This article is written by Tushar Verma, Geeta Institute of Law, currently enrolled in the Ace your Internship course at Lawsikho.
Legal risks refer to damage or any loss incurred to a business due to negligence in compliance with laws related to the business. It can be encountered at any stage of business proceedings. There may be mistakes due to a misunderstanding of laws and due to some documents which need to be deposited to the authority regulating that particular business. Types of risks such as compliance risk, regulatory risk, operational risk etc. may contribute to the term ‘legal risk’. The whole reputation of an organization depends upon these risks as they may result in an immense loss. It may result in the failure of a business too. Let’s understand what legal risks are all about and how they can be prevented.
Types of legal risk a business can face.
Risks which arise from the dynamic behaviour of laws and regulations that significantly affect the business or market are called as regulatory risks. For example, any changes made in the compliance of taxation applicable to the particular company may result in penalties imposed by income-tax authorities or authorities so concerned.
Compliance risk covers risk which arises due to non-compliance with statutes, internal policies and best practices applied to any business organisation. It may result in financial loss and legal penalties. For example, annual compliance of a company and LLP is necessary. Failing to file annual returns of LLP may result in a penalty of Rs. 100/day and in case of companies minimum Rs. 50000 and which may extend to Rs. 5,00,000. This may result in shaken legs of the business.
Contractual risk is incurred when there is some failure in fulfilment of contractual liabilities. Failure to meet terms of the contract, failure to provide services in compliance with the contract, failure to include risk mitigating clauses in the contract etc.All this results in a contract risk.
Non- contractual obligation
These risks include certain damages caused to the competitor due to infringement of copyright or trademark done by your entity in the due course of your business proceedings. Other damages like tortious claims arising due to negligence, misrepresentation and claims for unjust enrichment while conducting cross-border business activities also result in non-contractual obligation.
Dispute risk results when there is a disruption caused by the stakeholders, customers and partners to the business. These disputes often result in litigations and put the business onto a bed of thorns. It is recommended to resolve the disputes before they get transformed into litigations as it will incur a huge cost.
The loss to the good name or standing of an organization arising due to any malpractices or any criminal event is called reputational risk. Reputational risk arises due to the involvement of employees or other peripheral parties like suppliers. Besides having good governance and transparency companies should also focus on Social responsibility.
What is a fraud?
The term ‘fraud’ is used to describe an act or deception committed by an individual or an entity to gain unlawful or unfair advantage. Fraud is one of the most common form of unlawful activity committed by business entities which result in legal risks to the entity. The types of frauds in relation to legal risks are given as follows:
Types of frauds in relation to legal risks
- Assets misappropriation fraud
Frauds such as asset misappropriation, which take place inside of a company where employees themselves exploit the assets of the organization for personal benefits are a common cause of legal risk. These include cheque forgery, inventory theft, services theft, unnecessary claims and what not. Employees abuse their position to misappropriate resources from the company. Ultimately, it results in the cash flow only. Apart from the direct impact of cash flow and financial loss, there is a risk of low employees morale and reputation also. Employees may not like the environment where they are respected.
- Data theft frauds
The term “Data theft” was coined in 1964. Data theft frauds mostly relate to theft of personal data which may be used for destroying the reputation of an organization. This theft may lead to the commission of other frauds and criminal activities which may harm public at large. These types of frauds may affect all the efforts made by sales and marketing teams. These frauds may put the organisation in perilous condition with regulatory bodies taking action against the organisation and may result in sky touching penalties.
- Accounting frauds
Accounting frauds include intentionally manipulating financial statements to create a fake and better position of the company. Generally, window dressing is done so as to achieve particular goals of the frauds planned by top-level managers. This may be done to mislead the investors and shareholders. A fabricated financial statement is the failure of the management machinery and gives rise to greed among the employees. Overstating its assets and understating its liabilities are some of the common practices done by the companies. Some of the examples of great accounting frauds happened from 1998-2009 are Waste Management scandal(1998), Enron scandal (2001), Worldcom scandal(2002), Tyco scandal(2002), Healthsouth scandal (2003), Freddie Mac scandal (2003), American insurance group scandal(2005), Lehman Brother scandal(2008), Bernie Madoff scandal (2008), Satyam scandal (2009).
