Tuesday, December 20, 2011

Law Firm Insider Trading Risk Management: Webinar Recording Now Available

Content from our November webinar on managing insider trading risk at law firms is now online, for those who missed the live session:
  1. Managing Insider Trading Risk -- Thanks again to our panelists. We welcomed another large group (100+ attendees) who heard speakers from SNR Denton (Adam Hanson), Baker & McKenzie (Dan Surowiec), and Hogan Lovells (Jeff Lolley).
Those who registered but were not able to attend these events should have received a link to the video recordings via email. Others interested in these sessions can view them online: [Law Firm Risk Management Webinars].

Thursday, December 15, 2011

Report from Kansas City Risk Roundtable Session Hosted at Lathrop & Gage

We hosted a Risk Roundtable last week in Kansas City. Thanks again to Lathrop & Gage for hosting. Brian Lynch sent his customary summary of the day:
  • Dan – I'm pleased to report back from our ISO 27001 Risk Roundtable discussion in Kansas City. Lathrop & Gage hosted our session, where we had a chance to check in with KC-based firms and their respective approaches to implementing ISO-friendly security programs. It was a lively discussion, where we had a chance to evaluate the benefits and costs of pursuing ISO certification.
  • As one of our attendees put it, creating a standard information security management system - e.g. ISO - is an inevitability. It's a difficult process for clients and law firms to work through the audit process. Managing audits seems to be something clients increasingly want, and firms are getting more comfortable addressing. But many are looking for a shorthand method to show that they meet a certain level of differentiated confidentiality management. This promises a quicker path to providing clients with peace of mind and enabling firms to address their obligations as they work across jurisdictions.
  • Several attendees commented on the role IntApp Wall Builder plays at their firm in managing confidentiality enforcement as part of their security programs. They're mapping the technology to the requirements and processes ISO 27001 defines to ensure consistent compliance.
  • Many thanks again to Sean Power @ Lathrop & Gage for providing the forum for an intellectually stimulating discussion.
This session concludes the 2011 Fall/Winter Risk Roundtable series (we promise this time). Plans are underway for future events in 2012. Watch this space for more details. (And if you'd like to host a Risk Roundtable in your neck of the woods, please get in touch: dan@riskroundtable.com.)

Tuesday, December 13, 2011

With Swift Ethical Screen, Quinn Emanuel Survives Disqualification from $10 Billion Lawsuit

We first highlighted this case in October, when a Bank of America moved to disqualify Quinn Emanuel, counsel for AIG in a $10 billion lawsuit because of alleged conflicts stemming from the move of  lateral partner. [h/t to Bill Frievogel for noting the recent update.]

The lawyer worked 5.8 hours on the matter at Quinn, starting in July, 2011, before Quinn became aware of the potential conflict after opposing counsel wrote them in September. Quinn argued that the matters were unrelated, that no sharing of confidential information had taken place and that the firm erected an ethical screen immediately upon discovering the situation.

Given the stakes, in order to avoid the impression or potential of future disclosure, the lawyer voluntarily left the firm in October, 2011.

When the motion was first filed, a legal ethics expert agreed the situation would likely not warrant disqualification, but opined that “…it could prove 'problematic' if presiding judge Barbara Jones decided Becker was not screened fast enough, but that an effective screen could address this issue.”

Last week, the judge agreed that disqualification was unwarranted [see: American Int'l Group, Inc. v. Bank of Am. Corp., 11 Civ. 6212 (BSJ) (S.D.N.Y. Dec. 6, 2011)]
  • The decision noted that: “…screens erected immediately upon discovery of the conflict weigh against disqualification.”
  • However: “Quinn’s screening procedure was imperfect, without question.”
  • But she ruled that the firm successfully rebutted the presumption that confidences were shared. For one, the lawyer brought no client files to the new firm. Furthermore, three years had passed since the lawyer worked on the original matter. Quinn also conducted extensive interviews of all significantly involved members of the matter team, securing affidavits that no confidences were sought or received.
  • Physical separation (the lawyer was based in London), the size of the firm (500+ lawyers) and the firm’s long client relationship also influenced the judge’s ruling.
This is yet another recent example where IT plays a critical role in disqualification defense. In this case, IT conducted an electronic audit of firm’s document system to support the firm’s arguments. (In this case, the audit showed the lawyer accessed two documents related to the matter. But that was insufficient to warrant disqualification, given the facts and factors in play in this case.)

Wednesday, December 7, 2011

Counsel for Bank of America in Multi-Billion Dollar Lawsuit Disqualified; Judge Cites “Porous and Ineffective” Ethical Wall

Today comes a significant update in Line Trust Corp. Ltd, et al. v. David Lichtenstein, et al, heard before the Supreme Court of the State of New York.

It appears that a lawyer who represented Bank of America while a partner at Kaye Scholer LLP made a lateral move to Willkie Farr & Gallagher LLP. The client moved with her.

But Willkie was representing allegedly adverse parties in the same matter. And shortly thereafter, the existing client moved to disqualify the firm from representing BofA, asking for discovery to see if matters had been tainted. In the process, the firm shared important information:
  • In May of 2011, the firm’s IT department audited its electronic document management system and discovered that an associate had opened and printed a document they should not have in October, 2010. That associate was then removed from the matter at hand. (The court says: “perhaps negligently so.”)
  • Expanded to include time recording data, the IT audit also showed that a legal assistant cite-checked a memo and viewed five documents related to the matter in 2009.
This case highlights the critical importance of effective confidentiality, screening notification and information security controls. In his order the judge called out that:
  • “… Wilkie Farr has submitted insufficient proof that they erected adequate screening measures to prevent attorneys advising Bank of America from having access to (i) other Wilki Farr attorneys who worked for the Lichtenstein Defendants… If an ethical wall exists here at all, and it may not, it is porous and ineffective.”
The firm argued that these breaches were accidental, minor and taken out of context. But the damage was done. The judge took evidence of smoke to suggest a fire:
  • “Willkie Farr submits time records to show that breaches of the wall were minimal. The time records are inadequate, as they cannot be expected to reflect the totality of breaches of the ethical wall.”

Monday, December 5, 2011

Recent Law Firm Conflicts, Disqualifications and Penalties

In Washington, D.C., Butzel Long Tighe Patton PLLC recently found itself facing harsh words from a judge, who stripped the firm of $72,000 in fees for failing to disclose a conflict. "...the judge slammed a partner, saying it was "inexcusable" he didn't show up for a fee application hearing." [via BLT. See the written decision.]

In Washington State, a firm was disqualified for giving legal advice to both sides in the same dispute. "Grant PUD law firm disqualified in Crescent Bar case" --
  • "At the time, Aylward told Trautmann that there could be a conflict of interest, since his partner, David Sonn, occasionally did legal work for the PUD, but he added that he thought he could get a waiver."
  • "But with the waiver issue still unresolved, Aylward proceeded to correspond with Trautmann over the following month, including giving what she believed was 'specific advice regarding strategy' that the condo owners could use in their argument against the PUD."

