Risk management is a wide-ranging discipline that can be overwhelming for a new attorney. The key to getting one’s arms around it, according to Kristen Netschke, is not to “boil the ocean.”
“Just by diving into your specific area of operation and rolling up your sleeves, you’re going to reveal readily actionable and digestible items that you can do and that are going to result in benefits across the organization,” says the senior vice president, general counsel, and secretary for AmeriTrust Group. “It doesn’t have to be this scary, ambiguous concept that you don’t know how to apply in practice.”
That’s not to say it’s a lesson she learned in a day. After graduating law school, Netschke landed a judicial clerkship with the Michigan Supreme Court, which led to several years of practice pursuing litigation and appeals for a large Detroit law firm. Although she says becoming an in-house attorney wasn’t on her mind in those years, the work she did made others take notice. AmeriTrust, a commercial insurance underwriter and insurance administration-services company, approached her about a corporate counsel position.
“At first, I wasn’t sure how to respond,” Netschke says. “Eventually, though, I embraced the opportunity and took a risk.”
Since then, she’s been making waves, especially in the past two years, in her latest role. With the help of her team, she’s targeted several areas within the company for improvement and rolled out a series of initiatives aimed at bringing them up to date.
A New View on Contract Review
Having worked her way up as corporate counsel and assistant general counsel for AmeriTrust, Netschke is well acquainted with the company’s many contracts. Still, until assuming her current role, she had not been tasked with considering how contracts flowed into the legal function before returning to the business. “I realized we had a very decentralized method of contract management, which was definitely contributing to unnecessary risks, distractions, and delays,” she says.
In light of this, Netschke and her team set out to imbue the process of review with some necessary internal structure. By streamlining the contract review system, the team ensured that any commitment of resources and anything obligating the company was properly reviewed, prepared, approved, and executed.
“By centralizing the contract function and being able to monitor the workflow, it created an opportunity for us to start tracking metrics, which we could use to identify and remedy inefficiencies that existed,” Netschke says. “We were also better able to focus our attorney effort—because there are only three of us—on higher-value and higher-risk agreements or transactions.”
The new policy requires all contracts to be directed through the legal department. Netschke’s team sent out and trained employees on proper procedures, implemented explicit requirements for contract review, and built in a few measured exceptions.
“We didn’t want to be too onerous, because ultimately we want to help the business achieve its goals out in the market,” she says. “I’m working very hard to override the stigma of a legal department being a ‘department of no.’ We want the company to know we’re a resource for them. We’re here to help, not hinder.”
Thumbing Through the Records
Netschke and her team also set about refining AmeriTrust’s record-retention policy, which hadn’t been updated in years. “In today’s world, it’s very important to have a record-retention policy that’s a fluid, living-and-breathing document,” she says.
The team drafted and implemented a new policy that made the record-retention process less complicated. Her team also hosted various webinars and on-site meetings to help colleagues follow through on the new system. “I’m a firm believer that a policy is just a policy without acting responsibly to support and enforce it,” Netschke says. “We appointed record managers from each of the functional areas of the company, and they’re tasked with scheduling, implementing, and maintaining a record-cleanup day on an annual basis. They also track the metrics of what they’re doing, what they’re deleting, and what they’re keeping so that we can actually measure the value coming out of the new retention policy.”
The new approach will help protect the company, too. “Keeping records for longer or shorter than needed is going to expose any company to unnecessary risk,” Netschke says. “There are also operational and regulatory requirements that obligate us to be responsible with our records.”
As AmeriTrust’s records—and the company’s data in general—become increasingly digitalized, Netschke and the company’s leadership also find themselves focused on cybersecurity concerns. “We really wanted to bolster our existing cybersecurity processes and procedures and bring AmeriTrust in line with best practices when it comes to data security,” Netschke says.
This has involved recruiting a chief information security officer as well as an internal security director. In addition to creating these positions, the legal department is also working closely with security liaisons from AmeriTrust’s IT department.
“There are myriad regulations now regarding data security and privacy,” Netschke says. “Our goal was to protect the company in the best way possible by creating a dedicated security team for the task. As a company, we’re striving to optimize value for our shareholders, policyholders, and employees. To do that, it’s extremely important to understand how the world might be changing and what uncertainties might impact our financial strength, our earnings potential, and even our social responsibility.”
It doesn’t just protect the company either. It emboldens the entire organization. As Netschke puts it, “Having risk management as a process that’s actively scanning that environment, looking at those risks or opportunities, and developing ways to mitigate or monitor them is a very effective way to drive value.”