Clients and fellow senior executives often ask for unique insights into where legal and compliance exposures might lie in wait. A number of areas come to mind, but here’s three examples that don’t get much attention (and where regulators might – surprisingly – start looking).

Example One: Personnel Files.

This can be an absolute treasure trove of dirt. Reports compiled in personnel files are often prepared with little oversight from legal and compliance. And those who prepare reports rarely think about how the information can look in hindsight.

Annual reviews can prove particularly problematic, especially when employees are asked to submit self-evaluations. The review process requires managers to justify compensation and promotion decisions and encourages employees to chronical every issue or problem that arose during the year – with written descriptions often pushed to the point of hyperbole. Worse still, the process is sometimes used in an attempt to settle old scores. “I saved the firm from this problem.” “I helped make that problem go away.”

All of which can create a really bad written record for the firm and senior management.