Episode Transcript
[00:00:00] Speaker A: Hi everyone. Baker McKenzie's annual global disputes Forecast is upon us and in this episode we're going to look at some of its most compelling findings and what they mean for your E and C program. I'm your host Bill Coffin and this is the Ethicast.
Baker McKenzie has released their 2026 Global Disputes Forecast, which surveys 600 senior decision makers with responsibility for or a key role in litigation at large organizations.
The survey provides a wealth of information on what, why and how senior leaders are viewing today's biggest business risks with regards to how they might translate into complex legal disputes. Tariffs, sanctions and export controls are are seen as a dispute risk factor in the coming year, as well as concerns over cross border or multi agency investigations and persistent concerns such as cybersecurity, tax, employment and ESG are still top of mind.
Managing these competing pressures is a delicate balancing act and one that's hampered by constraints on resources. A notable 38% of respondents say that their 2026 disputes budget is insufficient to meet current disputes risk. With limitations to funding and resourcing emerging as the top barrier to litigation preparedness to bridge the gap between disputes awareness and readiness, organizations need to evolve their risk frameworks and advocate for investment in disputes preparedness.
Joining us today to lend their insights on these issues is Widge Devaney and Peter Tomczak. Widge is the head of Baker McKenzie's North American litigation and Government Enforcement Group and America's Chair of the Global Dispute Resolution Practice.
A former federal prosecutor, Widge represents corporations and individuals in internal and government facing investigations and enforcement actions, often cross border. An experienced trial lawyer, he also routinely represents clients in complex civil litigation and provides compliance advisory practice, particularly in the anti corruption sphere. He is the author of multiple publications involving such topics as the fcpa, cross border investigations and corporate compliance programs. He appears often in the print media commenting on current criminal matters. Widge, welcome to the Ethicast.
[00:02:16] Speaker B: Thanks very much Bill. Great to be here.
[00:02:19] Speaker A: Pete serves as Global chair of Baker McKenzie's global investigations, compliance and ethics practice. He is a member of the Steering committee of the firm's Global Dispute Resolutions practice and also serves on the firm's Global Professional Responsibility and Practice Committee and Cross Alliance Pricing Committee. Peter's principal areas of practice are corporate internal investigations, corporate compliance, and complex business disputes. He has conducted sensitive internal investigations, in particular those arising under the US Foreign Corrupt Practices act, for multinational corporations in more than 30 international jurisdictions. He also counsels clients and their boards on corporate compliance, esg and corporate governance matters. Pete, thank you for joining us. It's good to have you, Bill.
[00:03:01] Speaker C: Thanks for having me. Great to be here.
[00:03:03] Speaker A: The 2026 global disputes forecast opens with some pretty eye opening data around the kinds of risks that organizations are facing and, and how prepared they are for it. Global power dynamics and geopolitical forces are creating new regulatory, macroeconomic and technological realities faster than the speed with which many E and C teams can adapt. So how much do you see this current environment as a threat to organizations and how much do you see it as an opportunity to innovate new E and C best practices? Wade would like to start.
[00:03:33] Speaker B: Sure, Bill.
With threats and risks come opportunity. And I think that the respondents to the survey kind of nailed it on the head where the main threats are these days.
79% thought geopolitical disruption was the main threat.
80% mentioned technology, and another 78%, which really kind of folds into the geopolitical part, mentioned operational and supply chain risks. So if you look at those threats and take a look at it a little more micro level, when you're looking at the geopolitical or operational supply chain threats, you're looking at things like tariffs, sanctions, export control.
Over all of that is an enforcement, as an enforcement uncertainty. You see that enforcement is way down in the Department of Justice, it's way down in the SEC and where the government is putting its resources in terms of some false claims act in the healthcare industry, but tariffs as well. But there's this greater uncertainty about what will be enforced, how it will be enforced. Certainly when you get to the tech side, you're looking at cyber risk, probably number one, but also AI and they all play into each other and this data privacy risk. But with these risks come opportunities, even taking it. On the geopolitical side, you've got clients who have now asked us about, can we go back into Venezuela? How would we go back into Venezuela?
