Enterprise risk, governance architecture, and crisis oversight for boards and executive leadership.
Overview
IMPACT advises boards, shareholders, and executive leadership on enterprise risk, governance architecture, legal and regulatory exposure, institutional resilience, and crisis governance.
The practice operates within El Hachem Law Firm and applies senior legal judgment, governance discipline, and institutional risk experience to situations where exposure, authority, accountability, and decision-making structures matter.
IMPACT remains external to the client’s management and reporting structure. It does not assume operational authority or decision-making control. Our role is to assess exposure, advise on governance architecture, strengthen escalation and oversight structures, and support leadership in making decisions that can withstand legal, regulatory, financial, reputational, and institutional scrutiny. Institutional failure rarely begins with a single event. It begins when governance, controls, escalation routes, and decision-making structures cannot withstand pressure. IMPACT focuses on that structural layer.
Methodology References
IMPACT's work is informed by recognised risk and governance references, applied as alignment tools and not as certification, endorsement, or substitute for professional judgment.
ISO 31000 Risk Management Guidelines
Risk identification, assessment, treatment, and monitoring alignment.
COSO Enterprise Risk Management
Enterprise risk, governance, strategy, and oversight alignment.
The IIA's Three Lines Model
Role clarity across governance, risk management, control, and assurance.
When to Engage
IMPACT is engaged when leadership recognizes that internal structures cannot resolve exposure alone. Common circumstances include:
- A board requiring enforceable risk boundaries and escalation discipline
- Regulatory inquiry or governance adequacy review
- Institutional scale-up, financing, ownership transition, or listing preparation
- Legal or regulatory events exposing structural weakness
- Risk functions operating without defined thresholds or authority clarity
- Crisis events requiring structured oversight beyond operational response
IMPACT is engaged where exposure exceeds routine management processes and leadership requires clearer governance, stronger escalation discipline, and defensible decision-making structures capable of withstanding legal, regulatory, financial, reputational, and institutional scrutiny.
Capability Areas
IMPACT works across seven capability areas. Each addresses a distinct layer of enterprise risk, governance control, decision discipline, and institutional resilience. Engagements are scoped to the exposure at hand; where required, capability areas are combined into a structured mandate.
Risk Visibility & Prioritisation
Institutions rarely lack risk lists. They lack calibrated visibility.
IMPACT applies a structured risk-visibility methodology to identify where exposure sits, how it moves through the institution, what controls it, and who is accountable when pressure rises.
Work may include:
- Identification of material enterprise risks
- Classification across strategic, financial, operational, legal, regulatory, governance, continuity, technology, and people-related domains
- Calibration of inherent and residual risk positions
- Validation of control effectiveness
- Mapping of escalation tiers, ownership lines, and decision rights
- Prioritization of mitigation actions based on exposure, urgency, and institutional impact
Clients are provided with a calibrated enterprise risk register, control-effectiveness view, escalation map, and mitigation priority plan.
The outcome is a practical governance tool that shows where exposure accumulates, where controls are weak, and how decisions should move when risk becomes active.
Governance Architecture
Visibility without structure collapses under pressure.
IMPACT designs or recalibrates governance architecture to ensure risk boundaries are enforceable and authority is clear.
Engagements may address:
- Board-approved Risk Appetite
- Quantified Tolerance thresholds
- Defined Escalation and Delegation authority
- KRI frameworks tied to real exposure
- Governance Operating Model and cadence
- Integrated governance instruments (ERM Policy, Committee Charter, Escalation Protocol, Delegation Matrix)
Whether building from first principles or tightening an existing framework, the objective is the same: when pressure builds, decision authority is defined, documented, and defensible.
Enterprise Resilience & Oversight
Governance is tested when conditions change.
IMPACT examines whether reporting, escalation, authority, and control structures continue to operate when exposure accelerates.
The review may cover:
- Escalation discipline in practice
- Response to tolerance breaches and early warning signals
- Reliability of reporting under pressure
- Decision-making under regulatory, operational, financial, or reputational stress
- Scenario-based exposure across material risk domains
Clients receive a resilience assessment and monitoring framework that clarifies how risk should be identified, escalated, documented, and managed as pressure rises.
Resilience is not measured by policy alone. It is observed in how an institution decides under strain.
Legal & Regulatory Risk and Quality
Legal exposure does not sit in a single file.
It sits across contracts, regulators, insurers, external counsel, reporting lines, approvals, and the teams responsible for identifying risk before it escalates. IMPACT helps institutions assess, design, and strengthen the legal and regulatory governance framework.
