Legal Risk Management A Heightened Focus For The General .
Legal Risk ManagementA heightened focus for theGeneral Counsel
Legal RiskEntityManagementManagement A heightenedBeyond compliancefocus for the General CounselContentsForeword3What is legal risk?5Accountability6Assess and control8Monitor and report11Technology12Interaction with regulators14In time.15Contact172
Legal Risk Management A heightened focus for the General CounselForewordCompanies, their boards and GeneralCounsels (GCs) face a constantly evolvinglandscape with exposure to financial andreputational losses if legal risks develop.This has created an expectation that inhouse Legal teams will do more to identify,manage and mitigate the legal risks in theirorganizations. In the financial servicessector, there is increased regulatoryinterest, particularly looking at how Legalfits into the wider organizational riskframework. These combined pressuresare causing organizations to identify andmanage more effectively the overlaps andgaps between Legal and the business(including other functions).and legal-specific ones, which we exploredin ‘What’s Your Problem? Legal Technology.’As the Legal function transforms, so doesthe way in which it contributes to theorganization’s risk management, playinga greater and more proactive role thanhas historically been the case. This hasresulted in more explicit consideration ofwhat constitutes legal risk, how it should bemanaged and by who.This point of view looks at the keyconsiderations in approaching legal riskmanagement and examines the stepsbeing taken in getting to grips with legal riskmanagement. As part of our research, wesurveyed a large number of businesses inmultiple sectors to compare and contrasttheir relative maturity levels*, and provideour view of what the future holds in relationto the management of legal risk.GCs are re-evaluating their operatingmodels as discussed in our paper‘Optimizing your organization’s in-houselegal operating model.’ In-house Legalteams are also making greater use oftechnology, both enterprise-wide systemslitigation sfailuredamagesfines contractualprotectrisklegalLuis Fernando GuerraGlobal Leader, Deloitte Legalinadequate* See page 18 for more information about our survey and methodology.3
Legal Risk Management A heightened focus for the General CounselLegal Risk ManagementWhat is the definitionof legal risk?What organizationalWhat interactionstructure and skillsis there withare needed toregulators aroundensure appropriatelegal risk/legal riskmanagement ofmanagement?legal risk?Who in theHow can technologyorganization isenable better legalprimarily accountablerisk management?for legal riskmanagement?What does good legalrisk monitoring andreporting look like?4
Legal Risk Management A heightened focus for the General CounselWhat is legal risk?Mind-set changeLegal risk management as a discipline is a relatively new way ofthinking for many in-house legal teams. The growing expectationin the financial services industry from other departments andregulators is that Legal gets explicitly involved in formal riskmanagement processes. When defining legal risk – which has beenframed as reputational impact, operating or financial losses andissues affecting the organization’s ability to do business – it is clearthat Legal needs to do more than the “day job” to identify, manageand mitigate legal risks.A narrow or broad definition?Some organizations apply a narrow definition in which legal risksare solely those arising from Legal’s operations such as resourcingdecisions (in-house provision versus use of law firms), the qualityof the advice provided by Legal and the conduct of its lawyers.Such a definition fails to take account of the many other risksthat an organization faces which have a legal component, forexample financial crime, conduct and legal risks arising from anorganization’s operations ranging from contractual to intellectualproperty disputes. The underlying activities may be owned byother parts of the business. Yet to deny some Legal functionresponsibility for managing the legal risk inherent in those activitiesdoesn’t make sense and could result in responsibilities fallingthrough the gap between Legal and the business. Hence, manyorganizations apply a broad definition of legal risk whichencompasses any risk faced by the business which has a legalcomponent. Surprisingly, our surveys found that there are still anumber of organizations—41% of non-banking and 14% of bankingrespondents—with no definition of legal risk. Where a definitionwas in place, this still varied widely in definition and focus, reflectingthe lack of a legal industry standard definition for legal risk.Of more importance than definition is identifying the risks, legaland otherwise, that the organization faces and establishing aneffective framework for their management so that responsibilitycan be allocated between Legal, other functional areas andthe business.At Deloitte, we have developed a legal risk taxonomy to helpboth in-house Legal functions and those responsible for theorganization’s risk management system to better understandthe legal risk landscape. The key risk areas we have identifiedencompass both narrow components owned by the Legal function;and broad ones – such as contractual, intellectual