Even with this geopolitical disruption, companies are seeing opportunities. And in the compliance department, certainly there's a lot of opportunities being created around AI and how AI can be deployed within the compliance environment to really enhance the function but also make it more nimble. As you're seeing all of these risks.
[00:05:33] Speaker C: Take shape around the world, the pace of geopolitical change, it seems every Saturday we're revisiting something that we took for granted and now upending it. But as Wedge rightly noted, I mean, risk being uncertainty, there's a positive and negative Spanish in on that. And including, you know, there's a lot more business opportunities that are becoming available, industries that didn't exist 10 years ago. Or now suddenly as we talk to our kids in college, they are, those are the things they're looking at going into. And those are all accompanied by risks and particularly complying with law and the regulatory environment. You know, particularly as the, in the geopolitical side, if we look internationally and we look at alliances that used to move in sync are now moving in very different directions. I think we had a flavor of that in ESG between the EU and the United States.
We're seeing that trend continue.
That's tough to navigate. And I think what we're hearing from clients and one of the findings we saw in the survey was that it's just simply hard to even keep up with the pace of change.
So in approaching this, I mean there is a, there's a large amount of opportunity to be had, but there is a lot of work being done, not only in terms of just the sheer amount of regulation, but revisiting a lot of the paradigms that everyone followed for years. And then I think also in particular the complexity of, is how these are interacting. Which mentioned about trade. How do the new trade pressures impact supply chain? How do those impact anti corruption efforts? Where are you allocating scarce dollars, which is always a proverbial problem and how are those being, you know, what's the decision making behind that? Those are all things that again, very challenging. We're seeing that in the survey, we're feeling it in our practices and certainly we're hearing it from our clients.
[00:07:11] Speaker A: ENC teams are used to handling multiple types of risk at once. But the Global Disputes Report notes how organizations are often grappling with more than existential threat at once. And as we see over the course of that report, there is no shortage of major risks. So how can or should EC teams prioritize their risk and build a truly effective program resilient enough to handle multiple diverse exposures?
[00:07:35] Speaker C: Well, I'm glad you began by acknowledging because we see a lot of saying there are multiple risks now. And I think everyone would say, well that's been true for some time. I mean, being dissent on all sides is nothing new in this world. I think what was interesting, I thought in this year's findings is in past years there were one or two risks that were so overwhelmingly dominant, ESG or cyber in the minds of respondents. This year when you pull back the lens and looked at risks ranked from three to five and beyond, they really weren't that far behind the leading one or two risks. And so you're seeing kind of a convergence there of you could say there's a lot of problems and they're all equal.
You can then slice and dice the data and you'll see that there are certain areas, certain geographies, certain industries that have a greater risk sensitivity to various issues than others. But again, all of them sort of being ranked up there. I think in terms of your question of how to build a program that's resilient in dealing with. Dealing with a world where there are multiple risks. I think again the initial step is really to identify and prioritize risks. And that's not saying anything new, although I think it puts a premium on when you have so many risks and you're looking at them.
If they're all a risk and they're all a priority, that means none are going to be a priority. So you really have to be thoughtful in terms of how you're identifying and prioritizing risks. Key foundation for doing so remains the regular compliance risk assessment. I think even we're seeing some clients purposefully and explicitly ask this year what has changed from last year?
Asking the people they're collaborating with, what are the links you see between your risk you're talking about and various risks that others may be responsible for? On how to address multiple risks, there's really no single answer or structure. But there are important elements across various programs, one of which is assigning responsibility. And that's especially true for cross functional risks. Make sure there's not a tragedy of the commons, if you will.
