Foreword

Latin America has a rich and diverse culture with a population of over 660 million people from many different ethnic groups and cultural ancestries. Due to the region’s diversity, it is essential for companies and their workforces to continuously prioritize the need for diversity and inclusion in their general work environments, including in their boards and senior management positions, which data indicates are more than 90% occupied by men, mostly from a similar ethnic group.

Studies show that Latin American women are underrepresented among the top echelons of the legal profession – as they also are in the wider corporate environment – despite having a higher level of education than their male counterparts on average (as is the case in Brazil, for instance) or them representing half of the students in law school (as is the case in Mexico).

In the region, both the legal profession and the wider corporate environment face similar challenges in terms of gender equality.

The causes of this inequality are perceived by women as being rooted in the traditional unequal distribution of domestic tasks, the culture of ‘machismo’ and unconscious bias. Apart from purely career-related consequences, these causes also result in other unwanted behaviours, such as workplace harassment, which is frequently mentioned by women when asked about their working conditions.

Much remains to be done in this regard, but over the past 20 years, diverse groups have been trying to raise their voices to increase awareness and fight for their rights and needs. In particular, women have launched initiatives which aim at empowering themselves into a force to be reckoned with and at making opportunities for themselves. They have created groups – like Lawyers in Skirts, in Brazil – to develop their network and mentor each other to achieve their career objectives.

These groups organise workshops and conferences about inclusion, diversity, and women leadership, and have brought to the public’s attention that the evolution of these issues is intricately linked to the economic development of their region and respective countries.

Indeed, gender equality has been proven to contribute to poverty reduction and economic development. According to a McKinsey study, there would be an 11% automatic increase in the global GDP if the gender gap were closed, and specifically, the Latin American GDP would increase by 14% if women were encouraged and assisted in participating as economic actors.

The groups have reached out to female lawyers from other jurisdictions, where accessing top positions is perceived to be easier, and often receive their support. The organisation WILL (Women in Leadership in Latin America), a São Paulo-based non-profit unit, now has advisory boards in Bogotá, the US and London, which enable them to have access to a wider audience and help established lawyers, as well as aspiring ones supporting them throughout their careers.

These organisations already see improvement in top-tier law firms and corporations, but they now want to reach all women with legal degrees, and even expand their programmes to universities, broadening their socio-economic reach into any social group or institution where bias might lurk.

Interestingly, despite women finding it challenging not to have peers to exchange ideas with when they make it to the top echelons of a law firm, it appears that some of these organisations – like Abogadas MX, in Mexico – are admitting men as workshop participants, allies and even board members and mentors. Generally, the non-profits have found this experience enriching, and have discovered that their presence brings the opportunity for a synergistic learning experience, showing that diversity is a question that concerns us all, regardless of gender.

In most cases, if not in all, these groups work towards women being in a fair competition with men – they do not advocate for women to be given extra rights solely based on their gender, but rather, an even playing field.

And indeed, after years of fieldwork, they conclude that lawyers can help:

  1. They can impact policies and laws through the specialized skills of their profession and demonstrate how important it is to support women in general. In several jurisdictions, women do not have access to courts or fair laws, for instance, and some gender-related legal issues, like gender violence, are still common in Latin America. Consequently, they feel that there is a lot of space to improve the laws, but also to give equal access to the court system.
  2. At a corporate level, lawyers can participate in advocating and creating policies for companies that need to adopt gender inclusion and diversity policies.
  3. Furthermore, employees rely upon legal departments to be stewards of ethics and good governance, meaning that these departments must set a good example and promote diversity and inclusion themselves.

Their influence over corporate policies might even be greater in the post-Covid-19 pandemic world. The above-mentioned McKinsey study shows that during the pandemic, women, LGBTQ+ people, POC and parents were found to be struggling more with issues such as mental health, work-life balance, isolation (from co-workers and managers) and job opportunities. These issues were also more pronounced in emerging economies and, in several jurisdictions, were accentuated by a surge in gender-based violence linked to the work-from-home policies.

Many companies have since attempted to offer more policies that are responsive to these struggles and provide greater balance, flexibility, and improve their internal communication.

Given the importance of D&I, this report intends to offer fresh perspectives and insights from across the Americas on where we are as a legal community and also suggestions on what is working to advance inclusion across the Americas.

Through interviews with leading GCs from all over the region, we found that though the situations and nuances differed from country to country, and some seem to be doing better than others there is much that can be learned from one another.

Colombia, for instance, has a high percentage of women in leadership positions, and women have space in the corporate world. In Brazil, however, gender inequality seems to come in addition to other discriminations, such as sexual orientation or ethnicity.

The consensus we found is that, in addition to improving the corporate culture, the legal and regulatory frameworks could be modified to help with D&I. For instance, more transparency could be asked from companies about their hiring/promotion processes and policies could be passed to protect D&I leaders within companies, etc.

However, implementing a change entails asking people to change their behaviour, which they might resist. This requires leadership, diplomacy and pedagogy, and to place the right people in the right positions.

Boards and management teams should always be transparent as to what they are trying to achieve, how they are trying to achieve it, and they should be able to measure the results of any new policy.

In a sense, leveraging the collective experience of a diverse workforce is not as simple as hiring different people and alchemizing their perspectives into corporate gold. Inclusion is as fundamental – it is essential to create an environment where diverse people can feel welcome enough to perform at their full potential.

Maria-Leticia Ossa Daza
Chair of the Latin America Practice
Willkie Farr & Gallagher

Allan Cohen
Research Editor
The Legal 500: In-House Research Team

The butterfly effect: algorithmic bias and the search for talent

It is a fact that the hiring process is often dogged by bias. Of course, hiring managers do not reject applications from minority candidates, but unconscious biases have been shown time and again to skew hiring decisions.

Diverse applicants are acutely aware of the risks.

‘Back in the early 2000s, I found that it was very easy to identify who diverse candidates were’, says Phyllis Harris, general counsel, chief compliance, ethics and government relations officer, at the American Red Cross.

‘You could pick it up from a school, a name, you might pick it up from the organization. What is interesting is that, over time, I have seen a 180° whitewashing in résumés. There are candidates out there that believe that they are not going to get an opportunity to interview if someone can readily identify their racial make-up and their racial identity. I know people who have gone as far as changing their first name because they did not want to stand out.’

‘We like to talk about inauthenticity. How inauthentic are you if you have to make a conscious decision to say this résumé cannot in any way reflect that I am African American or that I am native American? You are going into a workplace and, on the very first day, you are not comfortable in being yourself.’

But what if you could remove bias from the hiring process? Some claim that you can.

Automated hiring introduces technologies such as artificial intelligence (AI) and machine learning (ML) into the recruitment process, helping to pre-screen résumés that do not meet requirements. In some cases, these tools are now being used to eliminate the need for a human interviewer to interact with prospective new hires. If the process is less human, there will be less scope for human preconceptions to overlook the best talent. Right?

Not according to Ifeoma Ajunwa, associate professor of Law at UNC School of Law, and founding director of the school’s artificial intelligence and decision-making research program. She has seen workplaces embrace algorithm-based technologies for convenience and cost-savings in the recruitment process – as well as in other areas such as training, safety or productivity monitoring and surveillance – filtering out high volumes of applicants, even in white-collar roles. But she has grave misgivings about its potential for discrimination.

‘Automated hiring is seen by a lot of white shoe firms and big companies as an anti-bias intervention. A lot of these firms are turning to automated hiring in good will, with good intentions – they think it’s a way to ameliorate the bias of hiring,’ she explains.

‘The problem, however, is that because hiring platforms are not well regulated, the reality is that they are in fact replicating the bias that already exists and they could actually be exacerbating it. If you have a flaw in an automated hiring system, that flaw is prone to be replicated a million times, versus when you have one biased manager.’

Disparate impact

The problem is that of disparate impact – apparently neutral processes whose outcomes are nevertheless harmful – where a butterfly-wing beat of inattention, ignorance or worse, can set off a tornado of exclusion.

Ajunwa gives the example of video interviewing platforms that use algorithms to measure variables like eye contact or syntax, potentially impacting candidates with autism or deafness, she says.

Closer to home, she describes the case of a former student, a computer science PhD postgrad who was rejected by a major company. On meeting with a company representative at a job fair, it became clear that her skills were perfect for the organization, and, in surprise, the representative investigated. It transpired that an automated program had screened out applicants with a BA in computer science, in favour of those with a BS.

‘It’s not really a meaningful difference. But then you also have to think about, could this have other disparate impacts? Who’s more likely to get a BA in computer science versus a BS? Could this actually have bigger disparate impacts than we know?’ she says.

‘There won’t always be quick fixes.’

Where the puck is going

Ajunwa believes that such consequential decisions being left to technology merits legal attention – and she pinpoints in-house lawyers as playing a potentially significant role in such scrutiny.

‘I think in-house lawyers are particularly at the forefront of the scene, because some of them may be general counsels advising clients on what sort of hiring programs to put in place. So they do need to be aware of these issues with automated hiring because many vendors will be trying to sell automated hiring programs to large firms, and there really is the duty of these general counsels to ensure that the client isn’t taking on a program that is going to be more of a liability than a help,’ she says.

‘At the bottom line, there’s a huge liability if companies get these issues wrong. There’s an important legal liability,’ adds Nuala O’Connor, senior vice president and chief counsel, Digital Citizenship at Walmart.

The extent of the exposure to that liability won’t be evident until the process is run, and the output – potentially reflective of biases along racial, ethnic, national origin and other discriminatory lines – there for all to see. But that’s the baseline, says O’Connor.

‘I’ve always believed that the role of in-house counsel is not just to say what the law is, but to lift up the company and say, “This is what the right thing is”. The role of the savvy in-house counsel when dealing with emerging technology is a little like the ice hockey saying – you’re looking where the puck is going, not where the puck is. This is where the puck is going. Increased use of technology, increased use of data, increased scrutiny. Increased scrutiny of the values,’ she explains.

‘Just as companies are being scrutinized for the values they espouse and having to take positions on controversial social issues, the technology and the data uses of the company are going to be scrutinized for the values inherent in those programs, policies, processes. I think that the smart lawyer and the smart counselor inside is looking at: “what have we built? How is it working, how is it functioning?” This is the digital architecture of a company, just like the four walls of a store are the physical architecture of our company, and it demands as much scrutiny.’

Joining the dots: technology, law and discrimination

Lauren Krapf, technology policy and advocacy counsel at the ADL, and counsel for its Center for Technology and Society, discusses her work combating identity-based hate online

We know digital discrimination really impacts individuals, especially when it comes to their identity and, specifically, race and ethnicity. Algorithmic bias exists in our digital financial systems, employment systems, and other systems. It tends to mirror the discrimination that individuals experience offline when it comes to disparate impact and harm to marginalized communities. This manifests specifically for race and ethnicity, but also for religious minorities, for the LGBTQIA+ community and other targeted populations. ADL has spent a lot of our time and focus on online identity-based harassment and hate that is seeded through social media and other digital mechanisms. In addition to working to protect targets of identity-based online harassment, ADL’s tech policy work focuses on platform accountability.

In 2017, ADL launched our Center for Technology and Society (CTS), where we have housed experts who focus on research related to hate online and identity-based harassment. CTS works with, and pushes back against, social media platforms in light of the role they play in magnifying hate, extremism, racism and harassment. We have policy experts and engineers building tools to measure hate online and its impact.

AT ADL, we research the ways hate and extremism, white supremacy, and harassment manifest in digital spaces, and then engage in advocacy so policymakers and lawmakers can help develop sustainable and meaningful solutions to mitigate the harms that exist.

My portfolio includes supporting ADL’s initiatives from a legal and analytical perspective: what are the legislative and regulatory solutions being proposed? Can these solutions make a positive impact? What are unintended consequences? Can these proposals be improved?

We’re looking to case law, to precedent, and understanding what language is necessary to update the gaps and loopholes in the law, talking to victims and targets about the struggles they’ve had and their ability – or inability – to bring cases forward, talking to other legal experts about their theories of change.

When it comes to supporting targets of online harassment, through ADL’s Backspace Hate campaign, we’ve worked with law makers in several states to introduce anti-doxing laws, to update cyber harassment laws or cyber stalking laws, and to introduce swatting laws, because in many states these laws are out of date or don’t exist at all.

When it comes to holding tech platforms accountable for their role in amplifying hate, racism and extremism, ADL is fighting for meaningful internet reform. We are seeing the magnification of hate and the normalization of racism on social media at unprecedented levels and know that tech platforms can do more to stop the proliferation of these harms. ADL believes Section 230 [of the Communications Decency Act, which prevents platforms being liable for content posted by third parties] needs to be reformed. But we know that is just one piece to the puzzle. ADL’s REPAIR Plan lays out the different components to pushing hate and extremism back to the fringes of the digital world. This includes things like changing the incentive structures for Big Tech’s toxic business model, increasing transparency and accountability for platforms, and advocating for targets of online hate.

I think these really important questions of our time are rooted in a mix of tech expertise, law, human stories and impact, and so I feel grateful that I get to put the puzzle pieces together, and assist when ADL supports a piece of legislation, or works directly with law makers to champion work, or when we talk to our community members and leaders about what they can do. And really just having conversations in communities and raising awareness.

ADL also works directly with law firms that support our impact work. They help us our policy and civil rights teams with amicus briefs as well as other research projects. As we look to what’s next, or as we look to deeper understand nuances within some of the issues, la firms can provide meaningful assistance. We’re lucky to have a network of dedicated lawyers, law firms and stakeholders to lean in and support the work that we’re doing.

I think it would be great for general counsel and other inhouse-lawyers to find more ways to work with civil society. There’s no one-size-fits all piece to the puzzle. As for tech policy reform, we are asking serious questions about the best way to regulate the tech industry: business structures, antitrust reform, privacy regulation, liability, whistle blower protections, etc. There’s not one single way to fix the internet. It’s not just rooted in the outward-facing policies of tech companies, or the laws that are moving through the legislature. I think that we can really develop creative solutions when partners who have different skillsets, that can look at issues from their lens, get involved.

Lisa LeCointe-Cephas, chief ethics and compliance officer at Merck International, has not worked with automated HR systems, but she is conscious of her responsibility to consider where bias might hide in processes and tools.

‘Last week I took one of our new diversity, equity and inclusion trainings from the perspective of a black woman – “How does this read for me?” I’m very vocal about providing feedback on that, because I do think that a lot of the things that we’re building to help us, at times, can actually have biases built into them.’

She believes this awareness should also be applied to potential algorithmic bias within automated tools.

‘I’m fascinated by a lot of that work. There are these new platforms that allow you to say, “You know what? Bob is great. We want to get another Bob. And so, what are the characteristics of Bob that allow us to get another person who will be just successful?” I do worry that a lot of those things have inherent biases built into them,’ she says.

But Ajunwa feels that many in-house lawyers are not truly cognizant of the risks.

‘I think, frankly, that maybe in-house lawyers are just not as technologically astute or as technologically attuned to the nuances of how a lot of automated tools work – such that automated tools that might seem innocuous or that might be neutral could, for example, still have proxy variables that they are using, which are making them ultimately unlawfully discriminatory,’ she explains.

Digital ethics and the law

At Walmart, O’Connor is one of a growing band of corporate counsel looking at the intersection between ethics and the evolving digital ecosystem inside companies. Former president and CEO of civil liberties non-profit the Center for Democracy and Technology, O’Connor now heads up a new function called ‘Digital Citizenship’, which includes lawyers, compliance and policy professionals, as well as technologists and data architects. The organization also includes a program team called ‘Digital Values’, specifically tasked with scrutinizing values embedded in AI and ML.

Legal and digital ethics skills are increasingly at a premium, she says, putting the field in the context of mounting regulatory and corporate attention being paid to technology and data practices.

‘I do think it’s a growing field. It’s looking at technology through that civil liberties lens and through that fairness lens and being a lawyer who can help do that, I think is going to be an incredibly valuable skill,’ she says.

‘We talk a lot about the role of privacy, and I sometimes cringe a little bit because I don’t think it’s just privacy anymore. Data protection is necessary but not sufficient. It’s got to be secure; it’s got to be safe, it’s got to be held to the standards and promises that were made when the data was collected. But the use of that data has also got to be fair, it’s got to be transparent, it’s got to be accountable.’

So, how can companies distinguish between platforms selling what O’Connor terms ‘digital snake oil’ and genuinely helpful tools? And how can they make sure that genuinely helpful technologies do not amplify bias and exclusion?

Authentic auditing

For Ajunwa, the answer is auditing – an ongoing, authentic process, where disparate impacts are not only identified, but corrected. And she believes it should fall to general counsel to ensure that appropriate professionals are hired.

‘Ultimately, if there is an issue of discrimination, the employer is still responsible. The mere fact of delegating hiring to automated hiring platforms does not remove the legal responsibility to refrain from employment discrimination,’ she warns.