property,legislative changes and legal advice into other risk areas suchas financial crime, conduct, employment and technology. It isclear from this that understanding legal risk is as much aboutunderstanding the organization’s rights and obligations as it isabout understanding the letter of the law.Surprisingly, our surveys foundthat there are still a number oforganizations—41% of non-bankingand 14% of banking respondents—withno definition of legal risk.A separate riskIn the past, GCs and organizations have often not consideredlegal risk as a category in its own right and it has been subsumedwithin other risks rather than being explicitly identified inrisk management frameworks managed by Operational Risk,Compliance or Internal Audit. This may have been the case forfinancial services because Basel II defined legal risk as being a partof operational risk. Another reason for this lack of identificationof legal risk in its own right could be because of its comparativelower profile when compared to other risks arising from financialcrime, conduct and duty of care, IT and cyber security which canhave a much larger impact on the viability or capital adequacy ofan organization. However, the level of fines for many businessesover recent years has driven significant changes in the profile oflegal risk in those organizations and peer group companies.5
Legal Risk Management A heightened focus for the General CounselAccountabilityOn a narrow definition of legal risk, it isclear that the GC and the Legal function areaccountable for identifying and managingthose risks which arise from Legal’soperations. In the three lines of defensemodel, a commonly used risk managementframework across the survey participants(70%), the Legal function is the first lineand others (typically Risk and Compliance)need to fill a second line role in relation tothese risks.However, the consensus is that a broaderdefinition of legal risk should get morefocus from the Legal function. Everyoperation and function of an organizationruns risks which need to be controlled oravoided. Many of those risks have a legalcomponent. Legal needs to work across theorganization to identify those legal risks,set the appetite for each risk and agreethe roles and responsibilities for legal riskmanagement including accountability andthe controls or other mitigation measuresto implement. GCs and risk specialists willneed to collaborate to develop an effectiveframework that captures the multitude oflegal risks that exist in organizations anddesign controls to mitigate the most critical.Who owns the risk?Ownership of risk will be determinedby the structure of the organizationand where the expertise sits to manageit. On a broader definition, businessmanagement own legal risk (including theGC in respect of legal operational risk)and Legal and other functions providesupport and advice. Where businessfunctions have first line responsibility forlegal risk management, Legal’s role is toestablish policies, raise awareness, adviseand monitor the effectiveness of controlsand mitigations. Legal needs to educatebusiness management so that they arebetter able to manage legal risk – what to6do, what not to do and the implicationsif specific legal risks are not properlymanaged.check the work of the Legal function. Thisis discussed further in the section entitled“Monitoring”.Global implicationsIn multinational corporations, there isa significant coordination and horizonscanning role for Legal. Across theorganization’s geographical footprint,Legal needs to understand the legal risksarising in each country and how somerisks may cross borders, potentiallycreating a double or multiple exposureif the risk materialises. Understandingthe consequences of a breach for theorganization, its directors or individualemployees is essential in determining therisk appetite and the efforts which shouldbe deployed in managing or avoidingthe risk. Where significant penalties areinvolved, such as for failures in relation tothe GDPR, or criminal sanctions, as canbe the case where corrupt practices areuncovered, Legal will need to work withother specialists and in-country teamsto raise awareness of the corporate andindividual consequences of particularrisks crystallizing. For some groups, thishas involved shutting down operations incertain jurisdictions or not trading withthem, managing the risk by avoiding it.Policy ownershipPolicies are a common approach to drivingclear accountability for management ofrisks across an organization. Many Legalfunctions have policies concerning theiruse of law firms/other third parties, forwhen a mandatory referral to the Legalfunction is required and some will havepolicies for specialist areas.IndependenceIt is accepted that the GC and the Legalfunction need to maintain a degree ofindependence from the organizationthey serve to maintain their objectivity inproviding advice. Where Legal is filling afirst line of defense risk management role, arobust second line would ideally be in placeto avoid the potential (real or perception)that Legal’s objectivity is compromised.This is best achieved when those actingas the second line sit outside the Legalfunction. However, this is when problemsemerge as it is difficult for non-lawyers toThe survey results illustrate Legal is notusually accountable for all areas that giverise to legal risk; for example, Conductand Anti-bribery will often sit underCompliance. This highlights the importanceof clear accountability and agreed rolesand responsibilities between Legal, otherfunctional areas and the business toensure that legal risk does not “fall betweenthe cracks”.In the three linesof defense model,a commonly usedrisk managementframework across thesurvey participants(70%), the Legal functionwill most often play acombination of a first andsecond line role dependingon the activities
