9% andCommunication/transparency suppliers. with employees 9% Communication/transparency with employees 9% Amendments to waivers 4% Amendments to waivers 4% Amendments to waivers 4% 2021 State of Corporate Law Departments 8

“It’s really about communication. You’re kind of limited in what you can do based on the law or what your contract says, but certainly as soon as COVID broke out we made sure there were open lines of “We have gone communication with us and our sub-contractors as well as us and our owners.” — Construction, U.S. to great lengths to make sure “Reviewing our contracts to understand our position on issues like force majeure, and potentially that when we clarifying some of the force majeure clauses, and having proactive discussions with suppliers and are operating, contractors around their position.” — Natural Resources, UK we’re doing it in the absolute safest fashion…. How the pandemic changed the way law departments work One [objective] The rapid shift to remote working within the legal industry has forced many law department leaders is to protect to break through the traditional mindset of having to see people in their offices to understand that the employees; two, is hopefully work was being done. lessen any Lawyers’ ability to work remotely while continuing to be effective and productive has been proven liability from any for those departments that have offered the right supporting technology and processes. This new potential worker dynamic brings a host of opportunities — the ability to scale back office space, to hire talent, or compensation or search for new suppliers beyond the usual geographic limitations. Departments also can offer a more other disputes. flexible employee experience that fits around the individual, not the work location. It’s all I’ve been working on In a survey of law firm partners, three times as many partners said they perceived remote working for the last four as having a positive impact on their well-being than said it had a negative effect. Partners were months.” also more likely to perceive working practices had improved rather than deteriorated. Those that — Manufacturing, thrived were more likely to talk about having more structure in the way they collaborated with others. U.S. Partners also said that getting the right support and training for those who find it harder to adapt is key. Among alternative legal services providers (ALSPs) the ethos was to offer traditional legal organizations the kind of flexibility previously unavailable in the industry. This often resulted in ALSPs attracting a more diverse, tech-friendly workforce they could pitch to traditional law firms and corporate law departments. If law departments and law firms can follow the ALSPs’ lead by maintaining their flexible working options after the pandemic, they are likely to develop a more engaged and creative team.

Checklist: Characteristics of law departments that were in good shape to handle the pandemic Utilized technology that enabled effective and efficient remote working (hardware and software). Established remote working practices that allowed internal teams to have structured working processes and online meeting cadence. Checked in regularly with internal business leaders to ensure a legal perspective is included at all key meetings and that risks are identified. Fostered a creative, non-hierarchical culture where all team members felt able to contribute ideas to solve challenging issues. Enabled external counsel to offer the same seamless service virtually. Accessed free law firm resources to help identify and understand emerging legal issues. Learned from other clients’ experiences by relying on trusted external lawyers who are well-connected within their own firms. Tracked dynamic COVID-19-related regulations across all jurisdictions and ensured compliance. Created and maintained a risk register that incorporated and ranked all potential legal risks. Took steps to mitigate the most concerning risks at all levels. 2021 State of Corporate Law Departments 9

Section 2 — What might 2021 bring and how can corporate law departments best prepare

What will the outside world be like? Until the pandemic is more fully under control, most economies are likely to suffer continued disruption and reduced economic activity. This will create financial pressure for many legal organizations and their clients, which will no doubt increase the pressure on legal budgets. For those law departments that have been well positioned to grow through this crisis or rapidly adapted their business models to find greater opportunity, there are likely to be continued challenges to help facilitate business change and rapid growth. The U.S. has transitioned to a new administration and, as the largest economy in the world, this change will impact businesses trading in, or with, the U.S. The new administration of President Biden already has indicated it is taking a stronger stance in handling the pandemic, by re-joining the World Health Organization and issuing a national mask mandate in public areas. Hopefully, these actions will reduce the longer-term damage, especially the loss of life from the virus. Further, the Biden administration has signaled its intention to review and reverse much of the former administration’s regulatory, trade, and foreign policy initiatives, which is likely to impact international trade. In his inaugural address, President Biden also pledged to confront the issues that have led to social unrest in recent months. This further focus on social disruption would continue to empower law department leaders to push for more diversity and inclusion, both internally and among their outside counsel teams. For multinational companies active in Europe, the UK’s departure from, and new relationship with the European Union could have a significant impact on how business gets done in the short- and long-term. For many industries, including legal, operating in an uncertain political and economic landscape will continue to be the norm. And law departments will be central in helping their organizations maximize performance while they minimize both near-term and future risks. 2021 State of Corporate Law Departments 10

How can law departments prepare?

Keep legal support available at all times First and foremost, corporate law departments need to build on the productivity gains and flexibility they’ve seen in their transitionWorkstream to remote 1 working. WorkstreamEven after 2many returnWorkstream to the office, 3 departmentsWorkstream 4

should be ready to switchCompliance to virtual with dynamic working asEnabling quickly effective and effectivelyMaximizing as possible operational as activity demand Minimizing requires potential it. That means continuingCOVID-19 to transition requirements systemshome-working and processes that makewithin dynamicthis possible environments and supportingdamages individuals in their remote working capabilities. • Employee safety • Hardware • Continuity in supply chain • Resolve labor matters • Business operations • Access to info systems • Logistics • Monitor risks • Communication tools • Customer continuity (contracts, regulatory Be a proactive, core advisor to the business compliance, counterparty) • New processes • Review customer contracts • Mitigate disputes • Sufficient resources • Ability to deliver products Second, the in-house legal team needs to keep close to the business, not just by identifying and• Maximize government • Engaged people and services aid support mitigating potential risks,Objectives but by taking a more• Measureproactive productivity role, providing• Maintain a sounding cash flow board for new • Preparing for staged return strategies, and bringing forward potential solutions. to (new) normal In dynamic times like these, staying current with the strategic moves of competitors or organizations in parallel industries will be essential, as will keeping abreast of changing regulations. The more • Low impact on business • Established home-working • Innovative culture • Adopt reason and formalized this process is,activity the more effective it ispatterns likely to be. • Adaptable workforce compromise • Single state operation • Adequate tech infrastructure • Available supply chain • Early attempt to settle Strong Law department leadersPosition also should let outside legal advisors know that• Digitally they enabled are expected to bring ideas and best practices, gathered from their other clients to your legal team. And it’s crucial to schedule time and reward• High them impact onfor business doing this.• Rigid environment • Frozen legal activity • Suspended hearings activity • Traditional culture (notaries, regulatory agencies) • Inflexible counterparties • Multi-state, multinational • Requirements for F2F Weak • Inadequate tech

Position operations • Sickness in team What should a successful law department look like?

Budget allocation and management

Attracting and Culture % engaging talent of law departments’ 81 hirings were for legal operations Strategic goals, roles in 2020. related metrics, and reporting

External counsel Technology and management systems

Process optimization

Source: Thomson Reuters Legal Department Operations Index Report

In the above framework, seven major components that a successful corporate law department should seek to incorporate were identified. One major development in 2020, according to the report, was the huge increase in law departments’ hiring of legal operations roles, with 81% of departments saying they were making such hirings, compared to 57% that said this in last year’s report. Legal operations specialists are increasingly seen as the driving force behind all seven elements of this framework, often ensuring that legal departments have the right tools and resources. 2021 State of Corporate Law Departments 11

1. Strategic goals, related metrics, and reporting

To keep metrics While most law departments can articulate a range of compelling strategic goals — for example, at the forefront of encompassing effective legal support to the business, safeguarding the organization for the long- its operations, term, or driving efficiency — most of the metrics departments report are related to their legal spend. your law In fact, the top five metrics used, according to Thomson Reuters Legal Department Operations Index departments report, were spend-based: should put in place a regular reporting • Total spend by law firm (with 92% of departments saying they track this metric) mechanism that • Total spend by matter type (62%) helps the internal team stay on track, • Total spend by practice group (54%) while reminding • Total spend by business unit (50%) business leaders, especially those • Forecasted spend vs. actual spend (48%) in charge of the purse strings, While spend metrics are vitally important, they alone do not measure the core value a law of the value added by your team. department contributes. Law departments that can find measures which help to demonstrate to the business how the department creates value or avoids losses, can use these metrics to help fend off attacks on their budget. For example, the sixth most used metric cited by law departments is tracking the number of matters opened and closed. While this still doesn’t evaluate the quality of work and value created, it does measure the volume of work. The eighth most utilized metric is litigation exposure — often a big concern for Chief Finance Officers — so keeping track of this is recommended. Interestingly, tracking the quality of legal outcomes is only utilized by 11% of departments. • Number of legal matters opened and closed (46%) • Litigation exposure (36%) • Quality of legal outcomes (11%)

2. Budget allocation and management While law department leaders can gain access to real benchmarks — gathered by collating budget and revenue information from thousands of companies — the reality is that a department’s actual budget depends on its organization’s size, location, industry, level of regulatory scrutiny, stage of growth, international reach, and many other factors. This report shares overall medians, means, and trends, while recognizing that the figures gathered often do not account for the quality of the legal provision. Below are two high-level metrics that law department leaders should consider to be key when it comes to legal spend benchmarks: • Legal spend as a percentage of revenue • Percentage of legal spend allocated to external counsel 2021 State of Corporate Law Departments 12

In 2020, an organization with $1 billion or more in global revenue typically spent 0.18% of this revenue on legal services. In the U.S., this figure was much higher with U.S.-based organizations spending close to twice as much, relative to their revenue. UK and Canada sit close to the global average, while most other countries typically spend somewhat less on legal.

Total legal budget = 0.18% of revenue

Spending benchmarks for $1bn+ revenue organizations, by HQ location:

Total spend relative to revenue (median) Global 0.18% Overall North America 0.28% North America U.S. 0.32% Canada 0.19% Overall Europe 0.15% UK 0.18% Europe Germany 0.13% France 0.11% Latam Overall LA 0.14% Asia Pac Overall AP 0.12%

Aside from geographical location, the size of the organization (based on its total revenue) makes the biggest difference when it comes to level of legal spend because large economies of scale can come into play. A U.S. organization with revenue of $6 billion or more will typically spend almost 15% less on legal compared to an organization that has less than $250 million in revenue. The table below gives a rough guide by revenue, but doesn’t account for other variables, such as industry. Finance and real estate industries within the U.S., for example, allocate more than 1% of their revenue to legal, due largely to regulatory demands.

Spending benchmarks for $50m+ revenue U.S. organizations, by revenue size:

Revenue Total spend relative to revenue (median) <$250m 1.40% $250m-<$500m 0.54% $500m-<$1bn 0.54% $1bn-<$3bn 0.35% $3bn-<$6bn 0.24% $6bn+ 0.19%

Proportion allocated externally = 55% 2021 State of Corporate Law Departments 13

External legal spend — The average proportion of a corporate law department’s overall legal budget allocated externally has remained fairly consistent at 55%. In the U.S., the average is slightly higher at 60% while in Europe and the Asia Pacific region the figure is closer to 50%. For U.S. organizations at least, there does appear to be an optimal range when it comes to the ideal balance of external to internal spend which corresponds with the lowest spend-to-revenue ratio. The lowest ratio is 40% to 50%, suggesting that U.S. law departments would typically benefit from bringing at least another 10% of their overall budget internally — closer to the European and Asian average.

Spending benchmarks for $50m+ revenue U.S. organizations, by external/internal ratio: Total spend relative to revenue (median) by % of spend external Total spend relative to revenue (median) by % of spend external Total spend relative to revenue (median) by % of spend external 0.90% 0.78% 0.90% 0.80% 0.90% 0.78% 0.80% 0.70% 0.78% 0.80% 0.70% 0.60% 0.55% 0.70% 0.52% 0.60% 0.55% 0.50% 0.45% 0.55% 0.52% 0.60% 0.39%0.52% 0.50% 0.40%0.45% 0.35% 0.50% 0.45% 0.33% 0.39% 0.40% 0.35% 0.39% 0.40% 0.30%0.35% 0.33% 0.33% 0.30% 0.30% 0.20% 0.20% 0.20% 0.10% 0.10% 0.10% 0.00% 0.00% 0.00% <30% external 30%-<40% external 40%-<50% external 50%-<60% external 60%-<70% external 70%-<80% external 80%+ external <30% external 30%-<40%<30% externalexternal 40%-<50%30%-<40% external external50%-<60%40%-<50% external external60%-<70%50%-<60% external external70%-<80%60%-<70% external external80%+ external70%-<80% external 80%+ external

Base: <30% (49); 30%-<40% (28); 40%-<50% (37); 50%-<60% (62); 60%-<70% (63); 70%-<80% (53); 80%+ (74) Base: <30% (49); 30%-<40% (28); 40%-<50% (37); 50%-<60% (62); 60%-<70% (63); 70%-<80% (53); 80%+ (74) Base: <30% (49); 30%-<40% (28); 40%-<50% (37); 50%-<60% (62); 60%-<70% (63); 70%-<80% (53); 80%+ (74)

As companies start to increase their use of external ALSPs, which often claim to offer leaner pricing, the optimal range might shift, as outsourcing becomes more cost effective.

0.4 in-house lawyers per $100m revenue The typical organization with $1 billion or more in revenue has the equivalent of 0.4 in-house lawyers 48% 48% for every $100 million in revenue — this is trueLaw firmboth in the U.S. Lawand firm Europe. However, U.S. companies’ 69% 48% in-house legal costs are still typically much higher than theirLaw firmEuropean counterparts’, 69% as the U.S. 69% median cost per lawyer is more than double, at $300,00024% compared to $133,00024% in Europe. In the Government Government Asia Pacific region, legal team sizes are typically smaller, 46% with 0.2 in-house24% lawyers per $100 million 30% 44% % Government 46% increasing spend increasing30 use 44 46% in revenue. increasing% spend increasing% use 11% on tech 30 of tech 44 In-house 11% increasing spendon tech increasing ofuse tech 30% In-house Economies of scale are again seen here, with smaller companies requiring 11% larger teams relative to on tech of tech In-house 30% their revenue, but still spending a similar amount per lawyer as larger 30% organizations. Legal clinic/ 8% Preferred 8% Preferred not-for-profit 20% Legal clinic/Considered Legal clinic/not-for-profit 8% 20% PreferredConsidered 3. Attracting and engaging talent not-for-profit 20% Considered Many law departments recruit their talent directly from law firms. And the pandemic has made talent across law firms re-evaluate their working lives, and almost 80% of lawyers have said they want to maintain the changes they’ve experienced during remote working, according to a recent Acritas report on the future of legal work. Further, 20% said they would leave their current firm if it won’t accommodate greater flexibility. If your department can offer these new hires more control of where and when they work, it could give you a unique opportunity to bolster your in-house team with talent from law firms across the country. Additionally, some of the larger corporate law departments recruit directly from law schools, while others leverage learning platforms from their preferred law firms to ensure the department’s more junior members continue their professional development as they build a network of peers. Total spend relative to revenue (median) by % of spend external

0.90% 0.78% 0.80% 0.70% 0.55% 0.60% 0.52% 0.50% 0.45% 0.39% 0.40% 0.35% 0.33% 0.30% 0.20% 2021 State of Corporate Law Departments 14 0.10% 0.00% <30% external 30%-<40% external 40%-<50% external 50%-<60% external 60%-<70% external 70%-<80% external 80%+ external