Some employers are sitting up and tackling the risks. In December 2021, the Data & Trust Alliance – a non-profit global consortium of leading businesses formed in September 2020 – announced a set of criteria to mitigate data and algorithmic bias in HR and workforce decisions. In recognition of the risks inherent in its members’ increased application of data, algorithms and AI in the search for talent, these ‘Algorithmic Bias Safeguards’ are intended to help companies assess vendors on criteria such as training data and model designs, bias testing methods and bias remediation, among others. They will be used by companies like American Express, CVS Health and Walmart.

O’Connor has been closely involved, since the Alliance knocked on her door to leverage the skills of her team.

‘It really was a top-down, CEO to CEO conversation that these companies are waking up to the realization they have a lot of information and data about people, they wanted to do good things with it, better things than I think the public perception is of what the amalgamation of data could mean for their personal lives,’ she says.

‘Most importantly, this is not just: “let’s put up a page of principles on the wall and it’s all good.” We’ve all done that as companies already; that’s a baseline. This is: “how do we implement? How do we operationalize? What are the questions we have to ask our vendors? What are the processes we should put in place?”’

O’Connor co-chairs the Alliance’s algorithmic decision-making in HR working group, which met weekly to consider how automated HR tools should be evaluated for bias and implemented across the HR, procurement and IT departments. The safeguards are the culmination of that project, including checklists for vendors, anti-bias diagnostic tools and metrics for outcomes.

‘Here are all the values, here are the ways you should be scrutinizing your tools, here are the places in the company that these tools might be implemented, whether that’s in hiring of new people, or an area I think that’s overlooked is advancement and promotion – who are we looking at when we’re creating new jobs or promoting people and who is getting to go on learning opportunities?’ she explains.

Joining the dots: technology, law and discrimination

Mika Shah, co-acting general counsel of Mozilla, describes the company’s push for transparency to combat discrimination in the digital adsphere, and how the legal team supports that work

When a company advertises online, they can choose the targeting parameters – the interests, demographics, and behavior – of their potential audience. Advertising platforms often have extremely granular targeting options and, although this can be useful in some situations to find audiences who would be interested in the topic or product, it can also easily be used to discriminate against certain segments of society.

Some examples of the former may be culturally specific products or events – some people might find value from this, whereas others would find it creepy, but not necessarily harmful. By contrast, harmful discrimination through advertising is happening today, although experts are less certain about how ubiquitous the practice is and how much harm it does to individuals and groups. Examples of harmful discrimination online include sending digital reminders of private and traumatizing experiences, engaging in voter manipulation, provoking actual conflict, targeting certain genders in hiring, excluding certain races or households from housing opportunities, and so forth.

The regulatory environment to prevent online discrimination and harm is dated. There are laws in the US and other countries to prevent certain types of discrimination, but they do not address these types of digital practices and the harms that result.

That is why Mozilla advocates for stronger transparency requirements by advertising platforms. This is an opaque space in which platforms hold the relevant information. Without this, we can’t have meaningful public discourse on how to prevent digital discrimination and harm. Mozilla also advocates for safe harbors and protections for researchers and journalists studying discrimination and harm online. This is critical to enable a better understanding of what practices are having discrimination impacts, and the nature of those impacts. It is a key step to better empower regulators to take action.

On the other side of the debate around platform transparency is how advertisers should behave. Many companies engage in routine advertising and they may be engaging in practices that seem to be ‘permissible’ but may in fact be discriminatory. As the regulatory environment evolves, legal teams should proactively ensure that their targeting and data practices can withstand regulatory and consumer scrutiny. This includes going beyond the letter of the law, especially when laws don’t yet exist, to also consider whether a company’s practices are in line with brand values and public trust.

We’re encouraged by recent Congressional proposals on ad transparency and researcher access. A meaningful solution to enable transparency includes the entire toolkit: universal ad transparency, safe harbor for researchers and journalists, and disclosure of high engagement data. Of course, we must carefully craft these rules in a manner that preserves privacy protections. We’ll continue to advocate alongside civil society and academia for thoughtful and effective policy approaches and encourage governments to act worldwide.

Beyond our public policy work, we also have great products that we wish for everyone to know about. That means we can’t ignore advertising either. We’ve gone from pulling our advertising from Facebook to returning, with build-in transparency into the process ourselves. Our legal team approaches this issue from every angle and collaborates with our internal business partners to understand challenges and implement solutions in line with our values. In this way, legal teams are an important stakeholder to helping companies navigate beyond what the law ‘requires’ (or doesn’t) to what is also the right thing to do for consumers and society.

‘It can be as granular as: let’s look at the code and see what it does, or as general as: here are five questions you should ask your vendor. And I think it’s tailorable to small, medium and large enterprises.’

O’Connor describes other Alliance projects – one on the use of data and technology in M&A due diligence, to look at how data and technology assets are considered in the acquisition or divestiture of companies, as well as the transfer of privacy policies and commitment when entities change form.

Another studies responsible personalization, examining the values input into tailored online experiences, and the values behind the exposure of people to advertisements for products as diverse as clothing, mortgage loans or educational opportunities.

For companies able to successfully audit and uncover bias and unlawful discrimination, says Ajunwa, perhaps the stickier question is how to go about correcting it.

‘Sometimes you might think you’re using variables that are quite important for the job description or for your industry, but those factors or variables may perhaps have historically racial bias baked in,’ she says.

‘That then becomes a bigger conversation on how you disentangle variables that are widely used in your industry from racial bias.’

For O’Connor, that conversation has to prize humanity above isolated attributes: ‘It’s not just the data, it’s the decision. What is the judgment that you are applying to a human being and is that fair, is that honouring their full humanity, or is that diminishing them to some kind of stereotype or corner of the universe? I’m a believer that technology can be used to open people’s minds and horizons, but we do need to scrutinize it to make sure that’s actually what’s happening.’

Regulation

Whatever the conversations happening in-house, Ajunwa argues that auditing should also come from outside – from interventions by government agencies like the Federal Trade Commission (FTC) and the Equal Employment Opportunity Commission (EEOC).

At the state level, interest is growing and December 2021 saw a bill regulating the use of AI by employers become law in New York City, effective from January 2023. The bill requires companies to conduct a bias audit on automated employment decision tools, to notify candidates living in the city that such a tool will be used and which qualifications and characteristics it will assess, and provide the opportunity to request an alternative process.

At the federal level, the EEOC announced the launch of an initiative to ensure that AI and other hiring and employment decision-making tech tools do not discriminate unlawfully in October last year.

‘My greatest wish is for governmental agencies to really take more charge of regulating this arena of automated decision-making,’ says Ajunwa.

For now, the EEOC plans to prepare technical assistance to provide guidance on algorithmic fairness and AI use in employment decisions. But, Ajunwa believes that judicious use of similar technology could actually assist in the process of creating and enforcing regulation.

‘I think they can do it by actually deploying some automated decision-making tools themselves. The EEOC could use automated decision-making tools to search for disparate impacts from automated hiring platforms or other online platforms. The FTC, which is in charge of the Fair Credit Reporting Act, could actually use that to ensure applicants get more information about their online applications – basically they can use it to reverse the current informational asymmetry between employees and employers when it comes to automated hiring.’

Stepping out of the silo

For data ethics to exist outside of a vacuum, and for any efforts at mitigating bias and disparate impacts in automated employment decision-making to succeed, they must be part of a collaborative effort, says Ajunwa.

‘There is this siloed effect, where you have ethics organizations off to the side writing papers, doing research, and then you have corporations also off to the side, and there’s not really enough conversation between the two,’ she says.

She hopes that more corporations will collaborate with leading edge social and computer science researchers and legal scholars in evaluating their programs and flagging issues.

‘I know of companies using what they claim is research to create automated hiring programs, but it’s research from the 1960s. Yeah, sure it’s research, but I can guarantee you how dated, probably racially and gender biased, and so on that will be,’ she says.

The Data & Trust Alliance has also taken a multi-disciplinary approach: O’Connor’s working group brings together professionals from the fields of law, technology, procurement and diversity. The resulting algorithmic bias vendor evaluation criteria were developed by a coalition of member companies, with input from vendors, business, academia and civil society.

At UNC Law School, Ajunwa has worked to broaden the skillset of lawyers themselves, founding the Artificial Intelligence and Decision-Making Research Program in recognition of the need for a new generation of lawyers to understand not only the nuances of the law, but also the capabilities and potential of emerging technology – and what legal issues could arise.

To ensure the message is reaching employers, Ajunwa also sits on a technology advisory council for a Fortune 500 company, providing expert ethical opinion and advice on products and relationships.

‘Currently our model of dealing with discrimination in the United States is flawed. We have a litigation paradigm where you are basically putting out fires after they’ve already started. I think general counsels should counsel their corporations to rethink that model and not wait until they are faced with litigation to address potential issues,’ she says.

‘Instead of waiting to get a lawsuit and then scrambling to defend themselves, maybe they should have advisory councils already in place so that they can get concrete and useful advice as they are conceiving and rolling out products and entering into relationships with other corporations or entities such as governments. A tech advisory council is useful for that and can actually spot issues before they start – they can spot hotspots before they turn into a full-blown fire.’

Focus on HRC Equidad MX

This year marks the 20-year anniversary of HRC’s Corporate Equality Index (CEI), a national benchmarking tool for corporate LGBTQIA+ inclusion in the US. But Latin American countries are fast catching up with their neighbour in the drive for recognition of inclusive professional environments for LGBTQIA+ employees and, in 2016, a Mexican version was launched.

Run by LGBTQIA+ inclusion consultancy ADIL, the HRC Equidad MX: Global Workplace Equality Program promotes LGBTQIA+ equality and inclusion in the Mexican corporate landscape through an annual workplace survey, like its US counterpart. Each year, participating businesses in Mexico offer up their policies and practices for scrutiny, hoping for recognition on a list of ‘Mejores Lugares Para Trabajar LGBTQIA+’ or ‘Best Places to Work for LGBTQIA+ Equality’.

Mexico has a suite of laws prohibiting discrimination against LGBTQIA+ people in areas such as marriage, adoption and more, although these are often state-based and coverage across the country is incomplete. The Out Leadership Business Climate Score gives the country a rating of 7.5 out of 10, marking it ‘low risk’ in three out of four risk categories. However, according to that same index, ‘Pervasive anti-LGBTQIA+ violence and homophobia in Mexico and the patchwork landscape of legislation may create challenges for companies seeking to relocate LGBTQIA+ personnel to Mexico.’

Francisco Robledo Sánchez is a Mexican consultant and strategist in LGBTQIA+ labor inclusion, and founder of ADIL. He explains that culture, practices and the law do not always match, and that it remains important to campaign on LGBTQIA+ rights in the Mexican corporate space.

‘Mexico is a very conservative and Catholic country, where a lot of companies are family companies that have grown into large corporations, or companies that come from different countries with offices here, that don’t have D&I on their radar at all,’ he says.

‘Mexico, is very, very behind on sexual education and diversity and inclusiveness – basic information that’s not taught anywhere in our curriculum and at any stage of public or private education. So, the corporate world has been a great place for re-educating adults in the workplace, so they can positively impact their families and their social circles.’

But the tide is turning, according to Robledo: ‘The interest is genuine, the social pressure is big, there are a lot of ingredients in this conversation, and I can see that people are more comfortable to talk.’

Capitalising on that increased appetite for conversation about LGBTQIA+ inclusion, Equidad MX is on a mission to build workplaces where anyone can be themselves at work, and to celebrate where companies are doing this well.

Eight years ago, Robledo first met with Deena Fidas, director of HRC’s US Workplace Equality Program at that time (the current US director is Keisha Williams, a lawyer, law professor and former in-house counsel). Fidas wanted to help US-headquartered companies expand LGBTQIA+ inclusion in their Mexican operations to provide the same experience for staff working internationally, while also supporting Mexican companies to comply with the supply chain DE&I requirements of US entities. ADIL was selected to run the program, which launched in 2016 and released its first report in 2018.

By 2016, the CEI had been running for 14 years, making it an excellent template for Equidad MX.

‘We reviewed it question by question, and we asked ourselves: “what is a good fit for Mexico right now to ask for as minimum requirements?” We had a couple of roundtables discussing what we should be asking locally. We thought that, for the first five years, we should ask for the very basics,’ Robledo explains.

The team settled on three criteria, or core pillars, of LGBTQIA+ inclusion, which companies seeking to appear in the Equidad MX list need to demonstrate. The first of these is adoption of non-discrimination policies, necessitating a written commitment to encourage eventual standardisation among companies – and nuance is a must. For example, the Mexican constitution bans discrimination due to ‘sexual preferences’, Robledo explains.

‘We knew that companies would only put what the constitution says. But more involved companies would actually know that we should abide by these three big dimensions of sexual diversity and gender and diversity. So first, it was: “let’s ask them to put these terms in writing, particularly sexual orientation and gender identity, and then gender expression as an option for more involved companies.” That’s a basic commitment and we can grow from there,’ Robledo explains.

Alejandra Bogantes, legal manager for Costa Rica and El Salvador, and Bob López, deputy director of culture, diversity and inclusion, Walmart México and Central America

Bob López (BL): This is the fifth year that we have received the certification, certifying that we are a company committed to the LGBTQIA+ community, we respect the LGBTQIA+ community, that we have in place those policies, procedures with regards to talent acquisition, talent development, non-discrimination policies and so on.

Last year, for example, we rolled out our trans associates guidelines, so that here in Walmart we can be ourselves at any time, and we can explore the potential that we may have within the company.

To give an example, at Walmart, you can choose a name on your badge – you either define yourself as a female or male associate. Regardless of your birth certificate, you can choose that name on your email address or on your badge, and we respect that. Here in the region, it’s very complicated for the trans community to officially change official government documentation. But in Walmart, we are not requesting that. If you want to change your name or your email address, we can do it for you, and we respect that.

Alejandra Bogantes (AB): The legal department helps in all new initiatives, for example with the trans gender issue, because the company needs to make policies to make people feel good and so the legal department will help in terms of how we can comply with the law, working with HR.

BL: The HRC Equidad MX report is a real certification process. You need to submit a lot of information to confirm that you are making affirmative actions for the LGBT community, that you have in place policies, trainings and so on, to preserve and enforce a safe workplace for the LGBT community.

And at the end, they do an audit to confirm that you are doing this for your associates, and they give you back a report with feedback, with recommendations on how you can improve your current processes, and that way you can start working on your action plan for the next year. So, it’s adding value to the D&I strategy. It’s been a great journey, because we have been learning a lot from other companies, sharing our experiences in regard to the LGBT community.

The second pillar for candidate companies is the creation of employee resource groups (ERGs) or diversity and inclusion councils. In another example of Equidad MX’s desire to systematize LGBTQIA+ inclusion policies, the idea was to see companies build on and solidify the work done thus far by champions.

‘We found that very, very, very few companies have a diversity and inclusion area or a full-time person responsible for these matters. Some would have a diversity council. So, this part was more of a challenge because we were requesting companies to formalise their commitment by founding a council or building an ERG, or the basis of an affinity group. Because we had a lot of champions. So this was a way of saying, “ok, we have it in writing, now which group of people are going to make it real, are going to transform it into programs and procedures?” – we have to visualize that group of people,’ says Robledo.

The third pillar is engagement in public activities to support LGBTQIA+ inclusion, which means that companies must evidence at least three public activities – and these must take place throughout the year, not only during Pride.

The thread running through the criteria, and the ethos behind Equidad MX, is not just to reward the corporate ecosystem as it relates to workplace LGBTQIA+ equality and inclusion, but to move it forward. The pillars, Robledo explains, are designed to meet companies where they are now – but also to challenge them to move on.

‘It’s just a basis. One of the other missions is to empower companies to tell us where to grow, how to grow, and what’s needed locally, so we can set that as a standard and make this grow together.’

But in moving the conversation around inclusion forward, Robledo has, at times, found the legal profession to be less helpful than he believes it could be. He explains that although there is a federal law banning discrimination based on sexual orientation, it was Mexico City as a state that broke this down into sexual orientation, gender identity, sexual expression and sexual preferences, addressing the specifics of discrimination around characteristics like speech and dress for the first time. But while the federal constitution refers only to ‘sexual preferences’, many companies comply only to that degree.

‘Still today we find a lot of lawyers that still don’t want to make that change, because they say that if the law says “sexual preferences”, then that’s it. And then we say that if we don’t break it down in these terms then the company is not actually being that advanced or that forward. It takes a lot of lobbying for us to make them see how they should keep up with what society and what international laws are saying and not just local laws. It’s a tough group. Sometimes we just have to pull out the Mexico City Constitution (if they are based in Mexico City) and tell them: you’re not abiding by this law and just ignoring it and going to the other law which is incomplete,’ he explains.

‘We have to break down these terms so they can use them in a procedure of a lower scale within the company or just with internal communication. So, they may have still have just “sexual preferences” but then people in the D&I area or champions will find a way to put it in writing in a document of different rank within the company.’

Robledo argues that despite protection under legislation in Mexico, LGBTQIA+ people wishing to bring workplace discrimination claims often find themselves unprotected.

‘The federal law and the local Mexican law don’t have teeth. There’s lots that ends up only becoming recommendations,’ he says.