The other is a collaboration across functions and locations. And how you actually do that, that's an interesting question. We're starting to see clients in addressing multiple risks, really take advantage of the opportunity to leverage and integrate systems, meaning technology platforms, even down to syncing calendars and formally structure meetings and interactions to promote collaboration. But we would also note in our findings, a large number of respondents, 45% identified internal organizational structures and another 38% identified challenges with cross border coordination as real limitations on organizational vulnerability. I think one other final point to remember is to assess actually the effectiveness of the compliance program.
Monitoring the compliance program, that's an important step now because as things change, you really want to make sure that the compliance program is well designed to take advantage, be flexible, and then address and mitigate those new risks and their complexities in how they're interacting with each other.
[00:10:33] Speaker A: 82% of respondents said that they are concerned about the possibility of their organization being subject to a cross border or multi agency investigation in the next 12 months with data preservation and forensics, cross border coordination and internal investigation protocols. As the top risks there. So since modern investigations often reverberate across borders, what recommendations do you have for organizations to get robust coordination mechanism in place before a multi jurisdictional investigation even begins?
[00:11:02] Speaker B: Yeah, I think if we look at the first principles of conducting an investigation and that goes to if the stakeholder, whomever that is, whether it's the audit committee or the management team or the government, depending on the investigation, if the stakeholder accepts the process, they'll accept your conclusion.
And so you really want to be.
[00:11:28] Speaker D: Focused on the process in an investigation, particularly across border investigation. And so much of that process today revolves around data.
I can remember when I was first a prosecutor and it was kind of just as every company now had email and I couldn't imagine how people had investigated or proven a case before email. I mean, how was that even possible?
Now most of the evidence has moved off emails into text messages, but even more so a messaging system, things like signal that disappear in an hour and various other things that my kids could probably explain far better than I can. So one of the challenges that companies have is how do they get their hands around that data? How do they get their hands around that data in multiple jurisdictions? Particularly when you're going to be dealing with different data privacy laws, blocking statutes, different employment laws, and various things that all make that a bit more difficult.
One of the things that we will.
[00:12:45] Speaker B: Recommend that our clients do is that they really think about these things up front.
And for example, where is my data stored? Is that the best place to store the data if I'm going to need access to it down the road in a multi jurisdictional context, I'm going to need to get that data to the United States, for example, how easy will that be under the relevant data privacy laws and the laws allowing for the export of data in that country?
What can a company do to maximize its access to data? And this is particularly relevant outside the United States. So what you're looking at there is are the employment policies and it's a matter of local law in each jurisdiction. But are the employment policies clear, that the data belongs to the company, that the company has a right to access that data, that the only thing you should be doing on the company system is the work of the company and not anything personal? What do the various employment contracts with individuals say on that? What do if the company is providing devices, what does the employee sign as they're being given their phone or their laptop or their iPad?
What you know, conversely, if it's a bring your own device company, what are The BYOD policies and you want to structure that. Looking down the road, how can we maximize our access to the data?
Similarly, a couple of other things to think about are the constitution of your investigation team, who's doing it right? Is this something that internal audit is doing? Is security doing it? Is there a dedicated investigation team? Is it legal? And one of the things you're looking for there is not only to be able to triage it, to really gauge the risk to the company, but it's also maintaining the attorney client privilege. Identifying what of those investigations should be privileged. How do you maintain that privilege? Especially if you're a US multinational that could have, you know, issuer, an issuer on a U.S. exchange. So they're, you know, there could be ramifications there. How do you maintain that attorney client privilege across borders and all of this stuff, when you try to do it on the fly, it's too late. You probably lost your chance at the data. You probably waived privilege over this. So all of this needs to be sort of mapped out and thought about up front before there's an investigation. And then when something comes in the door, even before you launch into that investigation, think about those various touch points.
[00:15:32] Speaker A: Risk awareness is high, yet preparedness is lagging. And we're reminded of that when we see those small percentages of respondents to any given question answer. I'm not concerned about X risk within my organization. Whenever I see that in a survey, my eyelid twitches. It's just amazing. So, you know, as E and C teams face complex risk around issues such as trade policy and cyber, how do you recommend they best work with outside counsel to understand the modern risk landscape and especially to overcome the it can't happen here mindset. Pete, would you like to begin?
