The value of a proactive legal risk management policy for retail companies


Financier Worldwide Magazine

April 2014 Issue

April 2014 Issue

Successful retailers interact with their customers in countless ways. When customers come through their doors, they interact with employees, products and the retail space itself. Retailers also increasingly interact with their customers online, where they collect and analyse information about their customers, and communicate with them both about ongoing transactions and the possibility of future sales. The resulting complexity makes the retail sector an exciting and challenging place to do business, but it also means the legal risks facing retailers are equally complex and require proactive and sophisticated risk management strategies. Below, we discuss the kinds of events that can give rise to risk for retailers and some strategies for effectively and proactively managing those risks. 

Risk escalation: an example

A retail company has just put a new toy to market. Over the course of a month, three customers lodge independent complains regarding the toy, but receive no meaningful response from the company. 

The first customer describes her concerns to her family and friends, and posts comments on Facebook and Twitter. She also posts a video on YouTube in which she humorously laments the faulty product and the store’s indifference. 

The second customer, annoyed at the retailer’s non-responsiveness, decides to contact a regulator. The regulator promptly opens a file and considers both the merits of the complaint and the retailer’s response. 

The third customer, who feels his child was endangered by the toy, contacts an entrepreneurial class actions lawyer. The lawyer notes the company’s numerous retail locations, and the potential for a mass tort lawsuit against a deep-pocketed defendant. 

Even if there is no merit to the complaint, the retail company is exposed to hundreds of thousands, if not millions of dollars attempting to manage the reputational damage, deal with the regulator and defend the claim. The situation illustrates how a seemingly small collection of incidents involving a single product can quickly lead to significant exposure and risk, particularly when it is not managed proactively. Although some incidents will inevitably lead to litigation, many can be effectively managed to mitigate risk and de-escalated to make formal proceedings less likely. 

Key areas of risk for retailers

There are five key areas of risk that retailers need to ensure are adequately managed: 

Product risk.This includes risks associated with products that may be dangerous or cause injury; compliance risks associated with the sales of regulated products; and more general product quality issues that may require early communication with distributors. 

Information management risk.Retailers often collect and mine large amounts of information about customers and potential customers, including through sophisticated reward programs and in-house credit programs. There are significant compliance risks associated with the use of such data and potential civil or regulatory liability for privacy and anti-spam breaches. 

Employee risk.Effectively managing employees, including their hiring, training, supervision and discipline, is key to mitigating litigation risk, both in relation to the employees themselves and in defending against claims made regarding employee conduct. 

Personal injury and property risk.Given the square footage controlled by retailers, it is essential that they manage risks associated with their property, including the risk of personal injury involving customers or employees, and special risks to the premises. 

Loss prevention risk.While it is obvious that retailers must manage loss prevention effectively to reduce preventable losses and ‘shrink’, an effective approach to loss prevention must also recognise and manage the risks associated with policies that may unfairly treat employees or customers, for example, in cases of suspected theft or fraud. 

Benefits of proactive risk management

Investing in the development of proactive approaches to risk management can not only prevent many legal risks from materialising, but can also mitigate the costs and damage when they do. Proactive risk management not only ensures technical legal compliance, but in the event of disputes will enhance credibility, prevent escalation and preserve key evidence. Since much of risk management depends on effectively developing relationships with outside counsel, insurers, regulators and partners in the supply chain, retailers can quickly develop a reputation for corporate citizenship that may go a long way in the event of serious litigation or regulatory charges. 

Some situations will inevitably lead to formal legal proceedings. A customer may be determined to sue or a regulator may feel obligated to prosecute. An approach to risk management that recognises this reality can provide for policies and standards for collecting and preserving evidence; appropriately reporting incidents; and involving counsel and other experts before proceedings are formalised. 

What does an effective legal risk management policy look like?

Appreciating the need for good risk management is much easier than actually creating the related policies and necessary corporate culture. The cornerstones of an effective approach to risk management include the following: 

Know the law.Naturally, retailers can only comply with those laws they understand. Ignorance, however, is rarely a defence. Invest the resources to ensure that you know the applicable law, particularly if you operate across jurisdictional borders. 

Respond promptly to concerns.In the retail setting, a failure to deal promptly with customer complaints enhances the risk of reputation damage but also invites customers to initiate formal proceedings or complaints with regulators. 

There should be an effective protocol to vet and assess complaints and concerns for any risks they pose. 

Respond systematically.When responding to customer or employee complaints, retailers need to be consistent and systematic. Risks are mitigated when employees understand key policies, know what incidents require a report to external authorities, and know when they need to preserve evidence and how to do it. 

Understand what customer or employee complaints are telling you.Managing risks proactively means taking the time to look behind individual complaints and trying to understand whether they are suggesting a problem. Is there a pattern involving defective merchandise that might suggest something serious? Are there personnel problems that may reflect a gap in policy or a problem in your culture? 

Don’t do it alone.Effective relationships with outside counsel, insurance representatives, communication professionals and landlords all play a key role in reducing risk. Incorporating quick lines of communication to these parties in the event of an incident can sometimes make the difference when trying to de-escalate and manage risk. 

Although this list is not exhaustive, it contains some of the main features of an effective approach to risk management. Recognising that the simplest concerns can escalate into lawsuits or regulatory proceedings, and raise reputational risks, is the best way to prevent and manage these events.


Christopher M. Hubbard and Elder C. Marques are partners, and Justin H. Nasseri is an associate, at McCarthy Tétrault LLP. Mr Hubbard can be contacted on +1 (416) 601 8273 or by email: Mr Marques can be contacted on +1 (416) 601 7822 or by email: Mr Nasseri can be contacted on +1 (416) 601 7884or by email:

© Financier Worldwide

©2001-2019 Financier Worldwide Ltd. All rights reserved.