The $100 Million CFO Rewrites the Rules on Legal Spend
Legal spending was once a simple professional-services line item for CFOs. Now it’s an operating problem. Compliance rules, cybersecurity duties, artificial intelligence (AI) governance and a growing patchwork of state enforcement actions are pushing mid-market finance chiefs to rethink how legal work enters the company, how outside counsel gets managed and how risk gets measured.
The legal challenge to the Paramount–Warner Bros. Discovery combination that arose this week illustrates a broader issue: federal approval no longer guarantees regulatory certainty. State attorney generals are pursuing their own antitrust and consumer-protection agendas, requiring companies to plan for possibly overlapping enforcement regimes.
The central question then is no longer simply whether the company is spending too much on lawyers. It is whether legal work is entering the organization predictably, being routed to the right resources and producing information that management can use before costs or risks escalate.
See also: After 20 Years of ERP Consolidation, M&A Still Moves Faster Than Integration
Legal Work Now Comes From Every Department, Not Just Legal
Companies bringing in around $100 million in revenue occupy an uncomfortable middle ground as it relates to legal and compliance requirements. They are large enough to attract regulatory attention, sophisticated customers and potentially consequential litigation. Yet they may not have the legal staffing, technology or specialist coverage associated with a large enterprise.
This is where legal spending becomes difficult to control. Demand does not originate exclusively with the general counsel. It comes from sales teams negotiating nonstandard contracts, human resources managing employment requirements, security teams responding to incidents, procurement reviewing vendor terms and product teams deploying new technologies.
Generative AI adds another layer. Businesses must determine what information employees can enter into public models, how automated outputs will be reviewed, which vendors can train on company data and who is accountable when an AI-assisted decision creates harm. These are legal questions, but they are also questions of process design. The result is a growing portfolio of legal work without a single intake point or common measurement system. An invoice from outside counsel may reveal what the company spent. It rarely explains why the work arose, whether it could have been prevented or where the next exposure is developing.
The objective is not to turn legal judgment into a spreadsheet exercise. It is to separate the work that requires judgment from the administrative and repeatable activity surrounding it. When the same categories of contract, employment or compliance work repeatedly require outside counsel, the issue may not be the hourly rate. It may be the absence of standardized language, clear escalation thresholds or internal ownership. Legal procurement therefore becomes a form of process analysis.
Read more: The $100 Million CFO Doesn’t Keep Score. They Call the Plays.
CFOs Forecast What Causes Legal Costs, Not Just the Bills
For CFOs, the relevant distinction is increasingly between legal costs that are genuinely exceptional and those that reflect recurring operational friction. The most useful legal-spend forecasts, as a result, are beginning to look less like annual budgets and more like operational models. At the same time, cost control depends on operational visibility. The CFO cannot forecast an expense category effectively when the organization cannot explain what generates it.
The expanding role of state regulators makes that visibility more consequential. A company can therefore comply with one national framework and still face materially different obligations across jurisdictions. Rules governing consumer data, employment practices, automated decision-making and breach notification may overlap without aligning. For the mid-market CFO, this creates a portfolio problem. The company cannot eliminate every legal risk, but it must understand where obligations overlap, where controls can be shared and where state-specific requirements demand separate investment.
The larger shift is conceptual. Legal spending is no longer only the price of obtaining professional advice. It is also a signal about how effectively the organization manages contracts, information, regulatory change and operational risk.
CFOs who treat every increase as a rate problem may reduce individual invoices while leaving the underlying cost engine intact. Those who treat legal as a forecasting and controls problem can ask the more useful question: What is the business doing that repeatedly creates the need for legal intervention?