PCounsel@

Some Thoughts on Creating a Successful Legal Team

Robin Moore -

tl;dr

A Legal team is unlike almost any of your others: Instead of building or improving something, it’s goal is to address low-probability, high-impact issues.

In doing that, it slows you down, adds complexity to your projects, and depends on information from across the organization (like, “we’re signing up a new database vendor” or “we’re rolling out a new diversity initiative” or “we just tweeted out a contest to win a free car”).

To set your Legal team up for success, you should:

  • Ensure it serves an advisory, instead of executive, role;
  • Choose what tradeoffs you’re willing to make between speed, cost, and quality;
  • Agree with your GC about what risks are the top priority; and
  • Figure out what organizational changes you’re willing to make to get it the information it needs.

Starting a successful Legal team is hard.

You're ready to start a Legal team. Maybe because your outside counsel bills are growing. Or legal work is taking up valuable executive time. Or you're facing regulatory or litigation issues that require deft handling. [FN1]

Either way, you do a search and hire a GC.

Three months later . . . there's friction. The GC is focusing on things you think are unimportant, taking too long to review projects, is frustrated about not getting looped in to things, or is buckling under the onslaught of inbound requests.

Maybe you iterate and evolve the relationship to something that works. Or maybe the GC leaves, and you try again with someone else. The whole time you're thinking "why is this difficult?"

It's not your fault.

I have now been the first lawyer at two successful startups. I've experienced growing pains in each role, but for different reasons. In trying to make sense of it all, I've put together these thoughts with the hope that they help executives build successful legal teams.

Some background: Legal teams are . . . different.

Legal plays a weird role in your company.

The contract-negotiating part of the team (usually called the “Commercial” team) is, at the most basic level, mitigating risks of low probability, high impact events. When I say “low,” I mean low. Have you ever been sued for patent infringement for using a vendor’s product? No? Me neither. But, if you do get sued, you want that indemnity because it could cost you a lot of money to defend it.

The advice-giving part of the Legal team is in a similar, but more difficult, position. It too is solving for low probability, high impact events. And it similarly slows you down. The additional challenge for the advice-giving team is that it needs to know just about everything in the company in order to do its job well.

Step 0: Understand that Legal is an advisory function, not an executive one.

“What's your risk tolerance?" is the most common question execs ask prospective GCs.

This is a trick question!

The in-house counsel's job is to opine on the legal risk of a particular option and, if available, suggest alternatives. The business can then take that information and make expected value calculations and decide what to do. (Everything boils down to expected value.)

It has to be this way because lawyers don’t have enough information to weigh the benefits against the costs, and their incentives are to minimize risk, not maximize the return on any particular project.

(Note: For certain repeated types of work, like contract negotiations or litigation strategy, it can be efficient to delegate decision-making authority to attorneys. But even then, the lawyer shouldn’t have the final word if the contract or litigation is material to the operation of the business.)

Step 1. Decide what kind of Legal team you need.

Just as there are speed / cost / quality tradeoffs inherent in building a product, there are tradeoffs in building a legal team.

The right tradeoff for you depends on what legal issues you're facing.

  • Low Quality” is best where the legal risk is low but turnaround time really matters. B2B SaaS companies come to mind because they need contracts signed quickly but there isn't much that can go wrong. (Note: outside counsel is usually bad at this type of legal work because they are trained, and incentivized by legal malpractice risks, to address every issue).
  • Low Priority” is best where the company is heavily regulated or legal risk is key to the entity value but the average project takes a long time. One example would be a biotech startup--it will have a few key patents and patent licenses, but nothing particularly urgent.
  • Expensive” is best where activities are moderately regulated and speed-of-execution matters. Most consumer tech companies (for example, Snapchat, Facebook, etc.) choose this option.

Note: It's probably not a great idea to tell your lawyer that you consider her team "Low Quality." :)

Corollary 1 to Step 1 - Hire the right lawyer to lead your Legal team.

When you’re hiring your first lawyer to grow this function, make sure they understand the tradeoffs between speed, cost, and quality, and understand which parts of legal need which type of lawyer. For example, they should have an opinion about how quickly sales contracts should be turned around based on the risk.

Corollary 2 to Step 1 - The right Legal team will change over time.

Because of their low profile, many new companies will do best with a Low-Quality legal team but, as they grow in size and stature, they will want an Expensive or Low Priority legal team because the downside risk of getting something materially wrong (like export compliance or a massive employee-misclassification lawsuit) increases.

Step 2 - Agree on the Legal team's priorities.