Friday, December 2, 2011

Partner Event: Ark Group Risk Management for Law Firms (December 6-7, London)

The Ark Group is hosting its annual "Risk Management for Law Firms" conference in London next week. Organizers have assembled a rich agenda and impressive roster of speakers who will address topics including:
  • A first-hand account of how firms including Taylor Wessing, Freshfields, and Allen & Overy have tackled the challenges in operating under the new outcomes-focused regulation
  • Clarity from the SRA, Law Society and Legal Ombudsman as they share their expectations for OFR, ABS and the claim trends for the coming year
  • Tools to benchmark your firm against leading law firms' risk management strategies and ensure you stay out of trouble
  • An understanding of the key changes and trends in claims over the past year and how these will affect your professional indemnity insurance renewal
  • Learning opportunities to avoid the pointed end of regulation, with an overview of high-profile disciplinary matters and rogue partners
  • A forum to consider all risks relating to outsourcing
Kaye Sycamore, IntApp Managing Director, will also be presenting a briefing on risk news and trends relating to confidentiality management, information barriers and information security issues affecting law firms, including a summary of recent Risk Roundtable events. She has invited UK-based firms interested in exploring these issues in greater detail to contact her directly.

Thursday, December 1, 2011

Ethics Opinions: Little Fluffy Clouds, Lost Little Thumb Drives...

Today, several stories about technology-driven law firm risk issues. (And a reminder to take our five minute, reader survey.)

Cloud Computing:
  • The Pennsylvania Bar joins several jurisdictions in publishing new ethics opinions on cloud computing: "Formal Opinion 2011-200, Ethical Obligations For Attorneys Using Cloud Computing/Software As A Service While Fulfilling The Duties Of Confidentiality And Preservation Of Client Property." In keeping with conventional wisdom, they support cloud storage of client information so long as information is kept confidential and reasonable safeguards are employed.
  • Iowa has issued a similar opinion on lawyer use of cloud services: "Iowa lawyers may store client information and other data on a third-party vendor's servers rather than their own computers, so long as the lawyer has unfettered access to the data and can reasonably verify that sound methods are being used to protect the information..."
  • The Daily Record has posted an interesting opinion piece on current industry thinking on the topic: "Legal Currents: Is a cloud backlash on the horizon?" The article is written by a lawyer currently writing a book on the topic for the ABA: "My hope is that I’m wrong, and that if the ABA Committee on Ethics and Responsibility does address the issue of consent when using any form of electronic communication, it concludes that the standard applicable to unencrypted email communications should likewise apply to the use of cloud computing platforms, which are inherently more secure than email."
Managing Ever-Shrinking Physical Data Storage:
  • "Discarded laptops, flash drives create ethical obligations for lawyers" – "A recent Florida Bar opinion advising that lawyers have an ethical duty to sanitize their storage devices has put a spotlight on how attorneys handle their discarded equipment...While some had expressed concern that the opinion would set unrealistic requirements, Tarbert [Florida Bar Ethics Counsel] said the committee didn't receive any feedback at all from the state's lawyers when the opinion was made available for public comment."

Wednesday, November 30, 2011

One More Thing: Bonus Risk Roundtable Meeting on ISO 27001 (Kansas City @ Lathrop & Gage)

We have a late entry into our Winter Risk Roundtable series. Based on member demand, we'll be hosting another session focused on ISO 27001 certification for law firms. Hosted in Kansas City by Lathrop & Cage, the presentation is scheduled for Wednesday December 14th.

Over the past 18 months, corporations have increasingly mandated more stringent information security requirements for outside counsel. This often means more time spent responding to client requests and RFPs. Today several firms are leveraging the ISO 27001 standard as a strategic response.

Session Agenda:
  • Business Drivers - Why are law firms investing in ISO27001?
  • Value - What is the true value and is it worth the effort?
  • Accreditation Process - What strategies are firms pursuing, is accreditation needed?
  • Lessons and Best Practices - What technical, business and other considerations can peer firms benefit from in their own thinking?
  • Information Risk Management Options - What tools are being deployed to respond to the new challenges?
Event attendance is by invitation only and is limited to qualified law firms and personnel. Please contact dan@riskroundtable.com for more details.

Tuesday, November 22, 2011

Report from Canadian Risk Roundtable Session Hosted at Fasken Martineau

We hosted a Risk Roundtable last week in Toronto, Ontario. Many thanks to Fasken Martineau
for hosting. Brian Lynch delivered a presentation updating attendees on current risk issues and trends, and moderated group discussion. He sent his customary summary of the day:
  • Dan – I'm happy to report that we finished up our Winter Risk Roundtable series with an excellent session in Toronto. Fasken Martineau was gracious to host a large group of attendees, including General Counsels from leading Canadian firms.
  • First we walked through some of the risk trends that IntApp is observing in the US and the UK, especially trend-setting markets like New York and London. We covered familiar ground with the rise of Outside Counsel Guidelines, recent initiatives within the ABA, and Alternative Business Structures in the UK. Client audits continue to capture group attention -- one of the attendees shared his experiences with on-site auditors.
  • Next, Mary Trudell, Director, Conflicts and Records Management at Fasken, shared success stories about her firm’s work to harmonize information governance processes. They’re using IntApp Wall Builder as a foundational technology, supplemented by efforts of her team working across Canadian provinces and in Paris, London and Johannesburg to provide timely and consistent service to the firm's lawyers.
  • Finally, Simon Chester of Heenan Blaikie walked us through the recent decisions of Wallace and Nova. There are certainly interesting implications for both cases, and the assembled group had plenty of questions and commentary. Many thanks to Simon for summarizing the facts and history, and helping us understand the broader context.
This session concludes the 2011 Fall/Winter Risk Roundtable series. Plans are underway for future events in 2012. Watch this space for more details. (And if you'd like to host a Risk Roundtable in your neck of the woods, please get in touch: dan@riskroundtable.com.)

Thursday, November 17, 2011

Webinar: Managing Insider Risk at Law Firms (CLE Eligible)

We've had tremendous interest in our risk webinar series and are pleased to announce our latest session: Managing Insider Risk at Law Firms

Date: Tuesday, November 29
Time: 9 am Pacific / 12 pm Eastern / 5 pm BST

Description: In the past 18 months, surprising stories of lawyer and staff misuse of sensitive client information have dramatically raised the profile of this issue among law firms, clients, regulators and the media. [See previous blog updates: here, here, here and here.] In response, many firms are re-evaluating the policies and protections they have in place to mitigate insider risk.

This session is presented as part of the Risk Roundtable initiative and includes panelists from the Risk Roundtable Compliance Consortium, a working group focused on developing firm risk response guidelines:


Most firms have programs to educate lawyers and staff about their obligations not to act on inside or price-sensitive information. Yet in an environment where individuals generally have broad access to electronic repositories where sensitive information is stored, such as document management libraries, temptation may lurk. This is particularly true as new search tools make it even easier to locate sensitive materials (either accidentally or intentionally).

While most firms take steps to control risk by using matter "code words" and emphasizing the need to control document distribution, organizations are increasingly pursuing greater confidentiality protections and the ability to better demonstrate compliance if required to do so by clients or regulators.

In this session, panelists will review several methods for dealing with insider risk, including ways to:
  • Encourage professional responsibility
  • Prevent inadvertent access
  • Prevent unauthorized use
  • Track suspicious behavior
CLE Credit: Certificates will be provided to attendees upon request. (Attendees outside of California are responsible for confirming CLE reciprocity in their particular jurisdiction.)
 
Attendance: Attendance is by invitation only. Risk Roundtable members and qualified parties are invited to request more information by emailing: dan@riskroundtable.com.

Wednesday, November 16, 2011

Risk News & Updates: Lateral Hire Intake Checklist, Canadian and UK Lawyer Regulation

Authors at McKenna Long & Aldridge recently published "Ensure lateral moves are win-win," which reviews "questionnaires, conflicts checks and proper documentation [that] will help boost profitability, lower risk":
  • "Like all risk management issues, the most effective strategies involve systems. This means adopting practices, protocols and procedures that the law firm and its attorneys follow every time. Murphy's law applies in full force in lateral hiring. Inevitably, it is the one time that the law firm fails to follow the established rules that comes back to create the most difficult problems... Of course, it all sounds intimidating. But, it does not have to be so. The solution is an effective system with questionnaires, supplemental questionnaires, conflicts checks and a documented mutual understanding, which combine to do most of the work. Safer and more profitable—it is a winning combination."
University of Calgary law professor Alice Woolley opines on larger issues stemming from a recent disciplinary decision by the Law Society of British Columbia in "Lawyers Regulatory Lawyers?" --
  • "The decision warrants comment, however, because the threat it creates to the legitimacy of lawyer self-regulation applies to all Canadian law societies. Specifically, the misdirection in regulatory energy reflected by the decision of the Law Society of British Columbia in this case is something to which all Canadian law societies have shown themselves to be susceptible. This comment is a plea to the law societies to think more carefully about the cases they pursue; to take more seriously conduct by lawyers that undermines the rule of law; and, to allow lawyers to hold each other to account in circumstances where there is a reasonable basis to allege misconduct, even if lawyers sometimes do so with 'incivility.'"
Interesting developments in the UK:
  • Law Society and SRA unveil deal to resolve longstanding governance wrangling -- "The Law Society and Solicitors Regulation Authority (SRA) have hammered out 'a permanent resolution' of their long-running internal governance issues, the pair announced yesterday."
  • SRA eyes expanded international reach by offering to regulate foreign firms -- " In addition, it may seek to regulate firms that are English and Welsh law firm partnerships but part of a larger Verein structure – where it would be expected to designate the SRA as the lead/home regulator of the English and Welsh part of the Verein... For foreign firms with subsidiary operations in England and Wales which contains solicitor partners and have the majority of their turnover and activity outside of England and Wales, they would either be subject to the SRA Handbook regime only in England and Wales, or be able to have the SRA as its lead/home regulator worldwide."
Finally, a thank you to readers who have taken our reader survey, and a friendly reminder for those with feedback to share to take a few minutes to participate: 2011 Risk Blog Reader Survey.

Tuesday, November 15, 2011

ISO 27001 for Law Firms: Report from Houston Risk Roundtable Hosted at Baker Botts

Last Friday we held a Risk Roundtable session in Houston, Texas. Many thanks to Baker Botts for hosting. The event focused on ISO 27001 for law firms. Brian Lynch moderated and sends his customary summary:
  • Dan – Greetings from the Great State of Texas! We had a very informative Risk Roundtable today at Baker Botts in Houston with our special guest, Andrew Rose, Principal Analyst, Security and Risk, from Forrester Research.
  • Andrew walked us through the ISO 27001 standard and how it applies to law firms. In response to growing client demands and increased regulatory obligations, law firms are finding themselves developing all sorts of security measures to accommodate a variety of requests. ISO 27001 certification has provided a reliable framework for a number of firms to respond effectively and provide security that clients have come to expect.
  • Bobby Tindel of Andrews & Kurth spoke to us about the robust processes and technologies that his firm has put in place over the past year and a half. One of the "sleeper risks" is a disgruntled employee turning whistle-blower over a minor violation.
  • The best approach is to close the loopholes and apply comprehensive and defensible security. Another participant pointed out the high standard established by the HIPAA/HITECH Act, and it's increasingly frequent appearance. Clients are pushing firms to provide security levels comparable to their own, not to other law firms.
  • As always, it was a great opportunity for an engaged group of participants to connect and share risk management perspectives.
For more information about ISO 27001 for law firms, see our recent New York Roundtable summary.

Monday, November 14, 2011

Report from Atlanta Risk Roundtable Session Hosted at Ogletree Deakins

Last Thursday we held a Risk Roundtable session in Atlanta, Georgia. Many thanks to Ogletree Deakins for hosting. Brian Lynch delivered an update on current risk trends and issues, and moderated group discussion. Here's his summary:
  • Dan – Reporting from our latest Risk Roundtable in Atlanta. The group discussed legal trends, but also spent a good amount time talking about the reality of client audits.
  • One firm reported that a banking client recently completed a security audit of their security processes. The client is spending time with multiple law firms to establish a baseline that they can all follow.
  • Dan Drake of Ogletree shared with the group some of their current challenges with consumerization of law firm technology. iPads, iPhones, Android-based technologies, and other non-standard alternatives have found their way into many law firms, and they have brought security risks with them.
  • Many firms have "solved the hacker problem" with standardized firewall software, they have effectively locked down access internally with products like Wall Builder, and they have taken on preventative measures to reduce the risk of data breaches. These firms start by ensuring their " house is in order" and restricting internal access to sensitive documents.
  • One of our attendees spoke about the benefits of tracking indicative behaviors to identify potential bad situations before they happen. He identified the example that we’ve seen cited frequently: dark-of-night downloads. If a lawyer is downloading an unexpectedly high volume of documents to his local drive, it is a possible indicator of imminent departure. Securing and tracking have become essential and complementary functions that firm are looking for in their confidentiality management toolkit.
  • It was a productive forum for risk professionals to ask their peers how they approach different issues, like preparing for client audits.

Thursday, November 10, 2011

Be Heard -- 2011 Risk Blog Reader Survey

Last week, legal ethics maven Bill Freivogel was kind enough to submit a public endorsement of the blog. (I won’t produce it verbatim as it now resides on the right side of the web view of the blog.)

This bit of encouragement led to additional reflection – Over the past two years, the Law Firm Risk Management Blog has grown significantly. Today our diverse and significant readership reflects the importance law firms and related stakeholders (insurers, technologists, consultants) place on risk issues.

We'd like to know more about you, our readers. So please join your peers and take a few moments to participate in the 2011 Risk Blog Reader Survey.

Plans are already in the works for 2012 blog and Risk Roundtable programs, including surveys. Your input can help shape our direction.

Wednesday, November 9, 2011

Law Firm Risk Management Software : 2011 Product Adoption Survey Data

 
The International Legal Technology Association (ILTA) published its annual technology survey. The report provides key data about decisions law firms are making when adopting software related to risk management. The complete report, with detailed breakouts across several categories, is available via ILTA.

Here's a slice of that, summarizing large law firm (700 or more lawyers) use of commercially-available software that supports risk management functions:

Electronic Records Management
  • Autonomy / iManage -- 25%
  • CA Records -- 10%
  • DM / DOCS (Open Text) -- 5%
  • LegalKEY (Open Text) -- 5%

Ethical Screens / Information Barriers / Confidentiality
  • Wall Builder (IntApp) -- 72%
  • CompliGuard Protect (The Frayman Group) -- 20%
  • iMPrivate (DocAuto) -- 4%
  • SecurityGuard (Olson Consulting) -- 4%
  • WincWall (Wertheim Global Solutions) -- 0%
  • MasterEthics (RBRO Solutions) -- 0%
  • The Wall (Younts Consulting) -- 0%
(For additional data on confidentiality software adoption by firms with 150-349 and 350-699 lawyers, see the Legal Technology Insider.)

Docketing
  • CompuLaw -- 35%
  • CPI -- 23%
  • MA3000 -- 18%
  • PATTSY -- 18%
  • Microsoft Outlook -- 9%
  • Aderant -- 13%
  • ProLaw -- 10%
  • Law Bulletin -- 8%
  • LegalKEY -- 5%
  • Amicus -- 3%
  • CourtAlert -- 3%
  • IPMaster -- 3%

Conflicts Management
  • LegalKEY (Open Text) -- 40%
  • Elite (Thomson) -- 28%
  • Aderant -- 13%
  • Accutrac -- 3%

Tuesday, November 8, 2011

Law Firm Ethical Walls and Confidentiality Screens: Not Just for Conflicts

Nancy Beauchemin, president of law firm client intake and record management consultancy InOutsource, recently published an excellent article on law firm confidentiality management: "Ethical Walls and Confidentiality Screens: Not Just for Conflicts."

The piece provides a concise summary of the expanding confidentiality drivers facing law firms, from traditional scenarios like waiver-driven ethical screens, to expanding regulatory rules and increasingly stringent client outside counsel guidelines:
  • "Today, law firms are applying confidentiality screens for a variety of reasons, including an increasingly complicated legal and regulatory environment that demands compliance with record-keeping requirements defined by their clients. Law firms are realizing that they must know where their information resides and how it is accessed and stored before they can protect it from inadvertent disclosure. Clients will sometimes exercise their right to audit a firm’s internal record-keeping processes to ensure compliance with their guidelines. In a legal proceeding, courts will require evidence that policies were consistently followed."
She cautions firms about the need to understand and update their current practices:
  • Law firm confidentiality policies are often disconnected from requirements mandated by clients and regulatory bodies. Firms need to understand where they have gaps and commit to correcting deficiencies in policies and use of technology to ensure that their clients’ confidential information is protected.
  • Ideally, repositories and applications that store confidential client matter information should be centrally maintained and managed by a firm’s IT department, and all client matter information should be readily identifiable by the applicable client matter.
  • The screening function should be centralized within the office that is primarily concerned with risk management and loss prevention issues. This is sometimes the responsibility of the firm’s general counsel.
  • There must be immediate and direct communication with affected users, records and IT staff. Screening processes should be documented and require affected individuals to acknowledge and comply with the screen.
  • Screens should be regularly reviewed and removed when no longer needed. There should also be policies to notify appropriate governing bodies and clients of data breaches.

Law Firm Outside Counsel Guidelines: Webinar Recording Now Available

Content from our October webinar on managing risk and response to outside counsel guidelines is now online, for those who missed the live session:
  1. Responding to Outside Counsel Guidelines -- Thanks again to our panelists. We welcomed another large group (100+ attendees) who heard speakers from Holland & Knight (Gilda Russel), Orrick, Herrington & Sutcliffe (Mike Guernon), and McKenna Long & Aldridge (Paul Hurdle).
Those who registered but were not able to attend these events should have received a link to the video recordings via email. Others interested in these sessions can view them online: [Law Firm Risk Management Webinars].

Monday, November 7, 2011

Update: Imputation Risk and Joint Defense Agreements

Eighteen months ago we noted Nintendo's move to disqualify plaintiff's counsel in a patent suit, arguing that a lawyer at the firm was exposed Nintendo's confidential information through participation in a previous,  unrelated joint-defense matter.

At the time, the plaintiff's firm's managing partner noted that if Nintendo prevails it would be: "extremely risky for a company entering into an joint defense agreement in that all knowledge is imputed to everyone in your organization. Companies often enter into joint defense agreements with their own competitors."

Now comes an update from a few turns later:
  • World 2-1: The district court did indeed disqualify the firm, agreeing that the joint defense agreement provision in which the parties agreed not to seek future disqualifications did not apply once the lawyer in question moved from AMD to another organization. (A second judge dissented.)
  • World 3-1: The U.S. Court of Appeals for the Federal Circuit overturned. No Disqualification Where Disclosure of Confidential Information Controlled by Joint Defense Agreement: "Considering the joint defense agreement as a whole and its use of the term “respective counsel” throughout, the Court rejected Nintendo’s argument, reasoning that Nintendo should have had the expectation that Cooper was a “respective counsel” who would be bound by the agreement’s confidentiality provisions. By analogy, the Court ruled that Cooper was also a “respective counsel” for purposes of the agreement’s waiver provision. Having so ruled, the Court granted the petition for writ and vacated the district court’s decision disqualifying F&B." (A second judge also dissented in this instance.)
[8/11: See also good discussion on this at the Legal Ethics Forum.]

Friday, November 4, 2011

Risk News & Updates: Conflicts of Interest, Side-Switching, Disqualification, ABA 20/20 Update

  • Wachtell Switched Sides in United Technologies - Goodrich Deal – "...after working with Goodrich on the deal for months, the law firm — one of the most prominent firms in corporate M&A — switched sides and began working with United Technologies, according to a regulatory filing released today."
  • ABA Ethics 20/20 Commission, which "Stands by Plans to Propose Latitude for Firms to Have Nonlawyer Owners," is working to extend the time frame for it to submit recommendations across all of the topics under consideration: "...if additional funding can be obtained, the panel's work will continue for an additional six months. Under this plan, commissioners will submit about half of their proposals for the delegates' review in August [2012], with the remaining recommendations to be presented for consideration in February 2013."
  • Overzealous disqualification in Lewis v. State – A school superintendent, charged with crimes including corruption, hired Alston & Bird to represent him. The prosecutor successfully moved to disqualify the firm because it also represented "the employer of a witness for the State, albeit with respect to matters unrelated to both the witness and the prosecution." Upon review, the Court of Appeals overturned the decision as unwarranted and overreaching given the facts of the matter and applicable rules: "The record reveals merely that Alston & Bird has a relationship with Parsons. The remainder of the case for disqualification consists of one conjecture piled upon another."
  • Nevada Supreme Court Adopts Disqualification Rule for Use of Information From Anonymous Source – "The Nevada Supreme Court held that a lawyer who received and used information regarding a case from an anonymous source should not be disqualified because he had promptly notified opposing counsel of the anonymous disclosure and did not review any privileged information contained in it."
  • Finally, the oft-cited hypothetical divorce consultation/conflict scenario (aka "The Tony Soprano Maneuver") recently played out in real life: Firm’s Links to Both Sides in Divorce Result in Total Denial of Attorneys’ Fees.

Wednesday, November 2, 2011

"Side Switching" Decision: When Screening, It Helps to Actually Screen

[h/t to Bill Frievogel]. In Martin v. AtlantiCare, 2011 U.S. Dist. LEXIS 122987 (D.N.J. Oct. 25, 2011) the US District Court for the District of New Jersey disqualified a side switching lawyer.

A lawyer who performed material work for one side of a lawsuit moved to the firm representing the other side. The new firm argued it screened the incoming lawyer, who performed limited work on the matter.