And, he adds, the lengthy, demanding and resource-intensive nature of the process for pursuing a claim is a disincentive for bringing proceedings in the first place.

‘People are not suing for discrimination in Mexico, so then many lawyers are very comfortable in their positions – “It’s not an issue because we are not losing money, on the reputational side there’s only very few companies that have been exposed to discrimination issues”, and so it’s not a priority for them. The global sense is: “Ok, prove to me you were discriminated against”. But the laws that we have are not that strong, so it can actually be a nicer process for me if I receive the discrimination.’

As long as the laws remain relatively toothless, Robledo believes, addressing workplace discrimination against LGBTQIA+ groups will not be a priority for in-house teams, and policies addressing the issue will remain recommendations. However, engagement among the legal profession is looking up: despite the 2021 Index featuring no law firms at all, the newly released 2022 report includes five.

Speaking with his consultant hat on, Robledo has found that, in many cases, the motivation behind improving LGBTQIA+ inclusion can be an obstacle towards achieving it.

‘We have a few very large Mexican companies that have started to do the D&I work because they have international pressure from customers and clients in other countries, but not coming from a genuine interest. As a consultant, when I ask them why they want to start doing this, almost 80% come from a business perspective: my customers, the stock market in the US is asking us for some sort of documentation, some business or money-based perspective on why they want to do it,’ he says.

Across the global corporate community, the business case for DE&I is often a major argument made for increasing workplace inclusion. But Robledo contends that can be a weak basis, leading to an underestimation of how long it can take to achieve, for example, Equidad MX certification.

There are two types of companies, he says – those with an intrinsic commitment, and those whose commitment is driven by marketing opportunities. But, buoyed by the power of social media, the public is demanding to know what commitments lie behind the Pride flag. The Index itself, says Robledo, can perhaps help such companies develop a more authentic commitment, by serving as a toolkit as well as a commendation:

‘Pride was their only option to show that they were committed, but on the marketing side. Those marketing perspective companies actually now have a reason. Six years ago, we started working with them to get them to this point.’

Since its inception, Equidad MX has seen year-on-year growth. In 2018, 32 companies received the accolade. In 2019, the list had grown to 69, 120 in 2020, 212 in 2021, and the most recent 2022 edition saw 242 companies listed, out of 262 survey applications made. Robledo is pleased, despite having had a goal of 300 applications for the 2022 edition, which may have been stymied by the pandemic. But growth may be slowing, he fears.

‘It’s coming to a maturity point where we’re not growing that much anymore. We now have 262 [applicant] companies and maybe 60% of them were doing it well in another country and they just had to put it in place in Mexico. Maybe another 15% were forced by their global business partners, global customers or clients that were pressuring for them to grow LGBTQIA+ inclusion. And the last group really just want to do the right thing by working on it – maybe they started three or four years ago and finally now in our fifth year they are ready to jump into the report,’ he says.

‘For the rest of the companies, their starting point is lower than 80% of the companies we found five years ago. So the group is going to slow down in the next three, four or five years.’

The focus for the report now is to strengthen the tools that the team is trying to develop, moving the conversation on in Mexico, and lobbying to have impact beyond the corporate sphere and linking the results with legislative and policy changes. The next report will evolve the list of criteria to look at how LGBTQIA+ people are included in employee benefits, as well as training offered by organizations. In addition, the team is looking to branch out beyond Mexico City, where many participating companies are based.

The HRC continues to broaden its reach across Latin America, having launched a similar initiative in Chile two years ago and, recently, in Brazil and Argentina. The team is also looking at Colombia and Costa Rica, where there has been interest.

‘I’ve been looking for partners in each country so they can implement and be the local focal point,’ says Robledo.

‘Maybe down the road we will have a LatAm version of the survey, where we can talk about some general requirements and some local requirements as well.’

A little ignition: empowering women lawyers for leadership success

‘The number of women lawyers continues to increase. Now, almost half of all the students in law schools in Mexico are women. But there are no women in the high positions,’ says Tere Paillés, partner at SMPS Legal.

It’s a sentiment echoed throughout this report: in Lati America, it remains that case that women are underrepresented among the top echelons of the legal profession – in both branches.
It mirrors a wider corporate environment in which the female share of board seats in the largest publicly listed companies falls far below the male share. Of the OECD Latin American countries listed (plus Brazil), Mexican women had the smallest share of board seats at 9%, while Brazilian women had the highest at 13.7%, with Chile and Colombia at 9.9% and 12.5% respectively – well below the OECD average of 26.7% (itself hardly an indicator of parity).

‘It is important to emphasise that, today, Brazilian women have a higher level of education than men, with more access to universities, but this is not reflected in their careers within organizations. Those who are in the labor market earn up to 34% less than men in the same position, and are still a minority in leadership positions,’ says Leila Melo, general counsel at Itaú Unibanco in Brazil.

‘I see that the legal and corporate universes have a lot in common regarding the challenges for gender equality,’ she says.

The women interviewed in this report reel off the causes of gender inequality in the legal and corporate workplace – unequal distribution of domestic tasks, a culture of ‘machismo’, unconscious bias. Even harassment was cited as a feature of the professional workplace, at times.

But some Latin American women decided to make their own luck: to forge opportunities, bolster their networks, and empower themselves into a force to be reckoned with – top lawyers but also agents of change.

Like Jurídico de Saias, or ‘Lawyers in Skirts’, a group of female Brazilian in-house counsel formed in 2009. Originally part of an in-house counsel committee of the American Chamber of Commerce for Brazil (Amcham), the group evolved into an assembly for the exchange of ideas and experiences under the initial leadership of Josie Jardim, now assistant general counsel of Amazon in Brazil.

Erica Barbagalo, head of law, patent and compliance Brazil and LatAm BP for Crop Science at Bayer, was one of the founding members.

‘We realized at the time that the majority of companies’ legal leadership – general counsels – are male and there are few women,’ she says. ‘We found that the leadership of legal in-house was so alone, because we are just lawyers at the company. You don’t have peers to exchange ideas within the company when it comes to legal aspects.’

OECD Latin American countries by women’s share of board seats

Over time, the group came to focus on the professional development of female corporate counsel and the creation of female leaders in law. For the more than 3,000 women who subscribe to the Jurídico de Saias app, that means access to information-sharing, job opportunities, mentoring programs, training and events. One such event is ‘De Saias Para Saias’ (‘From Skirts To Skirts’), a monthly live session on Instagram lead by senior speakers. Recent topics have included ‘thinking less like a lawyer’, and ‘the lawyer as business partner’.

‘It’s a collective, it’s a group, it’s not a legal entity, it’s not an NGO or association or anything, it’s just a group of people that benefit from this support for fostering women’s careers within legal,’ Barbagalo explains.

‘It’s not our target to be enormous, or to have thousands of subscribers, but to be effective and make a difference in the lives of women in-house counsel.’

In Mexico, the story of Abogadas MX began eight years ago, explains Paillés, who was recently elected president. Former president and founder Valeria Chapa (then general counsel for Latin America at Honeywell) returned from a Leadership Council for Legal Diversity (LCLD) fellowship program in the US, and questioned why there was nothing similar in Mexico. So, Abogadas MX was born.

‘We had very big dreams, we wanted to change everything,’ Paillés recalls.

The group started with a pilot mentoring program, where 20 senior lawyers mentored 20 younger lawyers. From there it launched an annual workshop with guest speakers – ‘we bring in people who make some sort of change in the minds of our members,’ says Paillés – which has been a virtual conference since 2020, enabling speakers to reach women outside Mexico City, in areas where equality and inclusion are scarcer.

From its beginnings as a group of 30 women lawyers, Abogadas MX is now an NGO with 700 members.

‘We have been very successful in gathering interesting people and working towards not necessarily information about law or technical information, but about soft skills that are required for women lawyers to succeed in these big law firms or international law firms or corporations,’ Paillés explains.

The organization is passionate, ambitious and structured. Four years ago, Antonia Rodriguez Miramon was hired as executive director, working with a council of senior female lawyers both in-house and in private practice, and a president.

‘We firmly believe that speaking about inclusion, diversity and leadership within the women’s sector directly translates into the development of our country,’ she says.

Through initiatives like the workshops, she adds, the organization provides a place ‘to be part of important topics to do with human development, professional development – not only legal things, but things that can nourish you as a person and help you grow.’

The work is built around four pillars: ‘support model’, where the organization provides courses, workshops, talks and networking opportunities for personal and professional development, including soft skills to hone leadership and networking skills; ‘impact on the environment’, which includes diversity and gender perspective masterclasses for law school students, and scholarship opportunities; a mentoring program; and the annual leadership and professional development workshop.

Advocacy is a key part of the Abogadas MX offering and, together with 38 law firms in the country, it has developed the ‘Mexican Standards of Diversity and Inclusion’. This takes the seven UN’s Women’s Empowerment Principles as a basis for a framework of principles to be applied to the legal profession in Mexico, and adds two more, regarding workplace sexual harassment, and gender and pro bono work.

‘We focus on being a community of women, or men allies, that know the importance of supporting gender and diversity in every place of their personal and professional lives,’ says Rodriguez Miramon.

For Barbagalo, the benefit of groups like Jurídico de Saias is precisely that sense of community. She describes her own experience of feeling alone and unsupported when returning from maternity leave and, for her, Jurídico de Saias fills a need that is especially powerful among outnumbered senior corporate counsel.

‘It’s to feel that you belong, to see that you have others like you, and to have support. Sometimes you don’t even know you have a problem if you don’t talk to others, and then you see, “Ok, there are more like me.” It is especially that you feel supported, that you have a place for equals to help you,’ she explains.

‘Being a young lawyer and having that kind of support from a group definitely would have helped me. When I got back from maternity leave, or in situations when I didn’t feel supported, I wouldn’t know there were more women like me. I wouldn’t know that I could be myself and could talk, and I could go to that group and say, “Am I crazy?” and feel ok to do that. It’s very common that people come and say, “That happened to me, is that ok, what should I have done, how should I react?” If you don’t have one formal group to do that, you don’t feel like you can look for this information, or you don’t feel confident in sharing, because it’s feels “gossipy”. But if there is an environment of openness and sharing, you see that what happens to you happens to others, and you can learn from that, and evolve, and feel empowered.’

At Women in Leadership in Latin America (WILL), that conversation takes place on a regional and even international level. Formed not only for lawyers – though managing vice president Leila Melo is one – WILL is a São Paulo-based non-profit with advisory boards in Bogotá, Miami, New York, Washington and London. Since 2013, it has supported and promoted the career development of women in Latin America, encouraged Latin America-based companies to implement programs for women in business, and promoted the exchange of best practices between national and international organizations.

Melo describes initiatives such as the annual Women in Leadership Survey – a free personal and professional development course for cisgender and transgender university students to encourage female leadership in finance, called the Dn’A Women – and the Empower Black Women to Senior Leadership mentoring program.

A wide network of women at all stages of their careers can function as a discussion forum to take stock and also move the conversation on – considering the spectrum of perspectives from generation Z, raised to expect, not request, equality, and of more seasoned women who are still fighting for it. In both Jurídico de Saias and Abogadas MX, that forum is cross-generational and both organizations have found making an intergenerational link to be fundamental in achieving sustainable empowerment for women.

‘We are very happy to see younger women looking for change, and the extent that they understand that change starts with us. Even though we need to have organizations, and men, and everybody else, involved in changing their bias, there is a little ignition, I would say, that is taking place within a lot of younger women, who want things to change,’ says Paillés.

‘We need to include younger women to see what they want and where they want to go, and how they are seeing these changes within their own organizations. You see it a lot with social media, and women doing things very differently than was done 20 or 30 years ago. Women on the board of directors of the organization are a little bit older and went through different things. I think we need that link, because the firms and the companies are controlled by older people, so we need to get that mix in place,’ says Paillés.

Adds Rodriguez Miramon: ‘We are living in an era with a lot of changes, and it’s really interesting how not only women but also men are interested in improving their way of working, the way they feel, their paternity leaves – and that finally is like a perfect match in getting our mission across faster and to talk about what we see as societal development.’

With the entry of new groups into the conversation, Barbagalo has found that a greater, and more evolved focus on inclusion and diversity is emerging, together with more understanding of intersectionality, in areas such as gender and race, but also in terms of considering all professionals as individuals with unique needs.

‘Different ways of working have a lot to do with diversity and inclusion because what works for you doesn’t necessarily work for me,’ she says.

For her, inclusion is an all-purpose tool, to be used beyond traditionally underrepresented groups, to improve the workplace as a whole. She puts this in the context of the pandemic:
‘I’m dying to go back to the office because I get distracted at home. Other people would prefer to be at home because they have a different routine. So how do we deal with that? We exercise our muscles of inclusion. I don’t look at this as a gender problem, or a race problem, or whatever problem. I just look at the different perspectives, a different person than I am, a different reality than I have.’

At WILL, Melo is conscious of the need to guarantee the rights of all vulnerable groups, not just women, and sees equality in terms of political action, health, security and education as well as the labor market.

‘When we look at the representation of women or black people in our society, or when we study the indicators of violence against the LGBTQIA+ population, or the access of people with disabilities to inclusive education and the labor market, the data show that we still face a serious situation of vulnerability and inequality,’ she says.

She believes it behoves private organizations to promote the inclusion and development of underrepresented groups in the corporate environment – and the lawyers within those organizations can play a key role.

‘Knowledge of legislation and legal issues contributes in an important way in proposing affirmative actions in the corporate environment and in private social investment, promoting advocacy for the creation of public policies that contribute to the guarantee of rights and the consolidation of a more inclusive society,’ says Melo.

Lawyers are well-represented on the board of WILL for this reason, she explains, and function as another voice in an organization which creates space for exchange between different agents of society.

In another effort to broaden the conversation, WILL has sought to involve men, with initiatives like its ‘Inviting Men to the Debate’ panel event, where leaders from national and multinational companies exchange views and experiences, and the ‘Homens da Nossa Época’ (‘Men of Our Time’), a series of interviews with male executives, who share and discuss their experiences about what it means to be a man in their time, along with conversation about diversity and inclusion.

‘For gender equality in the corporate environment, I see that organizations like WILL have been playing an important role in mediating this agenda at companies and engaging in dialogue with men, who still occupy most of the leadership positions, so that they can also understand that gender equality is also their responsibility,’ says Melo.

Abogadas MX has taken the step of admitting men as board members, mentors, workshop participants and allies – and has discovered that their presence brings the opportunity for a synergistic learning experience.

‘Maybe men don’t understand how important it is for certain skills to be there in order to succeed [in the workplace], and they think it’s a challenge where you have to run to do the best work. And it’s not that you don’t need to do the best work, it’s just that you need some additional things within your persona,’ says Paillés.

‘When they come out of these workshops, young [male] associates from law firms are amazed, because they really get touched by our analyses and it’s broadening their minds. Even the older men, when they go into this 450-woman meeting and they are a minority, just by being there they see how women feel when you go into a meeting and there’s only one of you.’

As the reach of Abogadas MX grows, so has its influence as a pressure and conscious-raising force in the industry, its leaders believe.

‘We started in a niche of high-end law firms and companies, and I think that we have become some sort of itch in every place that we’ve touched, and they know that they’ve got to change,’ says Paillés.

‘We believe that women at that level are getting stronger at requesting that their rights are met and that they are given what they deserve, and that they need to be in the same competition as men – because it’s not a matter of just “giving me things because I’m a woman”, but that we need to be at the same level. In that niche of law firms and companies I think we have made enough noise for there to be a small change.’

But there is much work to be done. The organization is working to extend its influence beyond elite law firms and corporations, to reach legally qualified women such as notaries public, or growing its program of classes at public universities, broadening its socio-economic reach into corners where bias might lurk.

‘It’s really important for us to start talking about mobility in terms of social mobility and in terms of opening our network,’ says Rodriguez Miramon.

The organization is also expanding beyond Mexico City, building on its chapters in Monterrey and Puebla.

‘It’s a matter of conscience, and we need to open up and touch more people so that the conscience of everyone starts moving. It’s a matter of making clicks within the minds of more and more people,’ says Paillés.

Systemic cultural change needs broader action than solely that of underrepresented groups. But women themselves are creating momentum to raise their own tide, lifting not only their own professional presence, but that of generations to come.

Covid-19 and the case for inclusion in Latin America

Since the Covid-19 global pandemic took the world by surprise in January 2020, no shoulder has been left untapped by the virus, which continues to intrude into personal and professional lives.

Latin America was hit hard, both in terms of health (by summer 2020, the region was declared the epicentre of the pandemic) and economic impact – Latin American GDP fell by 7.5% in 2020.

As it continues to bruise the population, Covid-19 has stressed societal fault-lines, leaving communities and countries grappling with uncomfortable facts – unequal risk of infection and severe illness according to socio-demographic factors like age, disability, ethnicity and affluence – and ethical questions, over access to healthcare and vaccine equity, for example.