Base: <30% (49); 30%-<40% (28); 40%-<50%According (37); 50%-<60% to a survey (62); 60%-<70% of U.S. (63); 70%-<80%law students (53); 80%+ conducted (74) by Acritas in late-2020, only 30% said they would consider a career in-house, and just 11% said this would be their preferred career choice. The survey also showed that there was very little understanding of what an in-house career entails, with some law school respondents saying they didn’t think they would be qualified, they didn’t have the right experience, or that there wouldn’t be much earning potential or variety of work. Only Clearly, corporate law departments would benefit from improving their employer brand among law schools and external counsel by, for 48% % Law firm example, showing off the rich variety of work 69% and career prospects available alongside flexible 30said they ways of working and an opportunity for pro 24% would consider a Government bono work. 30% career44 in-house.% 46% increasing spend increasing use Once in place, highly engaged team members 11% on tech of tech In-house not only perform well, but they are more likely 30% to stay. Law departments can encourage this enthusiasmTotal by inviting spend newrelative team to members revenue to (median) by % of spend external 8% Preferred Legal clinic/ have a voice and share it within the organization. not-for-profit 20% Considered After working0.90% in hierarchical law firms, new in- 0.78% house 0.80%team members will view this as a hugely refreshing0.70% opportunity. 0.55% And one way to track progress in this area is to measure Net0.60% Promoter Score among the current team 0.52% to see how the department scored when it comes to employees’0.50% recommending0.45% the department as a 0.39% good place to work. 0.40% 0.35% 0.33% 0.30% 0.20% 4. Technology and systems 0.10% This year’s report shows that 30% of law departments are increasing0.00% their spend on technology, <30% external 30%-<40% external 40%-<50% external 50%-<60% external 60%-<70% external 70%-<80% external 80%+ external compared with only 11% decreasing spend. An even stronger trend, identified in the LDO survey this year, is that more departments are making better use of existing technologies, with 44% of departments saying they were increasing their use of technology tools, comparedBase: <30% (49);with 30%-<40% just (28); 40%-<50% (37); 50%-<60% (62); 60%-<70% (63); 70%-<80% (53); 80%+ (74) 2% decreasing. The top five most important technologies cited by corporate law departments, according to the LDO survey, were: • eBilling/spend and matter management • Contract management 48% Law firm • Legal research 69% • Document management 24% Government • Legal hold 30% 44% 46% increasing spend increasing use 11% The five most common technology solutions on tech of tech In-house 30% that law departments said they don’t currently have but are looking to procure include: Legal clinic/ 8% Preferred • Document management not-for-profit 20% Considered • Legal business intelligence • Contract AI for analysis, risk assessment, or due diligence • Contract management • Legal workflow automation 2021 State of Corporate Law Departments 15

Whatever technologies departments have in place, data security is cited as the second highest priority for law departments, according to the LDO survey. Amid the pandemic, of course, data security and protection has become even more important now that data systems, documents, and networks need to be accessible to remote workers.

5. Process optimization The third and fourth highest priorities cited by law departments in the LDO survey were “driving internal efficiency in the delivery of legal services”, which was cited as a priority by 74% of departments; and “using technology to simplify workflow and manual processes” (61%), both of which demonstrate the importance of process optimization. Law departments are increasingly turning to techniques such as design thinking and collaboration to re-engineer their working processes, assign the right resources, and maximize department technology. There is also huge upside potential in simplifying future processes by digitalizing as much of the department’s legal data as possible. This type of process review is often greatly helped by employing the right experts. Professional project managers, legal engineers, and external consultants are increasingly being utilized by corporate law departments and law firms for this purpose.

How sophisticated is your department when it comes to technology and processes? Thomson Reuters has developed a model to help law departments assess the sophistication of their technology and processes. In the last year, law departments have grown in sophistication, with the biggest shift being Proactive organizations moving on to becoming Optimized and Predictive.

Change since Category Description 2020 2019 Legal invoices outside of eBilling system; no consistent way to CHAOTIC 0% -1% report on legal spending REACTIVE Use of an eBilling system and basic reports on spending 23% — Use of billing guidelines, invoice audits, and legal invoice PROACTIVE 51% -6% review; process for management of timekeepers and matters Centralized management of rates; use of request for proposals (RFPs), bids or discounts to set rates; focus on OPTIMIZED 18% +2% internal processes that drive costs down; advanced reporting on law department performance Active management of matters with collaborative involvement from attorneys, outside counsel, and legal operations; detailed PREDICTIVE 7% +3% matter budgets, predictability, and forecasting; benchmarking performance 2021 State of Corporate Law Departments 16

6. External counsel management The top priority cited for law departments in the LDO survey was to control outside counsel costs. This is not surprising given that those costs represent an average 60% of a department’s total budget. The top 10 most effective ways to manage external counsel costs identified by law departments were: 1 General enforcement of billing guidelines and reduction of invoice fees and expenses, cited by 81% of respondents 2 Standard discounts on proposed timekeeper rate cards (for example, offering 10% off rack rates), cited by 53% 3 Regular review of budgets, and comparison to actual spending on high-cost matters (51%) 4 Reduction of invoice expenses (50%) 5 Reduction of timekeeper rate increases (49%) 6 Volume discount (45%) 7 Requiring law firm matter budgets (42%) 8 Blended hourly rates (for example, offering fixed rate for partners, fixed rate for associates) (35%) 9 Fixed or flat fee with amount set at matter level (34%) 1 0 Utilization of preferred vendors/panel program (28%) While spend on external counsel is important to keep under control, the performance of external firms and the value they add is even more important. Given the effectiveness of enforcing billing guidelines as a measure in reducing outside counsel costs, law departments should consider using preferred vendor programs or panels as a way of increasing the value added, rather than simply as a way to further reduce cost.

Communication is critical — Typical breakdown areas between law departments and external counsel are often caused by poor communication. There are some ways these issues can be overcome or reduced, such as: Agree to a service standards framework that details how your department would like the external law firm to communicate, preferred methods for delivering advice, reasonable response times, and a traffic light system for urgency of tasks. Alignment of goals and metrics on how success is measured and rewarded for meeting budgets. Reviewing matters post-closure to ensure service is optimized, making sure the overall costs continue to come down and the law firm itself is rewarded for increasing overall efficiency. Regular briefings as to the company’s goals, challenges, and risk appetite to ensure business solutions are delivered rather than just legal opinions. These sessions should be interactive and provide an opportunity for external counsel to suggest ideas or note experiences it has observed from working with other clients. 2021 State of Corporate Law Departments 17

7. Culture The culture of a law department is driven by many different factors. The tone from the top, what behaviors are rewarded and which are frowned upon, and the attitude towards both internal customers and external suppliers. In fact, how suppliers are treated makes a huge impact on how much value they ultimately will add. However, culture is much broader than that. Indeed, culture begets key questions, such as: What type of people do well here? Does gender, race, or sexual orientation affect a team member’s chance of success? Does this also impact the selection of external counsel? Acritas has identified significant, yet often unconscious, bias at play in the selection of partners at law firms by their in-house clients. This bias shows that male clients are much more likely to select a male lead partner. Yet, the performance of male and female leads was seen to be equitable, according to the research. Better still, a diverse team was shown to lead led to significantly higher performance across multiple measures.

Focus on diversity and inclusion — In 2019-2020, Acritas worked with the European General Counsel Association (EGCA) to co-create a framework that could be used with their panel law firms to ensure material progress on diversity and inclusion (D&I) initiatives of all types. The top 10 practical steps that came out of the EGCA framework include: 1 Maintain focus on all aspects of diversity, but limit reporting to gender. 2 Report back to law firms on diversity metrics, outlining what you are looking for from firms. Also, show the impact on work allocation. 3 Agree to the same framework within your department and report on the same D&I metrics as law firms. 4 Hold annual discussions with your firms to discuss best practices and share successes and failures. 5 Consider funding joint initiatives to target specific under-represented groups. 6 Create a guide of must haves and recommended diversity initiatives. 7 Ask your law firms to report on both diversity and inclusion initiatives. This can help identify those firms that are really excelling. 8 Request metrics at the overall law firm level once a year and across matters twice per year. 9 Align reporting requests with existing standards (for example, Solicitors Regulation Authority, Diversity Model Survey, or Stonewall Index). 1 0 Commit to the Mindful Business Charter, a collaboration among leading banks, law firms, and other entities that are committed to driving workplace change. The corporate law department, as guardian of the organization’s legal identity, can also play an important role in ensuring the organization is operating as a good citizen. Does the company live up to its stated values? Is the supply chain sufficiently vetted to ensure vendors and suppliers also live up to these values? Is the company taking a sustainable approach to its energy consumption? Are members of the team stepping up to volunteer on projects that matter? For most lawyers, a culture that enables a dual role — being recognized and rewarded for delivering high legal performance but also being allowed to give back to the local community and make a broader impact on the world — is a sound and compelling proposition. 2021 State of Corporate Law Departments 18

Conclusion In 2021, corporate law departments have a unique opportunity to build a department which is fit 1 3 1 3 5 1 3 5 1for the3 legal5 industry’s1 3 changing5 future while meeting the heightened demand that top talent now requires in a workplace. The pandemic year of 2020 stress-tested the current operations of most law departments. Through 2 4 R 2 4 R 2 4 R 2unprecedented4 R 2disruption,4 R crisis management, and immediate shifts to new ways of working, the gaps within departments were revealed. Law department leaders quickly realized that traditional 1 3 5 1 3 5 1 3 5 1methods3 5 of work1 could3 evolve5 and still meet department goals. Departments also saw benefits in convenience, cost savings, and broader accessibility; but there were some challenges, such as tasks or occasions where remote connection falls short. Indeed, many department leaders found that some elements of law still required face-to-face contact and will 2 4 R 2 4 R 2 4 R 2continue4 R to do so2 going4 forward.R The pandemic offered many in the legal industry the chance to reflect, whether spending more time with family or enjoying more conducive work-life balance. Indeed, 2020 proved that lawyers don’t have to spend long hours in the office every day to make their best contribution — and it is increasingly outdated to think otherwise. For corporate law departments, all of these experiences have opened up new, leaner ways of finding solutions to legal challenges, often by tapping into technology-enabled, virtual legal processes. Law department leaders also will have to rethink how they train their people and be more structured in the ways they collaborate, allocate work, and build relationships. Leaders also can use the lessons of the pandemic to design a department that fosters relationships with outside counsel and other legal service suppliers that are more efficient, healthier, and more focused on mutually beneficial outcomes. Ultimately, this new approach to legal work will allow progressive law department leaders to reap the benefits of their innovation and, most importantly, to clearly demonstrate their department’s value to their organization.

This report was written by Lisa Hart Shepherd, Vice President of Research & Advisory Services and founder of Acritas, now a part of Thomson Reuters. 2021 State of Corporate Law Departments 19

Thomson Reuters Institute The Thomson Reuters Institute brings together people from across the legal, corporate, tax & accounting, and government communities to ignite conversation and debate, make sense of the latest events and trends, and provide essential guidance on the opportunities and challenges facing their world today. As the dedicated thought leadership arm of Thomson Reuters, our content spans blog commentaries, industry-leading data sets, informed analyses, interviews with industry leaders, videos, podcasts, and world-class events that deliver keen insight into a dynamic business landscape. Visit thomsonreuters.com/institute for more details.

EXECUTIVE SUMMARY DOES YOUR Legal Department FUNCTIONEfficiently And Effectively? DO YOU HAVE The Right Talent IN YOUR Legal Department?

If you answered NO to either of these questions, then Major, Lindsey & Africa is here to help. Our Transform Advisory Services team can work with you to evaluate and assess your current team and organizational structure and then identify areas for improvement and growth. Then our In-House Counsel Recruiting and Interim Legal Talent teams can help you build out your team for success now and into the future.

We can help with: 1. Integration and Transition Coaching 2. Legal Department Maturity Assessment 3. Legal Department Benchmarking 4. Legal Department Operating Model Review 5. Legal Department Operations Infrastructure and Technology Review 6. Talent Development and Retention Review 7. Reducing, Consolidating or Disaggregating Legal Spend 8. Legal Staffing & Executive Placement

Contact [email protected]

www.MLAGlobal.com TABLE OF CONTENTS

INTRODUCTION 3

1. LEGAL DEPARTMENT STRUCTURE 4

2. STAFFING 8

3. SPENDING 13

4. WORK ALLOCATION 17

5. USE OF LAW FIRMS 19

6. DIVERSITY 22

DEMOGRAPHICS 27

METHODOLOGY 29 INTRODUCTION

June 2021

The Association of Corporate Counsel (ACC) and Major, Lindsey & Africa (MLA) are delighted to present our 2021 Law Department Management Benchmarking Report. Following a highly successful first edition of this study published in 2019, this report builds on the feedback received from legal experts, key stakeholders, and ACC members. Our primary goal is to provide essential financial and operational benchmarking data to assist legal departments in establishing baselines for performance improvement. In addition, given the breadth of responses to the survey, the results are intended to educate readers on the current operating state of in-house legal departments and the changes we are observing.

This executive summary report builds on survey responses from 493 legal departments in organizations spanning 24 industries and 30 countries, making it one of the largest and most comprehensive legal department benchmarking surveys on the market. High-level survey results are presented on legal department structure, staffing metrics, spending metrics, work allocation, law firm usage, and diversity.

We hope this summary report will provide many helpful insights to general counsel, legal operations professionals, legal consultants, and to the broader in-house community. The full survey results, which include granular breakdowns of the data by company revenue, industry, legal department size, and company type, are available on ACC’s benchmarking reports page. Tailored reports with peer level apples-to-apples data comparisons can be commissioned by making a request to [email protected]. If assistance is helpful to achieve performance improvement in your legal department, both the ACC and MLA would welcome hearing from you directly.

We would like to thank all participating legal departments for taking the time to share their data and insights with us for the benefit of the greater in-house legal community.

ACC Research & Benchmarking Services Major, Lindsey & Africa acc.com/benchmarking mlaglobal.com [email protected] [email protected]

4 | 2021 Law Department Management Benchmarking Report | Executive Summary SECTION LEGAL DEPARTMENT STRUCTURE 1

This first section provides a high-level overview of several key internal reporting structures within legal departments. First, the direct reporting line of the chief legal officer (CLO), second, whether the CLO also assumes the role of corporate secretary, and third, the extent to which specific business functions are subsumed within Legal or exist as independent business functions reporting up to the CLO.

In line with other recent ACC surveys, the results show that in 80 percent of departments the CLO reports directly to the organization’s chief executive officer. One in ten departments have a direct reporting line to the chief financial officer instead, four percent report to the chief operating officer, and around two percent report to the chief administrative officer. The legal department is overseen by another individual in four percent of organizations.

THE CHIEF LEGAL OFFICER’S DIRECT REPORTING LINE

CHIEF FINANCIAL OFFICER 10.5%

CHIEF EXECUTIVE CHIEF OPERATING OFFICER 4.1% OFFICER 79.7% CHIEF ADMINISTRATIVE OFFICER 1.6%

OTHER Other responses: Board, chief business officer, chief risk officer, chief human resources officer, executive vice 4.1% president, group general counsel, president, vice president.

Note: The survey question asked “To whom does your organization’s Chief Legal Officer (or most senior lawyer) report?” In some cases, mostly in larger organizations, the CLO will be the most senior lawyer, however, in many cases the most senior lawyer has the title of General Counsel. We therefore use the terms CLO and GC interchangeably throughout the report.

5 | 2021 Law Department Management Benchmarking Report | Executive Summary LEGAL DEPARTMENT STRUCTURE SECTION 1

There is a fair degree of variation across company sizes, industry sectors, and global regions. CLOs more often report directly to the CEO in larger organizations—92 percent in companies over $10 billion in revenue. CLOs in all participating pharmaceutical companies report directly to the CEO, followed by finance and banking (88.9 percent) and energy (86.7 percent). By global region, Canada tops the list with 86 percent of CLOs reporting directly to the CEO. Europe, Middle East, and Africa (EMEA) reported the lowest percentage with 71.2 percent.

