This article is the transcript of IRM India’s What’s The Risk?® episode telecast on CNBCTV18. The What’s The Risk?® initiative by IRM India Affiliate decodes risks and opportunities across diverse sectors with an objective of elevating the importance of risk intelligence and enterprise risk management as a skill, profession and business enabler.
Voiceover: Institute of Risk Management India Affiliate presents Regulation with Risk Intelligence: A New Imperative for Lawyers.
Hersh Shah:
A global manufacturing company faced regulatory scrutiny after its third-party vendor triggered a data breach despite contractual safeguards. A listed entity’s ESG claims led to shareholder activism and legal intervention due to non-alignment with reporting standards. Meanwhile, an Indian fintech startup drew regulatory heat after its lending algorithm unintentionally discriminated against certain user groups, raising urgent questions around fairness and digital governance. Now, these incidents are not anomalies, they are emblematic of a world where regulation is rapidly intersecting with technology, ethics, and enterprise strategy, and legal oversight is no longer limited to courtrooms or policy manuals; it now shapes business resilience, stakeholder confidence, and long-term value creation. In this context, risk intelligence has become an essential capability for legal professionals. The ability to anticipate regulatory ripple effects, assess laws through the lens of systemic risk, and even support organisations in navigating uncertainty is fundamentally transforming the legal function. As this regulatory environment grows more complex and volatile, I think lawyers are emerging as strategic enablers advising not only what’s lawful but what’s prudent, responsible and even future-ready. So, here’s welcoming all of you to the panel discussion on Regulation with Risk Intelligence: A New Imperative for Lawyers, by the Institute of Risk Management India Affiliate. As the world’s leading certifying body for ERM exams across 140+ countries, the What’s the Risk?® initiative underscores our unwavering commitment to driving thought leadership in every sector and discipline. Joining me in the sixth episode are Ms. Kamala Kantharaj, Chief Regulatory Officer, Bombay Stock Exchange, Prof. (Dr.) C. Raj Kumar, Founding Vice Chancellor, O.P. Jindal Global University, Kartikey Mahajan, Partner, Khaitan & Co. Lady and gentlemen, thank you for participating in this special episode. Prof. (Dr.) C. Raj Kumar (Founding Vice Chancellor, O.P. Jindal Global University), let me start with you. With regulations evolving rapidly in response to emerging risks like climate, tech and even governance failures, how must the legal education evolve to prepare lawyers to think beyond statutes and develop foresight in legal interpretation?
Prof. (Dr.) C. Raj Kumar:
When the world of technology and its implications for law and regulation are profoundly felt across all sectors. Now, in today’s increasingly volatile and interconnected world, traditional legal training, the form of legal education that we impart, which often focuses on somewhat static statutory interpretation is no longer sufficient. Lawyers must now cultivate a deeper understanding of systemic risks that transit legal boundaries, including regulatory barriers. This could include, for example, risks associated with climate change, data privacy, cyber threats and what we see; the early aspects of AI regulation. Now, this particular change that technology has created requires an interdisciplinary mindset and a proactive approach to legal interpretation, but most importantly, to recognise that law is something that will have to take cue from other disciplines. The traditional standalone law schools are unfortunately woefully inadequate when it comes to dealing with these issues. So, at Jindal Global Law School, for example, we are reimagining legal education to include training in enterprise risk management, technology, and public policy so that future lawyers are equipped not just to respond to legal issues but to foresee and even shape them. The interconnectedness of law, and policy, and regulation, and governance is the key to unravelling this mystery but today in the world of AI and regulation, we simply cannot fall back, and hence it’s important for us to train the next generation of lawyers, and law students, and judges even, to understand and appreciate the need for engaging and grappling with risk management issues early on.
Hersh Shah:
Kartikey Mahajan (Partner, Khaitan & Co.), I want to come to you next. In your corporate advisory work, where do you really see legal interpretation falling short in today’s risk intense environment? And how can legal teams embed a forward-looking risk lens into their counsel?