- Bribery and Corruption
Bribery and corruption arise out of unsatisfied needs of the employees and their greed. Frauds like bribery and kickbacks may lead to serious damage to the financials of a company. Kickbacks are offered by third parties in return for illegal discounts. A bribe may be offered to evade taxes and to launder money. One of the top candies and chocolate makers Cadbury India(Mondelez India Foods) paid a consultant who helped them to obtain a license by bribing government officials. These practices surely destroy the reputation of the companies and the companies may also get restrained from carrying on any business in India.
Case laws under legal risk
London whale case
The whole case was worth about $6.2 billion loss to the reputed company JP Morgan Chase and co. The actual situation was that Iksil and his colleagues worked in a part of the bank. The main functioning of the Chief Investing Officer is to hold the risk level of the bank. Instead of maintaining risk level, Iksil focused on making money. More than $350 billion was used for this reason. Iksil made $400 million in the year 2011 which was just a start to such a big game. When bank thought of reducing its risk in London by making a derivative contract through which two parties exchange financial instruments often known as “swapping portfolio”. U.S prosecutors allegedly said that the duo has committed a securities fraud by hiding true position from the bank management. The first quarterly loss was reported by the bank in 2013.
Satyam Computers case
Satyam computers was a company held by Ramalingam Raju, the founder and former chairman of the company. A corporate governance and fraudulent auditing case took place in 2009 which held the Indian economy dumbstruck. The company managed to hide its true position from all the stakeholders, board and even stock exchange. The fraud was committed with the intention to mislead both the market and stakeholders. Even chartered accountants and auditors were the part of the scandal. Many companies indulged in diverting funds from Satyam. A fun fact worth mentioning here is one of the company out of these 350 is having paid-up capital of Rs.500000 and made investment of near about Rs. 90.25 crore. The same company received an unsecured loan of about Rs. 600 crore.
- Facebook analytics data breach case
Aleksandr Kogan a developer developed an app in 2014. This app was a quiz app which was significantly influenced by the app developed by Cambridge University. This was the similar place where Kogan works. Kogan got 270000 installations to his app from the users. He could manage to access data of the friends of these users. When the app asked for granting permission to access to that data the app saves that information to some private database which was then provided to Cambridge Analytica. This information was then used to make 30 million “Psychographic” voters profiles. Trump’s most trusted and eminent supporters were having tie-ups with Cambridge Analytica. Cambridge Analytica used “psychographic” tool to purchase some of the targeted ads in relation to Brexit leave the campaign. As the news broke out in the market, Facebook’s shares dropped by 18 percent in 10 days and an online “#deletefacebook” movement started seeking the attention of the users.
In January 2017, securities and exchange commission(SEC) a US market regulator has charged a violation of foreign corrupt practices act to Mondelez. The company agreed to pay 90 crores without accepting or denying charges. In 2010, US-based Kraft Foods acquires UK based Cadbury. After two years of acquisition, Kraft Foods changed from Cadbury India to Mondelez. The Mondelez India was allegedly reported to have paid a consultant who indulged in bribing some of the government officials and helping the company in obtaining licenses for a phantom factory in Himachal Pradesh. A separate investigation carried on by the Excise department had found the company and many other members guilty of the offence and imposed sky touching fines on all of them.
There is no doubt that businesses provide a backbone to the economy. Malpractices followed by some of the business have a great impact on our economy and society also. Fabricated financial statements and internal frauds can demolish any organization. Some steps to prevent such practices include:
- Conducting intensive investigation regarding fresher employees;
- Conducting random audits regularly may help in curing assets misappropriation;
- Implementing tight internal accounting facilities and rotating duties of the employees may help in providing more efficient maintenance of accounts;
- Restricting data to the employees only who are in need of that data in the course of performing their tasks;
- Purchasing software which may help in data protection also provide support to cybersecurity of a company.
LawSikho has created a telegram group for exchanging legal knowledge, referrals and various opportunities. You can click on this link and join: