Monday, December 21, 2009

Lawyer Blogging and Social Networking – Are the Rewards Worth the Risk?

A recent story made the rounds regarding the appropriateness of judges “friending” lawyers on facebook and other social networks. A judge in Florida ruled that the practice “could create the impression that lawyers are in a special position to influence their judge friends.” There have also been more extreme examples of lawyer missteps.

Another story that was highlighted in a Law Firm Risk Roundtable bulletin some while back highlighted the significant risks of unfettered lawyer blogging. In this case, an associate at an AmLaw 100 firm publicly boasted on their blog about their intent to ignore an ethical screen. Here’s an excerpt of that post which created clear danger for that firm were it ever expecting a disqualification motion:
  • “An associate just walked by my office… and she asked how it felt to have an ethical wall being built around me… I had no idea what the hell she was talking about. So she says she's referring to the firm-wide email… I responded that I guess I hadn't read it because I always immediately delete all my junk mail, and she pointed out that just because something is sent to the ‘all-attorney’ email list doesn't mean its junk mail… Whatever. DELETE!”
Lawyer blogging and social networking can provide significant exposure and business development benefit for your firm. But it’s also a risk issue that should be identified, evaluated and addressed. Does your firm have policies and guidelines on lawyer blogging and social networking? In several instances, legal insurance providers are including policy requirements in their audit guidelines and checklists. Here are some resources firms should review when developing their own policies.
These links have been added to the Law Firm Risk Resources wiki page. If you have additional links to share, please feel free to contribute to the library.

Thursday, December 10, 2009

Another Lawyer Charged with Insider Trading

Hot on the heels of news of stepped up SEC enforcement efforts, another lawyer has been charged with insider trading in connection with the unfolding Galleon Probe. As reported by the Wall Stree Journal, a firm already in the news for attorney insider misconduct again finds itself in the news.

This particular attorney left the firm in September 2008. But his legacy lives on. A guilty plea is expected. And it's unclear if this individual is connected with the other associate charged last month.

Thursday, December 3, 2009

SEC Stepping Up Insider Trading War with New Subpoenas

As reported by the Wall Street Journal today, the SEC is making noise about efforts to step up enforcement and clamp down on insider trading. These efforts have started with at least three dozen subpoenas sent to brokerages and hedge funds.

Attention on this issue is definitely swelling. And this attention is not limited to pure financial institutions. (Readers should recall the law firm insider trading scandal that ended tragically this past October.) The article calls out the SEC's focus on understanding how confidential and market sensitive information moves (appropriately or inappropriately) among all parties, including law firms:
  • "[The SEC] says it is now trying to better understand the flows of information on Wall Street — where traders, bankers, lawyers and others behind-the-scenes players swap information and favors. The SEC is using computer technology to examine these webs of relationships, especially when individuals or firms surface in multiple surveillance referrals."

Wednesday, December 2, 2009

Judge Barring FTC Red Flag Rules for Law Firms Issues Written Opinion

As reported by, the judge who issued a ruling on October 30th which prevented Red Flag Rules from being applied to law firms just issued his written opinion. It's available online here in PDF form.

The opinion details the judgment that the FTC overstepped its bounds in classifying firms as "creditors" and thus subject to Red Flag prescriptions. It argues that Congress did not intend for these rules to apply to law firms and the rules were being misapplied by the FTC.

Monday, November 30, 2009

ABA Commission on Ethics 20/20 – Comments Due Dec 31, 2009

The ABA’s Commission on Ethics was created to review and recommend updates to Model Rules and regulations affecting lawyers in response to changes in the nature of the practice of law, new technology, etc. Its charter is to “…study these issues and, with 20/20 vision, propose policy recommendations that will allow lawyers to better serve their clients, the courts and the public now and well into the future.”

In November, the Commission issued an outline of preliminary issues [PDF] under consideration and invited public feedback and comment. These risk, ethics and regulatory issues include:
  • Regulations Governing Admission to Practice (both domestically and internationally)
  • Outsourcing
  • Conflicts (including evaluating the feasibility of defining different conflicts rules and standards for “more sophisticated” clients vs. “less sophisticated” ones; law firm lateral hiring)
  • Confidentiality (addressing contradictions between domestic law firm confidentiality management obligations and international laws affecting firms with global practices; reviewing duties to employ data security / ethical walls software and other protective measures)
  • Alternative business / ownership structures
  • Approaches to law firm / lawyer regulation
Comments are due by December 31, 2009 and will be reviewed by the Commission at its February 2010 meeting in Florida.

Tuesday, November 24, 2009

Is your firm leaking sensitive information?

A recent survey of 600 office workers in Canary Wharf London and Wall Street NY revealed that 41% of workers who have switched jobs took sensitive data with them. And a third would “pass on company information if it proved useful in getting friends or family a job.”

The report, “The Global Recession and its Effect on Work Ethics,” notes that surveyed organizations may be getting lax about security:
  • “… it would seem employers have only themselves to blame as they appear pretty lackadaisical when it comes to protecting their data from their employees with 57% of respondents stating that it’s become a lot easier to take sensitive information from under their bosses noses this year, up from 29% last year.”
Another study published this week suggests that workers are actually acting more ethically since the economy turned. As reported by The National Law Journal, a study by the nonprofit Ethics Resource Center suggests that workers are observing less misconduct and reporting it more when they see it.

Of course, there may be a difference between what people actually are seeing and reporting vs. real-world activity. Regardless, firms are taking steps to prevent data leakage and unauthorized movement of firm and client information.

These surveys don’t focus specifically on law firms. But even the legal industry is concerned about the issue. At this article from the Law Technology Journal notes: “Law Firms Up Employee Surveillance as Redundancy Figures Grow.” It quotes the IT Director of Allen & Overy who voices an opinion shared by many:
  • “Most law firm employees are bound by a professional conduct code but we would be careless if we weren’t being a bit more vigilant.”
The IT Director at another 600-lawyer firm notes:
  • “Clients want to do extra audits and are asking more questions about our capability and redoubling their questions.”
To learn more about steps law firms are taking to combat these risks, see the white paper: “Is Your Firm Leaking? Why Data Leakage Can Happen Now More Than Ever.”

It explores how technology has made it easier than ever for attorneys and staff to remove large quantities of firm and client information undetected, and steps organizations can take to address the problem.

Thursday, November 19, 2009

Building Risk Management and Compliance Resources for Law Firms

Whether you’re a law firm general counsel, loss prevention partner, director of conflicts, or records manager, you face a variety of risk and compliance issues every day. There are several excellent resources on the web that many turn to for research, news and other insight. We’d like to build a consolidated list of them. You can help.

We’ve set up a wiki page (a wiki is an web page with an “edit” button on it, so anyone can contribute) called Law Firm Risk Resources and added some of our favorite links. These include resources like our sister site, the Risk Roundtable Initiative, as well as links to articles on law firm risk management and professional responsibility issues, conflicts (rules, case law and changes), lateral hiring, risk and technology and other issues.

To manage new additions, we’ve set up a “suggestions” page where visitors can nominate new link ideas for the list. This is an experiment we hope proves successful. We have about a dozen links and growing. If you have a favorite online legal risk web site, article or other resource, please feel free to contribute.

Friday, November 13, 2009

California Bar May Allow Advanced Conflict Waivers

As reported in today's Recorder, this weekend, the California State Bar is voting on 45 proposed changes to its Professional Rules of Conduct, including the allowance of advanced conflicts waivers. That’s the most controversial of several revisions proposed by a Special Commission that has been working for several years and issued this latest series of recommendations.

Over 1000 pages of comments on this and other changes have been submitted by California lawyers. Highlights of the advanced waiver debate:

• "The rules are supposed to protect clients, not lawyers," Richard Zitrin, an ethics expert and adjunct professor at Hastings College of the Law, said Wednesday. "This protects lawyers, not clients."

• “Zitrin, of Zitrin & Frassetto, authored last year's letter signed by 12 other law professors opposed to the waiver proposal, and he followed up Tuesday by sending a letter of his own in which he called the idea “a monumentally inappropriate and grossly flawed standard.’”

As the Commission’s report notes, current California rules are silent on the issue of advanced waivers. Furthermore industry data, such as the Law Firm Risk Survey, [LINK] suggests that the practice is growing across the industry as a whole. It will be interesting to see how this issue resolves. Stay tuned…

Wednesday, November 11, 2009

What duty does your firm have to protect client confidential information that creates conflicts?

Hinshaw & Culbterson publishes an excellent risk newsletter called “The Lawyers’ Lawyer.” The November issue includes an article on confidentiality issues: "Duty to Protect Confidential Information – Duty to Keep Client Informed of Developments Relating to Representation – Resolution of Conflict Between Duties Owed to Different Clients Regarding the Same Information." Highlights from the full article:
  • “Risk Management Issue: What are the duties of a lawyer when he learns a fact in connection with the representation of a client that, although confidential in connection with that engagement, may be material to the lawyer’s representation of a second client in an entirely separate and distinct matter?”
  • “This situation is by no means unique. For example, it frequently arises when firms regularly represent clients who bid on publicly finance projects, where several clients may wish to bid against one another.”
  • “Risk Management Solution: The solution that some firms routinely adopt in order to deal with these situations is to insert a provision in every client’s engagement letter that states that the firm’s lawyers have no obligation to share information, even information material to the representation, if that information was learned while representing other clients and is confidential to those other clients.”

Tuesday, November 10, 2009

Upcoming Risk Roundtable Event (Philadelphia)

Date: Tuesday, November 17
Location: Philadelphia, PA

Topic: Confidentiality and Information Risk Management Issues Facing Law Firms
This session will explore how recent rules, regulations and industry standards are affecting law firms and the steps organizations are taking to reduce their risk exposure, increase the internal profile of risk management and better protect themselves.

Moderators: Kristopher Klein (Fox Rothschild LLP), John Sharkey (IntApp), Stacey Fiorillo (Baker Robbins & Company)

For more information, please visit:

Thursday, November 5, 2009

Firm Confidentiality Risk -- How hard should you clamp down on internal leaks?

If you’ve ever read a legal tabloid blog, you’re not alone. These sites pride themselves on providing “inside” information on the industry. Their content is often edgy and opinionated, without the filter of the more traditional press. This presents a challenge for law firms, as these sites encourage and post leaks of internal firm information – policy memoranda, strategic plans, compensation details, rumors and more.

When layoffs took place this the year, sites like Above The Law and Law Shucks published information swiftly (much to the chagrin of several firms, especially those attempting "more discrete" personnel adjustments).

In response, today some firms are trying to clamp down. Most recently, rumors circulated about one firm's internal memo (which eventually leaked) that was said to warn of strict penalties to anyone caught leaking. However, the definition of a leak and the complexities raised by such policies may create new risks...

First, "clamp downs" raise the likelihood of causing the Streisand Effect. This is what happens when " attempt to censor or remove a piece of information backfires, causing the information to be publicized widely and to a greater extent than would have occurred if no censorship had been attempted."

Furthermore, they’ve raised the hackles of journalists and others in favor of this type of sharing. As one blog commentator noted: blanket prohibition on associates discussing their working conditions may violate federal law, and similar restrictions on the discussion of compensation may be a violation of Title VII and/or the Equal Pay Act (and possible state and local equivalents).

It’s perfectly reasonable for firms to expect and take measures to preserve internal confidentiality. (It remains to be seen what other measures firms might employ to supplement warnings and new policies. Other industries have had mixed experiences clamping down.)

Regardless, with easy communication technologies available and a sometimes weakening sense of associate firm loyalty, this is an issue worth understanding and preparing for, before you read about your own firm on “Page 1” of an internet legal tabloid...

Wednesday, November 4, 2009

Annual Risk Roundtable Law Firm Risk Surveys Now Underway

The initial round of the 2010 Law Firm Risk Management Survey is now underway. Based on the success of the North American survey, this initiave has been expanded by the Risk Roundtable program -- a separate survey for UK-based law firms has been added. The UK survey offers a question set tailored specifically to risk issues affecting firms in that geography.
  • North American Law Firm Risk Survey -- Explores several risk areas including policies and education, new business intake practices, lateral hiring and departures, confidentiality management, policy management, and compliance tracking and verification.
  • UK Law Firm Risk Survey -- Collects feedback on a variety of issues including firm risk strategies and internal priorities. It also explores policy management approaches and organisational investment plans.
Participation is open to risk stakeholders at qualified organizations. All who participate will receive a copy of the final report. To learn more about this program or to participate, please see details on:

Monday, November 2, 2009

Risk White Paper from Managing Partner Magazine Now Available

The Ark Group / Managing Partner Magazine just published an excellent collection of risk articles comprising a new white paper: "Risk Management in the Legal Profession, US Ed." The UK version of this white paper series is now in its 3rd or 4th edition, and it's great to see Ark/MP expand this program to focus on US issues as well.

This inaugural US edition includes articles written by several industry luminaries and risk experts, including:

Friday, October 30, 2009

News Flash: Federal Judge Blocks Red Flag Rules for Law Firms

In a surprise ruling, a federal judge in DC ruled in favor of the American Bar Association, agreeing that the FTC was wrong to extend Red Flag rules to law firms. The FTC can appeal the ruling, but it looks like flags down for the legal industry come Monday.

  • 11/03 Update: FTC further delays Red Flag rules until June 1, 2010. They're expected to appeal the ruling that these rules should not apply to law firms, so the issue is far from settled.

Wednesday, October 28, 2009

Lawyer Insider Trading Scandal Ends in Tragedy

This story about lawyers leaking and profiting from material, confidentiality client information has been in the news for several months. Recent developments:
  • Dead in Reported Suicide, Attorney Faced SEC Complaint Over Leak of Law Firm Data. "The SEC complaint details how in the early days of the scheme, Grmovsek [an attorney with Sullivan & Cromwell, and later Dorsey & Whitney] would make 'wake-up calls' to Cornblum at 4 a.m. or 5 a.m. so he could get to Sullivan & Cromwell to search for information before other employees arrived."
  • His Canadian partner, "ceased practising law and engaged in the illegal insider trading scheme full-time" starting in 1997, according to the Ontario Securities Commission, and recently plead guilty to $9M insider trading scheme.
What this means for your firm
From a risk management perspective, firms have a responsibility to tightly control access to confidential insider information. And the risk can be more than the "PR hit" taken when violations are publicized -- In a speech on the topic, an SEC Commissioner noted that:
  • “Law firms can be found liable for insider trading by partners or employees under… Section 20(a) of the Exchange Act, which imposes liability on controlling persons.”
This means that firms can be held responsible for the actions of partners, attorneys and staff. Importantly he also argued that:
  • “…good faith may no longer be a defense for a law firm… an affirmative obligation on law firms [exists] to take appropriate action to prevent insider is conceivable that a law firm which routinely has access to material, non-public information could be found reckless for failing to adopt appropriate policies and procedures for insider trading.

Sunday, October 25, 2009

Is Your Firm Ready for Red Flag?

Delayed several times, the FTC's Red Flag rules are set to take effect next week. These rules mandate that organizations, including law firms, implement programs that prevent and detect identify theft.

Earlier this year the ABA filed suit to bar the application of these rules to law firms. Congress introduced legislation recently (October 8) that would exempt legal organizations with fewer than 20 employees from the rule under certain circumstances. But unless the FTC reverses itself, or the courts step in, the rules are set to go into effect on November 1.

Several law firms have chartered internal teams to assess and respond to Red Flag rule requirements, developing plans for more stringent management of applicable confidential client informtaion and other procedures. This issue is far from settled. We're expecting more industry news as November approaches...

Wednesday, October 21, 2009

Trends in Firm Use of Confidentiality Management Technology

New industry statistics highlight the use of electronic confidentiality management tools by law firms. Several recent cases point to the important of establishing timely and effective ethical screens when taking on lateral hires with past conflicts.

A membership survey by the International Legal Technology Organization highlights the software choices firms have and have been making to achieve compliance and enforce controls in document and other electronic information repositories. A summary of law firm confidentiality and ethical screening software:
  • Wall Builder (IntApp) 70.3%
  • iMPrivate (DocAuto) 7.8%
  • WincWall (Wertheim Global Solutions) 7.8%
  • In-House, Custom-Built Tool 6.3%
  • The Wall (Younts Consulting) 3.1%
  • MasterEthics (RBRO Solutions) 1.6%
  • SecurityGuard (Olson Consulting) 1.6%
  • CompliGuard Protect (The Frayman Group) 1.6%

Tuesday, September 15, 2009

Free CLE Risk Webinar on ABA Model Rule 1.10 Changes

There's an excellent webinar reviewing the substance and implications recent changes to ABA Model Rule 1.10. This rule governs the ability of law firms to use ethical screens pre-emtively to cure conflicts associated with taking on lateral attorneys who have represented parties adverse to current firm clients.

There was quite a bit of controversy and debate before these changes were accepted by the ABA. You can read a little more about the history and debate here on the ABA's own web site.

The model rule is just that, a model. But it does highlight a growing trend of jurisdictions accepting the reality of attorney mobility and the suitability of screens to address past conflicts.

The ABA webinar I mentioned is available via Thomson West on their webinar site: "Understanding and Responding to Recent ABA Changes to Rule 1.10 Screening Requirement." It's a free session and offers 1 CLE credit (eligible for ethics credit as well).

Speakers include experts from Marsh Insurance (Managing Director), Zuckerman Spaeder (Loss Avoidance Partner), APRL - Association of Professional Responsibility Lawyers (their president), and IntApp (software/consulting company providing screening products, the head of their risk practice).

It's an interesting and informative session, well worth the hour.

Friday, September 4, 2009

Risk Issue: Is Your Firm Leaking?

It’s no secret that 2009 has been a year of tremendous change for law firms. This “Great Recession” has had significant impact on the legal profession as most firms have downsized in some regard, sometimes drastically. Lateral movement has picked up as the value of individual lawyers’ books of business appreciates in this climate.

Is your firm thinking about risk issues in this context? With all of this turnover and movement, where is client information going? What about the firm’s KM, precedent and other “crown jewels”? Are those walking out along with attorneys and staff? Are you sure?

In the days of yore, the physical nature of this information and files made this problem much easier to spot and manage. Today, individuals came move out truckloads of client and firm information from your DM or KM libraries on a USB drive (or even an innocuous looking ipod).

Technology does not seem to be helping… but can it? Here’s an interesting article published in an ILTA white paper that goes into greater detail. It reviews these issues and comments on how some firms are using aggregate “abnormal monitoring” technology and “activity tracking” tools to throw up red flags when suspicious behavior might indicate a larger risk. It’s entitled: “Is Your Firm Leaking? Why Data Leakage Can Happen Now More Than Ever.”

Friday, August 21, 2009

Firm Risk Resource : Law Firm Risk Roundtable

Law firm risk stakeholders interested in connecting with their peers should have a look at the Risk Roundtable initiative. This community holds regular events and programs offering a forum for peer networking and education.

You can get a sense of the flavor of events they run by looking at their past sessions.

They also conduct an annual law firm risk survey that catalogs key trends, issues and areas of concerns. (Information about the 2009 survey report is available on their web site.)

Saturday, August 8, 2009

Article: Trends in Risk Management - Understanding and Responding to a Changing Risk Landscape

This article provides an overview of the state of law firm risk management:

 "It’s getting riskier out there. Why? As with most trends, several factors explain the recent surge in concern and heightened interest, but the biggest these has been the long-building global economic downturn."

It explores the specific reasons why a bad economy creates a self-reinforcing cycle that increases risk, describes how recent changes to the practice of law further exacerbates issues, and steps law firms are taking to better identify, evaluate and respond to risk in their environment by leveraging best practices in governance, risk and compliance.

This article, "The Evolution of Law Firm Risk" touches on similar issues -- how firms can learn from corporate practices.

Saturday, June 6, 2009

Excellent Risk Management Book

If you're not familiar with the book Risk Management: Survival Tools for Law Firms by Anthony E. Davis, (American Bar Association. Section of Law Practice Management), you should be. It's available online directly from the ABA, or discounted the Amazon or Barnes and Noble.

And Google Books has a version digitized and available online.

Sunday, May 24, 2009

Get Risk Blog Updates via Email

If you'd like to receive email updates when new posts are added to this blog, please enter your email below. (You can unsubscribe at any time.)

Enter your email address:

Delivered by FeedBurner

Saturday, May 23, 2009

2009 Law Firm Risk Management Survey Published

2009 Law Firm Risk Management Survey Report Highlights Current Industry Practices and Priorities. Sponsored by IntApp and Conducted Through the Risk Roundtable Initiative, the Survey Report Presents Findings Collected from over 100 Law Firms.

Key Findings of the Survey Report:
  • Top law firm risk concerns include business intake, regulatory compliance and confidentiality protection.
  • Nearly two-thirds of firms vest ultimate responsibility for risk management with a single individual, while others rely on committee-based or decentralized approaches.
  • The majority of firms have documented risk management policies. However, most firms do not centrally store and manage their written policies.
  • One-third of firms perform formal internal risk audits to confirm compliance with internal policies and standards.
  • Clients are increasingly raising concerns about the steps firms take to ensure the confidentiality of sensitive business information. Nearly all firms have been asked by clients to restrict and track internal firm access to sensitive information.

 For more information, see