Kartikey Mahajan:
When it comes to being a legal professional, are not limited to the interpretation of black letter law. What it’s rather limited to is the narrow interpretation with which the lawyers have to deal and come up with solutions on. The first is a lot of people are looking into the static reading of law, as to what the law is today. What they are not able to foresee is how the law may evolve, and a contract which we enter today, how it would be relevant 3 years from now. The second is just the interconnectedness of the disciplines. You know, I do a lot of white collar work and when it comes to white collar related advisory, you see that a lot of the times clients are just facing issues before one investigative agency, let’s say ED, but at the same time other investigative agencies, when they get to know that some wrongdoing has been committed, then the likes of CBI, SFIO, Ministry of Corporate Affairs, they all also come into action. So, when you are dealing with such interconnected areas of law, you should be mindful towards coming up with a holistic approach. And the third is the reactive compliance versus a proactive compliance. Again, I think as lawyers, we have gotten into the habit of answering questions of a client. When a client has a particular query, they will come, and they will tell us, and we look into the law, and we will give a solution. But what many of us are not being very vigilant about, is what is happening in the global regulatory change. For example, AI, there is more and more increased scrutiny in the EU and the UK rather than what is happening in India, in terms of the regulatory footprint. So, if we are going to advise clients who have AI-related contracts in India and the EU, we may end up advising them on Indian law, but we may actually fail in our duty to at least apprise them of risks under EU or UK laws, which are much more dynamic and evolving than Indian laws, so that’s another reason.
Hersh Shah:
Ms. Kamala Kantharaj (Chief Regulatory Officer, Bombay Stock Exchange), let me bring you in at this point. You’re managing compliance at the nerve centre of India’s capital markets where regulatory perception, reputation, and public trust all of that goes hand in hand. How do we really move the compliance function from a rule-based decision-making activity to a more risk-sensing activity?
Ms. Kamala Kantharaj:
Compliance has evolved over a period of time, regulations have evolved over a period of time, but the underlying theme for which compliance exists, or governance exists, remains the same, that is, you are taking care of the interest of various stakeholders. How is the conduct, and is there fairness in the way all stakeholders are getting treated and ultimately last mile customer service, is it getting focused attention or not? So, all compliance requirements are emerging out of this basic need that you have to be fair in your claim. And rule-checking was a historic event, now we are no longer there, that is not sufficient at all. Also, you should see that rule-checking existed in an era where markets were very localised, your impact of risk was very localised, it was not causing havoc at a domestic country level or international level. But today, businesses have evolved, technology has come in as a new animal contributing to every area, and the way the interconnected world operates or the globe operates has changed drastically. As a result, when the business model changes, automatically risk changes, when accessibility expands, risk changes. So, with the evolving nature of businesses, evolving nature of risk, I think the historical way of rule-checking, once in a year audit, will no longer work. So, now the firms, business entities have all started adopting a technology-based approach to risk assessment and most of the good organisations have defined their risk framework, they also have tools and technologies to alert them on what is happening. The more important requirement is that you need to sense what is happening around you, it is not about risk internally alone, it is also about the risks emerging from elsewhere, and recently, we have all gone through and experienced how global risks also can play an important impact on the domestic market, similarly, domestic institutions can also impact the global market. So, I think the way tools and technologies are emerging, the way newer risks are emerging, with the use of technology and with all the cyber related issues creeping in, accessibility has to grow, you have to adopt technology but the newer risks, you have to recognize and mitigate those risks, if you’re not proactive in even identifying them and assessing them, then you are nowhere there, you will get washed out in no time, you will become obsolete.
Hersh Shah:
Professor Raj, what are some of the institutional changes that are needed to really embed risk thinking as a core legal skill, not just as an add-on?
Prof. (Dr.) C. Raj Kumar:
Generally speaking, Hersh, lawyers are known to be risk-averse, and this has been one of the most difficult challenges of the role of, let’s say a general counsel in a corporation or a company, and it is always the business which is moving and pushing the agenda of wanting to expand or do new things, and the lawyers tend to be more conservative. So, the fundamental point that we need to recognise is that risk intelligence needs to be embedded in the DNA of the legal profession, it simply cannot be a bystander. This requires, I strongly believe, fundamental reforms at multiple levels, including the way regulatory bodies look at it, the way even bar associations may have to revisit their accreditation frameworks, including the way bar councils look at the role of the lawyer, what is essentially the role of the lawyer including the core competency of lawyers. Similarly, from the standpoint of academics and law schools, I believe legal education must also evolve from being somewhat doctrinally narrow to more institutionally responsive and adaptive.
Hersh Shah:
Alright, it’s time for a short break. We’ll be back with this powerful panel to discuss the blurring boundaries between legal, risk and business strategy, as they said. We’ll be right back.
Voiceover:
Institute of Risk Management India Affiliate presents Regulation with Risk Intelligence: A New Imperative for Lawyers.
