Dunn: Mitigating risk today requires ongoing risk governance

Risk no longer arrives one issue at a time—it compounds quietly until leadership is forced to respond.

Legal and financial risk between now and 2027 will not come from a lack of intelligence or good intentions. It will come from fragmented oversight, delayed engagement of professional support and underestimating how quickly risk compounds.

Last year presented organizations with a variety of new issues coupled with uncertainty. The year taught hard lessons and reinforced the critical need to adapt.

The convergence of legal, financial and operational risks cannot be solved in the same ways we have always done things. We are navigating different circumstances and issues that must be addressed differently, and not by compliance checklists alone. Organizations that are navigating this environment successfully tend to rely on integrated professional support rather than episodic legal advice or operating in silos across organizations. An organization is more likely to succeed with things like early legal involvement, integrating legal and financial oversight, implementing artificial intelligence and technology governance, along with other financial controls.

This requires a shift from reactive counsel to ongoing risk governance. Organizations are protecting themselves by engaging outside general counsel or standing counsel models, which enable them to identify risks before they become litigation or regulatory exposure. Counsel can coordinate across employment, contracts, data privacy, governance and regulatory compliance, instead of treating each area in isolation. For Indiana nonprofits and public entities, this approach supports compliance with fiduciary duties under Indiana Code §§ 23-1-35 and 23-17-13 and improves defensibility if decisions are later scrutinized. Early legal involvement is far less expensive than post-crisis remediation.

Formalizing joint legal-finance reporting to boards and governing bodies creates transparency and the opportunity for organizations to address issues from an offensive rather than a defensive position. This means boards receive regular briefings that connect legal compliance, financial exposure and operational risk. Counsel and finance leaders can jointly review items like debt covenants, reimbursement structures, grant compliance, cybersecurity exposure and ESG disclosures. This structure supports compliance with Indiana’s public accountability laws (including State Board of Accounts oversight under Indiana Code § 5-11-5) and federal expectations around governance. Creating a documented record of informed oversight reduces fiduciary liability.

AI and technology governance frameworks now reduce implementation gaps and weak institutional capacity, which continues to be a high risk. While many organizations have regulatory frameworks, actual enforcement and implementation still lag, which undermines the “business-ready” environment. The implication is that legal and regulatory volatility, especially around technology, ESG and cross-jurisdiction operations, will create significant compliance burdens, risks and costs for corporations and governments alike.

Value is created when legal counsel and compliance professionals are used to establish AI governance before it is mandated by regulators. Federal regulators have made clear that existing laws (e.g., Title VII, ADA, HIPAA, FTC Act) apply even when decisions are automated. Indiana entities in regulated sectors face heightened exposure if AI affects eligibility, reimbursement or access to services.

Funding concerns continue to be a concern, especially surrounding public funding and reimbursement structures. Conducting proactive legal and financial reviews of Medicaid, grant and public-private partnership arrangements is encouraged, especially for organizations that rely heavily on these funding sources.

For instance, federal scrutiny of Medicaid supplemental payments and state-directed payment programs is increasing. It is recommended that Indiana entities periodically reassess compliance assumptions, documentation and audit readiness. Legal counsel can help structure arrangements conservatively and engage regulators early when programs evolve. This mitigates the risk of clawbacks, delayed payments and reputational damage.

Legal counsel may be used to stress-test capital and debt strategy. The rise of AI in banking, investing and financial services offers huge potential but also introduces new risks: algorithmic bias, opacity, data-privacy issues, fraud and systemic instability. As finance evolves (crypto, fintech, AI-powered services), legal and regulatory frameworks struggle to keep up, creating uncertainty and risk—especially for cross-border operations. Organizations are encouraged to involve legal advisers in financing decisions early in the process, and not just document review. Covenant compliance, disclosure obligations and refinancing risk should be reviewed jointly by legal and finance teams. For nonprofits and public entities, legal review helps ensure borrowing aligns with statutory authority and fiduciary obligations. Early identification of stress points can support renegotiation rather than default. This also turns basic legal review into a financial risk-mitigation tool.

Strengthening governance documentation and training through early investments in governance support and governance rules not only prepares the organization but also prepares the board for issues that might arise, including how to respond. Regular board training on fiduciary duties, risk oversight and regulatory trends strengthens the board’s ability to make sound decisions and protect the organization. Clear documentation of risk discussions, decisions and follow-up actions can protect the board and the organization. Additionally, legal counsel can tailor governance practices to meet the requirements of the Indiana Open Door and Public Records Act for public entities. Governance failures are often documentation failures—taking early action closes that gap.

The bottom line is, organizations that invest in integrated professional and legal support now—before regulators, lenders or plaintiffs force the issue—will be far better positioned to withstand what comes next.

Especially in today’s environment, strong governance and early legal engagement are no longer optional safeguards; they are essential defenses.•

__________

Dunn is a government and regulatory affairs counsel at Faegre Drinker’s Indianapolis office who works with nonprofit organizations and governmental entities on issues related to governance, financing, tax-exempt status, public reporting, entity formation, and fundraising and charitable giving. Opinions expressed are those of the author.