Risk is how companies grow. New products and ideas happen from risks – from taking a chance on something no one ever took a chance on before. As a former Metamate, I can say Zuck embraces this idea maybe a little too much, but I found it insightful when he pointed out that companies that die don’t die because they make bad decisions, they die because they fail to make any decisions at all – fail to change (see Yahoo!, AOL, and Blockbuster).
I was at Meta when “move fast and break things” became just “move fast.” For me, this was a welcome change. Within the legal org, the CLO’s jargon du jour was “smart risks”. Almost every in-house product counsel I’ve talked to across many companies talks about smart risks. Of course, the risk taking must fall within guardrails, especially as companies mature. We want smart risks, not careless risks. Not ignoring consequences. But this is easier said than done. In fact, I’d go so far as to say empowering smart risks is literally the core of a product counsel’s job. But a surprising amount of lawyers just don’t know how to foster risk-taking (or take risks themselves).
Why is that?
It starts in law school: What is the first skill you learn as a lawyer? Issue spotting. Find all the problems and risks. What you rarely get asked on your 1L exams is “and how would you resolve them.” Even if you’re asked how a court would rule on a particular issue, you are rarely asked “how would you have counseled the client to avoid this situation” or “What would you have suggested to minimize the damage?” From our first steps as lawyers, we are rewarded for finding problems, not for fixing them. We are groomed to believe that the job of good lawyers is risk avoidance. Seemingly all risk.
It gets encouraged in Big Law: Now think about the memos you wrote (or still write) as a big law associate? You’re finding all the risks: diving deep into the law and telling the client in detail all of the things they could possibly do to violate it. And your worst fear – the thing that keeps you up at night? The deep-rooted dread that the client gets in trouble for something you didn’t call out in your memo and the partner calls you in for a “quick chat” and chastises “How could you have missed this!?!” So what do you do? You leave no stone unturned. You bill entirely too many hours and turn in something that much more closely resembles the dead sea scrolls than the Gettysburg address.
If this is you, guess what? Your client hates you and is secretly looking for a way to bounce the geezer of a “relationship partner”.
Time for a 180. Get in your clients’ headspace!
Here is an easy example of taking a smart risk: let’s say your clients launched a new product and it ended up getting some bad press, but still was on-net highly profitable. The bad press doesn’t necessarily mean somebody failed and made a bad decision to launch in the first place. Maybe you worked with Marketing to spin things to reduce some of the negative info, but expected there would still be some skepticism or negative attention left over, and that is the necessary cost of launching this unique product. That is called risk mitigation, and it is 90% of product counsels’ jobs. Just because something bad happened, doesn’t mean mistakes were made and someone is to blame.
One-Way Doors
Any good company knows it has to take risks to succeed. Companies aren’t looking to take zero risks and avoid every possible illegality. That would literally be the opposite of innovation. If you’re building something completely new and revolutionary, chances are, laws specifically intended to regulate you don’t exist yet. So take risks! It’s an issue of first impression.
Rather, companies want to know which risks are going to get them into irreparable trouble. Which doors are one-way doors? One-way doors are decisions with serious ramifications that cannot easily be reversed – decisions like setting up a privacy-rights framework or privacy defaults, choosing a core tech stack, selecting a marketplace or pricing model, onboarding flows that do (or don’t) collect certain information, high-level brand identity decisions, etc. Many “one-way doors” actually can go both ways, but the cost of reversing course is extremely high – like HBO Max changing its entire brand to Max, and then switching it back to HBO Max when they realized they were failing to build brand equity! These one-way doors are the decisions you need to thoroughly vet and agonize over. But they don’t happen often, and are usually made well above a product counsel’s paygrade.
Most decisions product counsel work on day-to-day are two-way doors. If we launch something, and find out it’s not working as well as we hoped, we reverse course with little to no impact to the business! That’s why most product counsel spend at least ½ of their time approving experiments (A/B tests) for Product and tweaking UIs. It is not anyone’s job to get everything right the first time, it is our job to pick the best option with the info we have at the time, try it, and iterate as we receive better information. When outside counsel spend too much time chasing every last detail because they are afraid to provide guidance that somehow failed to capture some possible risk or negative outcome, they hinder this process.
Quantify It!
What does smart risk mitigation actually look like? It is grounded and calibrated. It considers both the magnitude and the likelihood of the possible harm. One company I worked at even turned this idea into a decision-making paradigm by measuring risk levels using a chart with likelihood on one axis and consequences on the other. Where a decision falls on this chart dictates whether escalation is needed, and if so, the escalation path. When I first saw this chart, I mentally chuckled at the over-simplification and thought ‘how ever will I quantify risk like that?’ Only a few months in, I was a believer! The chart really forced me to drill down to the reasons, find the best information, and back myself up with data.
Refusal to quantify risk is usually a cop-out. It’s a failure of “turtles all the way down.” Even if the client asked their outside counsel to advise on the likelihood of getting in trouble for a law that hasn’t taken effect, it’s still possible to ground and calibrate a risk analysis. Bad lawyers would say “I don’t know because it hasn’t taken effect yet, but we’ll have our policy analyst set a Google alert.” Good lawyers would say “Let me get back to you on that!” And then proceed to research
‘Do any other countries have this law already in place?’
‘If so, what does their enforcement look like?’
‘How aggressive is this regulator in general?’
‘Has this regulator levied penalties on instances of first violation? Or am I likely to get a warning first?’
‘Does this regulator have a pattern of penalizing companies like mine?’
‘Does my client have a good relationship with the relevant regulator?’ etc.
You get the idea! When you don’t know, dig deeper. Find the questions you can ask to ground the scenario in likelihood and magnitude using whatever best info you have available to you. Sometimes you’ll find that a risk is really too amorphous to concern yourself with. The possible consequence may be high, but the likelihood is extremely low.
For outside counsel, this exercise should involve a combination of asking a lot of questions and really getting to know your clients’ products, and not making any assumptions about them or how they work. It also means having expertise in your area such that you know and understand enforcement patterns and history, and can communicate directly with the relevant parties.
TL;DR
How you communicate your findings matters. Folks in Corporate rarely spend more than a few minutes on any given thing. So yes, that TL;DR we satirize really is important. I plan to write a separate blog about in-house legal writing at one point, but suffice to say you should provide the thesis up front in a TL;DR. You should not write a laundry list of possibilities, but take a ‘5 main things I need to know!’ approach. If you worry there is some information that the client would have appreciated that you find yourself unable to squeeze in, put it in the Appendix. Move stuff into the Appendix liberally, but almost never out. If you need to provide data, stats, or historical context, the Appendix is often the best place for that. The client’s reading materials become much more digestible, but you can’t be faulted for having left something out.
Tell Me What To Do!
And most importantly, please always provide a recommendation. If you cannot, then at least next steps documenting how you plan to get closer to a course of action. Unless the client specifically asked for it, do not just write a ‘on the one hand, and on the other hand’ memo. Tell me, based on the information and findings above, what do you recommend doing, and why? Hint: if you don’t feel like you can recommend what the client should do, you don’t know the client’s business well enough. Ask them questions and do better!
And there you have it folks: an intro to product counseling, by way of empowering smart risks! This one is meant to be helpful to everyone outside the organization (outside counsel, people learning to become product counsels, etc.) I’ll be cooking up Part 2 soon, where I will discuss how smart risk taking happens from the inside, and how companies can empower it!