PERCENTAGE OF LEGAL DEPARTMENTS WHERE THE CLO REPORTS DIRECTLY TO THE CEO

COMPANY SIZE

SMALL (<$1B) 76.2%

MEDIUM ($1B-$10B) 80.6%

LARGE (>$10B) 91.9%

INDUSTRY

PHARMACEUTICALS/ 100.0% MEDICAL DEVICES

FINANCE AND BANKING 88.9%

ENERGY, OIL, AND GAS 86.7%

CONSTRUCTION 83.3%

MANUFACTURING 82.1%

PROFESSIONAL, SCIENTIFIC, 82.0% AND TECHNICAL SERVICES

INSURANCE 79.3%

HEALTHCARE AND 76.5% SOCIAL ASSISTANCE

RETAIL TRADE 72.5%

INFORMATION TECHNOLOGY 69.9%

GLOBAL REGION

CANADA 86.7%

ASIA-PACIFIC 82.1%

UNITED STATES 80.5%

LATIN AMERICA/CARIBBEAN 78.6%

EMEA 71.2%

6 | 2021 Law Department Management Benchmarking Report | Executive Summary LEGAL DEPARTMENT STRUCTURE SECTION 1

CLOs assume the role of corporate secretary in 63 percent of participating organizations. There is not a linear pattern across company size. Just over half of CLOs take on the role in large organizations while nearly 70 percent do so in mid-size organizations. CLOs that work in IT, professional services, and manufacturing take on the corporate secretary role in an above average percentage of cases, while retail trade (60 percent) and finance and banking (54.5 percent) are below the average.

CHIEF LEGAL OFFICER ALSO ASSUMES THE ROLE OF CORPORATE SECRETARY

NO YES

TOTAL 36.8% 63.2%

COMPANY SIZE

SMALL COMPANIES (<$1B) 38.2% 61.8%

MEDIUM COMPANIES 30.6% 69.4% ($1B-$10B)

LARGE COMPANIES (>$10B) 48.4% 51.6%

INDUSTRY

INFORMATION TECHNOLOGY 30.1% 69.9%

PROFESSIONAL, SCIENTIFIC, 32.0% 68.0% AND TECHNICAL SERVICES

MANUFACTURING 32.5% 67.5%

RETAIL TRADE 40.0% 60.0%

FINANCIAL AND BANKING 45.5% 54.5%

Participants were presented with a comprehensive list of 19 business functions and were asked to indicate whether each were considered to be part of the legal department. Among those functions that were not subsumed within Legal and were considered to be a separate division, we asked which reported up to Legal. The results provide interesting insights on the legal department’s scope of work.

Compliance tops the list of functions that is handled directly by legal with 77 percent departments handling it directly. An additional seven percent reported that compliance is a separate division within the company, but reports to legal, which means that 84 percent of departments in total oversee the compliance function. Privacy (62 percent) and ethics (59 percent) are the other two functions that are part of the legal department in a majority of participating organizations. Risk (46 percent), government affairs (37 percent), and environmental, social, and governance (26 percent) ranked next on the overall list. Interestingly, 21 percent of legal departments oversee the human resources function with an almost even split between those that house HR within legal and those that have the HR department report up to the general counsel — the latter case results in the highest percentage observed of a business function that reports to legal while housed in a separate department or unit.

7 | 2021 Law Department Management Benchmarking Report | Executive Summary LEGAL DEPARTMENT STRUCTURE SECTION 1

LEGAL DEPARTMENT FUNCTIONS

NET

COMPLIANCE 84.1% 77.4% 6.7%

PRIVACY 67.4% 61.6% 5.8%

ETHICS 64.5% 59.2% 5.3%

RISK 52.8% 46.1% 6.7%

GOVERNMENT AFFAIRS 41.5% 37.3% 4.2%

ENVIRONMENTAL, SOCIAL, AND GOVERNANCE 29.9% 25.5% 4.4% (ESG) / CORPORATE SOCIAL RESPONSIBILITY (CSR)

PUBLIC/CORPORATE AFFAIRS 27.3% 21.5% 5.8%

REAL ESTATE/CORPORATE FACILITIES 24.2% 19.5% 4.7%

ADMINISTRATION 18.8% 15.7% 3.1%

HUMAN RESOURCES 20.7% 10.9% 9.8%

ENVIRONMENT, HEALTH AND SAFETY (EHS) 16.4% 10.4% 6.0%

INFORMATION SECURITY 14.6% 9.3% 5.3%

PROCUREMENT 12.0% 8.2% 3.8%

INTERNAL AUDIT 13.8% 8.0% 5.8%

COMMUNICATIONS 12.0% 7.3% 4.7%

PHYSICAL SECURITY 9.7% 5.5% 4.2%

SUPPLY CHAIN 6.7% 3.8% 2.9%

INFORMATION TECHNOLOGY (IT) 8.2% 3.1% 5.1%

FINANCE 4.9% 1.6% 3.3%

Function is considered part of the legal department Function reports up to the CLO or another individual in the legal department, but is considered a separate division

8 | 2021 Law Department Management Benchmarking Report | Executive Summary SECTION STAFFING 2

Section two presents an overview of key legal department staffing metrics including the total number of staff by position type, lawyer-to-support staff ratios, overall department staff composition, and the number of lawyers per $1 billion in company revenue (a key standardized benchmarking metric). Legal departments provided detailed headcounts of legal staff by type, namely lawyers, paralegals, legal operations professionals, administrative staff, and other staff, as well as temporary or contractor staff. The overall median values across small, mid-size, and large companies are presented in the table below.

Departments in small organizations reported a median of two lawyers and three total legal staff. Mid-sized companies report a median of 15 total legal staff, with nine lawyers, two paralegals, and one administrative staff. Large companies with US $10 billion or more in revenue reported a median of 70 lawyers, 11 paralegals, four legal operations professionals, seven administrative staff, and eight other specialized staff — and three contract or temporary staff.

NUMBER OF IN-HOUSE LEGAL STAFF BY POSITION

SMALL MEDIUM LARGE COMPANIES COMPANIES COMPANIES TOTAL (<$1B) ($1B–$10B) (>$10B) MEDIAN MEDIAN MEDIAN MEDIAN

LAWYERS 4 2 9 70

PARALEGALS 1 0 2 11

LEGAL OPERATIONS PROFESSIONALS 0 0 0 4

ADMINISTRATIVE/ SECRETARIAL STAFF 1 0 1 7

OTHER STAFF 0 0 0 8

TOTAL INSIDE LEGAL STAFF 6 3 15 122

CONTRACT (TEMPORARY) STAFF 0 0 0 3

9 | 2021 Law Department Management Benchmarking Report | Executive Summary STAFFING SECTION 2

With these headcount numbers we calculate the ratios of lawyers vis-à-vis other staff categories. For example, a department with 10 lawyers and two paralegals would have a 5-to-1 lawyer per paralegal ratio — 10 divided by two. We computed these calculations for all participating legal departments, and the median values show that the ratio of lawyer per paralegal among survey participants is 3-to-1, the ratio of lawyer per legal operations professional is 7-to-1, and the ratio of lawyer per administrative staff is 5-to-1.

We also provide a picture of the composition of the average legal department by looking at the percentage of staff for each position — lawyers, paralegals, etc. — based on the total number of legal department employees. On average, two-thirds of legal department employees are lawyers, paralegals represent 12 percent, administrative and secretarial staff account for eight percent, other staff also account for eight percent of legal department staff, and legal operations professionals represent six percent of total legal department employees.

LAWYER-TO-OTHER STAFF RATIOS

3-TO-1 7-TO-1 5-TO-1 LAWYERS PER LAWYERS PER LAWYERS PER PARALEGAL LEGAL OPERATIONS ADMINISTRATIVE PROFESSIONAL PROFESSIONAL

LEGAL DEPARTMENT COMPOSITION (MEAN)

PARALEGALS 12%

LEGAL OPERATIONS PROFESSIONALS LAWYERS 6% 66% ADMINISTRATIVE/SECRETARIAL STAFF 8%

OTHER STAFF 8%

10 | 2021 Law Department Management Benchmarking Report | Executive Summary STAFFING SECTION 2

The following chart visualizes the relationship between the number of lawyers in the legal department with those of other support staff: paralegals, legal operations professionals, and administrative staff. The horizontal axis classifies departments based on their reported number of lawyers: 1, 2, 3, and up to 200 or more. The column height indicates the number of departments in each lawyer count category with the scale provided on the left- hand vertical axis. Thus, one-lawyer departments represent a plurality of survey participants with 116, two-lawyer departments amount to 72 participants, three-lawyer departments count 46 participants, and so on.

The lines in the chart record the average number of support staff for each category represented in the horizontal axis, the number of lawyers in the department. The value scale for the average number of support staff is shown on the right-hand vertical axis. The chart shows the positive relationship that one would expect — as we move toward the right on the horizontal axis, as the number of lawyers in the department increases, the average number of support staff also increases.

The dotted vertical lines indicate the lawyer-to-paralegal, lawyer-to-administrative staff, and lawyer-to-legal operations professional ratios — introduced above — set respectively at three, five, and seven lawyers based on the overall medians. In other words, departments tend to have at least one paralegal once there are three lawyers, an admin once there are five lawyers, and a legal ops professional once there are seven lawyers.

AVERAGE SUPPORT STAFF PER NUMBER OF LAWYERS IN THE LEGAL DEPARTMENT

125 30 FIRST PARALEGAL HIRED 100 25 FIRST ADMINISTRATIVE STAFF HIRED 20 75 FIRST LEGAL OPS PROFESSIONAL HIRED 15 50 10

25 5 NUMBER OF LEGAL DEPARTMENTS LEGAL OF NUMBER 0 0 1 2 3 4 5 6 7 8 9 10 11- 16- 21- 31- 51- 76- 101- 200+ STAFF SUPPORT OF NUMBER AVERAGE 15 20 30 50 75 100 200

NUMBER OF LAWYERS IN THE LEGAL DEPARTMENT

------Paralegals ------Legal operations professionals ------Administrative/secretarial staff

11 | 2021 Law Department Management Benchmarking Report | Executive Summary STAFFING SECTION 2

A key metric used for determining appropriate lawyer headcount is presented in the table below. Lawyers per $1 billion in revenue is considered an essential benchmarking metric because it is a standardized measure, which takes into account the size of the organization. It is calculated by dividing the number of legal staff by the company revenue, which is divided by $1 billion. This results in a single value that can be compared against all other organizations. The overall survey results (based on all participant departments) show that the median number of lawyers per $1 billion is eight. By company size, medium companies — with a revenue ranging from $1 billion to $10 billion — report a median number of 4 lawyers per billion, while large companies report median values of 2.8 lawyers.

KEY STAFFING METRIC (MEDIAN)

SMALL MEDIUM LARGE TOTAL COMPANIES COMPANIES COMPANIES MEDIAN (<$1B) ($1B–$10B) (>$10B) MEDIAN MEDIAN MEDIAN

LAWYERS PER $1 BILLION IN COMPANY REVENUE 8.0 16.7 4.0 2.8

Lawyers per $1 billion in revenue is an essential standardized benchmarking metric.

It is important to note that higher median values are typically observed when applying the calculation to organizations under $1 billion in revenue. In these cases, the calculation becomes a projection since the $1 billion denominator cannot be used. In other words, if a $500 million company employs five lawyers, their “lawyers per $1 billion” equal 10 lawyers per billion.

12 | 2021 Law Department Management Benchmarking Report | Executive Summary STAFFING SECTION 2

We also present the median lawyers per $1 billion across industry sectors. Agriculture, transportation, construction, manufacturing, and retail trade all have a relatively low metric value—all under 5 lawyers per $1 billion. IT and education have an especially high metric value, likely due to the greater number of smaller companies that participated in the survey among those industries.

LAWYERS PER $1 BILLION IN COMPANY REVENUE BY INDUSTRY (MEDIAN)

INFORMATION TECHNOLOGY 21.4

EDUCATIONAL SERVICES 18.0

MANAGEMENT OF COMPANIES AND 17.7 ENTERPRISES

ARTS, ENTERTAINMENT, AND RECREATION 15.0

FINANCIAL & BANKING 14.3

PROFESSIONAL, SCIENTIFIC, 13.7 AND TECHNICAL SERVICES

PHARMACEUTICALS/MEDICAL DEVICES 11.1

ENERGY, OIL & GAS 8.2

REAL ESTATE RENTAL AND LEASING 8.0

TELECOMMUNICATIONS 7.6

OTHER SERVICES (EXCEPT 7.6 PUBLIC ADMINISTRATION)

ACCOMMODATION AND FOOD SERVICES 7.5

INSURANCE 7.5

MINING 7.1

HEALTHCARE AND SOCIAL ASSISTANCE 6.5

UTILITIES 5.7

RETAIL TRADE 5.4

WHOLESALE TRADE 4.9

MANUFACTURING 4.5

CONSTRUCTION 4.0

TRANSPORTATION AND WAREHOUSING 3.3

AGRICULTURE, FORESTRY, FISHING AND HUNTING 3.3

13 | 2021 Law Department Management Benchmarking Report | Executive Summary SECTION SPENDING 3

Section three presents the high-level survey results for several key spending figures including benchmarks such as total legal spend as a percentage of company revenue, inside and outside spend as a percentage of total legal spend, and cost per lawyer hour, and we also include the results segmented by company size.

Survey participants provided data on their total inside spend, including a breakdown of expenses on lawyer compensation and non-lawyer compensation, and on total outside spend, including their specific spend on outside counsel and on alternative service providers. The sum of inside and outside spend results in the total legal department spend, with a median of US $3 million among all survey participants. Differences are substantial across company sizes, however, with legal departments in small organizations recording a median total legal spend of US $1.2 million, those in mid-sized organizations registering a value of US $8.4 million, and larger legal departments reported a median of US $64 million in total legal spend.

Overall, the distribution of spend among survey participants is quite balanced, with the median values for internal spend as a percentage of total spend set at 49 percent and that of external spend consequently being 51 percent. The breakdown by company size highlights some differences, though, with smaller organizations tending to spend more inside (53 percent) while medium and larger organizations spend more outside — 42.5 percent and 45.3 percent spent internally compared to 57.6 percent and 54.7 percent spent outside for medium-sized and large companies, respectively.

Differences in company size are also noticeable when examining standardized metrics, such as total legal spend as a percentage of company revenue. Smaller companies report a median of 0.867 percent of company revenue dedicated to legal spend, whereas the value is lower for medium and large companies at 0.363 percent and 0.227 percent, respectively.

One metric that is relatively consistent across company size is cost per lawyer hour, which we calculate by dividing total lawyer compensation spend by the number of lawyers in the legal department and further divided by the industry standard of 1,800 hours of work in a given year. The results across company sizes are similar, with the median values set at US $113, $131, and $123 for small, mid-size, and large companies, respectively. Another metric where company size seems to have a minimal effect is in the percentage of total legal spend allocated to legal technology — companies across the three revenue categories report the same median value, two percent of total spend is allocated to technology solutions in the legal department.