We have seen that inclusion can be a matter of life and death. But Covid-19 has raised the stakes for diversity, equity and inclusion (DE&I) in corporate life too, as the workforce struggles to cope with its challenges. In August 2020, McKinsey surveyed over 1,000 executives and over 2,500 employees in large companies across 11 countries. The resulting report uncovered worries around mental health, work-life balance, and workplace health and safety, the connections between workers and employers, and job opportunities. But the gravity of hardships varied along demographic lines:

‘In every country, members of diverse populations reported additional challenges and felt them more acutely than their nondiverse counterparts. For example, nondiverse employees in the United States have experienced, on average, one acute challenge during the Covid-19 crisis, in addition to several other moderate challenges (those that are reported as being felt “somewhat” by respondents). Their diverse US colleagues reported 1.6 acute challenges.’

Furthermore, workers in emerging economies, like many in Latin America (the research looked at Brazil, Mexico, China and India as well as Canada, France, Germany, Ireland, the United Kingdom, and the United States), have felt the effects most starkly:

‘The severity and prevalence of these challenges, such as with mental health, were far higher in developing countries than in developed nations. Among diverse groups, these concerns were both higher in number and felt with greater urgency.’

Women, LGBTQIA+ people, people of color (POC) and parents were found to be struggling more, the report said.

Women at risk

Taking the first group, the pandemic has hurt women more than men at the societal level. In its July 2021 report, Gender Equality and Covid-19: Policies and Institutions for Mitigating the Crisis, the IMF set out the issues facing women across the world. Comprising 70% of the health and social care workforce, women are at greater risk of infection. They are also at increased risk of extreme poverty – likely to work in pandemic-scarred industries such as retail or hospitality, and in less secure or informal jobs, while housework and childcare duties have meant that, in some countries, women are even leaving the workforce. Meanwhile, lockdowns have led to a growth in gender-based domestic violence; school closures endanger education for girls, as many simply may not return to school when they reopen, and the digital inclusion gap for women threatens to widen.

Alexandra Blanco is general counsel at Pro Mujer, a Bolivian non-profit dedicated to empowering women, and is seeing this play out on the ground in Latin America:

‘In Bolivia, people have lost their jobs, we believe that’s been a major setback for women. We have data regarding the setback of Covid-19 especially in Latin America, that’s been extremely hit. The governments have not been able to react properly to support people or companies so it’s going to be a major hit and it hits women. Schools in many countries have not reopened, so you have women trying to navigate home school, women that have lost their jobs and are trying to also home school, and they don’t have places to take their kids and to look for other employment,’ she explains.

‘You don’t see a program to reactivate the economy as you do in countries that are more stable financially, so definitely I think Latin America is probably one of the regions that are going to take one of the biggest hits.’

Digital inclusion

Sheila La Serna, chief legal officer at pension fund manager Profuturo AFP, describes the economic background to the pandemic’s impact on Peruvian women:

‘We have a lot of informality – our economy is 70% informally employed. 95-99% of enterprises in Peru are micro and small enterprises and at least 70% of them are led by women. During the pandemic, a lot of women had to shut down their businesses, so my impression is that the gender gap will increase in future years. Women and men have a gap of almost 30% in terms of salary – women will earn 30% less than men in terms of formal jobs. But in terms of entrepreneurs, which are normally not official – they do not pay taxes, they have very little workforce – the kind of business that really helps women who are very ambiguous.’

La Serna explains that women in Peru often run service industry organizations such as beauty parlours, as entrepreneurs commercializing whatever they can, often in the face of technology inequity.

‘Very broadly speaking, the economic impact in Peru of the pandemic has been huge. We have more poorer people than 30 years ago. But, at the same time, people are reinventing themselves. They have proven resilient – that inventive and creative minds of women and men that are fostering the implementation and creation of new businesses and business models very digitally,’ she says.

‘We don’t have equal internet for everyone, so that informs everything. Every business that is engaging in digital and digital transformation is just riding the wave with the pandemic, but those that are not favored with that internet connection – not only the resource itself but the internet capabilities, for example, to be able to understand what e-commerce means, all the technological skills, are something that we are struggling with in some parts of the population. A lot of them don’t have resources like laptops. The government is working on that – there’s a governmental plan to improve the resources and the capabilities of entrepreneurs and to just reduce the technological gap in Peru.’

Corporate life

But what of corporate Latin America? The picture is not rosy, either. The female GCs we spoke to in Latin American countries all emphasised burnout and mental health strains among women in the workplace as significant pandemic-related impacts that have informed the D&I agenda.

And that is borne out by the stats. Seven out of ten female executives in Latin America believe that Covid-19 will negatively impact gender equality, according to the Esade Gender Monitor Latam report published in 2021, which surveyed 1,000 female executives in Chile, Colombia, Mexico and Peru. 41.4% felt that the pandemic would be detrimental to their prospects of promotion.
A woman’s place?

‘I think the pandemic was really hard, especially for working moms. When I talk to my female friends, the word that they always use is: “exhausting”. Because, in Latin American countries, for the most part of the time, the house tasks and raising the children, care, falls more to women. Also we have a lot of contract terminations across the country, and across the globe, and women were hit more than men,’ says Ana Paula de Almeida Santos, former head of legal for Rock Content in São Paulo.

The McKinsey report talks about the ‘double-shift’ – of work and household tasks – and the pressures these place on the mental health of women around the world. But these pressures can be more acute in emerging economies:

‘Women are also more concerned than men about increased household responsibilities – suggesting that the stress of the “double shift” continues to be a gendered issue around the world. Women in emerging economies such as India and Brazil are two to three times more likely to report challenges as their peers in developed countries, suggesting that gender and local context may have a compounding effect.’

Until a more equal distribution of household tasks is achieved, and with pandemic-related work from home seeding additional work at home, many corporations have stepped up to provide the flexibility needed for corporate professionals to keep the plates spinning.

‘Before, I think that companies didn’t believe very much in working from home, and now, if you want people to be good and healthy, you have to start to understand their needs, how they think, how they feel. It is not very important anymore if they are going to be at home for a shift, because, at the end, what you require is that they accomplish their work, not when. They are going to be a better worker and they are going to fight for you,’ explains Alejandra Bogantes, legal manager for Costa Rica and El Salvador at Walmart México and Central America.

La Serna agrees: ‘I have a lot of members of our team that are mothers, or they have to take care of their parents who are old, and they have different schedules. So, the baseline for us from the pandemic has been flexibility, to be very supportive of the team, more flexible than before the pandemic on schedules, and to provide them with all they need to have a good performance in the company,’ she explains.

‘We try to balance and be flexible. We do not, for example, schedule meetings too early in the morning, because some have home school tasks, or they have to take care of their parents, or maybe they are sharing the laptop with their little kids,’ she said.

São-Paulo-based Amanda Lee Cotrim Lopez, senior Latin America legal director for ADP, describes one company solution for lessening the burden of homeworking.

‘Latin America has a strong culture of women being primarily responsible for household activities. Since the start of the Covid-19 pandemic, lunch breaks have not been like before, when we would go to the cafeteria, buy our lunches and still have a few minutes to relax. Now people have to prepare lunch, feed their kids, help elderly people or other people at home with them. This is a huge burden that unfortunately is falling mostly on women associates. With this is mind, we decided to allow our associates to extend their lunch breaks from 60 minutes to 90 minutes during the work from home period in the Covid-19 pandemic.’

She adds: ‘This is something that directly impacts our women associates. But as we also allow our male associates to take a longer lunch time, we would expect them, if they live with a partner, to take this time to also support any household tasks.’

Gender-based violence

In one instance, we heard how corporate support can extend beyond pragmatic support for women working remotely, and into the existential. Levels of gender-based violence were extremely high in Peru even before the pandemic became a pressure for fraught households and, on top of the physical and emotional cost, the World Bank estimates that this violence is equal to 3.7% of GDP in lost productivity for the country. Sodexo in Peru has tried to tackle this issue head on during the pandemic.

‘Of all the numbers that were critical, it was the number of women that suffered violence during the pandemic, because most gender-based violence is in the home. People who suffer violence are in the same room all day with the aggressor and you have to consider all the depression and the fear that the pandemic brought us. So, violence increased a lot during the pandemic. That’s why we made a statement about violence, and we launched a campaign looking “behind the face mask” to help people that are suffering violence to speak up,’ says Mariana Olivares, director of legal and corporate affairs at Sodexo Peru.

The impact of the pandemic on diverse groups goes well beyond gender equality. While not focused specifically on Latin America, the McKinsey report found that LGBTQIA+ employees were more likely to report feeling isolated and fear losing ground at work. People of color in majority-white countries were concerned about career progression, balancing tasks at home and career progression, as well as workplace health and safety. Parents faced challenges over school closures, reporting worries about household challenges, mental health concerns and career progression.

Back in the closet

Francisco Robledo Sánchez is a consultant and strategist in LGBTQIA+ labor inclusion in Mexico and runs the annual HRC Equidad MX Global Workplace Equality Program, an index that accredits companies in Mexico based on their LGBTQIA+ inclusiveness.

One of the biggest problems he has seen in the LGBTQIA+ community in Mexico has been stress experienced by those forced by lockdowns to go back to live with people who discriminate against them, effectively putting them back ‘in the closet’.

‘We ran a survey a couple of years ago and asked people how “out” they were with their family, friends and co-workers. At work, 56% of people are in the closet. 65% are in the closet with their family, and only 20% in the closet with friends. For people going back to wherever they call home, with the people they call family or whoever they live with, 40% of people had to go back in the closet,’ he says.

‘But for people that were actually out at work, and not out with family or friends, work was their safe place. Companies are still finding their way on how to build online safe places for LGBTQIA+ workers that are doing home-based working, so it’s been a big challenge for people to actually be comfortable and be who they are while at work, when not having those safe spaces anymore.’

Robledo Sánchez adds that the suspension of face-to-face events has presented a challenge for companies engaged in LGBTQIA+ inclusion to demonstrate their commitment.

‘It’s easy just to put your flag out, participate on a Pride march, sponsor an event. But now that everything turned digital, they didn’t see the opportunity of sending out messages, having webinars, putting this conversation on the digital platforms. That’s why we have to push training, so anyone can be a sponsor or a spokesperson for LGBTQIA+ issues in their company, other than having the easy part of just using the marketing tools,’ he says.

The whole person

But the GCs we spoke to for this report also stressed that the pandemic was not all bad news for DE&I in the corporate landscape. For some, like Carolina De Nardi, chief counsel for Latin America at Zoetis Inc, it brought an increased sense of empathy.

‘You’re talking to me at home. I can have dog barking noise, or my child, whatever noise it could be. And then, as a consequence, you start to look for the person as a person, not just as a professional,’ she says.

‘Although the pandemic was dark times for some people, I do believe that it brought us the ability to look to the other person and see more than just an email. I think that it helped us to take a better look into diversity and inclusion inside our organizations. I do not have, let’s say, a thousand employees, I have a thousand people that are part of a thousand families, and they have a thousand histories behind them. The pandemic helped me to understand more about my team, to understand their histories, their fears, and what they want, not only talking about career aspirations, but talking about their life goals.’

Empty seats

With working from home not just tolerated but mandated, less emphasis on presenteeism could be beneficial for women with childcare responsibilities, says María José Van Morlegan, director of legal and regulatory affairs at Edenor in Argentina:

‘When you go to the office, and you see a man and a woman, and you see that the woman has to run away to resolve something at school or a medical situation, it’s like: “oh, she’s leaving work, she’s not taking enough care of her duties.” No one asks about what that guy is doing at the same time – if he’s going to football practice or having a lunch or playing golf. The pandemic allows us to see that she is responsible, she is good at work, she can do everything the same as a man. You see men saying, “I have to arrange this maybe in a couple of minutes, because my wife has to go to her job, so I have to take care of the baby”, which is an opportunity to see the possibility of both doing the same thing.’

One GC sees the rise of remote working as an antidote to the brutal reality of corporate law firm parenthood – if burnout can be managed.

She says: ‘I remember when I stopped working in law firms and moved to the corporate world when my first kid was born, because the law firm work seemed to me incompatible with motherhood; I could not get that to work. This will probably change the way we work in the future, because (women) didn’t have to choose between motherhood and working, they could have everything in the same place. And although it was not easy, it was probably better for a lot of us than leaving our babies and going to the office until late at night.’

Such optimism might not have yet translated into increased opportunities for women just yet: 82.8% of female executives felt that men were being preferred for management roles according to the Esade Gender Monitor – Latam report – up from the 2020 report of the same name.

Zooming towards inclusion?

The less formal video call is commonly seen as a tool for strengthening inclusion, not only for women but for other communities too – although not everyone in the Latin American corporate world is pleased with this prospect.

‘The freedom of the people, of the gender expression that they felt at home, it was priceless. A lot of companies had to rewrite business dress codes for the digital area, because they found that people were just so free. LGBTQIA+ people started to express themselves much more freely, growing their hair, using make-up and accessories, and people were starting to see that as a problem when they were looking into the camera,’ says Robledo Sánchez.

‘These months will be very decisive on how we are going to come back to day-to-day work in the office, where people are freer on expressing and dressing and being themselves.’

Video calls were also reported to widen access to information across geographical divides as well as demographic ones, with the potential for digital DE&I training to reach areas where a face-to-face event could not. In some cases, the candidate pool has even been extended outside the typical metropolitan areas from which talent would previously be drawn.

‘Our data protection officer is from the Northeast and she’ll be working from there, she’ll be coming to meet with us from time to time. Before the pandemic, this was impossible, because you just thought that everyone had to be in the office 100% of the time. We have seen many initiatives within Nubank to welcome people from different regions – because Brazil is such a huge country that just having this diversity in terms of regions brings a lot of value to the teams,’ says Pedro Frade, legal director at Nubank in São Paulo.

Improving access

Tech-assisted working can be a double-edged sword for people with disabilities, however – broadening access to previously inaccessible locations or buildings, while creating potential obstacles depending on individual needs. At Walmart, Bogantes describes how the Costa Rican Ministry of Health mandated an office for client services, for colleagues with hearing loss, impacted by face mask use, for example, to access additional support during the pandemic.

Adds López: ‘For people with disabilities, we had to accelerate accommodations, we had to accelerate this evolution to understand their needs, to understand that they had to be working from anywhere. It’s been a journey.’

As companies in Latin America have adapted to new ways of working and the resulting inclusion challenges, legal teams are often poised to support the transitions in ways that can promote equality. At Walmart, the legal team has provided guidance for Walmart’s client services offices, such as preparation for government inspections.

At Sodexo, Olivares not only leads the legal team in Peru

but also the local diversity and inclusion program, and has stepped up as an advocate to widen access to public health information.

‘I wrote an article about the responsibility of the company in the vaccination process. Although the decision about being vaccinated is a personal one, the company can do something from the position of employer and that’s giving information, giving the chance for people to hear from specialists about vaccination, because sometimes the discussions are between neighbours or relatives. I feel part of our responsibility as leaders was to provide information to our people so they can decide if they want to be vaccinated or not, and also give all the permissions they need to go to the vaccination centre,’ she explains.

Her legal function also has an important role to play as the pandemic shifts into a new phase and companies adjust to ways of working that can be sustained long term:

‘The screen is not enough, we need to return to the coffee table, to improve our capability, and we are tired, also. So we are now in the process of switching, in some instances, from remote work to this hybrid way of working, half and half, so people feel comfortable and feel safe as well. I feel that’s something very related to legal. I think we need the correct balance, because working from home has a lot of benefits, but it also raises some lines about duties. I don’t think that people 100% respect the schedule, the day, so we need to also remind them that we have schedules, that we have process [for a reason]. People and their families will have burnout, people will have some mental health issues. We have to understand that,’ she says.

‘As legal, we need to be at that table in that discussion – it’s not only how we want to make it as a company, but we also need to respect the labor regulations. I think that legal has really a great opportunity to work on this topic.’

Looking to the future

Societal divisions exploited by the virus are not new, but many of the solutions innovated by corporations in Latin America and the senior corporate counsel who are engaged in DE&I, are. It may be the case that Covid-19 has set the clock back on inclusion. But many are more hopeful: that as corporations, and as people, we have learned more about each other and our needs, and that this new understanding can be the bedrock for a more inclusive future.

As Valéria Schmitke, regional general counsel for Zurich Latin America puts it:

‘Some people are saying we retroceded 10 years in terms of D&I. I’m not sure about that really. Let’s see how the society recovers from this pandemic. History shows that after pandemics, after big crises, society flourishes. So let’s see. We will continue to work.’

We Need to Talk about Race and Ethnicity: A Toolkit

‘We just hired a gentleman of Asian descent who was a food scientist for eight years before he finished law school. I immediately went to offer him a job because it was just unique.’

Gail Sharps Myers, chief legal officer and chief people officer at Denny’s, illustrates today’s corporate drive for better diversity, often as a gateway to diversity of thought – the understanding that a multiplicity of backgrounds will generate a multiplicity of perspectives, acting as an engine for performance, creativity, innovation and, ultimately, more success.