But a judge disagreed, ruling that the lawyer had "primary responsibility" on the matter, which was enough to trigger the disqualification. The court also noted that even if the lawyer was less involved, the new firm's screening measures were significantly lacking and the firm would be disqualified on those grounds due to facts including:
  • The screening notification was only oral, with no written document distributed among firm personnel
  • The firm admitted that it did not even have a general written screening policy
  • No notice was giving to opposing counsel regarding the movement of the lawyer, the screening of the lawyer or the screening measures employed
  • Physical materials were not secured. The oral notification instructed that she "can't touch this file" and "can't go into that file drawer herself."
  • Electronic information was not secured. The oral notification instructed the affected lawyer: not to "click on AtlantiCare on the case management system."
Interestingly, the opinion notes: "Although there is no definitive New Jersey guidance on the elements of an effective screen, the Court has no hesitation in finding CM's procedure inadequate." It goes on to repeatedly drive home the extent to which the disqualified firm missed the mark: "the file was not specially secured or 'kept under lock and key,' LG and CM's employees did not acknowledge in writing CM's procedures, and LG was not 'locked out' of the AtlantiCare file on CM's computer system."

Friday, October 28, 2011

Upcoming Roundtable Sessions Set for Toronto, Atlanta & Houston

Our next Risk Roundtable events are now scheduled for:
  • Atlanta -- November 10, hosted by Ogletree Deakins
  • Houston -- November 11, hosted by Baker Botts
  • Toronto -- November 15, hosted by Fasken Martineau
The Atlanta and Toronto sessions will follow our standard approach of a brief update on industry risk news and trends, followed by moderated group discussion concerning issues of interest to attendees. We always invite registrants to participate in a pre-meeting survey, to help shape each session's agenda.

Based on local firm interest, the Houston session will focus on the ISO 27001 information security standard for law firms, building on the success of the recent New York Roundtable the same topic. It will feature a presentation by Andrew Rose, Principal Analyst, Forrester Research:
  • Andrew is a leading expert in information security and risk management, ISO27001 frameworks, information security strategy; and governance, risk, and compliance (GRC) initiatives. Prior to joining Forrester, Andrew was a CISO in the legal sector. He transformed security management for two major global law firms, leading them both to ISO27001 certification.
Event attendance is by invitation only and is limited to qualified law firms and personnel. Please contact dan@riskroundtable.com for more details.

Thursday, October 27, 2011

Risk News & Updates: Conflicts, Advance Waivers & More

  • Firm’s Agreement With Opposing Party Creates Unconsentable Conflict – "The U.S. Court of Appeals for the Second Circuit held that an agreement between an opposing party and a law firm which called for the firm to aggregate its clients’ claims created a unconsentable conflict ... This opinion demonstrates how a conflict of interest can help form the basis for certain civil claims."
  • Loyalty under Attack: The Pernicious Prospective Waiver[h/t Legal Ethics Forum] – Lawrence J. Fox, a partner with Drinker Biddle offers provocative words against advance waivers and informed client consent: "Can one imagine a more Orwellian definition of informed consent? You’ve given informed consent because you are a sentient being who knows he or she is uninformed. The entire argument makes a mockery of the rules, in effect saying, not that these lawyers have obtained 'informed consent' but that these lawyers are above the rules, that when one deals in the rarified air of AmLaw 100 law firms and their clients, there are no ethical boundaries."
  • "Inexcusable" ABS delay could cost [UK] law firms – "The 'inexcusable delay' in enabling the Solicitors Regulatory Authority to start licensing alternative business structures (ABSs) could make private investors think twice about entering the legal sector, the head of corporate finance at accountants Baker Tilly said this week."

Wednesday, October 26, 2011

Report from Yesterday's San Francisco Risk Roundtable Session Hosted at Orrick

Yesterday we held, a Risk Roundtable session in San Francisco. Many thanks to Orrick for hosting. Brian Lynch delivered a presentation updating attendees on current risk issues and trends, and moderated group discussion. He sent his customary summary of the wide ranging group discussion:
  • Dan – We returned to San Francisco with our Risk Roundtable series. Today at Orrick we discussed legal trends in the US, UK, and Canada, spending a good portion of our time on disruptive technologies, more extensive client requirements, and defensible solutions for reducing the risk of insider trading.
  • Mike Guernon of Orrick shared with the group their approach for using technology to simplify the risk management process. In many ways, the volume and complexity of information barriers was becoming very difficult to manage, and technology played a key part in freeing up the risk group to focus on other pressing issues.
  • One of our attendees spoke about the dangers of disruptive technologies, how it's affecting the way lawyers work, and the security concerns they raise. With the recent breach at Dropbox, all firms should definitely take a look at where their lawyers are storing client work product outside of the four walls of their firms.
  • It was a productive forum for risk professionals to ask their peers how they approach different issues, like balancing knowledge sharing and security or ensuring compliance with outside counsel guidelines. A good session with lots of food for thought.
We'll be announcing several regional additional Risk Roundtables Shortly...

Wednesday, October 19, 2011

Concerning Conflicts...

An assortment of conflicts management scenarios in the news recently:
  • BofA seeks to oust AIG law firm from $10 billion case – They allege a partner working on behalf of AIG previously defended entities now owned by BofA: “…a London-based partner at Quinn Emanuel Urquhart & Sullivan. He is no longer working on the American International Group Inc case following Bank of America's objections, the bank said in the filing, made late on Monday.”
    • Fordham law professor and legal ethics expert James Cohen weighed in against the motion to disqualify : "I don't think there is a conflict. They are unrelated matters and his representation of Merrill and First Franklin is more than two years in the past. The mere claim that a lawyer developed a strategy for defending this kind of lawsuit does not mean the lawsuits are significantly related." He also noted "...it could prove 'problematic' if presiding judge Barbara Jones decided Becker was not screened fast enough, but that an effective screen could address this issue."
  • Firm disqualified 9 years after client interview – Prudential Insurance successfully disqualified a firm it argued received confidential information about the litigation at hand when it interviewed it as potential counsel: “Prudential representatives had spoken with lawyers from DeCotiis in November 2002 so that the firm could represent Prudential in the litigation, but Prudential decided to go with another firm the next day.”
  • John Edwards affirms retention of counsel accused of conflicts – “Earlier this month, federal prosecutors filed a motion with the court requesting a hearing on the government’s contention that Lowell’s previous representation of two likely prosecution witnesses could impact Edwards’ constitutional rights to an attorney free of conflicts.” (For his part, Edwards says he’s “waiving any such conflict.”)
  • Reexamining conflicts of interest in the current economic environment – Argues that clients should be cautious about identifying and waiving conflicts: “…one takeaway from the Great Recession, and specifically from the proliferation of litigation that has followed, is the importance of thoroughly vetting potential conflicts of interest when choosing outside counsel.” The author explores a recent case of a firm accused of representing both a mutual fund and advisor to the fund.
  • Do contingency agreements create conflicts? – DLA Piper tried to get King & Spalding disqualified, arguing that its contingent fee agreement would cause the firm to push back against a settlement offer short of its own $35m “break even” point. A judge denied the motion, citing factors including the high cost to the client of having to change firms five years into the litigation.