MEDIAN TOTAL LEGAL SPEND

Smaller organizations SMALL tend to spend ORGANIZATIONS $1.2 M more inside while MID-SIZED medium and larger ORGANIZATIONS $8.4M organizations spend more outside. LARGE ORGANIZATIONS $64M

14 | 2021 Law Department Management Benchmarking Report | Executive Summary SPENDING SECTION 3

KEY LEGAL DEPARTMENT SPENDING METRICS

SMALL MEDIUM LARGE TOTAL COMPANIES COMPANIES COMPANIES (<$1B) ($1B–$10B) (>$10B)

TOTAL INSIDE SPEND Includes lawyer and non-lawyer compensation $1.0M $560K $3.2M $27M and other inside spend not categorized

TOTAL OUTSIDE SPEND Includes spend on outside counsel and ALSPs $1.5M $500K $5.0M $31.0M and other remaining outside spend not categorized

TOTAL LEGAL SPEND Total inside spend + total outside spend $3.0M $1.2M $8.4M $64.0M

LAWYER COMPENSATION Combined compensation among all department lawyers— $670K $400K $2.0M $12.5M includes salary, cash bonus, taxes, and benefits

NON-LAWYER COMPENSATION Combined compensation among all non-lawyer legal staff— $213K $130K $500K $4.0M includes salary, cash bonus, taxes, and benefits

SPEND ON OUTSIDE COUNSEL $1.3M $400K $4.0M $24.0M

SPEND ON ALSPS/LPOS $10K $0 $100K $1.0M

TOTAL INSIDE SPEND AS PERCENTAGE OF TOTAL SPEND 48.9% 53.1% 42.5% 45.3%

TOTAL OUTSIDE SPEND AS PERCENTAGE OF TOTAL SPEND 51.2% 46.9% 57.6% 54.7%

TOTAL SPEND AS PERCENTAGE OF REVENUE 0.573% 0.867% 0.363% 0.227%

COST PER LAWYER HOUR Total lawyer compensation spend divided by $120.37 $112.50 $130.56 $123.40 (lawyers x 1,800 billable hours)

PERCENTAGE OF LEGAL SPEND ALLOCATED TO OTHER BUSINESS UNITS 4.0% 0.0% 12.5% 44.0%

PERCENTAGE OF TOTAL LEGAL SPEND ALLOCATED TO LEGAL TECHNOLOGY 2.0% 2.0% 2.0% 2.0%

Note: Outside spend values do not include settlement costs, judgements, fines, recoveries, or costs associated with claims or capitalized expenses.

15 | 2021 Law Department Management Benchmarking Report | Executive Summary SPENDING SECTION 3

In addition to capturing the spending figures listed in the table above, we also asked departments to rank the top three legal technology areas in which they are investing the greatest amount of their legal spend (among those who said they have allocated budget to technology). The following bar chart provides the percentage of departments that selected each technology area in which they have allocated the most spend (Ranked #1), as well as the second (Ranked #2) and third (Ranked #3) areas with the highest dedicated spend.

Departments are spending the most on contract management technology, with almost one-in-four legal departments, and 42 percent selected it among their top three areas in terms of technology-related spend. Compliance and legal research services come next with 15 percent and 10 percent of participants, respectively. Intellectual property management (7.4 percent) and matter management (six percent) complete the first five technology areas ranked as the top spending priority. However, other technology areas, namely eBilling, document management, and eSignature, are included in the spending top 3 in a larger share of participating departments than IP management and matter management.

Departments are TOP 5 TECHNOLOGY AREAS spending the most on BY ALLOCATED SPEND contract management technology, with 1. CONTRACT MANAGEMENT almost one-in-four legal 2. COMPLIANCE departments. 3. LEGAL RESEARCH SERVICES 4. IP MANAGEMENT 5. MATTER MANAGEMENT

16 | 2021 Law Department Management Benchmarking Report | Executive Summary SPENDING SECTION 3

TECHNOLOGY AREAS BY ALLOCATED SPEND

TOP 3

CONTRACT MANAGEMENT 42.0% 23.3% 13.4% 5.3%

COMPLIANCE 33.3% 15.3% 12.0% 6.0%

LEGAL RESEARCH SERVICES 28.5% 9.8% 7.9% 10.8%

IP MANAGEMENT 14.4% 7.4% 2.2% 4.8%

MATTER MANAGEMENT 17.3% 6.0% 6.2% 5.0%

E-BILLING 20.1% 5.8% 9.4% 5.0%

BOARD PORTALS 17.3% 5.8% 3.8% 7.7%

DOCUMENT MANAGEMENT 18.9% 4.8% 7.0% 7.2%

E-SIGNATURE 18.9% 4.1% 8.9% 6.0%

E-DISCOVERY: IDENTIFICATION/ 8.2% 3.1% 2.4% 2.6% PRESERVATION/COLLECTION

CORPORATE SECRETARY TOOLS 12.2% 2.6% 6.0% 3.6%

E-DISCOVERY: REVIEW/PRODUCTION 4.1% 2.6% 1.0% 0.5%

E-DISCOVERY: 4.6% 1.7% 2.2% 0.7% PROCESSING/ANALYSIS

BUSINESS INTELLIGENCE (BI) 3.1% 1.4% 0.5% 1.2%

WORKFLOW TOOLS 5.5% 1.0% 1.2% 3.4%

RECORD MANAGEMENT 4.1% 1.0% 0.7% 2.4%

KNOWLEDGE MANAGEMENT 3.8% 0.7% 1.7% 1.4%

DOCUMENT COMPARISON 4.6% 0.7% 1.4% 2.4%

ARTIFICIAL INTELLIGENCE (AI) 2.2% 0.7% 0.7% 0.7%

ONLINE VIRTUAL DATA 2.9% 0.7% 0.5% 1.7% ROOM REPOSITORIES

PATENT SEARCH TOOLS 3.1% 0.5% 1.9% 0.7%

LEGAL HOLD TOOLS 2.4% 0.5% 0.7% 1.2%

PROJECT MANAGEMENT 2.6% 0.5% 0.5% 1.7%

REMOTE CONNECTIVITY TOOLS 3.4% 0.0% 1.9% 1.4%

SURVEY/INFORMATION 1.2% 0.0% 0.5% 0.7% GATHERING TOOLS

INTEGRATION TOOLS 1.2% 0.0% 0.2% 1.0%

Ranked #1 Ranked #2 Ranked #3

17 | 2021 Law Department Management Benchmarking Report | Executive Summary SECTION WORK ALLOCATION 4

Section four presents an overview of how certain broad categories of essential legal work are managed. Participants were presented with a list of 17 work categories and were asked to identify whether the work was managed internally, by outside counsel, by ALSPs, or whether the work was not covered or not applicable in their legal department. This question was asked in a multiple-choice format, so participants could indicate that a specific task was managed both internally and externally, either by outside counsel or ALSPs, or both.Therefore, among the three columns on the left-hand side, not all rows will add to 100 percent.

The 17 work areas are sorted by the percentage of departments that handle each task internally, from highest to lowest, and darker cells indicate a higher percentage of respondents. The percentages in the two columns on the right side of the table indicate the percentages of legal departments that deemed each type of work either not covered or not applicable. These responses are not counted when calculating the percentages listed in the three columns on the left-hand side.

As an example, 76 percent of departments manage due diligence in-house. However, 51 percent have it managed by outside counsel, and four percent say the work is handled by ALSPs. These categories are not mutually exclusive. In this case, although the majority of the work is handled in-house, some of that same work is also sent out to law firms and ALSPs.

As we go down the table, the percentage of departments that outsource work increases. At least four in ten departments outsource legal research, labor and employment, due diligence, litigation (case project/management), discovery (data collection), intellectual property management, and discovery (data processing/hosting) to outside counsel. In the latter two work types, more participants outsource the work to law firms than manage it internally.

ALSPs are only used by a minority of departments, though at least a few rely on ALSPs to manage each of the 17 areas. ALSPs are most often used for due diligence and for each aspect of the discovery process, particularly for data processing/hosting and data collection.

4% of departments say their due diligence work is handled by ALSPs

18 | 2021 Law Department Management Benchmarking Report | Executive Summary WORK ALLOCATION SECTION 4

ALLOCATION BY WORK TYPE

MANAGED BY NOT COVERED MANAGED MANAGED BY NOT OUTSIDE OR INTERNALLY ALSP/LPOS APPLICABLE COUNSEL NOT KNOWN

CONTRACT MANAGEMENT 100% 11% 2% 0% 1%

RECORDS MANAGEMENT 99% 3% 3% 6% 5%

INVOICE REVIEW 99% 0% 2% 2% 3%

LEGAL OPERATIONS 98% 3% 1% 3% 8%

COMPLIANCE 98% 9% 3% 2% 3%

DOCUMENT MANAGEMENT — REVIEW AND DRAFTING 96% 12% 1% 2% 3%

PRIVACY AND SECURITY 96% 21% 5% 2% 2%

CORPORATE AND GOVERNANCE 95% 17% 2% 1% 1%

REGULATORY 93% 30% 2% 2% 4%

LITIGATION — LEGAL HOLD 84% 25% 3% 2% 10%

LEGAL RESEARCH 83% 41% 2% 2% 5%

LABOR AND EMPLOYMENT 82% 48% 1% 1% 1%

DUE DILIGENCE 76% 51% 4% 2% 6%

LITIGATION — CASE/ PROJECT MANAGEMENT 69% 60% 1% 2% 9%

DISCOVERY — DATA COLLECTION 65% 42% 13% 6% 20%

INTELLECTUAL PROPERTY SERVICES 54% 70% 4% 1% 5%

DISCOVERY — DATA PROCESSING/HOSTING 47% 52% 20% 6% 23%

19 | 2021 Law Department Management Benchmarking Report | Executive Summary SECTION USE OF LAW FIRMS 5

Section five presents the number of law firms and ALSPs departments are engaging as well as the most common fee structures used. Most legal departments reported having a preferred list of outside counsel providers, with no meaningful differences when considering company size. Overall, 77 percent of respondents do keep a list of preferred providers — with 76 percent in small companies, 81 percent in mid-sized organizations, and 74 percent in large corporations.

Company size, however, shows large differences when reviewing the number of law firms and alternative legal service providers that participating organizations engage. The overall results show that, on average, participants engaged 36 law firms and about 2 alternative legal service providers in 2020. Small companies relied on the services of 10 law firms 0.5 ALSPs, medium companies recruited, respectively, 36 law firms and 2 ALSPs, and large organizations counted on 158 law firms and 5.4 ALPS, on average. By industry, the results show some variation as well. Energy companies engaged about 70 law firms, followed by organizations in finance and banking (56); arts, entertainment, and recreation (48). Companies in finance and banking top the list of ALSP engagement with an average of four vendors, followed by insurance and transportation companies (three) and arts, recreation, and entertainment, and retail trade (two).

LIST OF PREFERRED PROVIDERS OF OUTSIDE COUNSEL

NO YES

TOTAL 22.6% 77.4%

SMALL COMPANIES (<$1B) 23.6% 76.4%

MEDIUM COMPANIES 18.8% 81.3% ($1B-$10B)

LARGE COMPANIES (>$10B) 25.8% 74.2%

77% of respondents do keep a list of preferred providers

20 | 2021 Law Department Management Benchmarking Report | Executive Summary USE OF LAW FIRMS SECTION 5

HOW MANY WERE ENGAGED BY YOUR ORGANIZATION IN 2020?

LAW FIRMS MEAN

TOTAL 36.2

COMPANY SIZE

SMALL (<$1B) 10.1

MEDIUM ($1B-$10B) 35.8

LARGE (>$10B) 158.3

INDUSTRY

ENERGY, OIL, AND GAS 69.5

FINANCE AND BANKING 56.0

ARTS, ENTERTAINMENT, 48.4 AND RECREATION

INSURANCE 44.9

MANUFACTURING 44.2

ALTERNATIVE LEGAL MEAN SERVICE PROVIDERS TOTAL 1.6

COMPANY SIZE

SMALL (<$1B) 0.5

MEDIUM ($1B-$10B) 2.0

LARGE (>$10B) 5.4

INDUSTRY

FINANCE AND BANKING 4.0

INSURANCE 3.2

TRANSPORTATION 3.0 AND WAREHOUSING ARTS, ENTERTAINMENT, 2.2 AND RECREATION

RETAIL TRADE 1.9

21 | 2021 Law Department Management Benchmarking Report | Executive Summary USE OF LAW FIRMS SECTION 5

The number of law firms and ALSPs engaged in 2020 has remained largely the same, however, around three in ten reported having engaged more law firms in 2020 compared to 2019, and one in six reported their number of law firms decreased. Twelve percent reported engaging more ALSPs in 2020 compared to 2019, and only five percent reported a decrease.

HOW DID THIS NUMBER CHANGE COMPARED TO 2019?

LAW FIRMS ALTERNATIVE LEGAL SERVICE PROVIDERS

Stayed the same 54.5% Stayed the same 83.2% Increased 29.1% Increased 11.5% Decreased 16.5% Decreased 5.3%

We asked about the kinds of fee arrangements departments are using with outside counsel. The most common fee type is discounted hourly rates, which is used by five in six participating departments. Seventy-one percent reported using standard hourly rates and 63 percent used flat fees for entire matters — or some stages of matters. Less common fee types are retainers (29 percent), incentive or success fees (16 percent), contingency fees (14 percent), and performance-based holdbacks (3 percent). Three percent of participants also reported using other fee arrangements beyond the nine options provided in the survey.

TYPES OF OUTSIDE COUNSEL FEES USED

DISCOUNTED HOURLY RATES 83.4%

STANDARD HOURLY RATES 71.2%

FLAT FEES FOR ENTIRE MATTERS 62.7% OR FOR SOME STAGES OF MATTERS

CAPPED FEES 48.3%

BLENDED HOURLY RATES 34.5%

RETAINERS (INCLUDING PERIODIC RETAINER 28.8% FEES FOR A PORTFOLIO OF SERVICES)

INCENTIVES OR SUCCESS FEES 16.0%

CONTINGENCY FEES (INCLUDING 14.2% REVERSE CONTINGENCY FEES)

PERFORMANCE-BASED HOLDBACKS 3.0%

OTHER 3.2%

22 | 2021 Law Department Management Benchmarking Report | Executive Summary SECTION DIVERSITY 6

Section six presents survey results seeking to understand the extent to which in-house departments currently have diversity metrics and/or targets with respect to their own internal composition as well as with their law firms. For those departments that indicated they do possess formal diversity metrics, we then asked what aspects of diversity they currently capture.

Overall, 29 percent of survey participants reported tracking internal diversity metrics, though with considerable variation across company sizes: 16 percent of small companies track internal diversity metrics, while 39 percent of departments in medium-sized companies do so and 71 percent of those in large organizations with US $10 billion or more in revenue. By industry, no sector reported having a majority of companies tracking internal diversity metrics, although 49 percent of companies in finance and banking do so, while only a third do so in accommodation and food services, mining, and utilities. By global region, about four in ten legal departments in the EMEA region have internal diversity metrics, while this is the case in between 25 percent and 30 percent of departments in the other global regions: Latin America and the Caribbean, the United States, Canada, and the Asia-Pacific region.

Among those departments that track diversity metrics, almost all (94 percent) evaluate diversity among new hires, followed at some distance by promotions (55 percent), departures (50 percent), and levels or functions (49 percent). Diversity in training (27 percent) and matter staffing (22 percent) close the list. The percentage of departments that track diversity metrics and that also have a formal strategy to improve in this area, with actionable measures and tangible consequences, is 46.9 percent.