But, as leading general counsel know, diversity is only half the story. Leveraging the collective experience of a diverse workforce is not as simple as hiring different people and alchemizing their perspectives into corporate gold. The secret something, more fundamental than a drive for diversity, is inclusion – creating the environment where diverse people can feel welcome enough to perform at their full potential. And the principles of inclusion are often the same regardless of the type of diversity you are looking to promote.

For Phyllis Harris, general counsel, chief compliance, ethics and government relations officer at the American Red Cross, that means ‘providing an avenue for everyone to thrive in the workplace without thinking about “what is their sex, what is their race, what is their nationality, what is their ethnicity”. In doing so, the way that people thrive is helping them find their value that they will bring to the organization.’

For the legal profession in particular, the stakes for neglecting inclusion are much higher than the risk of losing out to competitors.

‘To truly have an inclusive representative democracy and to have laws that are embraced and supported by all people governed by that democracy, you need to have everyone in the room, which means you have to have lawyers from every ilk, color, division, religion and gender,’ says Carlos Brown, senior vice president, general counsel and chief compliance officer at Dominion Energy.

‘Those that have access, knowledge of and facility with the law tend to be able to create opportunities that benefit themselves and the people they represent. To the degree that African Americans uniquely, but also Asian and Latin Americans and other ethnic minorities, have not had equal access because of discrimination or de facto discrimination with regard to access to law school, or access to the bar or access to certain law firms and certain experiences, it also has a broader societal impact on the way that law is written, the sensitivity issues, and how they impact on the community,’ he explains.

‘Being in the room where it happens – and typically one of the hall passes to get to that room is having access to the law – makes a difference. And for your community and your people, and people who may look and speak and have other similarities to you, to the degree that’s been dominated by one societal cleavage explains why, in many cases, laws have been somewhat insensitive to others.’

The arguments for diversity, equity and inclusion (DE&I) are well known, and their impact on organizational performance has been proven. But it is useful to reiterate them, because the first step in any plan for tackling these issues is to know why you want it.

Step one: understand why

‘Let’s be honest, you’re going to have to ask your people to make changes to their behavior, which they may not like. You’re going to have to ask your leadership to start thinking differently. You have to understand why you want to do this – is it because it aligns with company values, is it because your GC really cares about DE&I, is it just because it’s the right thing to do, or is it the business case?’ says Leila Hock, chief growth officer at Diversity Lab, an incubator for ideas to further diversity and inclusion in the legal profession.

‘Your “why” will drive how you message your work and what that work is, so it’s important to get it right.’

Many organizations were spurred into greater action on race and ethnicity inclusion by the murder of George Floyd. As a wave of protests spread across the US and beyond, conversations about race in took on a new urgency. It became clear that passive opposition to racism was no longer enough – it was time for action. As with many individuals, organizations looked deeper inside than they had before, and found that meaningful change required better understanding of the nuances of systemic prejudice and the complex interplay of privilege and bias, both conscious and unconscious.

Above all else, business has had to become brave enough to listen.

‘Companies are asking questions, people are asking questions. Companies are having candid conversations that I could not have imagined five years ago,’ says Kimberly Banks MacKay, general counsel and corporate secretary of West Pharmaceutical Services.

As corporate advisers, says Banks MacKay, in-house counsel are well placed to facilitate conversations and function as agents of change. But, especially for leaders who are also diverse, there can be a cost.

‘Even though it is critical, and even though it is part of our unique position as lawyers, it doesn’t make it any less uncomfortable. I will say, candidly, as a person of color, you are oftentimes one of a few in the room to help drive these conversations, and it is not always comfortable to have the spotlight on you in that way. But I also recognize the responsibility that comes from that – because sometimes we are the only people in the room to be able to speak to these issues in a very personal way.’

The legal profession is on its own journey towards greater and more inclusive representation of racial and ethnic minority lawyers, both within law firms and corporate legal departments. At the front line of change is the Leadership Council on Legal Diversity (LCLD), an organization of over 400 CLOs and managing partners working towards DE&I in the legal profession. President Robert Grey describes the training the LCLD provides to the next generation of racial and ethnic minority lawyers to foster their success. However, he says, individual preparation is only half of the story. Culture is the other – institutionalizing practices to make them systemic and sustainable.

Don’t change the numbers, change the culture

At the highest levels, the conversation about DE&I might be about strategies, goals, metrics and KPIs. But the workplace, with all its microaggressions, is experienced on a highly personal level – and remembering that in all interactions is the essence of culture.

‘Twenty years ago, if you were being invited to a law firm social event, the invitation might say “Please bring your spouse to this event”’, says Rick Sinkfield, chief legal, ethics and compliance officer at Laureate International Universities. ‘I don’t think people meant anything offensive or exclusionary by it, but if you’re in the LGBTQIA+ community, you might be like, well, I don’t have a spouse. I have a partner. And then you wonder, is my partner welcome, or do you have to be heterosexual to attend this event?’

‘Unless that person feels empowered to go to the welcome committee and say, “Hey, maybe we should change that invitation”, then by accident you have sent out a signal. You want these people to stay and be productive and lead your firm, but you’ve kind of given them the cold shoulder,’ he explains.

‘That’s just the little stuff. What about the big stuff? Who gets assignments, who gets to work for which partners, who gets to go on the big trips, who gets to be sent to the Brussels office to learn EU law? It all builds on each other. At every institutional moment, someone has to ask the question: is the way we’re doing things – intentionally or unintentionally – sending a signal that some group isn’t welcome or isn’t on par with the others.’

It comes back to the idea of listening, says Sinkfield: ‘If there are people who are telling you that they don’t feel welcome, you need to listen to them. I think that’s the key to the workplace. Listen to people and try to make the workplace a place where everybody can excel on their merit, and performance.’

Step two: get the right leadership in place

Fundamentally, any good strategy for building inclusion for underrepresented racial and ethnic groups cannot be developed without the input of those groups. Equally, for any kind of cultural change to take root, having the right leadership in place is also essential – and the higher up the executive ladder the better. But whoever the ultimate sponsor is, they must make that commitment personal.

‘You can say that you’re in it to win it, that you have a desire to see a more equitable environment. But what people are motivated by is your conduct – what are you bringing to the table as a leader? Because if you bring your full self to this initiative, with your own commitment, then that will encourage others to do the same,’ says Robert Grey.

Myers has seen the value of this at Denny’s, where the CEO is a diversity champion: ‘As he’s tried to make sure that these issues are addressed throughout the organization, he is very vocal, very upfront, very engaged in all of our employee resource groups. He has empowered his executive team to do what they think is necessary to not only show the new employees and the old employees what our diversity and inclusion engagement is about, but also being totally transparent about the company, its numbers, its activities, and it’s commitment.’

The general counsel is also extremely well placed to spearhead such efforts, as an organizational leader with the ability to drive change, a business adviser with a responsibility to ensure that corporate values, frameworks and actions match, and as a client with the power to drive those values across the supply chain and extend influence beyond the borders of the company.

As a member of the board of directors of the Leadership Council on Legal Diversity, Carlos M. Brown has created a pledge, setting out his DE&I leadership goals at a granular level. They include having a DE&I committee specifically for the law department that provides oversight and engagement of the team’s efforts, while also requiring leaders within his department to submit their own personal diversity plans in which they identify between three and five specific actions that they will own.

Skin in the game

Personal commitment can manifest in many ways, from performance management to personal choices, and leaders who are diverse themselves have the opportunity to be the crest of the waterfall in ways that feel most personally meaningful.

Says Ashley Page, chief compliance officer at Endeavour and former general counsel at Learfield: ‘I have got to a point in my career where I feel strongly that it is my responsibility to bring my authentic self to work every day and set that example for others. I wear my hair in a natural style – I noticed when I joined the team at Learfield IMG College that other Black women in the office started feeling more comfortable wearing their hair in those styles. It is not just about being comfortable in my own skin, it is about a responsibility that I have to lead by example in bringing my authentic self to work and hit difficult conversations head on. Just by having those discussions I set the tone and the example for others around me.’

For all leaders spearheading DE&I efforts, making a personal commitment might involve risk, cautions Robert Grey – but that is part of the personal and organizational stretch required.

‘You’re going to have to risk some personal capital in this effort to show people you’re in it for the long haul. And if you don’t risk anything, nobody else will either,’ he says.

That risk could be reputational, loss of following, loss of face if others are critical of your strategy. But such risk, he says, can be minimized by another of his pillars for a successful strategy – transparency. In this context, transparency could be the support in numbers of others of a similar stature in other organizations being open about their successes, or their attempts.

Step three: be transparent

Myers agrees about the impact that transparency can have, and she has seen it on the ground at Denny’s.

‘You have to have transparency into pay and what you’re doing around your employees. So it’s terribly important, on an annual basis, to do a pay equity study. We do that at Denny’s and have been doing it for a number of years. We report that study to the board and to the executive officers of the company,’ she explains.

‘I think it’s also incredibly important, and it’s kind of new, to have a human capital report. We will be publishing our first in January, and it’s going to have full transparency into our organization, what our numbers look like and what we’re doing to make sure that we either maintain the inclusive environment that we have or that we chase after those areas where we think we have an opportunity.’

For Grey, transparency includes the process of formalizing the leader’s personal commitment by codifying goals in a written form (as with the pledges created by Brown along with roughly half of LCLD members) and displaying those goals to create a sense of accountability.

But when creating a culture of inclusion in in-house legal teams, it might not be obvious where to start. Why? Because many in-house teams suffer from of a lack of data.

Step four: gather data

‘Whereas law firms routinely submit their numbers with regards to the make-up of their teams and leadership, in-house legal departments don’t. There are some organizations that collect that information but, on a large scale, there’s no great way to understand specific gaps in the in-house legal community as a whole,’ says Hock at Diversity Lab.

‘Legal departments are… often made up of and easily attract white women. But when we start to break it down into underrepresented racial and ethnic groups, LGBTQIA+ lawyers and lawyers with disabilities, they have more challenges – and there are certainly challenges around underrepresented racial and ethnic groups,’ she explains.

Hock advises legal departments to find a way to measure where the biggest gaps are, while Valerie Portillo, Diversity Lab’s legal department and law firm integration strategist, also emphazises the importance of simply asking questions, unpicking facts from assumptions:

‘When you start asking questions, you start to uncover things that you were not necessarily aware of. We had a lot of conversations with legal departments that have started asking these questions and they said, “Oh, this partner who we had seen as falling into the faithful lieutenant role is actually the person that is our go-to, so we want to shift credit to that particular person”,’ she explains.

Hock and Portillo stress that the strategic goal should be to establish inclusive structures and practices, which will then attract diverse talent, rather than bluntly targeting underrepresented groups.

‘What we’ve seen in the legal industry is very slow movement of actual increased underrepresented racial and ethnic groups, because often people want to hire and then they don’t change their practices, they don’t make people feel like they belong and then they just go elsewhere,’ says Hock.

‘Look at your current population, make sure you’re not losing your underrepresented lawyers at a higher rate than your overrepresented lawyers. So start with the data and the metrics and go to where that takes you.’

Step five: identify areas of impact

The leader must identify areas of potential impact where change can and will occur, says Grey in another of his pillars for DE&I strategic success. Whatever those areas are, they must be explicitly said and seen.

‘We can’t account for it unless we know what it is, and we can see it, and so we think the idea of measuring ourselves against those pledges and those initiatives we’ve chosen, is also an important tool in the growth and the sustainability of these initiatives.’

We return to the importance of transparency, which Grey sees as an active concept, involving discussion, feedback and iteration.

‘To make [DE&I] scalable, which is a goal of ours, is this idea of socializing these ideas, of crowdsourcing the better practices. And so that’s the stage we’re in now. Now that we are getting people to do these pledges, let’s stay one step ahead of the curve by saying to ourselves: how can we socialize these ideas, how can we elevate the discussion to not what we intend to do but what we are actually doing? Putting those practices in front of people and opening them up for discussion, being critical of them, both internally and externally, will allow us to create the improvement that needs to take place,’ he explains.

Step six: measurement

Grey’s final pillar is measurement, and he is supportive of KPIs for DE&I. But he also is an advocate for peer review in this space.

‘We have operated in silos for a long time. So you ask a major company, “How are you doing?” And they say, “Well, I think I’m doing fine.” “How do you know?” “We’ve got more diversity than we had last year.” Ok, that’s progress,’ he says. But measurement should not stop there.

‘Are you doing the most you can do? Are you operating at the highest level you can? Are you creating a sustainable and systemic approach to the problem you’re trying to solve? What’s the review mechanism for your work? Is it your standard, or is there an industry standard? Is there a peer standard? What are we working with? I think all that has yet to come because we’ve operated in silos so long that we’ve never had a measurement outside of those silos to determine if my initiative is operating at peak efficiency.’

Grey’s ‘socialization’ of the review process seeks to transform it from a purely top-down process to something akin to an agile one, where peer discussions offer feedback and a chance for iteration.

‘I think that this idea of bringing the initiatives to a larger discussion group allows us to be critical, helpful, but, more importantly, to not have everybody trying to invent the same wheel over and over and over again,’ he says.

Building a culture of inclusion is not a quick process because organizations need to challenge themselves. That could take years. But it doesn’t mean that organizations should see that culture change in a different way to other change management processes – like technology transformation, says Grey.

Leadership Counsel on Legal Diversity (LCLD) calls for leading in-house counsel to make a personal pledge to move diversity to the front burner of their organization. Among those having taken this pledge is Carlos M. Brown, senior vice president, general counsel and chief compliance officer at Dominion Energy. The pledge offers an example of how general counsel can commit to D&I.

I, Carlos M. Brown, personally commit to the following:

  • I will champion diversity and inclusion by leading by example. My current leadership team consist of six individuals, three of whom are women and two of whom are African American. I will endeavor to maintain at least 50 plus percent diverse representation on my leadership team, including at least 25 percent racial and ethnic representation.
  • I commit that my succession plan and the succession plans of each of my direct reports and each of their direct reports will maintain at least 50 percent diverse representation, including at least 25 percent racial and ethnic representation.
  • I commit that 50 plus percent of the new hires in our organization will be diverse, which is consistent with our corporate goal and I will actively participate in the recruitment of a talent pool that will ensure that this goal is successful. I will own this goal.
  • I commit that our law department will spend at least 30% of our outside spend with diverse firms or diverse matter responsible attorneys at majority firms and vendors.
  • I commit to identify 3-5 associates at our principle outside law firms and will personally meet with them at least twice per year to provide coaching and mentoring and will insist on their substantial participation in our matters. Further, I will formally inquire with firm leadership twice annually as to their development and prospects for promotion.
  • I will commit to make myself available to diverse talent at every level of Dominion Energy and identify 3-5 individuals that I can mentor and sponsor for inclusion on executive leadership succession plans.
  • I will commit to an annual in person meeting with our outside law firms to review lawyer staffing on our matters. We will establish a goal that 35% of our work be led by or have a billing or relationship responsible partner that is a woman or a person of color.
  • We will support our teams continued participation in Leadership Council on Legal Diversity, the National Bar Association, Women of Color, other minority bar associations and local chapters. We will support the organizations financially and with our attendance at programming in order to support the work of these critical organizations and provide development opportunities for our diverse attorneys and their allies.
  • We will continue to participate in the LCLD 1L program at the level of at least 3 interns per year. We will encourage our principle firms to convert 1L offers into 2L offers and ultimately into permanent offers. We will commit internal resources to supporting these interns throughout their law school careers and after.
  • I commit to champion social justice and diversity and inclusion at Dominion Energy, in our industry and in all other spheres of influence that I may have. I will not just take up the seat at the table that has been set aside for diversity, African Americans or other people of color, I will use my voice, I will say something, I will lead.

‘“We’re going to be the best at technology than any other company”, and when you decide you want to do that, guess what? You just unleash all of the talent and authority and power, and you drive it. You start saying “I want know what we’re doing about this.” If you hold people to that same standard on diversity, then we will drive a more productive effort at making it happen.’
He adds: ‘Part of the storyline is if you apply the principles of success to diversity that you apply to other areas that you consider a challenge, you will be successful, because we know our own track record at doing these things.’

We’ve seen six steps towards a framework for inclusion, comprising understanding, leadership, transparency, data gathering, targeted potential impact areas, and measurement. Next comes the task of populating that framework with the meat of a DE&I strategy – the initiatives.

A good initiative should embed structure into processes and talent systems. In an echo of Robert Grey’s pillars for a DE&I strategy, Leila Hock at Diversity Lab believes that a good initiative should include structure, accountability, transparency and collaboration.

Cultural competence

Improving D&I through recruitment requires some degree of cultural competence, says Grey: ‘You can’t just say, “I want people from the Middle East” if you don’t know anything about people from the Middle East in your organization. Or, “I love African Americans, I’d like to have more of them”. If you don’t know anything about their plight and about the obstacles they’ve had to deal with, then how are you in your organization going to develop those individuals in a meaningful way?’

First of all, it’s essential to go where talent is, and organizations can expand the target talent pool instantly by going to the right colleges and law schools and seeking out the best candidates. But exploding structural inequalities that impact the talent pipeline takes investment in potential talent before the point that they are ready to enter the workplace.