Friday, October 14, 2011

Report from Yesterday's Chicago Risk Roundtable Session Hosted at Foley & Lardner


Yesterday we held, a Risk Roundtable session in Chicago. Many thanks to Foley & Lardner for hosting. Brian Lynch delivered a presentation updating attendees on current risk issues and trends, and moderated group discussion. He sent his customary summary of the wide ranging group discussion:
  • Dan – We kicked off our Fall series of the Risk Roundtable at the Foley offices in Chicago. We discussed legal trends in the US, UK, and Canada, spending a good portion of our time on recent decisions regarding disqualification motions.
  • Outside counsel guidelines continue to be a growing source of work for risk teams - federal government agencies seem to be creating requirements that are much more aggressive than those from the private sector. "Outside counsel management" has become a cottage industry for consulting firms. [Ed: See our upcoming webinar on this topic.]
  • Foley shared with the group their approach for centralizing regulatory compliance. Many issues - ranging from unauthorized practice to lobbyist activity reporting to ITAR - fall within the scope of their Loss Prevention department. Kirkland & Ellis mentioned that they have a similar structure. It enables them to consistently apply appropriate controls and frees up lawyers to focus on billable work.
  • It was a productive forum for risk professionals to ask their peers how they approach different issues, like balancing knowledge sharing and security or ensuring compliance with outside counsel guidelines. A good session with lots of food for thought.
Our next Risk Roundtable meeting will take place October 24th in San Francisco. Watch this space for more details. (If you'd like to join us in San Francisco, or host a Risk Roundtable in your neck of the woods, please feel free to get it touch: dan@riskroundtable.com.)

Thursday, October 13, 2011

Facing Conflicts Allegations, Law Firm Representing Solyndra Cites Ethical Screen

Facts continue to come to light around the controversy underlying government loan guarantees to the now bankrupt Solyndra solar power company. Now Wilson Sonsini Goodrich & Rosati stands accused of a conflict in connecting with its work represented the company.

The firm worked with Solyndra on its aborted $300m IPO last year, among other matters, generating $2.4m in fees. As it turns out, a corporate partner at the firm was married to a senior official in the US Energy Department's loan guarantee oversight group (Steven Spinner). Information is coming to light alleging that Spinner exercised influence behind the scenes to push through loan guarantees for the firm.

As The American Lawyer reports: Spinner "...had pushed hard for the Obama administration to provide Solyndra with the loan that helped sink it."

When approached about the connect, Wilson Sonsini stated: "Allison [Spinner] did not work on the Solyndra transaction, nor has she ever worked with the company in any capacity... Also, the firm established an ethical wall around Allison with respect to [Wilson Sonsini's] representation of clients in matters involving [Energy Department] loan programs."

Furthermore, "No one from Wilson Sonsini was permitted to 'discuss or otherwise communicate' about those matters with Spinner, the firm said in its statement."

Wednesday, October 12, 2011

Screening & Confidentiality vs. Knowledge Sharing

Heenan Blaikie partner Simon Chester is an acknowledged leader in law firm professional responsibility and risk management issues. He recently published an article in Managing Partner Magazine entitled: "Managing Screens," which explores the tension between tightly controlling access to sensitive client (and firm) information and fostering internal sharing, which he characterizes as: "the potential of exploiting collective professional knowledge."
  • "What has changed is that, in the past decade, so-called ethical screens have proliferated within law firms. Ethical screens are what used to be called Chinese walls: institutional mechanisms combined with technological safeguards and personal undertakings which ensure that confidential information is tightly protected."
  • "These are also used when clients or courts require objective safeguards to ensure that confidentiality will be strictly maintained on a need-to-know basis. For example, firms which are retained to act on hostile takeover bids will generally open files under code names and limit access to market moving information."
  • "Most large Canadian law firms have over 500 screens at any one time and, once erected, they are notoriously slow to get dismantled."
  • "Why does this matter for KM? Because once a client and its matters are screened off, the entire contents of those files are unavailable for future use. It is as if that knowledge doesn’t exist in the firm."
He argues several provocative implications of the growing confidentiality trend: "At a certain point, the number of screens will not merely make KM impossible but will make the firm less than a partnership and more like a group of solo lawyers or small firms working within a scattered archipelago of practice."

And goes on to provide several suggestions and approaches for "creatively managing the tension between KM and professionalism."

Monday, October 10, 2011

Webinar: Responding to Outside Counsel Guidelines (CLE Eligible)

Following last month's webinar on managing risk tied to lateral hiring and law firm mergers, we're pleased to announced an October webinar on managing risk and response to outside counsel guidelines:

Date: Tuesday, October 18
Time: 9 am Pacific / 12 pm Eastern / 5 pm BST

Description: In the past five years, outside counsel guidelines ("OCGs") have become more commonplace and more stringent. The legal services world has shifted, as corporations (and their law departments) are being held to stricter budget accountability and risk management standards. Law departments have, in turn, held their external counsel to these same higher standards. In many ways, clients have become the true regulators.

When outside counsel guidelines are not appropriately reviewed or are not well-communicated to affected groups, firms open themselves to significant risk and exposure. Facing a variety of guidelines, a constant flux of new client intake activity and diverse (and sometimes decentralized) procedures, prudent firms can work to limit their risk by taking steps including:

In this session, panelists from : Holland & Knight, Orrick, Herrington & Sutcliffe, and McKenna Long & Aldridge will explore topics including:
  • Establishing a firm committee or designee to review all OCGs before they are accepted
  • Keeping OCGs in an accessible repository, available to risk and account department personnel for review
  • Familiarizing risk management staff with any exceptional conditions laid out in these agreements, especially non-standard conflict protections or client information that should be treated as especially sensitive or confidential
  • Similarly familiarizing the accounting department with exception and non-standard conditions tied to rates, billing structures, or mandated technologies for invoice submission
IntApp's Brian Lynch will moderate this discussion featuring representatives from the Risk Roundtable Compliance Consortium, a working group focused on developing risk response guidelines:


CLE Credit: Certificates will be provided to attendees upon request. (Attendees outside of California are responsible for confirming CLE reciprocity in their particular jurisdiction.)

Attendance: Attendance is by invitation only. Risk Roundtable members and qualified parties are invited to request more information by emailing: dan@riskroundtable.com.

Wednesday, October 5, 2011

Risk News: Conflicts & Former Clients, Side-Switching Lawyers & Staff, New Data Privacy Bills

  • Ethically Speaking: Addressing conflicts of interest with former clients –  "One issue frequently encountered after years of practice is whether taking on a new client’s case will present a conflict of interest with a former client. Sometimes, it’s a tough call, especially when there are rarely ethics decisions directly on point."
    • The author explores this challenge in the context of the New York State Bar's Ethics Opinion 871 (issued May 31): "The committee then emphasized that the appropriate inquiry does not revolve around whether actual confidential information was obtained in the prior proceeding, but instead, the relevant inquiry is whether there was a perceivable risk that a competent lawyer handling the earlier matter would normally acquire information that would be adverse to the former client’s position in the current case."
  • Switching Sides from Corporate Work to Plaintiffs Firms – "How far will companies go to protect their secrets when employees leave? And how free are former employees to pursue jobs of their choosing?"
    • Reviews several interesting stories where lawyers and non-lawyers changed jobs, and faced significant opposition: "Robert Klein, a partner at Miami's Klein, Glasser, Park, Lowe & Pelstring, is not surprised by Allstate's aggressive posture. Klein represents lawyers who faced resistance from former clients when they switched sides. In recent years he's witnessed a dramatic increase in suits and disqualification motions by corporations against former lawyers. He says the complaints are often strategic, and many are lodged by insurance companies."
  • The Senate puts three data breach bills in play – For those tracking trends on state and federal data privacy laws affecting personal information many firms store and manage: "[In late September], the US Senate voted to approve three bills that deal with data privacy, security and breach notification. All three would preempt the existing state laws that deal with data breach notifications... this matters."

Monday, October 3, 2011

Canadian Firm Breaches Duty of Loyalty, but Fends off Disqualification

Hit tip to Malcolm Mercer, Partner and General Counsel at McCarthy T├ętrault, for pointing us to this interesting Canadian disqualification decision from the Court of Appeal for Saskatchewan (See: Wallace v. Canadian Pac. Ry., 2011 SKCA 108 (Ct. App. Sask. Sept. 28, 2011):
  • Law firm (McKercher LLP) takes on class action suit against several railways, including the Canadian National Railway (CN), claiming 25 year history of overcharging clients. In published accounts it was reported damages could potentially reach 1.75 billion dollars.
  • At the time, the firm was acting for CN on several unrelated matters (corporate, commercial, tax, debt, collection, real estate and litigation). So the railway moved to disqualify the firm.
The court evaluated three factors:
  • Did the firm obtain confidential information which could prejudice CN
  • Did the firm breach its duty of loyalty to CN?
  • If yes to both, should it be disqualified?
It ruled that no confidential information was shared, but that the firm did breach its duty of loyalty.

CN argued that the firm had confidential knowledge of the company’s “approach to litigation, its business practices and its risk perspective and tolerance.” But the court found answers to questions asking for specifics to be a bit evasive.

Given the standard set for disqualification, the firm was not disqualified. (Though the decision suggested CN complain to the Law Society about the firm’s breach.) See the extensive written decision for additional detail.

Wednesday, September 28, 2011

Law Firm Lateral Hires & Mergers: Webinar Recording Now Available

Content from our webinar on managing risk tied to lateral hire and merger integration is now online, for those who missed the live session:
  1. Managing Risk Tied to Firm Mergers and Lateral Hires -- Thanks again to our panelists. We welcomed another large group (100+ attendees) who heard speakers from Foley & Lardner (Beth Chiaiese), SNR Denton (Adam Hansen), and Drinker Biddle (Jacqueline Schimmel).
Those who registered but were not able to attend these events should have received a link to the video recordings via email. Others interested in these sessions can view them online: [Law Firm Risk Management Webinars].

Monday, September 26, 2011

Article: Ethical Screen Standards (Industry Trends, Recommended Approach, ABA vs. New York Rules)

Devika Kewalramani, partner and Co-Chair of Moses & Singer's Legal Ethics & Law Firm Practice Group, published an interesting article on ethical wall requirements, including the need for software-driven protections and logging/auditability: “Ethical Screens: Building Electronic Barriers”:
  • "There was a time when locked file cabinets provided the necessary separation of documents. But with client documents now primarily created, revised and saved electronically, client information resides primarily on computers, not in file cabinets. For this reason, there is growing concern about how to create an ethical screen that protects electronic client information."
  • "The ABA commission observed that technological advances have made client information more accessible to the entire law firm, and that screening should require more than making physical documents inaccessible. Screening should require protection of electronic information as well."
The article provides an excellent deep dive comparing and contrasting ABA Model Rules and New York State and Federal Rules and case law:
  • "New York state and federal courts have allowed the use of ethical screens to avoid imputed disqualification of a firm beyond the scope of the N.Y. Rules... In 2005, the Second Circuit, in Hempstead Video Inc. v. Valley Stream, held that preventive measures such as a formal screen or de facto separation can effectively guard against any sharing of client confidential information. The federal courts have refused disqualification in some cases where screens were instituted." [See: Third party summary of Hempstead as well as the text of the written decision.]
And it calls out important recommendations for effective technological screening measures:
  • The need for electronic restrictions: "Block and track access. Protecting electronic client information is critical. The Southern District in Papyrus concluded that the electronic screening measures adopted by the firm adequately segregated the disqualified lawyer from the case, 'thereby immunizing [the firm] from [the disqualified lawyer's] taint.' ... In addition, the firm implemented a monitoring system that could track a lawyer's access to certain electronic files."
  • Maintain logging and auditable compliance reporting: "When confronted by a disqualification motion, conduct an audit of the firm’s document management system to confirm that no prohibited documents have been accessed by the conflicted lawyer."
  • Institute proactive monitoring: "In accordance with the electronic audit measure, track the conflicted lawyer's access to relevant electronic files to verify whether the conflicted lawyer accessed relevant electronic files."
  • Extend and integration protections across other software systems lawyers use: "Exclude the conflicted lawyer from personally entering time on a client matter numbers in the firm's time and billing system unless he/she is provided access on an as need basis or unless that system does not permit one lawyer to look at the time recorded by other lawyers."

Thursday, September 22, 2011

Upcoming Risk Roundtable Meeting Set for San Francisco (Hosted by Orrick)

The third event in our Fall Roundtable series has been scheduled. It's set for October 25th in San Francisco, hosted by Orrick.

Industry developments continue to raise the profile of risk and compliance issues -- particularly with information risk management, where rising client expectations, evolving professional standards and new regulations create new challenges and dangers.

In this context, it's vitally important that risk professionals continue to take steps to understand this changing landscape and minimize firm exposure.

The Risk Roundtable provides a forum for risk, IT and related professionals to connect in a collaborative environment. Sessions will explore topics including:
  • Communicating the implications and potential exposure tied to the expanding information risk landscape
  • Review of news stories, issues, trends and developments affecting law firm risk management
  • An update on the Risk Roundtable Compliance Consortium, including an overview specific industry risk response guidelines under development
  • An open forum for peer discussion, exchange and networking
We run an informal survey of registrants prior to each meeting to identify issues the group would like to discuss. (If interest exists, we can provide a summary of the September New York Roundtable on ISO 27001 for law firms.)

Event attendance is by invitation only and is limited to qualified law firms and personnel. Please contact dan@riskroundtable.com for more details.

Wednesday, September 21, 2011

Outside Ownership of Law Firms? IBM General Counsel Weighs In

While the UK moves forward implementing “alternative business structures,” that will allow outside ownership of law firms, Robert Webber, SVP for legal and regulatory affairs and general counsel at IBM argues against the US following suit in an interesting piece published in Businessweek. "Law Firms Should Spurn Outside Investments." He doesn't pull any punches:
  • "Imagine discovering that the law firm you hired to defend your company... is partly owned by private investors... [who] have financial stakes in the company that is suing you — and perhaps even stakes in the law firm representing your adversary."
  • "It’s a troubling omen of the legal profession’s direction. Most of all, it’s worrisome for clients, whose own interests may take a backseat to the lawyers’ search for additional capital."
  • "These proposals open the door to ethical risks that will work to the detriment of corporate and private individuals and the overall way we conduct business in this country. They could compromise a lawyer’s obligation to protect confidential information and cause conflicts of interest between the lawyer and clients or outside financiers. These outside funders could influence a lawyer’s behavior or even the outcome of a case."
  • "The past few years have seen the legal profession repeatedly putting money first. Conflict-of-interest rules are weakening, making it easier for lawyers to switch firms mid-dispute."