SMALL Overall 29% of survey ORGANIZATIONS 16% participants reported MID-SIZED tracking internal diversity ORGANIZATIONS 39% metrics, though with considerable variation LARGE across company sizes. ORGANIZATIONS 71%

23 | 2021 Law Department Management Benchmarking Report | Executive Summary DIVERSITY SECTION 6

THE LEGAL DEPARTMENT HAS DIVERSITY METRICS WITH RESPECT TO ITS OWN COMPOSITION

NO YES

TOTAL 71% 29%

COMPANY SIZE

SMALL COMPANIES (<$1B) 84% 16%

MEDIUM COMPANIES 61% 39% ($1B-$10B)

LARGE COMPANIES (>$10B) 29% 71%

INDUSTRY

FINANCE AND BANKING 51% 49%

ARTS, ENTERTAINMENT, 55% 46% AND RECREATION AGRICULTURE, FORESTRY, 60% 40% FISHING AND HUNTING

TELECOMMUNICATIONS 60% 40%

INSURANCE 62% 38%

OTHER SERVICES (EXCEPT 63% 38% PUBLIC ADMINISTRATION) TRANSPORTATION 64% 36% AND WAREHOUSING ACCOMMODATION AND 67% 33% FOOD SERVICES

MINING 67% 33%

UTILITIES 67% 33%

OFFICE REGION

EMEA 62% 39%

LATIN AMERICA/CARIBBEAN 71% 29%

UNITED STATES 72% 28%

CANADA 73% 27%

ASIA-PACIFIC 74% 26%

24 | 2021 Law Department Management Benchmarking Report | Executive Summary DIVERSITY SECTION 6

DIVERSITY EVALUATED BASED ON THE FOLLOWING FACTORS

HIRES 94%

PROMOTIONS 55%

DEPARTURES 50%

LEVELS OR FUNCTIONS 49%

TRAINING 27%

MATTER STAFFING 22%

OTHER 2%

FORMAL STRATEGY TO IMPROVE DEPARTMENTAL DIVERSITY WITH TANGIBLE CONSEQUENCES YES NO 46.9% 53.1%

The following charts present the results on similar diversity-related questions but related to outside counsel. The results do not offer a markedly different pattern compared to internal diversity tracking but show that fewer legal departments track outside counsel diversity metrics than they do internally.

Overall, 18 percent of participants reported tracking diversity metrics with respect to the legal department’s outside counsel — compared to 29 percent that track diversity metrics internally. Company size follows a similar pattern, with one in ten small companies evaluating law firms on diversity, while 18 percent of departments in medium companies do so and 53 percent of large corporations. By industry, the highest percentage is recorded by accommodation and food services (42 percent), followed by around one third of companies in transportation and retail trade, and one quarter of companies in entertainment, finance, management of companies, and utilities. The percentage of companies tracking outside counsel diversity metrics by global region is highest in the United States — although just one in five do participants do so; followed by Asia-Pacific (16 percent), EMEA (14 percent), Canada (7 percent), and Latin America and the Caribbean, where no participants reported tracking outside counsel diversity metrics.

Departments that evaluate law firms reported tracking diversity within the teams that handle matters for the legal department (74 percent), and a majority also track diversity among all lawyers in the firm (62 percent) or among the firm’s partners (54 percent). Other items tracked are matter leaders or responsible partners (49 percent), promotions to partner (25 percent), leadership positions in the firm (22 percent), and incoming associate classes (14 percent). One quarter of the departments that track outside counsel diversity metrics also reported having a formal strategy with tangible consequences to improve the diversity benchmarks of the law firms they engage.

25 | 2021 Law Department Management Benchmarking Report | Executive Summary DIVERSITY SECTION 6

THE LEGAL DEPARTMENT HAS DIVERSITY METRICS WITH RESPECT TO ITS OUTSIDE COUNSEL

NO YES

TOTAL 82% 18%

COMPANY SIZE

SMALL COMPANIES (<$1B) 90% 10%

MEDIUM COMPANIES 82% 18% ($1B-$10B)

LARGE COMPANIES (>$10B) 47% 53%

INDUSTRY

ACCOMMODATION AND 58% 42% FOOD SERVICES TRANSPORTATION 68% 32% AND WAREHOUSING

RETAIL TRADE 70% 30%

ARTS, ENTERTAINMENT, 73% 27% AND RECREATION

FINANCIAL & BANKING 73% 27%

MANAGEMENT OF COMPANIES 75% 25% AND ENTERPRISES

UTILITIES 75% 25%

INSURANCE 76% 24%

AGRICULTURE, FORESTRY, 80% 20% FISHING AND HUNTING

INFORMATION TECHNOLOGY 82% 18%

OFFICE REGION

UNITED STATES 80% 20%

ASIA-PACIFIC 84% 16%

EMEA 87% 14%

CANADA 93% 7%

LATIN AMERICA/CARIBBEAN 100% 0%

26 | 2021 Law Department Management Benchmarking Report | Executive Summary DIVERSITY SECTION 6

DIVERSITY EVALUATED BASED ON THE FOLLOWING FACTORS

MATTER TEAMS WORKING FOR YOUR DEPARTMENT 74%

ALL LAWYERS IN A FIRM 62%

PARTNERS IN A FIRM 54%

MATTER LEADERS OR RESPONSIBLE PARTNERS 49%

PROMOTIONS TO PARTNER 25%

FIRM LEADERSHIP POSITIONS, SUCH AS KEY 22% COMMITTEES

INCOMING ASSOCIATE CLASSES 14%

OTHER 9%

FORMAL REQUIREMENTS TO IMPROVE DIVERSITY FOR OUTSIDE COUNSEL WITH TANGIBLE CONSEQUENCES YES NO 24.4% 75.6%

27 | 2021 Law Department Management Benchmarking Report | Executive Summary DEMOGRAPHICS

INDUSTRY

MANUFACTURING 23.8%

INFORMATION TECHNOLOGY 16.9%

PROFESSIONAL, SCIENTIFIC, 10.2% AND TECHNICAL SERVICES

FINANCIAL AND BANKING 9.1%

RETAIL TRADE 8.1%

PHARMACEUTICALS/MEDICAL DEVICES 7.1%

HEALTHCARE AND SOCIAL ASSISTANCE 6.9%

CONSTRUCTION 6.1%

ENERGY, OIL, AND GAS 6.1%

INSURANCE 5.9%

OTHER SERVICES (EXCEPT 4.9% PUBLIC ADMINISTRATION)

TRANSPORTATION AND WAREHOUSING 4.5%

WHOLESALE TRADE 4.5%

REAL ESTATE RENTAL AND LEASING 3.9%

EDUCATIONAL SERVICES 3.3%

AGRICULTURE, FORESTRY, 3.0% FISHING AND HUNTING

TELECOMMUNICATIONS 3.0%

ACCOMMODATION AND FOOD SERVICES 2.4%

UTILITIES 2.4%

ARTS, ENTERTAINMENT, AND RECREATION 2.2%

MANAGEMENT OF COMPANIES 1.6% AND ENTERPRISES

MINING 1.2%

ADMINISTRATIVE AND SUPPORT AND WASTE 0.6% MANAGEMENT AND REMEDIATION SERVICES

PUBLIC ADMINISTRATION 0.2%

28 | 2021 Law Department Management Benchmarking Report | Executive Summary DEMOGRAPHICS

ORGANIZATION PRIVATE 50.8% TYPE PUBLIC 34.8% NON-PROFIT 8.9%

WHOLLY-OWNED SUBSIDIARY 8.5%

GOVERNMENT 1.8% (FEDERAL, STATE, LOCAL)

OTHER 3.3%

LESS THAN $100M 22.6% $ COMPANY REVENUE $100M TO $499M 23.2% $500M TO $999M 11.9%

$1B TO $2.9B 18.3%

$3B TO $9.9B 11.1%

$10B OR MORE 12.9%

NUMBER 1 STAFF 11.6% OF LEGAL 2 TO 5 STAFF 35.5% DEPARTMENT 6 TO 9 STAFF 11.4% STAFF 10 TO 24 STAFF 17.8%

25 TO 99 STAFF 15.2%

100 OR MORE STAFF 8.5%

GLOBAL US 75.5% REGION EUROPE 8.4% AUSTRALIA/NEW ZEALAND 6.9%

CANADA 3.1%

SOUTH AMERICA 2.2%

MIDDLE EAST 1.2%

AFRICA 1.0%

ASIA 1.0%

CARIBBEAN/ 0.6% CENTRAL AMERICA

29 | 2021 Law Department Management Benchmarking Report | Executive Summary METHODOLOGY

SURVEY INSTRUMENT The survey questionnaire was offered through an online survey platform. Personalized survey links were sent by email to the target population, which allowed participants to save their responses and fill out the questionnaire in more than one sitting, if needed.

FIELDING PERIOD The survey opened on March 4, 2021 and closed on May 4, 2021. Reminder emails were sent weekly.

TARGET POPULATION We targeted one relevant representative—the individual we considered most capable of reporting on the information requested—in each legal department with at least one ACC member. Invitations to participate were sent each department’s highest ranking legal officer and/or a legal operations professional. If we had no members in either of these positions in a given legal department, we then targeted the highest-ranking individual. Apart from targeted email messages, opportunities to participate were also sent through LinkedIn campaigns as well as through ACC’s online network forums.

PARTICIPATION A total of 493 legal departments participated.

ANONYMITY The results are only provided at the aggregate level. No specific data point or response is tied to any individual or organization.

DATA ACCURACY Not all respondents answered all questions. The percentages provided are based on the number of valid responses received for each individual question. Many survey questions offered the opportunity to select multiple response options. In those cases, percentages may not total to 100 percent.

STATISTICAL TERMINOLOGY MEAN: The values of each observation are summed together and divided by the total number of observations. MEDIAN: This is the middle value of all observations ordered from low to high (also called the 50th percentile). PERCENTILE: This is a value that divides a population according to a distribution of observations. It allows us to know the percentage of observations that fall above or below a particular value. For example, if we find that the 25th percentile of the number of lawyers in a department is three, we then know that 25 percent of departments have up to three lawyers, while the other 75 percent of departments have three or more. N: This indicates the number of observations for a given metric or reported value.

30 | 2021 Law Department Management Benchmarking Report | Executive Summary PARTICIPATING ORGANIZATIONS

3BMG, LLC BearingPoint Constellium 777 Partners LLC BeiGene, Ltd. Contentstack LLC AAOS Bellroy Coril Holdings Ltd. AB Volvo Benedictine Corporate Travel Management Limited Able Services Ben-Tom Corporation CORS Academy Sports + Outdoors Berkeley Research Group, LLC Cox Enterprises, Inc. Access Now Bharti Enterprises CRAssociates, Inc. AccessLex Institute BIC Corporation CrossBar, Inc. ADM Bigfork Technologies, LLC CrowdStrike Advanced Solutions International, Inc. Biogen Crowley Maritime Corporation Adventist Health System/West Bio-Techne CryoLife Advisors Excel BioXcel Therapeutics, Inc. CUNA Mutual Group AdvoCare International BlackRock CWB Financial Group AE2S Blue Cross and Blue Shield of Kansas City CyberArk AEMO Ltd Bluebeam, Inc. CyberCX Aesculap, Inc BlueChip Financial Daekyo America, Inc. Agility Recovery Solutions, Inc Bolognesi Energia Daly Seven, Inc. AIA Australia Boston Scientific Daniel Swarovski AG Akoustis Technologies, Inc. BrandSafway Data#3 Limited Allegiance Bancshares, Inc. Brera SIM SpA DaVita Inc. Allianz Technology BRF Deloitte Alto Pharmacy Brico Depot Iberia King Fisher Delta Dental of Kentucky, Inc. American Council on Exercise Briggs & Stratton Dentsply Sirona Inc. American National Red Cross Bydex Management, LLC Dentsu International Ltd American Physical Therapy Association Capgemini DJO Global, Inc. AmeriTrust Group, Inc. CareMount Medical PC DocuSign, Inc. AMG National Trust Bank CarGurus Douglass Colony Group, Inc. AMP Limited Carmeuse Dow ANDEAN TELECOM PARTNERS - ATP Carver Bancorp, Inc. DSM Anthem Inc. Catalent, Inc. Duke Energy Corporation Appen Limited Cayman National Duke Realty Corporation ARA Group Limited CCASA D-Wave Systems Inc. Arbonne CDW DXC Arconic Corporation Cementos Pacasmayo S.A.A. easyJet Ariat International, Inc. Centerline Business Services EatStreet, Inc. Armstrong Group Central Insurance Companies eBay ASAE Ceridian HCM Holding Inc. eClinical Solutions LLC ASGN Incorporated CFA Institute ECTP Astec Industries, Inc. Chemence Educational Testing Service Asuragen, Inc. CHF Solutions, Inc. EFR Group Public Ltd Atkins North America Chr. Hansen elbit systems ATL Hawks, LLC Chubb Elders Limited Attentive Cigna Electro Rent Corporation Auria CIS Electronic Transaction Consultants, LLC Availity, L.L.C. City of Arvada City Attorney’s Office Elixinol Global Limited BAE Systems, Inc. Clarivate Elkem ASA Bally Schuhfabriken AG CNSI Encofrados J Alsina, S.A. Banner Engineering Corp. Coast Capital Savings Federal Credit Union Encompass Health - HHH Barry-Wehmiller Coastal Industries, Inc. Endeavour Group Battelle Memorial Institute Coles Group Ltd Engesul-Raysul Group Bazaarvoice, Inc. Comstock Holding Companies, Inc. Enstar Bazan Group (Oil Refineries Ltd) Confluence Technologies, Inc. EPAM Systems Inc. Beam Suntory Inc. Consolidated Edison Ernst & Young LLP

31 | 2021 Law Department Management Benchmarking Report | Executive Summary Esquire Deposition Solutions, Llc HEARST Lief Labs Estee Lauder Companies Heaven Hill Distilleries lifestyles Ethos Technologies Henniges Automotive Lifetime Products European Broadcasting Union Hill & Wilkinson General Contractors Lively Hearing Corporation Everis Peru HM.CLAUSE Lockheed Martin Corporation Evolve College HopeHealth, Inc. Logix Fiber Networks Extended Stay America, Inc. Hurco Companies, Inc. lululemon Extreme Networks, Inc. Hydro Extrusion North America Macy’s, Inc. Extreme Reach, Inc. Hydro-Québec Malouf Companies Exxon Mobil Corporation Hyundai UAM Management Sciences for Health EyePoint Pharmaceuticals iDepo Reporters Manulife Financial Corporation Fairbanks Morse IMMI MAPEI Ferguson Indiana Economic Development Corporation MassMutual FIS Indivior PLC Match Group, Inc. Fletcher Building Ingram Micro Inc. McDonald’s Corporation Flexitallic Investments, Inc. Integer Holdings Corporation McKenney’s, Inc. FlightSafety International Inc. Integral Ad Science, Inc. McLane Company, Inc. FloQast, Inc. Interface, Inc. Medline International Florida Crystals Corporation International Chamber of Commerce Meijer, Inc. Flowserve ISS Facility Services Melton Truck Lines, Inc. Framatome J.D. Power Mewbourne Oil Company Fraunhofer USA, Inc. Jack Henry & Associates MGP Ingredients, Inc. Freddie Mac Jacobs Holdings AG MHS Holdings FreedomPay, Inc. JAKKS Micron Technology, Inc. FTD, LLC Jama Software, Inc. Milliken & Company FTS International James G. Davis Construction Corporation Minera Chinalco Perú G|Fashion James Hardie Industries plc Mishimoto Galderma Laboratories LP Jasper Ridge Partners MNP LLP Garland Industries, Inc. JC Hospitality Morgan White Group GE Appliances, a Haier Company JCDecaux Australia & New Zealand Movado Group General Dynamics European Land Systems JDE Peet’s MTD Products Inc Genpact Limited JobsOhio Muntajat GEON Performance Solutions John Deere Murcor Real Estate Gibraltar Industries, Inc. John Muir Health mycar Tyre & Auto Glass House Group Jomar Electrical Contractors MyoKardia, Inc. Global Partnerships Jones Lang LaSalle (JLL) Nabholz Construction GLOBALFOUNDRIES JPI Nakheel PJSC GOG Foundation, Inc. JRM Construction Management, LLC National Australia Bank Goodman Manufacturing Kaivac, Inc. Nationwide GOWell International LLC Kalsec Neurelis, Inc. GP Strategies Corporation Kent Corporation Next Insurance Grane Khoros LLC Nexthink Greater Los Angeles Zoo Association Kimball Electronics, Inc. NIO Greenway Health Kimberly Clark Corporation Northern Illinois University Greystar Management Services Kinetic Pressure Control Limited Northern Tool + Equipment Grupo IGS Knowles Corporation NorthStar Anesthesia Guidance Residential, LLC Kootenai Health Nova Transportadora do Sudeste SA - NTS Gulf States Toyota, Inc. Kudelski SA Nsight Hagerty Law School Admission Council Nurse-Family Partnership Harford Mutual Insurance Group Leidos Nutrien Ltd. Harkins Builders, Inc. LendingClub NXP Havaianas Levi Strauss & Co. Oakland Community Health Network Hearing Lab Technology, LLC LHP Inc Ohio Farm Bureau Federation