Theoretically, every tweet, blog post, offer letter, firing, hiring, food-service contract, company party, feature improvement, and customer support ticket could create some legal risk.

Whether those are important depends on the particularities of your company's business model. For example, from the outset, Uber primarily faced taxi-regulations and independent-contractor-misclassification risk, YouTube faced copyright infringement risk, and Facebook faced privacy regulation risk; everything else was commonplace and ordinary.

Your Legal team should tell you where it thinks its  time is best spent (in the form of a stack rank) and you, based on your knowledge of the company strategy, should agree.[FN2] (Your security team will be doing the same thing, see Business risk for security engineers - Collin Greene).

Corollary to Step 2 - If something goes legally sideways in a low-priority area, don't blame the Legal team. That seems unfair.

Step 3 - Set expectations around what burden you're willing to suffer for legal review.

Legal review imposes a burden on your business operations. It takes time for legal to get back to you on a project, contract, or HR move, and you're going to have to explain the whole thing to him or her, remember to loop her in, and spend executive time deciding on the right course of action.

This burden is amplified by imperfect lawyering. Your lawyer may think it's her job to stop a project that carries some inherent legal risks (as outlined in Step 0, it isn't). Your lawyer may not understand the project or the law and give you the wrong advice. Your lawyer may ask your PM follow-up questions and schedule meetings so that she can understand the project.

How much of this burden are you willing to stomach in service of legal review? Is that level of burden different for your sales, business development team, and product team?

If the answer is "we want excellent advice about everything immediately" then you're going to find yourself in the "Expensive" category of the tradeoff triangle (I love this triangle!):

Step 4 - Decide how you're going to get the Legal team the information it needs.

In order to opine on legal risk (see Step 0), your Legal team needs to know what happened, is happening, and will happen. How are you going to get them this information? Some options:

  • Including the GC in all high-level company meetings;
  • Holding weekly executive syncs regarding legal issues;
  • Creating product launch calendars and up-to-date project docs; and
  • Inviting the Legal to team meetings in which legal issues could arise, like product, marketing, business development, and sales.

A Few Examples

Facebook (current version). Facebook chose the Expensive option and is willing to pay the maximum legal review tax because, among other reasons, it has an outstanding FTC consent decree that imposes punitive penalties for violations (Cambridge Analytica cost it $5B). Facebook therefore spends infinite money on its legal team (for example, their head of litigation is a former federal judge), requires that every project and marketing message must undergo legal review, has an up-to-date launch calendar, and a team of concierges dedicated to shepherding projects through the legal, privacy, comms, and security review processes.

TikTok. TikTok is on the other extreme. TikTok, despite being massively valuable and ubiquitous, hired its first GC this past November (2019) and doesn’t appear to refer issues to lawyers until they become impossible to ignore (like a letter from the FTC). As its value, profile, and attention from regulators increases, it will likely:

  • Choose the "Expensive" option;
  • Prioritize IP, privacy, and content moderation issues;
  • Require fast legal turnaround times on all of the above core issues; and
  • Change processes to incorporate legal review.

Additional Thoughts

  • Product security is in the same boat. The advisory part of the legal team is in the same boat as your product security team: it is solving for low-probability, high impact events, it needs information from across the organization, and it’s hard to figure out if it’s doing a good job.
  • Company culture can help. Company values can help too. A company that values legal compliance will make it easier for your legal team to get things done.
  • Sometimes the government chooses for you. Companies tend to respond to FTC actions and existential lawsuits by choosing a maximalist legal protection strategy. That is probably right for the immediate response (legal attention begets more legal attention). But, after the legal threat is over and dealt with, companies should re-evaluate their approach to legal risk.
  • Some advice for lawyers going through the interview process. If you're going to be the first lawyer somewhere, it's worth asking questions about the above. Like: "How much do you want me to opine on? How will the organization be giving me information? How quickly will you want things turned around? What's most critical?"Where should the legal team sit in the org chart? ‌‌I don’t know enough about organizational behavior to know what the tradeoffs are.

[FN1] Much more could be said here about when and how to hire your first lawyer. I couldn’t find anything useful on the Internet (the closest was this mostly contentless article). If I can think of something to say on this topic, I’ll write it up.

[FN2] I don't want to minimize how difficult it can be to agree on the magnitudes and relative importance of various risks. Executives and lawyers will bring their subjective experience to this, and if any of them have been in or narrowly missed legal jeopardy, they will likely over-emphasize that particular risk. Ben Horowitz, for example, likely is acutely sensitive to the risks surrounding stock-option plans.

‌‌