Legal Risk ManagementLegal EntityA heightenedManagementfocus for theBeyondGeneralcomplianceCounselKey policy areas owned by the Legal function*Number of organizations surveyed908070605040302010erthOctdut ios&AcquisiagemConnstenygererMCont ractDatManaPri vioruptdanryibeAnti -Bracns/bangeschnioislatLegCorti tpeComreaciohentyerProptualecIntellt ioigaLitUseofLawn/dispFirmutess0* See page 18 for more information about our survey and methodology.7
Legal Risk Management A heightened focus for the General CounselAssess and controlHaving established the more prevalentbroad definition of legal risk, riskmanagement responsibilities will be ownedboth within the Legal function and by thebusiness, how does the GC understand thelevel of legal risk across their organization?What structure and skills need to be inplace to achieve effective managementof legal risk? This will depend on a varietyof factors, including the industry inwhich the organization operates and thelevel of regulation to which it is subject,whether the organization is centralized ordecentralized and its strategy in areas suchas intellectual property development orgrowth through acquisition.Assessing legal riskAn assessment of legal risk exposureacross an organization should beundertaken for each area of legalrisk. This can be a highly subjectiveexercise, however, we find that using acommon framework of risk factors suchas regulatory, customer, financial andreputational implications, historical lossdata (where available) and consideringdifferent risk event scenarios providestructure to this process. With operationalrisk’s support, Legal is able to leverage theorganization’s experience and ‘lift and shift’concepts from other risk functions, withwords and methodology tailored to thetypes of risk identified.Risk appetiteIn addition to defining what is meant bylegal risk, some organizations (38% ofthe respondents in our survey) have inplace/are developing a legal risk appetitestatement. This should not be a blanketapproach, applying one appetite level to allrisks. Instead it should be more nuancedwith differing appetites depending onthe type of risk involved and potentiallythe different jurisdictions and operatingentities in which the risks arise.8Clearly, all organizations will want toidentify any significant risks and some willdecide to eliminate them. For example,the legal risks associated with a particularproduct launch may be so high as to resultin the launch being terminated. Other risksmay be transferred, for example, by the useof insurance.Some risks may be tolerated and dealt withreactively if they arise. Other risks may bemanaged or treated proactively either tomitigate the risk of them occurring or tooperate measures to manage them withincertain tolerances.ControlOnce legal risks, risk owners and riskappetite are identified, the organization canset about considering the level of control toput in place to manage different legal risks.Controls will vary from risk to risk. Wherelegal risks are low, the risk may be toleratedwhere the Legal team deals with issuesas they occur with minimal investment incontrols. An example of this: a consumerbusiness with low intellectual propertyrisk that decides to manage intellectualproperty issues only when they arise.For higher legal risk such as competitionrisk, more resource and investment incontrol could be appropriate to proactivelybring the risk within risk appetite. Forexample, this could require policy setting,comprehensive training programs acrossthe organization and more active reviewand involvement from lawyers embeddedin business processes to addresscompetition risks proactively.Controls to address legal risk may beowned and operated outside the Legalfunction, however, they are an importantpart of the legal risk managementframework. An example is the use ofcontract templates to manage contractualrisk, with responsibility for using andcomplying with these templates theresponsibility of business teams, not Legal.Legal still needs to consider whetherthe controls in place are managing thecontractual risk to an acceptable levelfor the organization and whether more,or conversely less, control is required.Where contract risk is owned by thebusiness, controls may require that anycontract over a certain value is reviewed bythe Legal function. Moreover, what checksare in place to make sure this happens?If referred to Legal, is their review checkedby another lawyer, or is the organizationhappy that someone outside of Legaljust checks that the review has occurred?All of these steps form part of the legalrisk management framework which theorganization establishes, based on mappedprocesses and implemented controls.