Hersh Shah:
Welcome back to the sixth episode of IRM India’s What’s the Risk?® initiative, Regulation with Risk Intelligence: A New Imperative for Lawyers. I’ve been in conversation with Professor Raj, Ms. Kamala, and Kartikey. Kartikey, building on our previous conversation, should law firms really begin to build in-house risk management capabilities to serve the clients better? I know we spoke about this, but you know, just like corporates have a chief risk officer, are you beginning to see law firms develop a similar function or mindset?
Kartikey Mahajan:
So, the short answer is that, currently, no, the law firms have not developed such a function. But the real question is whether they should, and I think the answer to that is yes, and steadfastly yes. The reason is not to only bulletproof your own growth as a law firm but also in the fundamental shift into what a client is expecting out of a law firm, and when I say this I have three reasons as to why a law firm should be looking into integrating a risk management approach. The first reason is that the clients expect you to be the risk manager, increasingly, my role is that. They want you to know what the risks are for their business. If you keep on working with a client, you get to know their business increasingly and they ask you for each and everything. While I may be a disputes lawyer, they sometimes ask me things which have nothing to do with disputes. I may be a transaction lawyer, they may ask me things about disputes. The second is that if you have, as a law firm, an enterprise-based approach, in which you have different kinds of heat maps, different kinds of risks being assessed, it’s a great revenue multiplier, isn’t it? For example, you can have on a deal, a regulatory and litigation risk in which you are talking about potential enforcement risk in an arbitration scenario, potential white collar risk, and you end up involving those schemes. Similarly, a transaction risk which can be a geopolitical risk coverage, an enforcement risk heat map as to if you are going into a particular jurisdiction, what kind of risk that jurisdiction may have, a data and cyber risk heat map. You can have real-time breach impact modelling, you can have data sovereignty risk. These are all just ideas, but if you just think about it, if law firms start adopting these and start hiring individuals to deal with certain specific things like this, you can actually have a revenue multiplier for law firms. It benefits everyone because the client only has to go to one organisation. And the third reason is that, I can’t say that law firms are not at all thinking about it because in certain spheres they have made some steps. For example, it’s increasingly common in India to have former regulatory chairpersons or high level individuals after they retire join these law firms as consultants, whether be it from RBI, or from SEBI, and other institutions as well. So, if they are able to get some of these individuals who are not lawyers by training but have been bureaucrats at high level positions and doing extremely challenging work for those institutions, then why can’t you replicate by having say a valuer join a law firm? By having say a forensic accountant join a law firm? Some law firms in India are also thinking on those lines, and according to me if they do so, I think it’s just going to benefit the law firms themselves in terms of revenue and also meet with the client expectations which are becoming increasingly challenging.
Hersh Shah:
Kamala ji, he’s spoken about the external side now, let’s turn back into the internal compliance function. How do you think the legal teams can work more collaboratively with the external counsels and move from a typical firefighting approach to a strategic risk approach?
Ms. Kamala Kantharaj:
Complexities of business have undergone tremendous change. Today, you cannot work in a crisis mode all the time at all because at any given point in time, you are grappling with policy changes, you are grappling with system changes, process changes and ultimate execution. Coming to the BFSI sector in particular, they use law firms on the strategy side, but for tactical and operational issues, you should have a strong internal team because you don’t have that luxury of time that you need to turn around things very quickly. So, I think strategic advice is required on a long-term project kind of a thing on a proactive basis, and of course on the other end, extreme end, to fight your cases you need to depend on the law firm. But for the in-between zone where it relates to your own domain and things like that, you will build an in-house capability. And also, the way policy making is happening and regulatory changes are coming, it has also undergone sea change, because now we see lot of consultative process before any new regulatory framework comes into picture, and at that stage, all the law firms also have an important role to play and if they’re part of the discussions that is fine, otherwise also they should necessarily apply their mind and contribute to the policy making so that we reduce ambiguity and give clarity to the industry at large.
Hersh Shah:
Got it, but what’s your view specifically for the BFSI and pharma sectors, which are even more regulated, so how should the collaboration work over there between the internal compliance teams and the external lawyers?
Ms. Kamala Kantharaj:
See, internal legal teams are defending the various functions within an organisation, so they have to closely work with the in-house compliance team, for sure. There is no way you can get success if you are working in isolation, and already that is, in the securities market at least, I can say with authority that it’s already happening, otherwise you will never be able to face any litigation, it is closely happening. But in the other sectors also, I’m sure this culture will spread, because all sectors are facing dynamic changes and you can’t use the old tricks for dealing with the newer set of problems, you have to be collaborative in approach and we do approach law firms for long-term and strategic related issues as well, that is true of the entire BFSI industry.