Mentoring can be effective, says Brown. He recalls his own time as a law student preparing for the LSAT exam, when he happened to bump into Justice S. Bernard Goodwyn – the only African American lawyer he knew – in the law library. Justice Goodwyn advised him of the availability of a grant to partially fund LSAT preparation classes, something he was entirely unaware of.

‘My score increased by 20 points between my initial practice test and the actual LSAT. That LSAT score allowed me to get into Harvard, UVA, Georgetown, and a number of other very prestigious law schools, and so made me a candidate for significant scholarships. But for the fact that the one black lawyer I knew, Bernard Goodwyn, saw me in the library that day, I never would have known of the material difference that that prep class would make in my career and life. I likely would not have prepared, likely would have underperformed, and likely would not be here talking to you today,’ says Brown.

The intersectionality of diversity is an important factor, with economic disenfranchisement and other factors often overlapping with racially and ethnically diverse candidates. Brown is vocal about the need for underrepresented racial and ethnic minority lawyers to receive support throughout the entire process of qualification, whether applying to law school, achieving at law school, navigating the world of recruitment, and then getting the market exposure and visibility to succeed in their careers. Otherwise, he says, the structural obstacles faced by would-be lawyers without the experience or exposure to the law of others, without knowledge of the system gleaned from family or friends, will stymie even the brightest sparks. Internships and sponsorship for diverse student candidates can be effective.

When it comes to drafting job postings, it is important to not accidentally screen out diverse candidates by being needlessly narrow in the requirements – for example industry experience or length of service – and to focus instead on qualities, such as leadership, initiative, versatility, creativity and energy. Vacant roles should be advertised outside the traditional channels, in places that encourage a diverse slate, such as colleges with a historical representation of the groups you are looking for, affinity group bar associations, and websites of relevant organizations.

When the résumés come in, it’s important that the selection process and interview panel are staffed by a hiring team and interview panel reflecting different races and ethnicities, as well as genders, and even different parts of the business. The decision cannot be influenced by one perspective if all candidates are to have a fair chance.

Inevitably, DE&I is a chicken and egg story – if you build an inclusive culture, diverse people will come, but is it possible to create – and maintain – that truly inclusive culture without the input of diverse people in the first place?

This process is a journey along a continuum – and it’s crucial to meet people where they are, which will depend on where they’ve come from along that journey, says Grey.

Perhaps key to beginning that journey of inclusion is to confront unconscious biases and turn a room of people with unacknowledged prejudices into a room of allies.

But to uncover those biases, you need training. Lots of it, potentially.

‘Training and exploration of unconscious biases, not just in a two-hour or three-hour seminar, but in an ongoing way that will have stickiness within an organization is key, because that’s where you have to start. You have to change the mindset. Once you change the mindset or open up the mindset, then the real work can begin,’ says Myers.

Mentoring, sponsorship and allyship

Mentoring and sponsorship are important tools in the inclusion kit, to help racial and ethnic minority associates build on their strengths, navigate the cultural landscape of the company, and benefit from the various experiences of those who have succeeded.

‘That does not necessarily mean a mentor of the same race or ethnicity. I can say from my own career that some of my best mentors were white men, because they were very interested in understanding my challenges – and I was not shy in telling them some of the obstacles I was facing as I was practicing law,’ says Harris.

But just having a mentoring or sponsorship initiative in place does not mean that beneficiaries are effectively prepared for success if that initiative is not properly devised and implemented. This point speaks to the importance of Diversity Lab’s mantra of structure, accountability, transparency and collaboration.

‘An underdeveloped mentor or sponsorship program just says, “Valerie, meet your new mentor, Leila. Develop a relationship.” And that’s where actually a lot of mentoring programs stop,’ says Hock.

‘There’s no structure to how the relationship should go, there’s no accountability to make sure that the mentor and/or the sponsor actually checks in with the protégé or mentee, there’s no transparency in really understanding how that relationship is going, and there’s no collaboration amongst the mentors or sponsors or protégés.’

Phyllis Harris adds that mentorship by itself is not enough – there must also be structures in place to make sure that diverse colleagues are actually getting an equitable bite of the pie.

‘The organization needs to ensure that these individuals are getting the assignments. That allows for visibility. It’s not enough to invite people to the party, you’ve got to go across the room and ask them to dance. You ask them to dance in the legal profession when you ensure that people are getting good assignments and they are getting good, constructive feedback. The worst thing you can do is bring people into the organization and set them up to fail by not sharing with them how they can improve, as well as sharing with others when they do really good work,’ she says.

Some cross-over between mentorship, sponsorship and allyship may occur, but fundamental is advocacy, which points back to the strategic pillars of personal commitment and putting skin in the game when working to increase inclusion of racial and ethnic minority lawyers in-house.

Hock describes ‘Ally Action Pledge’ initiative, which challenges law firm partners (though she stresses it could work for senior corporate counsel) to sign a pledge, committing, for example, to advocating on behalf of a lawyer from an underrepresented group, introducing them to high profile people, taking an active role in their work assignments, and making sure they get the exposure, visibility and experience that they need.

‘It’s important to make sure we involve underrepresented racial and ethnic lawyers in these initiatives and strategies and initiatives, but they can’t be doing the work. We have to get allies involved,’ she says.

‘An inclusive workplace is better for everyone, it’s not about stealing their role or opportunities, it really is about inclusion for everyone.’

Succession planning

At Dominion Energy, Brown has worked to ensure that diverse counsel don’t hit a glass ceiling within his in-house team by embedding inclusion into departmental succession planning. All succession plans, including those of his deputies and managing counsel, must be 50% diverse before he signs off on them. This, he argues, bakes in support for those diverse lawyers all the way up the corporate ladder.

‘If that means that you have to identify a candidate who you might say is not ready now, then that’s fine, but by putting them on that list you are committing as a leader reporting to me that you are going to undertake the steps you need to get that person ready to be a candidate to compete for your job. So that it no longer is the case that when an opportunity arises and we go to the list we say, “Gosh, the reason the list is all white males is because there just was no one ready”,’ says Brown.

‘That circumstance is true for everyone until someone invests in them to get them ready. For years the excuse has been used that we don’t have any “ready-now” candidates. But the candidates that are ready now are ones who someone identified three, five, seven, ten years ago and said “Hey, we’re going to line this person up with the experiences and the exposure so that they can one day be a deputy GC or a GC in this company.” That same type of deliberate intentionality should happen for women and minority candidates, and so that’s something that we’ve mandated.’

Initiatives: the supply chain

A similar long-term intentionality can be applied to peer pressure along the supply chain – an outlet where general counsel keen to promote DE&I in the wider legal profession have much agency. Corporate counsel can be more specific than demanding racial and ethnic minority lawyers on their work – they can demand that they be supported, developed and well enough exposed to become the experts that clients demand.

Says Grey: ‘I don’t want you to put a minority lawyer or an ethnic minority lawyer on a case because they are ethnic minority. That doesn’t help me. What I want to know is who’s in that practice area whose job it is to do that kind of work and are they doing my work? That is turning the aperture to be more focused.’

Diversity Lab’s Hock acknowledges the difficulty for in-house teams to establish these new working relationships with longstanding outside counsel. In a bid to overcome this, Diversity Lab has an initiative called the ‘Diversity Dividends Collective’, which tracks demographic data of outside counsel teams, revealing to in-house teams who is receiving financial or expansion credit for leading their matters. The organization hopes that this tool will help legal teams work in partnership with their law firms to achieve better results, rather than point the finger.

‘Instead of saying, “You need to do better”, it’s saying “Look, these are your gaps, we understand them, how can we help you?”’, says Hock. ‘It’s recognizing that law firms play a role, and it is not enough to just incentivize them or say “Give us your data and we’re going to make decisions based on that”. There needs to be a consistent dialogue between legal teams and their law firms.’

‘We’ll only see true progress as a legal industry if we see ourselves as just that, a legal profession, not us and them, a legal profession working together hopefully to change the entire profession and the systems of the entire profession.’

Dominion Energy has its own tracking system for outside counsel, which encourages billable credit to be given to diverse lawyers by tying part of the legal department’s bonus program to a point system predicated on number of matters given to, or number of hours spent by, diverse outside lawyers.

‘We’ve been doing this now for about four or five years and we’ve grown our diverse spend. About 20% of our legal spend now can be credited to minority, veteran-owned, women-owned firms, or diverse lawyers at majority firms,’ says Brown.

Putting the pieces together

Better collaboration is both the reason for diversity, equity and inclusion, and the solution at the heart of strategies to achieve it. It means reaching out, accessing the know-how already out there, gathering best practice, and working to move the conversation on, and on again.

‘Our suggestion is to be bold, and you can’t be bold unless you know that there’s something better than what you’re doing out there,’ says Grey.

‘Is it uncomfortable? I think it’s a little uncomfortable, because nobody’s been doing it in the past. So, we’ve got to get to a different level of comfortable about how we work with this area. I think we come from not being comfortable at all, to now we think we’re comfortable because the status quo in a sense affords us some protection against doing more. And I think we’ve got to guard against that and say the status quo is not good enough.’

ESG Risk Research Survey Report: 2021

Foreword

Even before the Covid-19 pandemic altered businesses and society, the environmental, social and governance (ESG) movement was gaining steam within corporate circles. Issues of climate change, consumer pressure, regulatory reform and social movements, were top of mind for investors and executives.

The global pandemic only further heightened the awareness around ESG, and the social impact of severe lockdowns and business instability forced companies to rethink their priorities. As a result, ESG issues such as environmental sustainability, social justice, and emerging reporting disclosure protocols have dominated corporate news headlines around the world.

ESG reporting has been voluntary in many countries, but in the last 12 months the EU – along with many other national governments and regulatory bodies – have issued ESG reporting guidelines. As the move towards establishing a common reporting standard around ESG continues, corporate counsel have been tasked with implementing effective protocols and oversight.

GC partnered with Irwin Mitchell to gauge the ESG outlook of leading corporate counsel across Europe and the United States. With the 26th UN Climate Change Conference (COP26) taking place in the United Kingdom from 31st October to 12th November 2021, the ESG agenda has been cemented as a business imperative for general counsel. This research documents the thoughts and opinions of more than 190 in-house lawyers on ESG, their risk outlook, and how a shift in business focus has shaped their legal agenda.

In-House Legal Research Team
GC magazine

Irwin Mitchell Comment

Irwin Mitchell is determined to become a leading responsible business. We’re already on a journey to ensure that our environmental, social and governance values are embedded into our business and influence our relationships, strategies and aspirations. But to be truly successful, we need to proactively engage in conversation and collaboration; with our colleagues, with our clients, within our business and geographic communities, and, setting commercial competition aside, with our peers across the legal sector. In doing that, we believe our aspirations will be realised and we will lead as a responsible business. We’re delighted that so many in-house counsel contributed to this research, and I’d like to thank them for their time and for sharing their insights into the role of in-house in setting and supporting the ESG agenda within their businesses. We hope that you’ll find this research useful in plotting where you, your team and your business are on your own ESG journey, and where it will take you next.’

Vicky Brackett, Group Chief Commercial Officer

Download and read the report offline

Are you prepared?

As pressure for sustainable and ethical corporate practices from regulators, investors and consumers mounts, ESG has become the most pressing topic in the boardroom.

From our research, a staggering 96% of corporate counsel reported that their companies have either implemented a formal ESG plan or are in the process of developing one. While this focus is not new, treating ESG as a crucial component of the business and governance framework has increased in recent years.

GCs are placed in a unique position to take the lead, and influence company policy. Increased focus from regulators has been one key driver, explains a survey respondent: ‘ESG has become the main focus of regulators and certain key players in the financial sector. The fact that these players promote ESG best practices means that other market participants should make ESG a priority to keep up with the best practices and improve the chances of better financial return in the longer run.’

Before the pandemic, ESG reporting was a nice-to-have niche. But 2020 saw several major regulatory developments from the European Union:

  • The Sustainability-Related Disclosure Regulation (SFDR) lays down the ground rules for financial markets on transparency
  • The Corporate Sustainability Reporting Directive sets out legislative goals
  • The Taxonomy Regulation (TR) defines what is regarded as sustainable.

Meanwhile, in the United States, although there are no mandatory ESG disclosure requirements, the Biden administration has declared its intentions to make sustainability a priority. In 2021, the House of Representatives passed the ESG Disclosure Simplification Act, requiring public companies to make ESG disclosures in their Securities and Exchange Commission (SEC) filings.

Does your company have an ESG plan?

Echoing this sentiment, the UK government has also indicated its intentions to introduce its own mandatory ESG reporting requirements. Currently, there is no single over-arching ESG regulation, but rather a disparate array of regulations that touch on ESG concerns. The Corporate Governance Code 2018, Companies Act 2006 and the Disclosure Guidance Transparency Rules all set out the current ESG disclosure regulations.

The fragmented legal policies around ESG, and the regulatory notices governments have put forward, signal to lawyers and businesses that a unified ESG framework is in development.

One respondent from the financial sector explained: ‘There is a much greater focus in the regulatory sphere when it comes to ESG. Covid-19 has accelerated this interest and legal teams will play a key role in managing these changes.’

Irwin Mitchell Comment

‘Although there is currently no global standard for ESG reporting, there is a huge range of legal reporting requirements for businesses. In the UK alone there is a wide variety of existing and incoming legislation that involves important elements of ESG reporting such as gender pay gap reporting and modern slavery statements. In addition, we believe that some of the confusion around current ESG reporting obligations has arisen from the fragmented reporting framework that places obligations on companies depending on their size (rules for large undertakings under section 172 and 414 Companies Act), whether they are listed (arising from the Disclosure Transparency Rules and UK Governance Code) and whether they are in the regulated financial services sector (Prospectus regulations, Disclosure Guidance and Transparency Rules and Market Abuse Regulations).

The current reporting requirements are disparate and can be difficult to navigate. It’s clear that in-house counsel will play a crucial role in guiding businesses through their approach to ESG and how ESG performance is measured and reported both now and as harmonised ESG reporting obligations are introduced. As standardised reporting is introduced, we are likely to see the introduction of financial penalties for non-reporting or false reporting and in-house counsel will become even more important in bringing key ESG stakeholders together to make reasoned and justified decisions to allow effective reporting and compliance’.

Jason Newall, Senior Associate Solicitor, Regulatory and Crime

Ignore at your own peril

Whilst regulators work towards legislating ESG obligations, our survey results highlighted that companies have already started prioritising key areas.

Unsurprisingly, it was reported that 42% of ESG plans contained a governance framework. This was closely followed by plans containing published policies and guidelines, identification of ESG related risks, a named senior management sponsor, and KPI monitoring and reporting. Lower on the agenda was identification of ES-related opportunities and setting SMART objectives. In fact, it was alarming to note that almost 90% of respondents failed to take into account all of the above when considering their own ESG framework.

Given the increasing importance of ESG initiatives, responsibility still lies with a relatively small group of people. In 57% of the cases, ESG strategy was led by one or no people, with the majority (83%) of those individuals reporting to either their CEO or CLO. A GC from the transport industry commented: ‘Depending on ESG strategies and targets, the responsibility should lie either with the Chief Executive Officer’s or the Chief Legal Officer’s department.’

When survey respondents were asked what areas they believed needed more investment to improve ESG oversight, 31% indicated the need to invest in a dedicated ESG team. This is reflective of the upward trend of companies creating new ESG-specific roles.

While 26% of respondents pointed to the ability of their organisations to continue operating in increasingly difficult conditions as a significant environmental concern, a larger number of GCs said that issues not directly tied to their organisations’ market performance were top priorities. This included, 31% or respondents saying they wanted to see greater investment in efforts to improve biodiversity or tackle pollution, and 38% saying resource use and the so-called circular economy was their biggest concern.

It is also clear that social issues are now deemed to be risk items relevant to the legal team. While issues such as working conditions or health and safety have long been a potential matter for the legal team, respondents were just as likely to see diversity and inclusion as an area needing their oversight.

What does your company’s ESG plan include?

The growing importance of new types of risk is even shaping GCs’ views on corporate governance. While the staples of fraud, bribery and corruption emerged as pressing concerns, just as many respondents said they wanted to see greater attention to corporate transparency.

Even five years ago, few general counsel would have felt that their role called for ensuring fair operating practices or scrutinising executive pay and boardroom diversity. Now they are seen as key areas of risk.

Nevertheless, legal departments are still expected to play a crucial part in setting the ESG agenda — although other business functions may share responsibility. As one respondent explained: ‘I think it should be sponsored at the highest level but that responsibility should sit across all staff and not just a specific team.’

Another survey participant said that spreading ESG accountability across numerous company functions would lead to better outcomes: ‘Different elements of ESG should have different owners,’ explained an in-house lawyer from the tech industry.

‘ESG should address all stakeholders and touch on all areas of a company’s business. Shared responsibility is especially important given the breadth of topics (operational/facilities, HR and Legal).’

ESG in more detail: where do GCs think investment is needed to improve oversight?