Legal Risk Management A heightened focus for the General CounselStrategy and operating modelimplicationsAssessment of legal risk and where legalresource should be invested and focusedshould be a key driver in deciding thestrategy and legal operating model foran organization. Which activities Legalwill continue to own and which will bemanaged elsewhere, the nature of legalexpertise required, the balance of in-houseresource and external counsel and the useof technology are all decisions that shouldbe influenced by the legal risk profile ofan organization.Work with expertsLegal should not be expected to do it alonewhen developing a more mature approachto legal risk management. It is essentialthat organizations adopt a multidisciplinaryapproach which leverages the skills of theLegal Chief Operating Officer (if they haveone), legal project management specialists,risk experts who are able to advise on thebest controls and mitigations on a risk-byrisk basis and technologists to advise onthe best technology to use for legal riskmanagement purposes. These risk andtechnology specialists can also help Legalto identify new risks in new technologieswhich the organization is either sellingor purchasing. Across the respondentsto our surveys, legal risks are generallymanaged using the organization’s owncompany-wide, operational risk system.Fewer than 10% of respondents to bothour surveys use a legal specific riskmanagement system.comprehensively managed and ensuringthat Legal maintains its independence anddoesn’t “mark its own homework” by fillingfirst and second line roles in relation to thesame risk. The three lines of defense modelcan also be a useful framework to definewhat monitoring requirements should beput in place to manage legal risk.Some organizations see the disciplineof legal risk management as a key areaof expertise for future leaders of theLegal function. In others, responsibilityfor managing legal risk is rotated arounddifferent lawyers in the team to furtherbuild expertise and develop career paths.We discuss this further in the section“Monitoring”.Awareness raisingLegal’s advisory function is criticallyimportant to helping other parts of theorganization to understand the legalrisks involved in their activities, mitigatingrisk through awareness raising ratherthan leaving non-legal colleagues tomanage legal risks or to apply controlsby rote without understanding the riskwhich the control is designed to mitigate.This upskilling can be achieved withoutmaking everyone in the organization alegal expert. In the same way, risk andtechnology specialists can raise awarenesswithin Legal of best practice approachesto risk management and help Legal tounderstand new technologies. Thatway, legal risks inherent in them can beidentified and managed.Three lines of defenseMany organizations—two thirds of nonbanking respondents and all apart fromone of the banks we surveyed—applythe three lines of defense model in themanagement of legal risk. Unsurprisingly,given that a broad definition of legal risksdominates, Legal often operates in a mix offirst line and second line risk managementroles. The most important considerationis to make sure the legal risks are9
Legal RiskEntityManagementManagement A heightenedBeyond compliancefocus for the General Counsel10
Legal Risk Management A heightened focus for the General CounselMonitor and reportThe measurement challengeLegal risk is often seen as hard to track,measure and report. This is either becauseit is absorbed into primary operationalrisks or the risk is qualitative rather thanquantitative. Even where a risk develops,such as litigation, this would result in afinancial loss, putting a number on thatexposure involves a number of variablesincluding the often subjective likelihoodof success or failure, the potential costsincurred by both parties in getting toa resolution, the degree to which thedefendent is responsible for the claimant’scosts, the extent to which any losses areaddressed by insurance cover and whathappens in court on the day. Where theexposure relates to reputational loss, it isharder to measure.MonitoringWith the legal risk framework in place, amonitoring and reporting regime can beestablished covering both the effectivenessof the legal risk management frameworkand flagging emerging exposures and theremediation of failures.context and can react immediately in amore appropriate and nuanced way. Bycontrast, where monitoring happens fromthe center this can result in time delays,missing what is important or focusingon non-issues. That said, there are alsobenefits to centralization which includeensuring standardized and consistentadvice across the organization or to reflecthigh levels of risk and sensitivity in areassuch as competition.Reviewing whether lawyers’ responsibilitieshave been discharged effectively is adifficult area to monitor. Where there ismore of a standardized process with clearstages and control points such as contractdrafting and negotiation, it is possible tointroduce more typical controls testingand assurance activity. This is much moredifficult where legal professional judgementis being applied. Approaches from otherprofessions, such as auditing, that arebeing used in some Legal functions arepeer review within a legal team, as wellassurance teams made up of lawyersto provide independent review oflawyers’ work.The most effective monitoring usestechnology to supervise risks and controls,however, this is currently more widespreadfor operational risk management than forlegal risk. In the contract arena, a