32 | 2021 Law Department Management Benchmarking Report | Executive Summary Olympus Corporation of the Americas Saltchuk Marine Trinity Health Omron Management Center Samsung Tronox Holdings Ontario Institute for Cancer Research San Joquin Valley College, Inc.-Ember Trust Re Ontic Technologies, Inc. Education Tuff Shed, Inc. Opteon SantoLubes Manufacturing LLC TULA Skincare Optima Tax Relief SAP (UK) Ltd. U.S. Bank Ordermark Saratech U.S. Vision Orora Limited Sasser Family Holdings, Inc. UBS Group AG Outsystems Schlumberger Ulta Beauty, Inc. PACCAR Inc. Screencastify Ulteig Engineers, Inc. Pacific Market International, LLC SCRMC UniGroup Panera Bread Securitas Union Paving & Construction Co., Inc. Payactiv Inc. Securonix, Inc. United Fiber & Data, LLC PCOM Seeing Machines Ltd United Natural Foods, Inc. PCS Law Seminole Electric UP Entertainment Pedernales Electric Cooperative Shamrock Foods Company USI Insurance Services LLC Pennsylvania Association of Realtors Siemens Government Technologies, Inc. Valeo Perry Homes Sierra Wireless Valeyo Pharmacosmos Therapeutics Silva International Investments VEIC Pharmscience Inc Silver Chain Venerable Philip Morris International Sligro Food Group Vicinity Centres Philips smartsheet Virbac Corp. Piraeus Bank Sonova VisiQuate, Inc. PLANET LABS INC SOPREMA, Inc. Visit Orlando Plexus Worldwide, LLC Splitit Ltd. Vista Outdoor Poly Splunk Visteon Corporation Positec Tool Corp Sprintray Inc. VMware, Inc. PowerPlan, Inc. SSR Mining Volvo Group Australia Prosci, Inc. Ste. Michelle Wine Estates Ltd. Washington REIT Prysmian Group Superior Group of Companies, Inc. Weekley Homes PSCU Sutro Biopharma, Inc. WeFi Technology Holdings LLC PSP Investments Synaptics Incorporated WEG Electric Corp. PTC Therapeutics, Inc. Tactual Labs Co. Western Alliance Bank Puig, S.L. TAIT Western Governors University Pure Storage, Inc. Target Corporation Westpac Purple Innovation, LLC TasNetworks Wheels Up Pylones TE Connectivity wish Quantum Participações Tech Data WOBBEN WINDPOWER/ENERCON Quora Inc. TELUS International Wolters Kluwer QVC Teradyne, Inc. Woolworths Group Limited Rakuten Rewards The Cleveland Foundation World Acceptance Corp Red Canary, Inc. The Hanover Insurance Group, Inc. Wynden Stark dba GQR Global Markets Regency Centers Corporation The Knot Worldwide Inc. Xero Ltd Renewable Energy Group, Inc. The Middlesex Corporation Xona Microfluidics, Inc. Risen Energy Australia The New York Blower Company YKK AP America Inc. Riverence Holdings LLC The New York Times Company Yokogawa Europe B.V. Roche Diagnostics Corporation The Siegfried Group, LLP Zendesk Inc Rollick Outdoor, Inc. The Suddath Companies Zenith American Solutions RTW Retailwinds, Inc. Thomas Jefferson University Zillow Safety National TK Elevator ZS Associates, Inc. Sagent Pharmaceuticals Transdev North America, Inc. Anonymous (20) Sagicor Life Insurance Company Trelleborg Wheel Systems SAHA TriCo Bancshares

33 | 2021 Law Department Management Benchmarking Report | Executive Summary CUSTOM BENCHMARKING

NEED A MORE TAILORED REPORT? We understand that for a true benchmarking exercise you will need the survey data only among a clearly defined apples-to- apples peer group. You define the population to compare against and we provide a tailored report to fit your requirements. Benchmarking reports can be customized to your organization’s peer group based on:

COMPANY REVENUE TOTAL COMPANY GEOGRAPHIC LOCATION (total gross annual in $US) EMPLOYEES (country or global region)

INDUSTRY SECTOR COMPANY TYPE (using Standard Industry DATA WEIGHTING (public, private, wholly-owned Classification (SIC) codes) subsidiary, non-profit)

TAKE A LOOK INSIDE!

Legal Department Spending Metrics — Medical Technology & Life Sciences Peer Company Profile

25th 75th Company revenue US $500 million to US $3 billion n Percentile Mean Median Percentile Organizations in “Medical Technology and Life Sciences”: Total inside spend • SIC Code 35: Industrial Machinery and Equipment Includes lawyer and non-lawyer compensation 29 $500,000 $17,352,024 $1,290,000 $21,000,000 Industry • SIC Code 36: Electronic and Other Electronic Equipment and other inside spend not categorized • SIC Code 38: Instruments and Related Products Total outside spend Includes spend on outside counsel and Company type Private companies and subsidiaries 29 $413,000 $18,018,658 $2,795,400 $10,000,000 ALSPs and other remaining outside spend not categorized Number of lawyers 12 to 18 Total legal spend 29 $900,000 $35,370,682 $6,318,313 $25,949,509 Total inside spend + total outside spend Number of staff Not selected

Lawyer compensation Total legal spend $6M to $10M Combined compensation among all 23 $274,000 $8,786,876 $550,000 $4,950,000 department lawyers—includes salary, cash Region Organizations headquartered in Asia, North America, or Latin America bonus, taxes, and benefits

Non-lawyer compensation Data weighted by percentage of revenue in each industry sector: Combined compensation among all • SIC Code 35: 20% 21 $75,000 $6,492,421 $296,000 $7,515,341 Data weighting non-lawyer legal staff—includes salary, • SIC Code 36: 30% cash bonus, taxes, and benefits • SIC Code 38: 50%

HAVE QUESTIONS? WE’RE HERE TO HELP.

To request a custom benchmarking report or to speak with a member of ACC’s research team, please call +1 202.293.4103 or email [email protected].

For more information on ACC’s benchmarking offerings visit acc.com/benchmarking. ABOUT ACC

The Association of Corporate Counsel (ACC) is a global legal association that promotes the common professional and business interests of in-house counsel who work for corporations, associations and other organizations through information, education, networking opportunities, and advocacy initiatives. With more than 45,000 members employed by over 10,000 organization in 85 countries, ACC connects its members to the people and resources necessary for both personal and professional growth.

To learn more about ACC’s Research & Insights please contact ACC Research at +1.202.293.4103 or visit acc.com/surveys. To learn more about ACC’s benchmarking offerings visit acc.com/benchmarking.

ABOUT MAJOR, LINDSEY & AFRICA

Major, Lindsey & Africa is the world’s largest leading legal search firm. The firm, founded in 1982, offers a range of specialized legal recruiting and Transform Advisory Services to meet the ever-changing needs of law firms and legal departments and to support the career aspirations of talented lawyers and legal and compliance professionals. With more than 25 offices and 200-plus search consultants around the world, Major, Lindsey & Africa uses its market knowledge and experience to partner with organizations to fulfill their legal talent needs and provide solutions to increase team efficiency and effectiveness. Major, Lindsey & Africa is an Allegis Group company, the global leader in talent solutions. To learn more about Major, Lindsey & Africa, visit www.mlaglobal.com.

This report and the information contained herein are copyrighted by the Association of Corporate Counsel (ACC). All additional requests for use must comply with ACC’s copyright policy located at acc.com/about/privacy-policies/copyright.

ESTABLISHING COMPREHENSIVE DATA MANAGEMENT AND PROCESS ORCHESTRATION PRACTICES TO ACHIEVE LEGAL GOVERNANCE, RISK AND COMPLIANCE OBJECTIVES

Ensuring Quality of Minimizing pg. 4 pg. 12 Your Data & Related Litigation Risk Management Processes Managing Risk Through Using Technology to pg. 8 pg. 16 Data Retention & Respond to Legal GRC Minimization Challenges SUMMARY SUMMARY To Stave Off the Explosion Understanding Your Risk ❑ Have you defined your priorities and exposures ❑ How do you perform privacy impact assessments of Data and Regulations, around your data strategy including enforcement, prior to business and technology change? litigation, and reputation? ❑ How is data risk presented to the Board? a New Strategy is Needed ❑ How do you coordinate minimizing data risk ❑ How do you manage risk in planned and across geographic markets? Today’s Legal department is a more complex animal than The bottom line is that organizations need unplanned events? it once was. Although legal matters, actions, and contracts to adopt a new paradigm of an integrated ❑ How do you coordinate data risk minimization ❑ Mergers & Acquisitions are still a part of the job, Legal is playing an increasing role approach to Legal GRC. Businesses, efforts across Privacy, Security, Legal, in assisting with complex privacy and compliance matters, enterprises, governments, and other Compliance, Risk, Operations, R&D? ❑ Data Breach helping to manage incidents and the breach notification entities must clearly define and develop process, working more closely with IT to uncover data for litigation, and the breadth and depth of their Legal working with Security to help ensure that proper controls are in place to GRC management strategy and process minimize the risk of data exposure. requirements—ensuring flexibility and 1. DEVELOP AND MAINTAIN A PRIVACY AND agility—to meet the wide range of legal and 7 Steps to DATA RISK FRAMEWORK, INCLUDING A Legal risk and exposure often goes beyond the Legal department itself, regulatory needs for today and tomorrow. COMPREHENSIVE DATA INVENTORY/MAP, intersecting with other departments that share related obligations, Mitigating FOR YOUR ORGANIZATION processes, goals, and sometimes technology. Business activities that As more organizations are forced to focus Data Risks 2. UNDERSTAND YOUR CURRENT LEVELS create legal risks without involving the Legal department isn’t really their efforts to holistic, enterprise-wide OF DATA COMPLIANCE MATURITY AND acceptable in today’s regulatory environment. solutions for answering these growing KEY EXPOSURES

data-based challenges, General Counsel 3. DEFINE AND UPDATE YOUR CORPORATE RISK “What complicates [business processes] is the exponential effect of (GC) and Chief Legal Officers (CLO) are FRAMEWORK BASED ON THE EVOLUTION legal governance on the organization,” says Michael Rasmussen, GRC finding themselves in a position well-suited OF YOUR DATA STRATEGY AND RELATED consultant and analyst. “Business operates in a world of chaos. A small COMMERCIAL AND OPERATIONAL OBJECTS, to quarterback these unique obstacles. INCLUDING UPDATING OR ESTABLISHING event cascades, develops, and influences what ends up being a significant A DATA RETENTION PROCESS issue. Silos of data, systems, processes, activities, and transactions can In this GC Handbook, we’ll explore the leave the organization with fragments of truth that fail to see the big core tenets of a Legal Governance, 4. DEVELOP AND MAINTAIN A PRIORITIZED PLAN FOR ONGOING COMPLIANCE picture of legal risk exposure.” Risk and Compliance (LGRC) program, IMPROVEMENT AND MONITORING BASED and how legal leaders across a variety ON KEY RISK AND EXPOSURES ACROSS Legal Governance, Risk and Compliance as it is conducted in today’s of industries are implementing this new, DEPARTMENTAL SILOS businesses is pervasive, complex, and interconnected. For example, the innovative strategy in 2021 as a way to average corporation now uses 70 cloud-based collaboration tools; for 5. ESTABLISH RISK OWNER AND THE ROLE mitigate risk and ensure a comprehensive, OF THE BUSINESS IN ADDRESSING KEY large multinational enterprises, that number averages out to more than enterprise-wide compliance strategy. OPERATIONAL RISKS RATHER THAN RELY 1,000—an absurd number that helps illustrate both the massive explosion ON PAPER COMPLIANCE As we work through this guide, consider in organizational data and the interconnected nature of the risks that the questions and steps referenced on 6. BRIEF SENIOR MANAGEMENT ON PRIVACY data represents. It’s time for businesses to focus on minimizing and better p. 3 along the way. AND DATA RISK ON A REGULAR BASIS AND managing the amount of data they store, and that push starts with Legal. INCORPORATE PRIVACY RISK INTO THEIR CORPORATE RISK REPORTING INCLUDING “The lack of a coordinated strategy for Legal GRC management PRIVACY KPIS/KRIS

fails to deliver insight and context, rendering it nearly 7. ENGAGE SUPPORT EARLY AROUND PROJECTS Michael Rasmussen, impossible to make a connection between legal risk AND INITIATIVES WHICH MAY POSE GRC CONSULTANT AND ANALYST management and decision-making, business strategy, SIGNIFICANT EXPOSURE E.G. USE OF AI, BIG DATA ANALYTICS, COMMERCIALIZATION OF objectives, and performance,” says Rasmussen. CHILDREN’S DATA

The General Counsel’s Guide to Legal GRC: 2021 2 © 2021 Exterro, Inc. // exterro.com // 503.501.5100 The General Counsel’s Guide to Legal GRC: 2021 3 © 2021 Exterro, Inc. // exterro.com // 503.501.5100 CHAPTER 1: CHAPTER 1:

“What comes to mind most immediately is that there will only Ensuring the Quality of be more privacy legislation, privacy regulations, not less,” says Teufel. “We are living in a global information economy Hugo Teufel, CHIEF PRIVACY OFFICER, and because of the changes and ongoing legislation you really Your Data & its Related CENTURYLINK have to have a global compliance program that takes into Management Processes account jurisdiction-specific issues.”