Environmental

Social

Governance

Avoiding pitfalls

General counsel play a unique role as the gatekeepers of good corporate practices and ethical considerations.

As guardians for disclosure controls, company litigation strategy and company compliance practices, ESG certainly falls within the corporate counsel remit. Our data reflected this with 63% of respondents reporting that they believe in-house legal teams play a ‘very significant’ or ‘significant’ role in ESG activities.

When asked in what way in-house legal teams are involved in ESG initiatives, 59% of respondents agreed that they contributed to the development and/or evolution of the ESG plan. Whilst 18% said they were involved in the creation and implementation of policies and their adoptions. Those who selected ‘other’ mainly focused on specific parts of the ESG agenda.

As the sustainability movement grows within the corporate community, GCs are not only important legal advisors to the companies they serve, they are crucial strategic partners. So as the trend towards ESG accelerates, having a broad grasp of the wide extent of its impact has never been more important.
Legal teams have become fully involved in ESG-related matters: analysing risks, developing ESG strategy and working on governance-related issues,’ shares a respondent.

In what way are you or your team involved in ESG activities?

Irwin Mitchell Comment

‘The in-house legal team’s role is to ‘help their business do “it” right’ – the “it” being sustainable, successful and compliant business.

ESG is now all pervasive – in the supply to the business, in the supply from the business, in the stakeholder and regulator expectations of the business and, increasingly, in colleague expectations of their employer. So getting ESG right is now at the heart of helping the business to get “it” right overall.

And the key to ESG is the G – the Governance. Contractual, regulatory, processes and policies allow you to document and deliver all the ES things your suppliers and customers want you to commit to.

In-house counsel owns G. Getting G right helps the business get its ESG right. That’s now a core part of in-house helping their employer get “it” right overall.’

Bruce McMillan, General Counsel

The need to focus

Although governance oversight is essential for corporate counsel, it is interesting to note that GCs are placed in a unique position to take the lead, and influence company policy. As a result of the regulatory push towards sustainably conscious guidelines, ESG has become an essential part of influencing investment decisions.

According to the data collected, a total of 92% of survey participants shared that they had either completely, or to some extent integrated ESG into their companies’ investment decision making process.

For this reason, it was no surprise to see this shift in investment sentiment influence GCs to realign their legal objectives. When in-house counsel were asked what their company’s top motivation was for investing in ESG, just under half of respondents (47%) said improving long-term returns. The second highest motivation was ‘doing the right thing’ (12%) followed by ‘environmental sustainability and resilience’ (11%).

Explaining the motivation behind focusing on ESG initiatives, one survey respondent explained: ‘an increased interest from the public about ESG will drive many more companies towards the adoption of ESG practices.’

Does your business integrate ESG criteria into investment decision-making?

Irwin Mitchell Comment

‘The G in ESG is becoming increasingly more important for businesses in the funds and investments space; aligning how you operate your own business with your external ESG messaging is crucial. The impetus for businesses to build ESG into their investment decision making is driven partly by the introduction of new regulation and partly by the growing appetite and demand from stakeholders, whether they be shareholders, investors or customers. Post Brexit the UK has not ‘onshored’ the EU Sustainable Finance Disclosure Regulation (SFDR) into UK domestic law, opting instead to make disclosures that are aligned with the Task Force on Climate related Financial Disclosures (TCFD) fully mandatory by 2025 but there is a general view that it still has a number of indirect/practical implications for funds and investment related businesses in the UK given the UK’s Green Finance Strategy and the fact that ESG considerations will become integral to future EU trade deals and the ability to attract international capital.’

Sean Scott, Partner, Banking and Finance

Risk appetite

Since the pandemic, ESG concerns have propelled to the top of the business risk agenda, and corporate counsel have taken notice.

When GCs were asked if they had incorporated ESG issues into their own risk and resilience plans, 85% reported that they had. This shows that corporate counsel understand that failure to address ESG matters have both reputational and financial risks.

‘ESG is transforming from being a reputational risk to becoming a legal risk. This is particularly obvious when we consider the close adoption of EU legislation in the field,’ explains a survey participant.

When it comes to determining ESG risk, GCs were asked what they believed fell wholly within the remit of their legal team. The threat of regulatory sanctions ranked at the top at 47%, with a further 16% of respondents selecting that this risk fell within the remit of their legal team. Other risk areas that ranked highly included the threat of litigation and corporate reputation.

With new legislative reform around ESG on the horizon, the risk for regulatory liability is an anticipated threat. However, the ESG outlook — if appropriately adopted — does present opportunity.

Which of the following risks fall within the remit of your legal team?

Generating goodwill from showcasing sustainable practices will go a long way with stakeholders. On the other hand, doing the opposite may lead to embarrassing disclosures triggering fallout with investors, employees and consumers.

The data collected is undeniably indicative of the pressures felt by in-house counsel to incorporate ESG into their risk and resilience plans. The pace at which regulatory changes are occurring are making some in-house counsel nervous. A GC from the finance sector explained: ‘From month to month, I can see that environmental issues and regulations are becoming more serious, visible and severe. Results, revenues, incomes and dividends are going to be pivotal when light is directed to them.’

So when it comes to risk, should companies be investing more? The majority of corporate counsel believe businesses should be investing more (68%). The question which then arises is, should this investment be directed at systems, people or knowledge and training? As the risk appetite shifts towards ESG, knowledge and training was considered the area in which investment was most required.

As business priorities shift, training teams to understand new legislative protocols is an important company investment. ‘The way of doing business in the future is transitioning and
the regulations are moving in a particular direction. Understanding this will be necessary to avoid legal risks,’ says
a survey respondent.

GCs are often the torch bearers of responsible conduct. When it comes to manging risk, in-house counsel are well placed to ensure adequate protocols and policies are developed and managed. As ESG becomes the new industry focus, our data highlights that in-house leaders are at the forefront of managing the risks and opportunities a new framework may provide.

Irwin Mitchell Comment

‘ESG is not just about risk management. It is about everything an organisation does and how it goes about doing it. Effective risk management is an essential mechanism for identifying and managing the risks across an organisation, so as to best avoid unnecessary problems and potential reputational damage.

‘In this context, identifying and defining the most relevant ESG risk factors for your organisation and incorporating them into your existing risk frameworks should be a priority.’

Georgie Collins, Partner, Intellectual Property and Media

Irwin Mitchell Comment

‘For two weeks in autumn 2021, the eyes of the world will be on Glasgow as it plays host to the UN Climate Change Conference (COP26). These talks will bring together heads of state, climate experts, leading businesses and campaigners to discuss a coordinated action plan to tackle climate change. Top of the agenda will be the urgency around net-zero commitments and the need for business transparency and accountability.

For the UK, we hope that these discussions will be the catalyst needed to bring the long awaited Environment Bill to fruition. This Bill introduces a green watchdog in the form of the Office of Environmental Protection, which is already taking cases in its interim function. We’re also waiting to hear more about the ‘strong and meaningful’ targets relating to the four priority areas: biodiversity, air quality, water and resource management. Although the target deadlines won’t kick in until sometime in the mid to late 2030s, in-house counsel will need to be alert to the interim targets which will be set to make sure progress is made sooner, rather than later. We can expect to hear more about this in the coming months and years.’

Claire Petricca-Riding, Partner and National Head of Planning and Environmental Law

Greener pastures

As the social and economic impacts of Covid-19 continue to play out on the global stage, 85% of corporate counsel believe ESG will remain a top priority for GCs in the future.

In recent months, the ESG movement has shifted from a non-essential requirement to a vital reporting standard for investors and other stakeholders. Nevertheless, ESG is still in its infancy, with forthcoming legislation on the horizon expected to unify reporting standards.

But for many GCs, there is an even more pressing reason to take these issues seriously: ‘The planet continues to face an existential threat, so ESG must remain a top priority. This will likely be driven by both regulatory (SEC) disclosure obligations and investor interest in sustainable businesses.’

Another survey respondent supported this sentiment by saying: ‘I anticipate we, as general counsel, will become more involved in unpacking the requirements of the various ESG initiatives and support reporting. I also anticipate that there will be an update to legal agreements as ESG becomes more legally binding over time.’

Although ESG reporting isn’t a legal requirement yet, most ESG plans currently enacted are based on feedback from employees (45%). Other important stakeholders include investors and customers who play a crucial role in shaping the current ESG outlook. Going forward, this will likely change as ESG reporting legislation is enacted.

‘In future, ESG issues will likely become more programmatic as consistent standards are developed to allow broader and quicker adoption,’ predicted one survey respondent.

The survey data also indicated that GCs expect their ESG outlook to increase with importance within the next five years, as reported by 88% of respondents. Although 12% believed ESG would retain the current level of importance, it’s vital to note not one respondent thought it would become less important.

The unanimous consensus regarding the future of ESG highlights that the way of doing business is evolving. Although responsibilities around ESG obligations may vary between sectors and jurisdictions, the pressure in-house counsel are feeling from regulators, consumers and employees is universal.

Pre-emptive reporting requirements are reshaping the corporate agenda, with general counsel set to oversee the application of non-financial reporting rules and governance. As policy momentum accelerates, ESG trends are set to raise the corporate profile of general counsel among organisations. With more companies feeling the need to launch more holistic programs, policies and reporting frameworks, one thing is clear, general counsel are pivotal in managing this new focus.

Irwin Mitchell Comment

‘Diversity and inclusion, as part of a wider ESG agenda, provides clear opportunities for those businesses ready to truly embrace it. D&I cannot be seen as a job for HR; as something that should be monitored and reported on but then forgotten. A strategic approach that is embraced by all leaders including GCs must be taken to embracing D&I on a day-to-day organisational basis. We have seen huge leaps forward by businesses who are paving the way including for example the creation of shadow boards or “reverse” mentoring programmes. These businesses are already reaping the rewards of these programmes and those businesses who have not started to properly engage with D&I as an agenda item risk falling behind.’

Elaine Huttley, Partner, Employment

The tip of the iceberg: Data protection and cyber risk

Bob Jett, chief privacy officer at Crawford & Company notes ‘People used to joke that when a GC hears of a cyber attack or data breach they breathe a sigh of relief and say, “Thank God, that one falls to the IT team”. Today that joke wouldn’t make sense. No serious corporate legal professional thinks cyber and data risks are off their radar.’

Britton Guerrina, deputy global general counsel for technology and shared services with Deloitte Touche Tohmatsu Limited, echoes this view. ‘Cyber and data protection are increasingly important and should be top of mind for any legal team. The legal and regulatory risks in these areas have increased and continue to do so, with countries introducing increasing regulatory requirements, many of which are contradictory.’

Corporate counsel may be increasingly aware of the dangers posed to their organisations from cyber attacks, but the results to our survey of over 200 senior counsel across the US and Canada suggest their organisations take a very different view.

While 91% of legal teams were aware of their organisations’ cybersecurity efforts, only 18% said they were heavily involved in these efforts. In fact, an alarmingly high number of teams (39%) were not involved at all, while nearly two thirds (63%) were either not involved or only involved to a small extent.

Even legal teams that are involved in their organisations’ cybersecurity strategy are typically confined to a fairly narrow role. By far the most likely task falling to legal teams is ensuring the security of their own communications, data and files (84%) or providing strictly legal opinions on regulatory compliance (47%). Just under a fifth of teams (19%) reported being involved in their organisation’s wider cyber response planning, while only 7% were monitoring cyber threats across the organisation as a whole.

Businesses not involving legal teams in their cybersecurity efforts should take note: over half (53%) of the senior counsel surveyed rated their organisations’ cybersecurity defences as either poor or average. Just 13% said their organisations had excellent protection against cyber threats.

The limited involvement of legal teams when it comes to cyber security efforts is particularly puzzling given the obvious advantages lawyers would bring to the process. As Britton Guerrina notes:

‘Legal involvement is critical for various reasons, and lawyers are able to guide efforts in a wide range of areas, from helping to design the security programme to comply with privacy, employment and other local laws to advising the cybersecurity team on cyber regulatory requirements.

Legal teams can also assist with the roll out of security tools while addressing any legal impediments. They can advise which legal and regulatory requirements apply to a breach based on the facts and circumstances presented, determine whether breach notification requirements (regulatory or contractual) have been triggered, and craft notifications, interact with regulators, law enforcement, and so on. In my view, legal and cyber need to partner together, along with risk, in order to protect the organisation effectively.’

However, as Michael Shour, general counsel and secretary for Banyan Software, observes, this is likely to change as the regulatory and reputational stakes increase.

‘Legal is actually very well positioned to spearhead this area, but it is often not an area where management wants legal to focus, due to the limited resources. As class actions and cyber-related litigation increase over time, I suspect that this will continue to require an increasing amount of legal involvement.’

Plugging the leaks

Monitoring cyber risks may still be deemed a low priority for legal counsel, but the related issue of data privacy is fast becoming a key part of the legal team’s role. As one respondent, senior counsel for data and privacy at a global media and telecoms business, puts it:

‘Data protection is a growing issue, and not just because of the rise of serious and very damaging incidents which we all read about in the news. From a compliance perspective, it is the increase in country-wide and global regulations. Business has to operate as smoothly as possible, and it is our job as legal to help it do so within these regulatory boundaries.’

When asked to identify the most pressing cyber threats their organisations faced, nearly half (49%) of corporate counsel pointed to the risk of customer data being compromised. Theft of confidential business information was seen as the next most pressing risk, reported by 28% of those surveyed. As Naseem Bawa, general counsel for InteraXon, a leading maker of brainwave-controlled computing technology and applications, points out, in the digital economy data is a chief driver of value. ‘Data is part of a company’s IP and without stringent safeguards to protect and enhance its value you are leaving your doors unlocked.’

For comparison, just 2% said that direct monetary loss through theft was their organisation’s most pressing concern. While theft can be costly, it is often nowhere near as expensive as dealing with the regulators. For businesses that have yet to experience a significant data breach, comments one senior legal and compliance counsel at a large retailer, the uncertainty over consequences can be troubling.

‘The big unknown here is the way a regulators will respond. The marquee cases have been in the financial services industry, and there is some evidence that regulators will look at what a retailer is doing around data and compare it with the systems and controls that have been put in place by financial institutions. Obviously, these financial institutions have far more robust data-security arrangements in place, which is potentially something that could damage our position in any litigation.’

These risks are especially pressing, continues the respondent, in a world where customer interaction is increasingly digital.

‘Mobile payment apps and e-commerce are becoming the principal vector through which fraudsters are able to infiltrate business systems. It’s a data security issue but it’s also a cybersecurity issue that goes right to the heart of our business. That means the legal team needs to know how our IT systems work, with at least some degree of accuracy, and how those systems can sink us.’

For those unfortunate enough to suffer a breach affecting customer data, knowing how to respond is key. The advice from one general counsel at a large US medical insurer is to bare all. ‘If customer data has been compromised then you need to tell them, and you need to help them take whatever steps are needed to mitigate the risk they now face. In the first day or so after an incident everyone is scrambling around to collect as much information as possible before the company needs to report the incident, but often it will be too late for the customer if you wait a day. Bite the bullet and tell them what has taken place. And, of course, have a plan ready so you aren’t worrying about drafting the message during a firestorm. If you are facing a situation where you need to email potentially millions of customers, you will really be thankful that you planned ahead of time.’

This planning, many agreed, is among the most important steps that GCs can take. As Richard Brzakala, director of external legal services at Bank of Canada, comments, ‘The old maxim “Trust but verify” applies here. You may have best-in-class cybersecurity in place, but it needs to be tested continuously. It’s not a question of if things go wrong. They will go wrong. You will experience a cybersecurity incident or data breach eventually, so be prepared.’

Held to Ransom

On 7 May 2021, Colonial Pipeline, the largest petroleum pipeline in the US, was shut down following a cyber attack. It remained closed for five days, causing panic buying, fuel shortages and national security soul-searching. For cybersecurity experts, the most surprising element of this episode was that a key part of US infrastructure was not brought down by the actions of a hostile state (at least directly), but by a small group of cyber-criminals deploying a devastating form of online extortion software: ransomware.

After gaining access to a company or individual’s system, the attacker will make files inaccessible in some way. At the lower end of the scale, the malicious programme may simply lock the computer, an easily fixable situation for an IT professional and no great problem for a large company. But when deployed by more sophisticated attackers, the software will encrypt the victim’s files so effectively that recovering them without the decryption key is virtually impossible.

The Colonial Pipeline ransomware attack was just one of several high-profile events that have struck ostensibly secure organisations over recent months. May 2021 also saw a ransomware attack on meat processor JBS Foods, a $53bn company that is deemed vital to US food security. The attack, which led to closure of some of the company’s facilities, was reportedly ended after an $11m ransom was paid.

While the scale and severity of recent attacks has surprised many, the growing popularity of ransomware comes as no surprise to specialists in the field.

‘My first response to the upsurge in ransomware attacks lately was that we analysts have been warning about this for over a decade, and we all predicted this was going to happen’, says David Fidler, senior fellow for cybersecurity and global health at the Council on Foreign Relations.