Tuesday, September 20, 2011

Risk News Grab Bag (Conflicts, Fake Billing, Disqualifications & More)

Several interesting stories and postings of note:
  • Law firm represents both sides of LMM airport’s PPP – Controversy stemming from Mayer Brown's involvement representing the buyer and seller in a governmental transaction.
  • Time Capture Software as a Risk Control (Former AmLaw 20 Partner Jailed for Fake Billing) – "He stood accused of racking up significant charges and costing the client over one million dollars -- all for work never performed. This case highlights how time capture software might be used to identify potential "red flag" situations. Without throwing up "Big Brother" concerns by routinely auditing lawyer activity, it is possible to leverage this technology and automatically cross reference work billed vs. work tracked. In practice, firm management could say: 'If lawyers are submitting time records that exceed automatically captured time by 20-30%, we probably want to know about that and at least ask some questions...'"
  • Decision Provides Extensive Analysis of Standard for Disqualification of Law Firm Because of Prior Representation – "I’ve seen a number of recent articles pointing out that law firms seem to be on a merger binge. That, coupled with lawyers moving from firm to firm, as well as bankruptcies, securities cases and mass torts... makes last month’s opinion in Roosevelt Irrigation Dist. v Salt River Project... a good resource for deciding whether to move to disqualify a firm because of some prior involvement in a matter.
  • Using Online Service Providers – Where the Duty of Confidentiality Reigns – American Bar Association Center for Professional Responsibility weighs in on "virtual practice tools" and other hosted software storing confidential information, offering an overview of applicable rules and recommendations on best practices.

Monday, September 19, 2011

ISO 27001 For Law Firms -- Report from Risk Roundtable Seminar Featuring IntApp, Cravath & Forrester Research

We saw tremendous interest in our Roundtable session on ISO 27001, the information security standard. It's clear that this is a growing trend for law firms. (We expect that you'll start hearing more about this issue from other sources in the months to come.)

Brian Lynch, who chairs the Risk Roundtable Compliance Consortium, attended the event last Friday and sends this session summary:
  • Dan – I'm pleased to report back on last Friday’s engaging and educational Risk Roundtable seminar on ISO 27001 for law firms. We were graciously hosted in the New York offices of Cravath, Swaine & Moore and featured speakers who described their real world experiences with ISO implementations - not just theoretical speculation.
  • Andrew Rose from Forrester spoke about well-considered approaches to ISO certification, including benefits firms may not have expected and pitfalls to watch out for. He's well versed in the ISO terrain after leading certification efforts for Clifford Chance and Allen & Overy in the UK.
  • Jeff Franchetti, CIO of Cravath, also walked us through his efforts to become ISO-compliant, and, more importantly, building an intelligent structure for managing information risk and security.
  • Over three hours, CIOs and IT leaders in the room had a chance to hear about real-life implementations - selling the concept internally, securing management buy-in, executing successful projects and reaping the benefits.
Some highlights:
  • Partnering with management – ISO 27001 is a combination of well-understood policies and procedures supported by technology that can enforce them. ISO programs tend to be most successful when management and IT work together throughout the process.
  • 27001 certification v. 27002 compliance – Some firms are pursuing 27002 compliance first. 27002 is an "advisory standard," where certification is not the objective. However, a firm can organize its security processes and protocols. Once firms feel comfortable with 27002, some opt to pursue 27001 certification, which includes requirements and focuses more on repeatable processes.
  • Look to clients for the standard, not peer law firms – firms are seeing a number of trends pointing to ISO - ISO-influenced language appearing in RFPs, clients enlisting 3rd-parties to conduct law firm audits, and clients requiring ISO 27001 certification.
[Given the response to this issue, we’re looking at future sessions in other client locations. Stay tuned.]

Thursday, September 15, 2011

Important Canadian Conflicts Decision (Lateral Lawyer Movement, Ethical Wall)

A recent decision worth noting -- Dow Chemical Canada Inc. v. Nova Chemicals Corporation, 2011 ABQB 509 (CanLII): A lawyer who represented Nova Chemicals at one firm, moved to another firm. That second firm later came to represent a party adverse to Nova, which moved to disqualify it.

A vice president of Nova set out the core of their argument:
  • When I engage a lawyer to prosecute a dispute on behalf of NOVA Chemicals, I do not expect that lawyer to join our enemy’s law firm. Similarly, when a lawyer who has been deeply involved with NOVA Chemicals in the early but very formative strategic stages of a very significant lawsuit against Dow, goes to a law firm that has not been previously involved in the lawsuit, in my opinion that law firm should not be allowed to take on representation of Dow (para 15).”
The judge hearing the matter focused on what confidential information might have moved with the lawyer and how it was treated. The lawyer and firm pledged that no information was communicated or used inappropriately, but the judge remarked that:
  • “…statements under oath or affirmation are an essential part of the continuance of a retainer or acceptance of a new retainer in the circumstances of a moving lawyer with prejudicial confidential information, but that alone is not enough. Screening devices are also necessary, absent consent of the other party or parties.”
The firm had put electronic ethical screening measures in place to restrict internal access to related documents and established that no confidential information was shared. That, coupled with the larger aim to allow firms maximum latitude in choosing counsel, led the judge to deny the motion to disqualify.

University of Calgary law professor Alice Woolley presents excellent analysis and lays out the issues at hand:
  • “Chief Justice Wittmann’s judgment provides new analysis of the principles governing what is necessary for a client to consent to a conflict in advance, how imputation rules operate in national firms, lawyers transferring between law firms, and the intersection between law society rules and judicial determinations in assessing conflicts.”
See also Woolley's other conflicts-related essays: "The Practice (not theory) of Avoiding Conflicts of Interest" and "The True Bright Line Conflicts Rule."

Monday, September 12, 2011

Upcoming Risk Roundtable Meeting Set for Chicago (Hosted by Foley & Lardner)

Based on the success of our Spring Risk Roundtable series, we're pleased to kick off a series of Fall events. Our next event is scheduled for October 13th in Chicago, hosted by Foley and Lardner.

Industry developments continue to raise the profile of risk and compliance issues -- particularly with information risk management, where rising client expectations, evolving professional standards and new regulations create new challenges and dangers.

In this context, it's vitally important that risk professionals continue to take steps to understand this changing landscape and minimize firm exposure.

The Risk Roundtable provides a forum for risk, IT and related professionals to connect in a collaborative environment. Sessions will explore topics including:
  • Communicating the implications and potential exposure tied to the expanding information risk landscape
  • Review of news stories, issues, trends and developments affecting law firm risk management
  • An update on the Risk Roundtable Compliance Consortium, including an overview specific industry risk response guidelines under development
  • An open forum for peer discussion, exchange and networking
We run an informal survey of registrants prior to each meeting to identify issues the group would like to discuss. (If interest exists, we can provide a summary of the September New York Roundtable on ISO 27001 for law firms.)

Event attendance is by invitation only and is limited to qualified law firms and personnel. Please contact dan@riskroundtable.com for more details.