Hersh Shah:
Alright. Professor Raj, as a visionary in legal education in India, do you see a future where risk intelligence becomes really integral to the legal practice, as a case law or even a statutory interpretation, and also, if you could share some insights on the recently launched B.Sc. in Risk Management programme, recognising the IRM exams?
Prof. (Dr.) C. Raj Kumar:
I think, if you remember the early days of the office of general counsel in companies and corporations, we never had one for a very long time. But now with an expanded role of the office of general counsel, they are seen to be problem solvers, they can’t just be coming when conflicts and disputes arise, they are advisers and mostly they’re advising on risk. So, we are witnessing a paradigm shift where risk intelligence is no longer peripheral to the world of legal practice, but it is somewhat not only central but foundational. Just as lawyers must understand the jurisprudence and statutory frameworks, they must also be fluent in identifying, analysing, responding and advising in systemic risk. At our university, we have recognised this imperative not only from the standpoint of policy but also from the standpoint of education and we have launched India’s first Bachelor of Science and Risk Management, integrating IRM’s globally recognised Enterprise Risk Management curriculum. We have done that in many ways, involving the Jindal School of Banking and Finance, one of our leading schools that focus on issues relating to banking and finance, but also having collaboration with the law school too. This collaboration with IRM’s globally recognised enterprise management programme, I believe, reflects our strong commitment to the fundamental reforms that the legal profession must take to lead in institutional resilience. We are not only preparing law students to be future-ready lawyers but also grooming them as policy leaders, governance experts, risk advisers, even engaged in compliance preparedness as well.
Hersh Shah:
Great. Well, compliments to you and the team, and I’m sure stakeholders like Kamala ji and even Kartikey will see the impact of our work. Kartikey, I want to actually ask you a very frank question of how the law firms are responding to this evolution? Are they really going to be willing to change? What is that one point of cultural change that you need to bring about to ensure that lawyers become partners in risk governance and resilience building?
Kartikey Mahajan:
First, you look at the in-house counsels. In-house counsels today are increasingly playing the role of a risk manager because they are not specialising in one domain, you don’t have an in-house counsel looking only into disputes, or only into transactions. Actually, they end up looking into the entire spectrum from the general counsel’s office. So, if they can do so, the question that they will be asking is why can’t law firms do so for me. The second is that we, as a profession in India, might end up facing challenges from other similarly placed professions. Let’s say, look at the other consulting firms, the Big Four, like EY, KPMG, Deloitte, they all have started multi-disciplinary practices. You know, they were already consultants, they have tax expertise, now they are also giving legal advice in a lot of jurisdictions. As a result of which, the law firms itself, because of the competition levels, may end up adopting this.
Hersh Shah:
Alright. Finally, Kamala ji, turning to you. The role of the Chief Risk Officer, Chief Compliance Officer, and now even the general counsel bringing the lawyer’s angle, I call it a web or a triangle, right? How do you navigate the complexity of relationship between the three of them with the risk lens that we can bring about?
Ms. Kamala Kantharaj:
See, in any organisation, at a higher level, on all strategic issues, all functions are interlinked. You just named three, I can add more. There is a new CISO – Chief Information Officer that has come in, Chief Data Officer has come in, all of them have interlinkage. We’re calling out everything on a silo basis, end of it, it’s resulting in a lot of duplication in work. So, how do we do more meaningful and effective work? By weaving this fabric into a wonderful masterpiece and creating a framework where people are not competing but trying to identify risk from a multi-dimensional angle, is what I would think.
Hersh Shah:
Well, that brings us to the close of a deeply thought-provoking conversation. Today’s dialogue has underscored a critical shift where regulation is no longer just about compliance but strategic foresight, institutional resilience, and even intelligent governance, as the panelists spoke about. In this evolving landscape, lawyers are no longer confined to interpreting the law, but they are being called upon to shape the risk agendas of the organisations and even economies that they serve. A sincere thank you to Kamala ji, Dr. Raj, and Kartikey for sharing their insights at the intersection of law, risk, and leadership. Stay tuned for the next episode of What’s the Risk?®.
Voiceover:
Institute of Risk Management India Affiliate presents Regulation with Risk Intelligence: A New Imperative for Lawyers.