[00:16:06] Speaker B: Sure.
[00:16:06] Speaker C: I mean, and in fairness, I think it was a very small number of respondents. Yeah, single digits, totally prepared for everything.
I think that it's knowing that and asking what I think is a little bit of an admittedly a self serving question of how can you work with your lawyers.
I think though there's, there is a role for external advisors, lawyers and others. And that's number one in that same set of findings as I mentioned earlier, you know, really keeping a pace of regulations and the just flurry of laws. What's out there, what am I subject to? That's increasingly just part of the battle. It's really to understand what are the rules that I'm subject to to. And frankly looking around the corner, what are the rules you're anticipating I'll be Subject to in a year or two years time. I think the also though within that it's really understanding how that applies. And I say that particularly as we look abroad outside the US It's a complex question here in our home country, but you really kind of can work with outside counsel to get a sense from local council in those jurisdictions. How is this really working? What's the real thrust of these regulations? What are we expected to do and what are the, what are you seeing in the market? I think the other thing is, you know, kind of coordination across, across borders. That was a, that was another challenge was identified in the same, in the same set of responses as being a potential obstacle. Again, I think external advisors can be helpful in that. And the final point is I think just understanding, you know, in general, you're.
[00:17:37] Speaker D: Probably not a welcome.
[00:17:39] Speaker C: I mean it's very few risks that are simply so company specific that no one's seen it before. And very oftentimes obviously respecting privilege, respecting confidences, but they are things that we see regularly as outside counsel and understand kind of where the push and pull is, how others are necessarily addressing it and what are the real risks that again are looking around the corner that we're seeing and hearing about before they are impacted. On the front page of the Wall Street Journal, Financial Times almost come back.
[00:18:09] Speaker B: To where we began with the rapidly changing risk environment brought about by geopolitical disruption, kind of the unpredictability of enforcement.
And in that environment, companies need to be very nimble on how they're assessing their risks and how they're addressing those risks. And because they are going to be changing and shifting at a more rapid pace than they ever have been before.
And I think the key to being able to deal with that is having the proper infrastructure within the compliance organization so that you have, it's appropriately staffed, you have appropriate mechanisms to conduct investigations.
Almost more importantly, you have appropriate mechanisms to conduct drugs risk assessments. And when you have that infrastructure, when you have that buy in from management, when you are, you know, appropriately resourced, you can then be nimble and quickly move to new risks, assess those risks, address them and you know, mitigate those risks.
[00:19:22] Speaker A: Gentlemen, thank you so much for sharing your insights today and really for the work that you and your colleagues do to help organizations better prepare themselves against complex legal risk. So once again, thanks for coming on the show today.
[00:19:33] Speaker C: Thank you for having us, Bill. Once again, it's our pleasure indeed.
[00:19:36] Speaker B: Thanks, Bill. This was great.
[00:19:38] Speaker A: There's plenty more to learn from Widge and Peter on this very topic. So Please join us on January 21st for our free webinar Global Disputes Forecast, Risk Trends and priorities for 2026 as Pete and Widge lead a live discussion with ENC leaders from Atkins, Realis and Klaviyo about the key disputes and risk trends that will shape the year ahead. To register, please visit ethisphere.com events or click the link in this episode's show Notes.
And to read the 2026 Global Disputes Forecast as well as a host of additional insights, updates and thought leadership, be sure to visit baker mckenzie.com thanks for joining us. We hope you've enjoyed the show. For new episodes each week, be sure to subscribe to us on YouTube, Apple Podcasts and Spotify. And if you haven't already, please follow at the sphere on LinkedIn as well to learn more about how we help organizations strengthen, advance and improve their ethics and compliance programs. Together, we can make the world a better place by advancing business integrity. That's all for now, but until next time, remember, strong ethics is good business.
