How to Structure a Legal Report for the Board: What a Board Expects from Its Legal Function

A board without legal visibility is a board making decisions blind.

The Board Needs Legal Visibility. Does It Have It?

A growing company reaches a point where its board doesn't know the status of its legal situation. Are there pending lawsuits? Are there regulatory compliance risks? Which contracts are strategic? What could prevent growth in the next 12 months?

Without answers, the board makes business decisions (expansion, investment, M&A, financing) without risk information.

A legal function that doesn't report to the board doesn't exist. A board that doesn't request a legal report isn't governing.

Most SMEs and startups don't have a "legal function" as such. If they do have legal advice, it's on an ad hoc basis. But if there's a board or shareholders' meeting, it needs periodic legal visibility. Quarterly is the minimum. Biannually, if the company is very small.

What a Legal Report for the Board Must Contain

A legal report that a board can read in 10 minutes and make decisions must have 6 clear sections.

1. Executive Summary (Single Paragraph)

The conclusion in one sentence. What is the legal status of the company?

Example: "No critical risks. Three moderate contingencies under management. One pending regulatory action that requires a board decision."

This way, the board knows whether to keep reading or not. If the summary says "no critical risks," they can skip to the closing. If it says "there are 3 lawsuits in advanced stages," the board is alert.

2. Contingencies and Litigation (Traffic Light Risk Map)

List everything that could cost the company money or legal time, classified by risk level (occurrence and impact) in a traffic light format. This allows the board to know in seconds where the critical exposure is and where situations are under control.

Traffic light criteria:

• 🟢 Green: Contingency resolved, archived, or with minimal residual risk.
• 🟡 Yellow: Active contingency but controlled. Under management, with no expected escalation in the short term.
• 🔴 Red: High risk. Requires priority attention, board decision, or financial provision.

Each contingency must include: counterparty, procedural stage, estimated financial exposure, probability of adverse outcome, and recommendation. This gives the board a picture they can quickly understand — they know where the exposure is, which is likely, and which requires immediate action.

3. Key Contracts for the Period

Not all contracts. Only the relevant ones: what was signed in the quarter, what was renewed, what was terminated.

This way the board knows what new commitments the company has without getting into legal details.

Regarding non-relevant contracts, simply list them and have background information available to go deeper on one or more of them if requested by the board.

4. Regulatory Compliance Status (Traffic Light)

Is the company in line with its legal requirements? This section should cover all regulatory areas relevant to the company, presented in a visual traffic light format that allows the board to identify in seconds where there's compliance, where there's an alert, and where there's critical risk.

Traffic light criteria:

• 🟢 Green: Compliance up to date. No pending actions.
• 🟡 Yellow: Process in progress or upcoming deadline. Requires follow-up, not urgent action.
• 🔴 Red: Active non-compliance, imminent deadline, or risk of sanction. Requires immediate action or board decision.

This format lets the board see at a glance where they're green, where they're on alert, and where they're red. Each company must adapt the areas according to its industry and specific risks — a food company will emphasize health permits, a tech company intellectual property and personal data, a construction company environmental and municipal permits.

The important thing is that the traffic light is consistent in each report, so the board can compare progress and detect trends.

5. Matters for Decision

This is critical. If there's something the board must decide, it goes here. It's not a "just in case." It's "requires a decision now."

6. Next Steps

What is expected to happen in the coming days.

This way the board knows what's coming and isn't surprised.

How to Present It: Length, Frequency, Level of Detail

Length: Maximum 5 pages (including tables and charts).

Frequency: Quarterly is the standard. A small company can do biannual. One at risk, monthly.

Level of detail: The board is not a court. It doesn't need case law or legal citations. It needs to know: what, how much, when, and what to do.

Visual format: Use tables, colors (traffic lights), icons. A board doesn't want paragraphs. It wants data.

Update frequency: The report should be a living document. If something important happens between quarters, notify by email or in an extraordinary session. Don't wait for the next report.

Mistakes the Legal Function Makes When Reporting

Mistake 1: Too Technical

"A lawsuit has been filed for breach of contractual obligation pursuant to articles 1489 and 1566 of the Civil Code, describing a defective causal relationship between the alleged breach and the claimed damage..."

The board wants: "Client is suing for $2M. Claims we didn't deliver the service. Probability of losing: 30%. Defense cost: $300K."

Mistake 2: No Prioritization

Listing 15 contingencies without saying which are critical. The board doesn't know what to focus on.

Solution: Prioritize by risk × probability. The top 3-5 are the ones that matter.

Mistake 3: No Recommendation

Presenting facts without advising. "There is a settlement offer. Here are the terms."

The board expects: "Here is the offer. My recommendation is to accept it because [reason]. I want you to vote."

Mistake 4: No Metrics

A report from today is not comparable to one from 3 months ago because there are no numbers.

Use metrics: "Active litigation count: 4 (was 5). Total estimated risk: $12M (was $15M). Regulatory compliance: 90% (was 85%)."

This allows the board to see trends.

This Is Exactly the Type of Deliverable an OGC Produces

CUBILLOS LAMA as outside general counsel generates quarterly legal reports like this for every client. It's not bureaucratic reporting. It's legal intelligence that the board uses to make decisions.

An OGC that understands your business knows which risks matter, which are manageable, and where escalation is needed. That's visibility. That's governance.