The work may include:
- Structuring and strengthening the in-house legal function
- Designing legal roles, reporting lines, authority levels, and escalation protocols
- Supporting recruitment, onboarding, and capability-building for legal and compliance teams
- Training legal, compliance, and management teams on risk identification, documentation, and regulatory discipline
- Establishing protocols for contract review, regulatory engagement, litigation reporting, and external counsel oversight
- Reviewing professional liability insurance positioning, notification thresholds, claims governance, and litigation exposure
Clients receive a structured exposure assessment, a legal-function architecture plan, and implementation support where required.
The objective is to build legal infrastructure that is proportionate to risk and capable of operating under pressure.
Risk Culture & Executive Capability
Governance architecture holds only if leadership can operate it.
IMPACT strengthens institutional capability across key areas.
Capability work may include:
- Executive escalation judgment
- Risk interpretation and threshold discipline
- Crisis documentation and decision logging
- Board-level risk communication
- Critical thinking under pressure
- Team coordination and leadership alignment during volatility
This is structured capability development grounded in live exposure - designed for executive teams, legal functions, and second-line leadership operating in complex environments. The objective is disciplined performance under decision pressure.
Institutional Integrity & Investigations
When governance breakdown carries legal, regulatory, or reputational consequence, independence and procedural discipline become decisive.
IMPACT conducts structured investigation and governance review within the professional responsibility of El Hachem Law Firm and in accordance with the obligations of the Beirut Bar Association.
Mandates may include:
- Independent investigation oversight and evidentiary review
- Governance and control failure diagnostics
- Exposure mapping across legal, regulatory, and operational dimensions
- Remediation architecture and accountability re-structuring
- Executive and board-level reporting calibrated for regulatory review
The practice draws directly on litigation leadership and multi-jurisdictional dispute management. Investigations are approached with evidentiary discipline, documentation integrity, and procedural clarity - designed to withstand regulatory examination, insurer review, and judicial review. Credibility during investigation rests on process, independence, and professional responsibility.
Crisis Governance
When pressure escalates, governance must hold.
IMPACT supports boards, shareholders, and executive leadership during periods of acute legal, regulatory, operational, or reputational exposure. The work is delivered as legal counsel, focused on preserving control, decision discipline, and documentation integrity.
Support may include:
- Regulatory, enforcement, or litigation events
- Significant operational disruption
- Multi-unit or cross-jurisdictional crises
- Governance breakdowns with disclosure, insurance, or stakeholder implications
- Board or management deadlock in high-risk circumstances
IMPACT helps define authority, escalation, reporting, regulator and insurer interface, external counsel coordination, and board briefing discipline. Crisis governance keeps decisions controlled, defensible, and properly documented when time compresses and review intensifies.
Engagement Pathways
Most mandates span more than one capability area. Engagement scope is defined at the outset, structured around the institution's exposure profile, and sequenced according to priority. Every mandate begins with a defined diagnostic and proceeds under written scope, agreed fee structure, and senior-level oversight.
Foundational Governance
Risk Visibility & Prioritisation and Governance Architecture combined to establish a formal enterprise risk framework from first principles.
Institutional Stabilization
Risk Visibility & Prioritisation, Governance Architecture recalibration, and Enterprise Resilience & Oversight combined to restore enforcement discipline within an existing framework.
Board-Level Mandate
Enterprise Risk and Governance Architecture structured for regional groups reporting to audit and risk committees across the MENA region.
Leadership
Anthony El Hachem leads the firm’s risk, governance and crisis advisory work. His practice advises boards, shareholders and executive leadership on enterprise risk, governance architecture, legal and regulatory exposure, institutional resilience and crisis governance, informed by litigation leadership, senior in-house governance experience and cross-jurisdictional disputes.
A Lebanese attorney admitted to the Beirut Bar, he brings over thirteen years of practice across Lebanon and the GCC, spanning private legal advisory, in-house governance leadership, cross-jurisdictional dispute oversight, and crisis-sensitive institutional matters.
His work combines structured risk architecture, regulatory exposure control, insurer interface discipline, and board-level governance oversight in complex operating environments.
He is a Certified Risk Management Professional (CRMP), accredited by the Risk and Insurance Management Society (RIMS), and a member of the International Association of Privacy Professionals (IAPP).
Full bioHow Engagements Work
Senior Legal Judgment
Engagements are led through experienced legal judgment, direct leadership involvement, and professional accountability.
Defined Entry
Each mandate begins with a scoped diagnostic, agreed deliverables, timeline, information requirements, and fee structure.
360° Risk Visibility
Exposure is assessed across legal, regulatory, governance, operational, financial, reputational, and organisational dimensions.
Actionable Outcomes
Deliverables are designed for executive decision, board oversight, and practical implementation.
Engagements are conducted under professional confidentiality, senior legal judgment, and executive-level oversight.
Request an IMPACT Consultation
Structured entry. Senior legal judgment. Board-grade output.
Request an IMPACT Consultation