The 4 Ways to Manage Legal Risk
You're staring at a client contract and you have two choices: sign it as-is because you don't want to rock the boat and risk losing the deal, or spend hours agonizing over whether it's safe to sign.
Either way, you're flying blind because you don't have a framework for making these decisions.
This is why I'm so loud about legal risk. Because it gives you a framework and strategy for making business decisions based on facts instead of feelings. Not because feelings are bad, but because feelings can only get us so far.
A feeling can tell you that there's something off about your client's contract, but understanding legal risk is often the thing that helps you identify what it is so you can either fix the issue or keep it moving.
If you haven't already read my post on what legal risk is and why it matters, I suggest you check it out. Then when you're ready, come back here to talk about risk management strategies.
As I've said before, once you identify the risk, you need to decide how to manage it. In this post, I'm going to explain what risk management is and walk you through the 4 primary risk management strategies and give you an example of how each strategy works in the same situation.
Understanding Risk Management as Your Decision Framework
First, let's get clear on what we're actually talking about here. Risk management (sometimes called risk mitigation) is about reducing the possibility of violating regulations or getting sued, protecting your business assets, and minimizing potential losses if something does go wrong.
Risk management is not about eliminating all risk. That's impossible, and honestly? It would probably be bad for business anyway.
Hear me out: business is inherently risky. That's why I always say there's no such thing as perfect protection. And because business is inherently risky, it's basically impossible to get rid of any risk altogether, nor do you want to. It's taking smart, calculated business risks that helps you grow your business. Without some risk, chances are, your business would never grow.
So risk management is about understanding what could go wrong and deciding how you want to handle that possibility. For every legal risk you face - whether it's in a contract, a business decision, or just how you structure your operations - you have four options: accept it, reduce it, transfer it, or avoid it completely.
Different strategies work for different businesses and situations. The key is knowing which strategy makes sense for your specific context according to your business and your own personal risk tolerance.
Strategy #1: Avoid Risk
This is exactly what it sounds like - taking action to get rid of your exposure to a specific risk.
The classic example is forming an LLC to separate your personal and business assets. When you operate your business without registering it as a legal entity, your personal stuff (house, car, investment accounts) could potentially be on the line if someone sues your business.
When you form an LLC and follow the rules for keeping your personal and business assets separate, you manage that risk by avoiding it entirely.
Here's are some characteristics of business owners who often choose to avoid this risk:
A lot of business owners register their business as a legal entity to avoid the risk because they never want their personal assets to be available fulfill a potential judgment against them
Business owners who work in or with regulated industries
Business owners who are professionally licensed
Business owners whose work involves sensitive or confidential information like customer data.
How to implement this strategy:
For folks who are avoiding this risk, it's not enough to register your business as a legal entity. You have to keep your business finances and assets separate from your personal finances and assets. You also need to sign all business contracts under you correct business name and not in your individual capacity.
Strategy #2: Accept Risk
Accepting a risk is pretty much identifying it and saying, "That's fine."
If we use the same example of your personal assets being available to fulfill a potential judgment against your business in a lawsuit, then some business owners will look at the risk and feel fine about it.
That means they won't register their business as a legal entity and will just be what's called a sole proprietorship. They don't need to have a separate business bank account or separate their business and personal assets. Though I do recommend that these folks file for a tax ID number for their business with the iRS so they aren't sending their social security number to every client the work with (via a W9).
For a lot of folks I've worked with, accepting the risk of personal liability is totally fine, so let's look at some of the key characteristics of business owners who have utilized this strategy:
People who don't have a lot of personal assets. They rent their home, don't have a car, don't have investment accounts, etc. They're not worried about losing things because they don't have much to lose.
Folks with low-stakes businesses where the likelihood of major problems is very small (example: you blog about the best restaurants)
Folks with high risk tolerance
How to implement this strategy:
Be honest about your risk tolerance and actually _decide_ to accept the risk rather than just ignoring it. And remember - accepted risks should be reassessed as your business grows and changes. I recommend reviewing the risks in your business at least annually to see if your mitigation strategies still make sense.
Strategy #3: Reduce Risk
This strategy is about taking action to decrease either the likelihood of something going wrong or the potential impact if it does.
If we go back to our original example where you were deciding whether to sign a contract as is or walk away, risk reduction in this situation would present a third option: ask for changes to the contract to reduce potential risks to you.
For most consultants and freelancers, the biggest risk you face in contracts is not getting paid. So editing key terms like project scope (to prevent scope creep and you doing work for free) and payment terms (to ensure you get paid some upfront and more as you turn over each deliverable).
You'll also want clear terms that say what happens if the contract ends early, especially for work you've already completed but haven't been paid for.
Making this kinds of changes to a contract, reduces the risk that you might not get paid, but it doesn't eliminate the risk altogether because well, you can't control your client.
How to implement this strategy:
When it comes to ensuring payment, specific is better. If you write, what writing services do you offer? List all of the services your client asked for specifically in the contract. That way, anything they ask for that's not that service is outside the scope and will require extra payment.
State how many revisions are included in your work.
State how much you'll get paid, how you'll get paid, and when you'll get paid clearly. If you're getting paid overtime, include a payment schedule where each payment amount is tied to a deliverable (example: First draft of book - $4,500; or Delivery of Discovery Phase Report - $11,000).
The more specific you are, the easier it is to enforce the contract and reduce your risk of not getting paid.
Strategy #4: Transfer Risk
This is about shifting the financial burden of a risk to someone else, usually an insurance company.
Business insurance is the obvious example, but you can also transfer risk through contract terms. The common example that makes everyone's head spin is indemnity.
In both cases, if someone sues you, then the responsibility for defending against the lawsuit and fulfilling any judgment against you falls to your insurance company or the person who is contractually obligated to indemnify you.
Here are some characteristics of businesses who opt for business insurance and/or require indemnity from their clients:
They have team members (employees or contractors). Since you can't ensure your team members won't make mistakes, having insurance to cover them can be a great idea
Folks who want another layer of protection for the personal assets and a layer of protection for their business assets. Business insurance protects both.
Folks whose work involves and/or impacts specially protected classes like children, the elderly or disabled folks. Requiring indemnity from clients in these circumstances can be crucial.
How to implement this strategy:
Make sure your insurance policy limits align with your contract terms. If you have indemnity or limitation of liability clauses in your contracts, then they need to be capped at whatever your insurance policy limit is. Your insurance policy and your contracts need to work together, not against each other.
Making This Work for Your Business
As you're thinking about managing risks in your business, remember these two things:
Every business is different. A freelance graphic designer and a data consultant and a corporate wellness consultant are all going to make different choices based on their risk tolerance, available resources, business goals, and what industry they're in.
Your risk tolerance matters. You can use one strategy to manage a risk, but if you're really worried about it, you can combine strategies (like having an LLC and business insurance). It's all about what makes the most sense for your business and that should take your risk tolerance into account.
The point isn't to follow some cookie-cutter approach. The point is to understand your options so you can make informed decisions instead of just hoping for the best or panicking every time a legal question comes up.
Ready to Get Strategic About Your Legal Risks?
Understanding these four strategies is powerful, but it's hard to apply them effectively knowing which risks actually matter for your business. The only way to fix that is to do a proper legal risk audit of your business.
If you want to learn how to apply these strategies to your situation, you need to start by identifying which legal risks actually apply to your business in the first place. Read Part 1 of conducting your own legal risk audit next.