In this section, we’ll cover why understanding your organizational data—and ensuring its quality—is the As Teufel notes, one of the key reasons a comprehensive provisions of California’s privacy laws kick in at the start of centerpiece of your Legal GRC strategy. As data integrity increases in importance in the coming years, data management strategy is needed for many businesses 2023 (similar employee provisions are already active under so will ensuring that your data inventory or data map is comprehensive. Enterprise-wide legal and regulatory today is that data privacy regulations granting new rights the GDPR). For in-house teams fulfilling these requests, to consumers and employees are proliferating—and they it’s essentially an e-discovery situation in which an compliance begins with high-quality data. come with stringent rules surrounding how their personal enterprise’s worth of information must be scoured to information is managed. find all of an individual’s stored information, and then remediated as requested. For example, laws like the U.S.’s California Consumer The Organizational Need Privacy Act (CCPA) and the EU’s General Data Protection The amount of data related to employees far exceeds Regulation (GDPR) allow consumers and employees to that of consumers, and organizations will need to have for a Comprehensive Data request to know what information businesses are storing— effective strategies and technology in place to respond and request to have that information deleted or otherwise within tight timelines. And it may be particularly jarring for Management Strategy remediated. The regulations require a defensible retention B2B companies that have so far avoided any regulatory At its core, a Legal GRC strategy is a robust and orchestrated process to successfully comply; while the GDPR’s rules obligations regarding consumers under major privacy data management program, ensuring that only business- regarding retention of personal information beyond its laws, because they will now have to provide an answer for relevant information is stored, and that legal and regulatory stated business purpose have been around for a couple employees who make the same requests. requests requiring organizations to identify and take action of years now, California voters recently codified similar with enterprise data can be completed quickly and in a retention rules into law with the passage of the California defensible manner. And the cornerstone of a robust data Privacy Rights Act (CPRA). For both of these reasons, management program is the data map, which must offer among others, it becomes necessary for businesses to transparency and insight into where the data lives, who owns fully understand their organizational data in order to it, who has access to it, which regulations govern it, and how fulfill consumer and employee requests for data, as well much you really have. Without knowing this information, it will as ensure that they aren’t storing personal data for longer be exceedingly difficult to answer legal and regulatory requests than the regulations state. for data, which makes regulatory compliance impossible. Teufel’s observation could therefore apply to companies Understanding enterprise data at a granular level is critical to that are already familiar with the EU’s consumer rights compliance with many laws and regulations, as well as criminal provisions of the General Data Protection Regulation and civil investigations. It’s also an important aspect of being able to confirm the integrity of your data—ensuring that it (GDPR). Businesses that have already determined a capable has the same structure across organizational uses, and remains the same throughout business processes. process for responding to consumer and employee DSARs in one jurisdiction will be at an advantage when the The 2021 ACC-Exterro CLO Report, which surveyed more than 900 GCs and CLOs across a number of industries and employee DSAR—which are more complex than consumer— businesses, found that nearly 6-in-10 Legal departments have a comprehensive data management strategy in place; for the other 4-in-10, now is the time to establish this strategy, according to those who are seeing the effects of these new regulations on their organizations.Hugo Teufel, the Chief Privacy Officer for CenturyLink, says that organizations should take the time to get their data houses in order now, before the web of rules becomes too difficult to track in relation to organizational data.

The General Counsel’s Guide to Legal GRC: 2021 4 © 2021 Exterro, Inc. // exterro.com // 503.501.5100 The General Counsel’s Guide to Legal GRC: 2021 5 © 2021 Exterro, Inc. // exterro.com // 503.501.5100 CHAPTER 1: CHAPTER 1:

“You’ve got to show that Legal’s Role in you are in compliance, How to Build a Data Inventory and demonstrating that To build a full, comprehensive inventory of organizational data is no easy task—it requires time, effort, investigation, and Data Inventory/Mapping compliance,” says Teufel. usually the help of a team experienced in understanding how to locate information across vast data plains. But the value While Legal departments may not be intimately involved in the physical of a data inventory/map also stretches well beyond privacy compliance; e-discovery processes, breach responses, data collection of data for litigation or other requests, it is important that Legal The 2021 CLO Report from retention and minimization efforts should all see increased efficiency, for example, because those processes are no longer identify data for collection and quarterback the process to ensure that the Exterro and the Association of bogged down by useless data. correct data is found. To do this properly, Legal must have transparency Corporate Counsel found that and visibility into their data, understand which regulations govern it, and In situations where an organization is pursuing a full-scale, enterprise-wide data inventory for the first time, choosing four departments most-often also understand whether the data is under another legal or regulatory the right partner is crucial, as it is often the difference between projects lasting 30 days or six to 12 months. The right reported to the GC/CLO: obligation, such as a legal hold. partner will help businesses properly scope the project to ensure that organizational expectations are met and that all stakeholders are happy. Rachel Glasser, Chief Privacy Officer for ad agency Wunderman % COMPLIANCE Thompson, says that an up-to-date and maintained data inventory is 74 After the enterprise data map is completed, it’s time to take steps to ensure that data retention obligations are followed, the best way to ensure that departments involved in legal and privacy 74+26X and that there’s a business or regulatory reason behind all stored data. processes are well-equipped to do their jobs.

“I think regardless of what the data protection law may 45% PRIVACY Steps to Creating and Maintaining Your Data Inventory: be, one of the things that I’ve found is that you constantly have to go back and look at what you have in your data 45+55X The “Time-Suck” 1 inventory,” says Glasser. There are ways to significantly ease the data mapping burden. % ETHICS It starts by defining a process for gathering information. “You have to look at and know what data you actually have, and what you 42 have to process still in order to work towards a compliance regime. 42+58X And when you’re doing that, it’s incredibly important to understand what the details are. If you don’t store personal information about consumers, Updating the Data Inventory % RISK then maybe you don’t have to worry about data subject access 2 40 Think of a data map as a product, not a project. requests (DSARs) right away. That to me is probably the most basic Like a product, it should be constantly evaluated, updated and assessed for quality. Failing to take this place to start, is to understand what data you do have coming into your 40+60X approach usually results in a data map becoming outdated before it provides any real value to the company. organization, what data is going out of your organization and who may or may not have access to it.” An Incomplete Data Inventory Regardless, because the GC/CLO must understand the legal requirements 3 surrounding organizational data and risks of non-compliance, the Legal A common mistake organizations make with data maps is that they omit important information and therefore render the data map far less useful than it should be. Before any data mapping initiative gets department is uniquely positioned to play a key role in coordinating, off the ground, project organizers should assemble all the key stakeholders and gather feedback on what establishing, and maintaining a data map. But it should not be on information needs to be included. Legal’s shoulders alone to spearhead this initiative. DOWNLOAD REPORT HERE Glasser says that in her organization, Privacy and Legal work together 4 Accounting for ALL Data Sources to ensure regulatory functions related to data privacy laws like the For a data map to be effective, it has to be comprehensive. In today’s digital world, that means it must account for things like mobile devices and cloud-based applications, including social media, since ESI from these GDPR are completed to maintain compliance. Teufel says that technology Rachel Glasser, sources is increasingly being sought in litigation. It is critical to identify how and by whom these sources are is the greatest tool for ensuring that organizations follow the CHIEF PRIVACY OFFICER, used and any relevant ESI that may exist on them (customer service records, marketing materials, etc.). regulatory guidelines. WUNDERMAN THOMPSONON

The General Counsel’s Guide to Legal GRC: 2021 6 © 2021 Exterro, Inc. // exterro.com // 503.501.5100 The General Counsel’s Guide to Legal GRC: 2021 7 © 2021 Exterro, Inc. // exterro.com // 503.501.5100 CHAPTER 2: CHAPTER 2: Managing Risk Through Data Data Retention & Privacy Regulations The CPRA closes the biggest gap between the CCPA and GDPR: data retention Retention & Minimization obligations. Now, over-retention of personal information will be viewed as negligent— especially if that information is compromised in a breach or another incident in the Natalie Salunke, In this chapter, we’ll discuss why minimizing the amount of information an organization stores helps ensure GENERAL COUNSEL US the way it is in the EU. Natalie Salunke, general counsel and head of legal for UK + HEAD OF LEGAL, organizational data integrity and mitigate risk. We’ll take a look at why over-retaining data is a liability in firm RVU, says that the GDPR is a good baseline for global companies to strive toward RVU our current and future regulatory environment, and cover the importance of data minimization to help concerning retention standards, since other countries have so far shown a tendency to model their own privacy laws off the EU’s flagship privacy law. defend against (1) cyber breaches, (2) DSARs, and (3) third-party vendors—all of which represent potential risk for organizations. GDPR Article 5(e) states that data should only be retained for as long as necessary to achieve the business purposes for which the data was collected and utilized. Over-Retention of According to the Businesses or other organizations collecting data must Data is a Liability 2021 ACC-Exterro CLO Report, business risk encompasses the receive consent by the individual to use their information For many organizations, data collection and storage is part of doing largest share of management in the manner specified; should an organization seek to business; storage is cheap, you never know when you might need resources in most organizations. utilize consumer information in other ways, they must something, and maybe that’s just the way it’s always been done. Nearly two-thirds of respondents obtain new, explicit consent for that use. Violations of But with the regulatory landscape shifting to place more scrutiny on data say the organization’s ability to these fines can reach 20 million euros, or up to 4% of a management practices, “keeping everything” is simply no longer a practical generate sufficient revenue to way to govern business information. cover its operational expenses is company’s annual revenue. their #1 concern, with Financial There are three main reasons why an organization should want to Risk (21.5%) and Legal Risk minimize their data: (14.5%) coming in at #2 and #3. “I think what we’re seeing with the advent of the GDPR and a lot of similar type laws come into › Growing Regulation: Data privacy laws require that retention standards effect is that really the expectation on companies is to take retention seriously,” says Salunke. for sensitive personal information be enforced #1 CONCERN: % OPERATIONAL “The good news is that, [since] the GDPR came into effect, if you’re › Growing Data Risks: Data breaches are occurring more frequently, 66 EXPENSES and the associated fines create steep incentives to destroy data once it working for a global business you’ve probably already got a good idea completes its lifecycle 66+34X of what your baseline responses look like. Where it might have been #2 CONCERN: a little bit of a scramble before, ultimately you have to administer › Growing Litigation Requirements: Litigation-led requests for % FINANCIAL RISK something that fits a lot of these different regimes, and they all have information can lead to e-discovery nightmares due to collecting and 21 slight nuances. So having that baseline is a real key for success in reviewing vast amounts of information (which we’ll discuss in Chapter 3) 21+79X administering a global compliance regime.” Reducing the amount of data an organization stores creates efficiencies #3 CONCERN: As far as knowing what data falls under which retention standards, for other downstream activities because, ideally, what is kept is all % LEGAL RISK 14 Salunke recommends the data map/inventory (or some similar business-relevant, high-quality data that can be used to achieve legal technology) contain that information, so that it’s widely available to and compliance objectives. In this chapter, we’ll cover why it’s important 14+86X decision makers across organizational silos. to enforce data retention rules to appropriately manage risk, and how DOWNLOAD REPORT HERE better retention standards translates to less risk regarding data breaches, “I think the data map is a really good exercise,” says Salunke. “In terms consumer and employee data requests, and third-party partners of compliance to different laws, you can see what’s similar, what’s and vendors. different, and what specific nuances there are.”

The General Counsel’s Guide to Legal GRC: 2021 8 © 2021 Exterro, Inc. // exterro.com // 503.501.5100 The General Counsel’s Guide to Legal GRC: 2021 9 © 2021 Exterro, Inc. // exterro.com // 503.501.5100 CHAPTER 2: CHAPTER 2:

Data You Don’t Have Retention Enforcement “I think the biggest takeaway is that this is a lot more difficult than just sending a request via Can’t Be Breached Helps with Consumer and email to find the data and then capping it all together,” says Thompson. Another benefit of a comprehensive data minimization process is that Employee Data Requests In the U.S., the CCPA placed a reducing the amount of information an organization is maintaining is “This is a very regimented process, no matter which law monetary value on breached Any legal or IT professional who has performed e-discovery critical to defensibility when a breach occurs. For most businesses, data is you’re under (CCPA or GDPR), and there are a lot of personal data: $750 per collections across an enterprise knows what a daunting everywhere—and as much as 80% of it may be “dark” or “rogue” data requirements for each step.” task it can be to search through petabytes of information. that represents unknowable risk because there’s no visibility into it. individual. Often, breaches And there are a lot of steps in the process that should What happens to information after its purpose has been fulfilled could be involve many thousands of Critically, it’s important to ensure that the data that is be orchestrated by Legal to help ensure that all of the anyone’s guess; if that information happens to contain sensitive personal records, which raises the cost being remediated is not under another regulatory or information that is being requested is not actively governed data and it’s breached, there’s no telling exactly how bad the damage is of a breach fine exponentially. legal obligation (like a legal hold) prior to performing by another regulation or a potential litigation hold. until it’s investigated internally and reported to regulators. Breaches aren’t always any curative action. Deletion of data that is needed for malicious, either—they’re Regardless, given the tight timelines (45-day fulfillment litigation, for example, might result in spoliation sanctions Timiko Cranwell, director of legal and corporate affairs for Budweiser often inadvertent, and could requirements for CCPA) and various moving parts involved or other fines—which is why Legal must be involved in UK&I, says that her team prepared for the launch of the GDPR by running be as simple as accidentally in fulfilling DSARs, finding all of the data related to a coordinating and assisting with this process. exercises searching for random employee information throughout the distributing a spreadsheet with request takes far less time if retention rules are adhered to organization. sensitive information outside across the enterprise. of the organization. With the “We found that an individual would commonly have Tyler Thompson, an associate for Bryan Cave Leighton Tyler Thompson, CPRA codifying negligence for personal data sitting on servers around the world, and then Paisner, says that the process is often far more involved ASSOCIATE ATTORNEY, over-retention of personal data, BRYAN CAVE LEIGHTON PAISNER to actually retrieve that and look at all the different apps it than anyone realizes, so creating efficiencies through data businesses now have all of the was on was a huge task,” says Cranwell. minimization can be paramount to hitting tight deadlines. incentive they need to establish “The complexity of information systems in corporations today makes and enforce wide-scale data retention programs. accommodating new rights granted by data privacy laws very challenging. security systems than through their own; the Ponemon Once upon a time, you used to have an email inbox, Microsoft Office, and Third Parties Must Institute found that vendors are the number one cause of some accounting software. Now we’ve got a proliferation of SharePoint, Follow Retention data breaches for many companies. Therefore, as part of Google Workspace, WhatsApp groups, and dozens of various apps that do vendor due diligence and enforcing retention standards all kinds of things—all of which contain personal data.” Standards as Well across the entire data lifecycle, it’s critical to document who has access to what data and follow up to make sure Cranwell says that minimizing the data stored within her organization Data often moves outside of organizations—and third that they’re following your retention standards. Having lowered costs, increased compliance, and cleared the path for more parties don’t always follow your standards. The CPRA identified and documented risks with your vendors, and efficient activities elsewhere. established new rules regarding data retention and how they’re working to resolve or mitigate those risks, will the amount of time an organization is allowed to store “Deleting data in a managed way has many benefits,” says Cranwell. help show that you’re doing your diligence in enforcing personal data, and third parties are obligated to follow “It can save time and money as well as mitigate the cost and issues you retention standards all the way through the data lifecycle those requirements if they work with a business that is might have regarding non-compliance with GDPR or other data protection should an incident occur. regulated by the law. Vendors and third parties that are legislation around the world.” already complying with the GDPR might recognize similar After establishing suitable retention standards based requirements between the laws, although there are on the data and regulation(s) that govern it, consistently Timiko Cranwell, differences in how “third parties” are classified. applying and enforcing those retention rules will help DIRECTOR OF LEGAL AND organizations ensure that the data they’re holding is purely CORPORATE AFFAIRS, There is also evidence that businesses are more likely business-relevant. BUDWEISER UK&I to see their data compromised through lax third-party

The General Counsel’s Guide to Legal GRC: 2021 10 © 2021 Exterro, Inc. // exterro.com // 503.501.5100 The General Counsel’s Guide to Legal GRC: 2021 11 © 2021 Exterro, Inc. // exterro.com // 503.501.5100 CHAPTER 3: CHAPTER 3:

That fear of risk exposure comes across in a number of ways, as four of the top five concerns for GCs and CLOs going into Minimizing Litigation Risk 2021 have to do with potential litigation related to data risks. Those concerns are as follows: In this chapter, we’ll bring together the importance of a comprehensive data management strategy # # # # # and enforcing data retention standards to help ensure the quality of organizational data during 1 2 3 4 5 litigation and internal investigations. Cybersecurity Regulation/ Data Privacy Intellectual Ongoing/Anticipated Compliance Property Litigation

