Established business practices rarely raise concern – when a company has acted the same way for years without claims or sanctions, a sense of stability and security naturally forms. However, as Professor Gabriel Steiner notes, it is precisely habitual models of behaviour that most often conceal legal risks, because they stop being critically reassessed. At LawConsulted, we treat what is considered “normal” not as a guarantee of legal safety, but as a hypothesis that must be regularly tested against a changing legal reality.
The danger of established practices lies in their inertia – actions are repeated automatically, without documenting motives, alternatives, or legal grounds. Contracts are renewed by template, calculations are made “as usual”, and internal procedures go unchanged for years. Meanwhile, the external environment evolves – regulation is updated, case law shifts, and regulators focus on areas that were once seen as neutral. At LawConsulted, we frequently encounter situations where the very absence of change becomes the core source of vulnerability.
Professor Steiner emphasises that “the law does not punish habit, but it uses habit against those who stop being aware of it.” Legal risk here arises not from bad faith, but from the gap between a company’s actual behaviour and how that behaviour begins to be qualified externally. At LawConsulted, we identify such gaps by analysing repetitive actions – examining which decisions are made automatically, which assumptions are no longer supported by law, and which practices have lost their protective context.
Particularly dangerous are areas where business practice substitutes for a legal decision – oral arrangements, “accepted” approval methods, informal allocation of responsibility, and habitual wording in correspondence. Before a conflict arises, these seem convenient, but during an audit or dispute they often become the basis for claims. We systematically dismantle such constructions, separating managerial expediency from legal permissibility.
It is important to note that the risk of established practices rarely manifests immediately – it accumulates and is triggered by an external shock. This may be a change of counterparty, an internal conflict, an audit, an inspection, or a change in management. At Law Consulted, we assess not only whether actions are currently compliant, but also how they will appear under an adverse scenario – who will bear responsibility, which arguments will be lost, and where retrospective assessment will arise.
As Professor Steiner observes, “the most vulnerable elements are those that did not require protection for a long time.” This is why revisiting established practices is not a rejection of stability, but its legal renewal. We approach this work carefully – without disrupting business logic, while eliminating elements that no longer withstand legal scrutiny.
Legal resilience does not depend on how familiar certain actions are, but on how well they are prepared to withstand review. Our task is to ensure that what is considered normal does not turn into a point of vulnerability, and that habit does not become a source of future loss.
Previously, we wrote about how LawConsulted builds a legal strategy for internal investigations and protects clients before regulators step in