contractmanagement technology solution canprovide ongoing monitoring of variationsfrom key contract clauses across anorganization to determine the level oflegal risk being carried across a contractpopulation. Whether monitoring andreporting is enabled by technology or not,Legal needs to understand what it wants tomonitor upfront.Assurance principles from otherorganizational areas are also being appliedto legal risk by taking a risk-based approachto monitoring and assurance activitiesfocusing effort on the areas of highestlegal risk. Development of controls testingand assurance programmes is an exampleof this which is becoming more commonplace. This involves reviewing the designadequacy of key controls to address legalrisk, and where proportionate, also testingthe operating effectiveness throughrisk-based sample testing.In multinational organizations, monitoringworks best when it happens close to,yet independent of, the business. Thatway, those undertaking the monitoringhave the best understanding of the localReportingThe fruits of this legal risk managementshould be regularly reported to risk oraudit committees and the board. TheLegal function should also have anappropriate escalation route for urgentrisk matters. In many organizations today,this may consist largely of reportinglitigation risks and open cases to theaudit committee throughout the year.In a more mature legal risk managementenvironment, all the other categories oflegal risk such as contractual, intellectualproperty, competition or anti-trust,data privacy, legislation and operationalrisks, will be monitored and reportedwhere appropriate.The most effective reporting frameworkswill include key risk indicators (KRIs) asautomatic reporting triggers to reducereliance on subjective decisions by risk andcontrol owners as to what they report. Inour surveys, the majority of respondentshave some sort of reporting and a subsetof those use KRIs. However, the bestmonitoring and reporting relies on highquality data to drive risk managementmetrics and many organizations continueto struggle with where this data is heldand how to get access to it and to reporton it real-time. Again, Legal should drawon the experience of risk and technologyspecialists to assist in getting hold of thisdata and interpreting and presenting itin a way which helps both risk ownersand those charged with governance tounderstand its implications.11
Legal Risk Management A heightened focus for the General CounselTechnologyThe use of technology to enable bettermanagement of legal risk is a developingarea. In our survey, the most commonuse of technology was organizationwide operational risk systems to helpidentify, assess and report on legal riskand control across the organization.However, outside of this, there was verylittle use of technology to manage legal risk.As technology matures in the legal sector,this is an area we anticipate will evolvesignificantly.A changing skills mixAs legal risk management moves up thecorporate agenda and Legal functionsrefine their operating models, technologyis receiving increased focus. This isreflected in the recruitment by some ofthe technologists and data scientists, andthe use of technology to automate sometasks and provide insightful reporting.Legal’s needs are likely to be met througha combination of risk management-specifictooling and the incorporation of legal riskparameters into other technologies. Forexample, contract management technologycould analyze contracts to identify higherrisk clauses or include prohibitory controlswhich reflect the organization’s legal riskappetite to prevent the execution of acontract which falls outside the appetite.An organization might have certaincategories of assets that it was prepared toaccept or pledge as collateral for a contract.If the operations department attemptedto complete a contract with unacceptablecollateral, the system would reject thecontract.Quality dataTechnology can also support monitoringand reporting by enabling an auditableenvironment, allowing access to dataand improving reaction times for bothproactively mitigating legal risks and12effectively managing those legal risks whichhave crystallized. Resource allocationtechnology allows Legal to profile itsworkload and make sure it is focused onthe right things. For example, tooling couldhelp to identify the number of incidentsacross the organization in relation tospecific risks so that effort can be directedto monitoring and potentially identifyingthe root causes of areas of heightened legalrisk. In this way, technology increases riskoversight and control providing Legal withgreater visibility across an organization.It provides increased coverage of businessactivities than would be possible through apurely manual, people-based approach.Use casesOther areas in which technology isincreasingly being used as a component oflegal risk management include: Non-compliant event reporting. Althoughdependent on access to data, throughthe use of technology this can be turnedinto insights to help strengthen legal riskmanagement The creation of management information(MI) which ensures that the wholeorganization has visibility on risk areasand can plan for and mitigate these riskseffectively Exchanging information with regulatorsto demonstrate that measures are inplace to improve compliance Fraud monitoring and detection, and callmonitoring especially in environmentswhich combine huge transaction volumeswith the need for rapid reporting eDiscovery Case management tooling allowing forcases to be risk-rated Horizon scanning of large volumes ofinternet data and websites to identifylegislative changes Litigation predictive analytics using largevolumes of case precedents to betterinform legal decisions to settle or fight Chatbots covering legal policy areasproviding greater managementinformation and insight to the type ofquestions coming into the Legal functionand trends/potential risk areas Whistleblowing