Legal is in prime position to keep any investigation moving Better Data Management The Importance of because, ideally, the department is involved in collection, & Retention Enforcement Quality Data for Internal analysis, and preservation of data—and they must facilitate and help maintain the chain of custody, as well as provide Increases Defensibility Investigations and input regarding legal obligations. There are five major responsibilities for Legal to consider, based on a collection Establishing a comprehensive data management strategy— Litigation of best practices learned from managing cyber incidents of with organizational retention standards enforced—means The integrity of your data—how trustworthy and reliable all sizes and types. that stakeholders understand their enterprise data and that it is throughout its lifecycle—can have major impacts on it’s focused on business value, and there are no hidden or 1. Break down silos. Involving IT, Compliance, and Security litigation and internal investigations. Accurate, validated unexpected surprises that might be uncovered during litigation. early and often to ensure cross-divisional collaboration data is essential to understanding the facts of any manner, can help Legal get a handle on the situation as quickly James Sherer, chair of information governance and artificial and the ability to track any potential movements and as possible. intelligence teams for Baker & Hostetler, says that minimizing alterations of data is particularly critical for internal the amount of data an enterprise holds is one of the most investigations. Forensic documentation that the data is 2. Know your team. The in-house legal professionals at your organization and the outside counsel your hire will critical steps in preventing litigation risk from exploding. accurate and authentic is also paramount in a court of law. have different skillsets and expertise. Understanding “The less information you’re maintaining, the better or more Over time, the state of data can become compromised who’s great at what will help distribute resources focused you are an as organization in terms of what (data) you through a number of possible actions, some of which may effectively, and ensure that Legal gets the most out of need to run your business,” says Sherer. “You aren’t maintaining or may not be malicious, including: every contributor. data that isn’t important, and that’s less you’ll have to deal › Human error either in how the data is handled or 3. Provide ongoing counsel. Keep an eye on the moving with on the back end for litigation purposes and what you’re transferred pieces of the investigation and be prepared to chime in potentially liable for.” with guidance to help direct each step in the process. › Security errors or misconfigurations Sherer says that when it comes to litigation, keeping too much data creates two main issues: 4. Coordinate and manage the process. Based on the first › Compromised hardware, malware, or cyberattacks three steps, Legal is best positioned to help quarterback › The information gets old and doesn’t offer value—but is still discoverable and coordinate the entire process, and act as the central › Insider activity leading to purposeful manipulation › The volumes of information housed by most organizations create massive openings for potential litigation, and is costly point of contact during the investigation. and time-consuming to collect and review The ability for Legal, HR, or other departments involved 5. Protect privilege. Ultimately, it falls on Legal to ensure in an investigation to easily access and retrieve data is not “The information ages, and it’s just not really a good applicable use anymore,” says Sherer. that the appropriate steps are taken throughout the only critical to the fact-finding process, it helps to validate investigation to ensure privilege is protected. Privilege “And of course the more information you hold, the more you’re the integrity of the data and trace touchpoints James Sherer, can mean the difference between embarrassing and activities. going to have to sift through to deal with the spectrum of CHAIR OF INFO. GOVERNANCE information reaching the light of day and having greater e-discovery within this hypothetical litigation. The potential AND AI TEAMS, input to address the situation on your own terms.

exposure and the costs associated with the volumes of BAKER & HOSTETLER information are difficult to handle.”

The General Counsel’s Guide to Legal GRC: 2021 12 © 2021 Exterro, Inc. // exterro.com // 503.501.5100 The General Counsel’s Guide to Legal GRC: 2021 13 © 2021 Exterro, Inc. // exterro.com // 503.501.5100 CHAPTER 3: CHAPTER 3:

In some ways, these lawsuits are somewhat below the types of sensitive personal information are pulled Integrating Digital radar if you’re not normally involved in the privacy space, into the same lawsuit. says Thompson, but in tracking CCPA litigation claims, he Forensics into Internal “You’re also seeing plaintiff’s attorneys tying CCPA sees the numbers going up. Robert Grosvenor, managing violations to other laws, like pulling in [health information Investigation Processes director at Alvarez & Marsal, also sees other joint actions privacy law] HIPAA or BIPA, the Illinois biometric outside of direct class-action suits. During investigations, the forensics process can help information law—where there are legitimate CCPA and authenticate and analyze what happened with data “We are seeing representative joint actions HIPAA violations in the same suit,” says Thompson. during a specific incident: whether it was moved, altered, where a lot of the civil rights, consumer “You can get an idea of how we think this is going to go damaged, or deleted. This process involves preserving data rights and privacy organizations are by tracking the litigation. And if you’re familiar with the from a wide variety of sources and a technical analysis of bringing claims,” says Grosvenor. CCPA, you’re familiar with some of the data sale issues the data itself and history of computer use by an employee or loyalty program issues, and we really haven’t seen a (or several) to help determine what happened. “These can have potentially wide-ranging sets of lot of movement on these yet. But there could be a lot of implications. And certainly, I think it’s very important to While the individuals performing the investigation (a mix interesting claims next year, particularly tying in the CCPA consider the cyber risk angle and how to protect yourself of IT, HR, Compliance, Security, and other departmental with other laws.” effectively from data breaches. But we’re also seeing claims employees) have a wide array of skills and expertise, it is linked to failings to meet commitments in policies and incumbent upon Legal to quarterback these situations and terms.” ensure that all relevant facts are uncovered. In these cases, Data Privacy Laws Create Robert Grosvenor, MANAGING DIRECTOR, forensics tools can help investigators begin to see patterns New Avenues for Legal The CCPA is also creating new sets of “hybrid” claims, in of facts into the usage of the data to track how it was ALVAREZ & MARSAL which multiple data privacy laws that encompass different used and if there may have been any legal or regulatory Action violations on the part of a bad internal actor. Because some privacy laws—most notably the GDPR and During an investigation, all sources of data must be CCPA—grant individuals a private right of action, litigation considered: computers, phones, fileshares, servers, involving data breaches are likely to increase in the U.S. in Getting Privacy Policies collaboration tools and applications, and any other the coming year. According to Tyler Thompson, associate and Disclosures Right electronic source of information. Because the data involved at Bryan Cave Leighton Paisner, says that the CCPA is likely may be governed by retention policies that requires the heading toward more class-action litigation stemming from Major privacy laws like the GPDR and CCPA established notice and disclosure requirements deletion of information beyond a certain timeframe, it’s cybersecurity provisions in particular. that individuals must agree to in order for organizations to legally collect and store personal critical to preserve information as quickly as possible to information. If the data is being used in a specific way—shared with a third party, for example— ensure a timely collection and analysis of data. Further, “If you don’t have reasonable security—if your company the organization must attain consent from the individual. Along with Grosvenor, Thompson says ensuring that evidence is collected in a forensically-sound or entity can’t be shown to have reasonably protected he sees businesses failing to ensure that their disclosures meet the standards of privacy laws. manner by a trained investigator—which could be on staff data—and you have a data breach, you expose yourself to or an outside expert—can mitigate risk of the data being [litigation],” says Thompson. “I think the CCPA becomes a “It’s surprising to see the number of claims based on notice requirements, transparency altered, which can open an organization up to a spoliation little like the Telephone Consumer Protection Act (TCPA) requirements, and failure to disclose,” says Thompson. “That’s something maybe companies just claim that hinders a case. because it’s a goldmine for class-action suits for plaintiff’s aren’t thinking of, especially if they haven’t been through a GDPR compliance program: how attorneys. And to give you a horror story, I recently settled important the privacy policy is, and making sure it’s comprehensive. Looking at litigation trackers Integrating forensics into internal data processes ultimately a TCPA claim for a client and it was $25,000—and they online, you’re seeing a high amount of claims alleging that they aren’t really disclosing everything. promotes efficient litigation across the board, as it helps literally did nothing wrong. But because of the costs of So I think it’s worth taking another look at privacy policies.” to maintain proper chain of custody and truly validate and class-action lawsuits in the United States, you’re forced authenticate the integrity of your evidence. Additionally, The litigation landscape continues to change; GCs and CLOs that are able to establish into these positions where you have really unpalatable and uncovering evidence forensically may reveal pieces that are comprehensive data management strategies that include robust retention enforcement will find bad results. Unfortunately, I think that’s where the CCPA is key to the case, but that may not have otherwise themselves better equipped to handle future regulatory surprises. In the next chapter, we’ll take a going as well.” been found. look at how technology can help bring a Legal GRC strategy to life.

The General Counsel’s Guide to Legal GRC: 2021 14 © 2021 Exterro, Inc. // exterro.com // 503.501.5100 The General Counsel’s Guide to Legal GRC: 2021 15 © 2021 Exterro, Inc. // exterro.com // 503.501.5100 CHAPTER 4:

Using Technology to Respond “Currently, we’re using our data inventory primarily to fuel our legal Jennifer Harkins Garone, objectives because I think it’s challenging for a business to wrap to Legal GRC Challenges DIRECTOR OF PRIVACY, their heads around the value of this information” says Garone. CARNIVAL CORPORATION’S The role of Legal is growing in both importance and significance through providing proactive NORTH AMERICA BRANDS “I have seen data inventories be leveraged by the rest of the business once they guidance on governance, risk management, and compliance manners. This focus on prevention, see what’s there and how robust and informative the data is—it’s amazing how the rather than reaction, will help ensure that the increasingly complex web of regulations is answerable minds of other leaders start imagining what they can do with it, and it can really through a comprehensive Legal and business strategy. enable you to be more informed about how you go to market.”

Applying the True Business Seek Multi-Use Technology Platforms That Solve Value of Your Data Business Challenges Cross-Departmentally Just as the amount of data housed at most organizations has increased dramatically over the last decade, the number Marcella Sampic, senior legal counsel for United Technologies, of individual point solutions have increased as well. As part of an effort to collapse the number of software applications says that it’s critical to understand how data sources are being used, businesses are beginning to move away from single use solutions and toward platforms that integrate systems and used before getting a grip on its true value to the organization. can solve cross-departmental challenges. “If you’re looking at all the cloud-based tools For example, consider the Electronic Discovery Reference Model (EDRM), which is an organizations can have, it’s a high number that e-discovery workflow framework. The EDRM follows the typical activities that would take Legal and Privacy teams are going to have to place during e-discovery: identifying the data and preserving it, collecting and processing it, monitor and understand and communicate to reviewing it, and analyzing and producing the material. As we covered in Chapter 2, consumer says Sampic. employees about,” requests for information are not all that different from discovery requests; a DSAR involves “It is a challenge for a company to understand how we’re using identifying and collecting information pertaining to a specific individual, reviewing and our data inside the company and how we’re using it outside redacting to ensure that any sensitive information is removed, and producing the material the company with our vendors and third-party partners. It’s a back to the requestor. There are, of course, different and sometimes additional steps for either daunting task. Where does it go? Who uses it? How do we get process, but the technology required to complete each request is very similar. rid of it safely?” The same is true for breach notification laws, which typically require identifying what data was accessed, and collecting, reviewing, redacting, and producing it to regulatory authorities. Marcella Sampic, The similarities in activities, workflows, and outcomes offer opportunities to collapse the SENIOR LEGAL COUNSEL, number of applications businesses use as other technology can be redeployed across multiple UNITED TECHNOLOGIES business units to achieve other, data-related goals.

“It’s important to have the right tools to do each job, and there is overlap and continuity amongst them,” says Garone. While the different departmental jobs themselves are “almost We started this whitepaper with a focus on the data inventory: high-quality completely different worlds from each other,” Garone says, the technology remains applicable data can be used to achieve business goals, and every other aspect of Legal and to multiple use cases. “There’s a layer in that they’re all dealing with data, sometimes looking Privacy compliance stems from ensuring the data is hygienic and holds business for or deleting something for different retention or regulatory or policy reasons. I always try to value. Jennifer Harkins Garone, director of privacy for Carnival Corporation’s remind my team that there’s a relationship between privacy and security in this, and they need North America brands, says that the “business case” for ensuring data integrity to remember to contemplate that while completing these processes.” lies in the value of the data itself.

The General Counsel’s Guide to Legal GRC: 2021 16 © 2021 Exterro, Inc. // exterro.com // 503.501.5100 The General Counsel’s Guide to Legal GRC: 2021 17 © 2021 Exterro, Inc. // exterro.com // 503.501.5100 CHAPTER 4: CONCLUSION To get a better idea of how a Legal GRC strategy can help your organization The interrelated nature of According to the 2021 Legal, Privacy, Compliance, ACC-Exterro CLO Report: maintain compliance in the face of an uncertain regulatory future, contact Security, and IT priorities and OF GCs/CLOs Exterro today and ask for a demo of our Legal GRC platform, and learn more goals have made working IMPLEMENTED % TECHNOLOGY SOLUTIONS about how we can help address your unique challenges. cross-departmentally critical. 56 AS A MEASURE OF COMPLIANCE WITH DATA The more those departments 56+44X PRIVACY REGULATIONS are able to familiarize themselves with similar Additionally: GET A DEMO technology systems to tackle SAY THEY’LL INVEST IN these challenges, the better. NEW TECHNOLOGY TO % INCREASE DEFENSIBILITY And one critical way to do 27 AGAINST LITIGATION AND that is through technology. 27+73X COMPLIANCE THREATS (cyber attacks, data breaches, regulatory fines, civil litigation sanctions, etc.).

To answer the interrelated challenges that face multiple business units, GCs and CLOs should consider technology that operates within a single, centralized, integrated framework that is able to:

› Connect to all data sources across an enterprise and validate the data

› Find and identify hidden, rogue, and unstructured data DOWNLOAD REPORT HERE › Integrate with other legal technology that is utilized across the enterprise

Only by connecting to each data source within an organization through integrations with existing technology will Legal be able to validate the critical questions we covered in Chapter 1: What data do I have? How much data is there? Which regulations govern which data? With whom am I sharing it outside of the organization? And who can access it? Looking for more information about Legal GRC? Technology that can help find the answers to those critical questions—and Take our Legal Leaders course today, or read our guide on features enterprise connectors to integrate with existing systems—will be the most effective way for GCs and CLOs to tackle these (and upcoming) Implementing a Legal Governance, Risk and Compliance Strategy. challenges. COURSE #1: COURSE #3: The stage is set for businesses to thrive in the face of an uncertain future, Mastering Costs Mastering Strategy and the regulatory environment has placed the Legal department in a prime position to lead the way. COURSE #2: COURSE #4: Mastering Defensibility Mastering Technology

YOUR ANSWER TO YOUR GLOBAL LEGAL QUESTIONS Businesses of every size are expanding their global footprint. While global expansion brings a host of opportunities, it also brings new legal challenges and questions. Whether it’s an intellectual property, employment, finance, real estate, or data privacy question, you need to be able to get answers quickly for your clients and stakeholders. Thomson Reuters Practical Law™ has the global solution you need.

Practical Law is legal know-how that provides the With Practical Law’s Global resources, you can: answers to your “how do I” questions with practical • Advise with confidence on global matters and guidance and wisdom to propel your research into transactions action. Globally, over 600 expert attorney-editors monitor the changes in the law for over 100 countries, • Browse by country with jurisdiction-specific resources to ensure you have up-to-date resources, providing the written by local experts and arranged by country questions you should be asking, and guiding you along • Keep up-to-date in tracking key legal developments the process. across the globe

The new Practical Law Global 1 features:

1 Seamless navigation between your local content and global content 5 2 New global practice area taxonomy 2 4 3 Access to Global In-House Resources from the home page 4 Option to customize the countries you use most often in the Featured Countries section 5 Country Q&A comparison tool to compare answers to 3 key questions across multiple jurisdictions

Table of Contents