‘Now it’s here we have another round of gnashing of teeth, but opportunities to mitigate the danger have been missed time and time again over the intervening years.’

Fortunately, even for those who may have missed the early warning signs, hope is not lost. GC speaks to some of the leading counsel and cyber experts to find out what the rise of ransomware means for business, and what lawyers can do to help prepare their defences.

The unlocked door

The rise in attacks affecting everything from water and energy utilities to fuel distribution systems is a sign of things to come. From a cybersecurity perspective, the truly frightening aspect of these attacks is that, once systems have been compromised, there is little IT professionals can do to regain control. Bhavani Thuraisingham, Founders Chair Professor of Computer Science and the Executive Director of the Cyber Security Institute at The University of Texas at Dallas, comments:

‘When the malware enters the system, it has access to almost everything, and in a ransomware attack [hackers] will encrypt everything and demand a payment in exchange for the key to unlock the files. As of today, AES 256 encryption cannot realistically be broken with modern computing methods. Unfortunately, this means that if the attack progresses to this stage, you have really no access to anything in the system unless you get the key to decrypt the data’.

Richard Forno, senior lecturer in the University of Maryland, Baltimore County Department of Computer Science and Electrical Engineering, puts it even more succinctly: ‘If you haven’t been conducting cybersecurity best practices and a sophisticated attack takes hold of your systems, you’re screwed’.

As a result, victims of high-profile ransomware attacks have been left with little option but to pay up. In the case of Colonial Pipeline, hackers demanded a ransom payment of $4.4m in the form of bitcoin, which they promptly received in exchange for codes to unlock the company’s systems.

More troublingly, the lines of attack hackers are exploiting are not easy to defend against. For example, phishing attacks in which members of staff are fooled into downloading malicious software by seemingly genuine emails are becoming increasingly effective. This, says Forno, is increasingly dangerous given the rise of social media as a means of validating an unknown person’s identity.

‘Using artificial intelligence and machine learning, you can identify, develop and even create fake personas that are very detailed. This can allow you to make a phishing email that is much more convincing to the target, particularly if
you’re targeting a particular individual, such as the CEO of a company.

What’s more, even those who follow every reasonable security protocol and measure can, unwittingly, become a victim of the more sophisticated hacks. Increasingly, [malicious] software is being downloaded through perfectly legitimate websites via ad networks. [If a hacker] is able to compromise a content or software distribution network, malware could be injected into this such that users of a legitimate website would then be downloading malware through the network.’

React and respond – preparing for times of crisis

As the realities of new digital attack vectors and how to respond to them become increasingly evident for major corporates and their counsel, leading private practice practitioners from the WSG network share their insights and advice to help businesses prepare for the worst.

‘Ransom attacks, including larger supply chain-type attacks, continue to lead the headlines and pose a sophisticated threat to a business’s ability to operate or recover, now more than ever,’ says Batya Forsyth, partner at Hanson Bridgett and co-leader of the firm’s privacy, cybersecurity and information governance practice.

With cyberattacks increasing in frequency, severity and variety, the need for general counsel and their teams to be prepared to react and respond accordingly has fast become a business imperative, irrespective of company size or sector.

‘A response plan should set the expectations high for the organisation,’ says John Babione, a partner at Dinsmore & Shohl LLP.
‘Responding effectively to security incidents and potential data breaches should be emphasised as critical to the success, and in some cases survival, of the organisation.’

Exactly what a response plan looks like will be different for every organisation, with individual risk factors and tolerances both likely to heavily influence the final plan and procedures. However, the experts we spoke to agree on several common elements that featured in successful response plans.

‘A good security response plan sets forth a process that is easy to understand at all team levels – from general staff to general counsel – and functions well across a variety of attack scenarios,’ says Forsyth.

‘Most importantly, the plan must explain how the plan gets triggered, who makes that decision, who needs to know about that decision and the first next step for the team.’

Getting buy-in from the wider organisation and ensuring that everyone understands their individual roles in times of crisis were also seen as essential parts of successfully managing a response, with time often a critical but limited commodity in any attack scenario.
‘The plan should enlist all affected personnel as partners in a team effort in which everyone knows their daily efforts and diligence on the front line are valuable and needed,’ says Babione.

This engagement though, shouldn’t be limited to times of crisis says Babione, who instead advocates for an always-on approach to monitoring for threats and being prepared to respond – an approach that emphasises mitigation as much as it does preparedness.

‘To do this, the day-to-day IT environment, applications and tools must support and encourage employees to be watchdogs, looking for trouble and reporting it up the chain of command,’ he explains.

‘This engagement of the workforce and management as the hands and feet of the response plan turn the plan from a piece of paper into what it needs to be – the means by which the organisation can respond quickly to incidents to prevent them from turning into a data breach or other harmful cyberattack.’

This type of attack, say the cybersecurity experts interviewed for this report, has already been detected on some of the world’s largest website, often with little or no awareness among their users.

Adds Thuraisingham: ‘Ransomware spares no one. It could attack an 80-year-old great grandmother, a major financial company or even critical infrastructure. With that said, the more pain the attacker causes, the more publicity they get and the more money they can extort; sectors that allow them to cause maximum damage may therefore be more vulnerable. These will include major hospitals, government organisations and, especially, financial companies.’

Of course, cyber experts are aware that ransomware attacks are now big news, and that reporting biases undoubtedly skew toward them. Even so, says David Fidler, senior fellow for cybersecurity and global health at the Council on Foreign Relations, the underlying reality is that such incidents are on the rise. In fact, says Fidler, the true extent of the problem has probably been under-reported.

‘There has been an increase in ransomware attacks, and that increase has been felt across the entire corporate sector in North America and beyond. Beyond this, there is a large number of institutions – typically hospitals or
other bodies that hold large volumes of data – that have been victims of ransomware attacks without the public or media ever becoming aware of it. So the problem is growing and the scale of the problem is perhaps larger than one would imagine.’

The GCs who came in from the cold

From the perspective of the US government, ransomware is a clear and present danger. The increase in the size, sophistication and public awareness of these attacks, as well as their ability to damage critical infrastructure, puts general counsel on the fault line of what, for some organisations, will be the most important challenge of the coming months.

‘The connection between criminal ransomware attacks and how the United States government perceives our adversaries as providing havens for cyber criminals is key’, says Fiddler.

The government has already accused Russia and China of tacitly allowing cyber criminals targeting US companies to operate free of constraints. We’re seeing movement toward more offensive actions on the part of the US government aimed at cyber-criminal organisations based in potentially hostile territories because, clearly, our defences are not effective in preventing these attacks.

If the government does move in that direction, that is a much more dangerous context for businesses to be in, because we do not know cyber-criminal groups are going to respond. They could become even more sophisticated and try to test how much further we’re willing to escalate’.

The thought that corporations might unwittingly get caught in this cat-and-mouse game of testing and defending critical infrastructure is no longer an abstract item on the risk agenda. Even smaller companies that are not deemed essential parts of the US economy now face the prospect of becoming collateral damage in the tit-for-tat exchanges brought on by the escalation of opportunities for cyber attacks and the escalation of deterrence by punishment.

‘For GCs, understanding the potential threat is key’, adds Fidler. ‘Understanding what the threats are from this potential escalation on the part of the government may help persuade the C-suite of the need to make more investments in their own cyber defence.’

Of course, only a minority of companies will fall victim to the most serious of incidents, but indirectly almost every single organisation will end up paying the price, whether through increased demands on security and compliance or changes to their relationships with customers and commercial partners.

Insurance has long been one of the major tools used by corporates to mitigate their exposure to cyber risk, but as the number of cyber-related insurance pay-outs topping seven figures grows, policies are being hastily rewritten.

‘[Last year] was an unprecedented year for ransomware attacks and the payment of related insurance claims’, notes Lavonne Hopkins, senior managing legal director for security, resilience and digital at Dell. ‘As a result, the cybersecurity insurance market is hardening as insurers revaluate how to keep their cyber insurance offers profitable.

I have observed that insurers are focusing more on evaluating organisational cybersecurity maturity and preparedness when making coverage decisions and determining premiums and deductibles. We can only expect this trend to increase. Organisations should start to prepare for a future that potentially excludes ransomware coverage from cyber liability policies and requires self-insurance models.’

A worrying thought. And even those who can find suitable policies should not be complacent against the threat, says Thuraisingham.

‘Certain insurers are now offering specific products that cover the threat of ransomware attacks but relying on this can be extremely risky. To activate the coverage a company must first lose its data in a ransomware attack; only then will the insurer release funds to pay the ransom.

This is obviously not ideal, as the protection offered does not typically compensate for the reputational damage or staff costs associated with the incident. I would advise taking all the preventive measures you can before relying on insurance.’

The price of this sort of ‘kidnap insurance’ coverage is also likely to increase markedly as insurers keep a watchful eye on cybersecurity developments. A report issued recently by Hiscox, an Anglo-Bermudan insurance provider that specialises in niche categories of risk, noted insurers faced a 50% year-on-year increase in pay-outs for cyber-related policies, with ransomware attacks accounting for the biggest contributor to this growth.

Outsmarting the hackers

Even the most generous insurance policy can only be triggered once a cyber attack has taken place, by which time financial compensation alone may not be enough to repair the damage. For general counsel, the only real way to defend against risk is to go on the attack.

David Mace Roberts, general counsel of transport information systems provider Electronic Transaction Consultants (ETC), has been working to keep one step ahead of cyber attackers for many years. For Roberts, the most notable feature of a good cyber risk plan is that it looks unlike anything else on the market.

‘A lot of companies will pull up a one-size-fits-all cyber response plan, but that’s really not good enough. A bespoke cyber response plan needs to be custom crafted for both you and your industry.

Thuraisingham echoes Roberts’ comments. ‘Just as with health concerns, the best method is prevention. Protect all your systems, data and processes so that the attackers cannot gain access in the first place. Perhaps most important, companies that do not mandate backups and do not have extremely stringent security policies are most in danger. Do continuous backups of data and processes. I cannot emphasise proper backup procedures enough’.

Indeed, as Richard Forno notes, none of these measures are difficult to implement, but business has tended to ignore expert advice for too long.

‘The problem I see is that a lot of companies and governments of all sizes fail to do basic cybersecurity best practices, things that we in the industry and academia have been urging people to do for 20, 30, 40 years. This can be things as simple as having a really strong password or using multiple forms of authentication for critical or sensitive systems’.

The most important aspect of effective defence against a ransomware attack, however, comes with employee training. Human error is overwhelmingly likely to be the biggest weakness in a cybersecurity defence package, as well as the first thing a criminal group will look to exploit. To guard against this, says Roberts, the only option is to train relentlessly, ‘If you only train once a year then training loses its impact and offers minimal protection.’

Lavonne Hopkins of Dell agrees. ‘Unfortunately, ransomware most frequently originates from human error, and over half of ransomware victims suffer repeat attacks. Training and education are critical to ensure a comprehensive cyber preparedness strategy and prevent these ransomware attacks. Organisations should mandate cybersecurity training, including phishing training, for all employees and contractor. Employees are the first line of defence and need to be equipped with the knowledge to help prevent an attack’.

Before any of the above can take place, senior management needs to take the risk to business from cyber attack seriously. As Thuraisingham notes, it is all too common to encounter business leaders who consider cyber strategy as a matter for IT professionals.

‘When you’ve hired the best risk analysts and cyber teams money can buy it is very easy to conclude that you’ve done everything you can. This is fundamentally wrong. Businesses will always be vulnerable to these attacks, so there needs to be a constant awareness of just how serious the consequences can be.’

Unfortunately, awareness of cyber risk as among the c-suite seems to remain limited. Our survey of over 200 general and corporate counsel in North America revealed that while legal teams felt there was a very high risk of cybersecurity breaches to their organisations, fewer than half were actively involved in shaping cybersecurity risk planning.

For many organisations, it may come back to haunt them. As Roberts concludes, ‘If you are a senior member of a public company, you’d do well to look at the SEC, the NYSE and NASDAQ who are all really pushing cybersecurity. Do you want this on the front page of the Wall Street Journal or the Washington Post? Do you want to have to answer to the boards, or to the securities regulators? If not, then taking the risk seriously now is the best defence.’

The red pill: How legal teams are embracing the freedom to be replaced

In 1954, The Westinghouse Electric Corporation unveiled the world’s first colour TV. With a price-tag of $1,295 – or nearly $20,000 in today’s money – the H840CK15 was the type of luxury purchase that stood as a solid signifier of economic success.

‘I grew up in a world where lawyers were among the few middle-class professionals who could afford the latest technology’, comments one senior lawyer at a large multinational bank.

‘Now, we are among the few middle-class professionals that ignore technology. It’s a strange thing that so many lawyers have chosen to overlook the transformative power tech has had on the world of work, and I am part of a growing number of in-house professionals that seeks to address the oversight.’

To rephrase the problem – well-known in economics – why does the cost of technology consistently fall relative to the rate of inflation while the cost of services, encompassing everything from healthcare to education continues to rise?

The answer, in short, is that machines cannot (yet) do what humans do. What machines can do, however, are the things humans do not want to do. From this perspective, technology is not a threat but an opportunity. It allows lawyers to move higher up the value chain. And, let’s be honest, no one wants to be stuck doing low-level work.

‘Lawyers are afraid of technology taking their jobs’, comments Lisa Marcuzzi, general counsel and country counsel for ArcelorMittal Dofasco in Canada. ‘But I don’t know of a single lawyer that feels unhappy that they will have to give up reviewing NDAs or sales agreements. As far as I can see, technology will free lawyers to do the jobs they trained for.’

The wider in-house legal community in the US and Canada clearly agrees. While 90% of respondents felt that technology had disrupted the legal profession over the last five years, and nearly all (97%) felt it would do so over the next five years, over three quarters (76%) said this disruption was a positive outcome for the legal profession.

Far from fearing tech, in-house lawyers are waking up to the freedom it can grant them – 87% of those we surveyed said their wider teams were receptive to the use of technology, while 78% said their businesses were supportive of finding new ways to work.

This widespread optimism, many respondents pointed out, was based on direct experience of available technologies. ‘I spent many years reviewing and negotiating documents that were up to 100 pages long’, commented one general counsel in the finance sector. ‘Typically, 90% of that document would either be boilerplate or unnecessary. If I add up the time I have spent reviewing superfluous material and account for cost then it comes to a shocking level of waste.’

In short, corporate counsel are looking forward to the freedom tech will grant them, and few fear their jobs are at risk. As one respondent commented, ‘The idea that lawyers will be replaced is just not realistic. Imagine a Fortune 500 company dismissing its legal team and saying, “we’ll just rely on technology to do all this stuff.” It won’t happen – it would be insane.’

What will happen is a continuation of the trends that have been in play for several years. The in-house legal team will move closer to the time-critical or economically important aspects of the business, law firms will be brought in to help with the types of matters where it just doesn’t make economic sense to employ a team of internal specialists, and technology will be used to remove a lot of the work that was never strictly legal work in the first place.

Eleanor Lacey, head of legal and general counsel for work management platform Asana, comments: ‘In the knowledge sector, tech never works by replacing people. It works by augmenting people and freeing them up to work on higher-value matters.’

‘There is a great sense of freedom now that we as corporate legal teams can really solve a lot of the problems we have seen time and again by introducing often inexpensive tech fixes. It’s a great time to be working in the legal industry. Anyone who says otherwise is just not seeing the big picture.’

Moving up the value curve

What are the grounds for this optimism?

Let’s take the single most important item an in-house lawyer deals with – the contract. Lawyers deal with contracts. Lots of contracts. So too do their employers. As Chris Young, general counsel for digital contracting platform Ironclad, puts it, ‘At a basic level, all lawyers are contracts lawyers and all the businesses they serve are contracts businesses. It’s the most fundamental unit that commerce is based on.’

In this contract-driven world, the central hub for contract review runs through the legal department. When a business grows, how does its legal department choose to scale? Does it add bodies, or does it use technology to scale up and meet demand?

For the last several decades, the answer to that question would have been the former. General counsel had one demand above all else: more staff. As our survey of legal teams in the US and Canada shows, attitudes are changing, and the answer is increasingly likely to be “new ways of working”.

Central to the evolving skillset of the in-house counsel is getting comfortable with communication. Those we surveyed were clear: documentation can be automated, and any lawyer who is essentially reading a document aloud can be replaced at will. But that, many feel, is a good thing. The rise of legal tech means the in-house team can finally sound like the rest of the company.

‘We don’t need to tell business, “The documents say this”’, comments one respondent, senior counsel at a large US medical services provider. ‘Any literate person can see what the documents say. We’re guardians of nothing but the obvious if we tell them what they can read for themselves.

‘That’s great – being freed from routine tasks is not a case of lawyers being replaced. It’s a case of lawyers being able to use their skills for the benefit of business. We should embrace it. Lawyers have been trained to do some very sophisticated work, but large parts of the contracting process are not that work. If we can relegate that to a system or use technology to complete it then we are going to have a lot more time to do the work that is expected of business leaders. The days of pushing paper around may finally be over.’