Legal Risk Management A heightened focus for the General CounselTechnology Enabling Legal Risk ManagementCross-departmental technologyIdentification, assessment and reporting of risks and controlsEnterprise risk management systemsTransparency and reporting of legal activity and risk profileMatter management & eBillingManaging legal instructions and business self serviceWorkflowManaging documentary informationDocument management systemMaintaining knowledge, insight and precedentKnowledge management database Contract extraction andreview Assisted due diligence &remediation Patent auto drafting IP portfolio management Patent/copyright search& review Brand protection &anti-counterfeit Global competitionlaw database Contract drafting,negotiation & execution Blockchain/smartcontracting Obligationsmanagement Online trainingIntellectualproperty Contract analytics Web crawling/risksensingCompetitionand on Policy applications &chatbotsLitigation Privacy impactassessment tooling Records managementtoolingBenefits oftechnology Trend spotting Transparency Standardization &consistency EfficiencyLegal RiskAreasData PrivacyHere are someexamples oftechnology usecases availableto improve themanagementof legal risk Improvedreporting, KeyPerformanceIndicators Web crawling alert Policy application &chatbots Managementinformation Horizon scanning tooling eDiscovery Predictive case analytics Legal hold management Legal & regulatoryingestion Robotics for reporting Sanctions monitoring Voice and sentimentanalytics13
Legal Risk Management A heightened focus for the General CounselInteraction with regulatorsPrimary responsibilityThe GC typically has a role in interactingwith regulators, although more oftenthan not specifically in relation to legalrisk. In large regulated organizationswhich separate ownership of legal risk,regulatory risk and compliance risk intodifferent teams, this may be less frequentas interaction is shared between the GC,the Chief Compliance Officer and the ChiefRisk Officer. In smaller or less regulatedorganizations, all three areas may sit withinthe Legal department under the overallresponsibility of the GC. The extent ofinteraction by the GC with regulators (andhow proactive this is) will be dictated inlarge part by ho
Legal Risk Management A heightened focus for the General Counsel On a narrow definition of legal risk, it is clear that the GC and the Legal function are accountable for identifying and managing those risks which arise from Legal's operations. In the three lines of defense model, a commonly used risk management
81. Risk Identification, page 29 82. Risk Indicator*, page 30 83. Risk Management Ω, pages 30 84. Risk Management Alternatives Development, page 30 85. Risk Management Cycle, page 30 86. Risk Management Methodology Ω, page 30 87. Risk Management Plan, page 30 88. Risk Management Strategy, pages 31 89. Risk
Risk is the effect of uncertainty on objectives (e.g. the objectives of an event). Risk management Risk management is the process of identifying hazards and controlling risks. The risk management process involves four main steps: 1. risk assessment; 2. risk control and risk rating; 3. risk transfer; and 4. risk review. Risk assessment
Tunnelling Risk Assessment 0. Abstract 1. Introduction and scope 2. Use of risk management 3. Objectives of risk assessment 4. Risk management in early design stages 5. Risk management during tendering and contract negotiation 6. Risk management during construction 7. Typical components of risk management 8. Risk management tools 9. References .
Succession planning Risk communication Risk culture Stronger: OCC’s heightened expectations Enhancing risk management and driving growth 3 Enforcement: What’s at stake Due to 12 CFR, Part 30, the OCC now has wide latitude to de
Risk Matrix 15 Risk Assessment Feature 32 Customize the Risk Matrix 34 Chapter 5: Reference 43 General Reference 44 Family Field Descriptions 60 ii Risk Matrix. Chapter 1: Overview1. Overview of the Risk Matrix Module2. Chapter 2: Risk and Risk Assessment3. About Risk and Risk Assessment4. Specify Risk Values to Determine an Overall Risk Rank5
Standard Bank Group risk management report for the six months ended June 2010 1 Risk management report for the six months ended 30 June 2010 1. Overview 2 2. Risk management framework 3 3. Risk categories 6 4. Reporting frameworks 8 5. Capital management 10 6. Credit risk 17 7. Country risk 36 8. Liquidity risk 38 9. Market risk 42 10 .
injury case - may apply for civil legal aid (since this leaflet deals only with civil legal aid, where we refer to "legal aid" we mean "civil legal aid"). Legal aid is financial help from public funds. It helps people who qualify to get legal advice and the help of a solicitor to put their case in court.
First aid at work – your questions answered Page 3 of 8 Health and Safety Executive The findings of your first-aid needs assessment (see Q3) will identify whether first-aiders should be trained in FAW, EFAW, or some other appropriate level of training. EFAW training enables a first-aider to give emergency first aid to someone who is injured or becomes ill while at work. FAW training includes .
