Risk Update

Quandaries and Quagmires — Trending Legal Ethics and Risk Management Issues

Posted on

Chuck Lundberg recently shared his latest thinking in Minnesota Lawyer: “Quandaries and Quagmires: Trending: legal ethics and risk management,” covering key developing stories including Varsity Blues and  The Epstein case:

  • “To be sure, dealing with alleged conflict situations like this is a recurring issue for lawyers. Significantly, conflict allegations are all too common in legal malpractice cases. And all too dangerous — a conflict allegation can turn a simple, vanilla malpractice case into a serious matter, aggravating compensatory damage exposure and potentially implicating punitive damages. So I imagine that the esteemed BigLaw defense counsel in the Varsity Blues cases at a minimum (1) had outside ethics counsel check the potential conflicts every which way before undertaking the representation and (2) retained independent outside counsel to advise each client about the risks and benefits of waiving the conflict.”
  • “In my view, however, an even more important law firm risk issue was raised at the very outset of the Varsity Blues case. At 6:30 am on Tuesday March 12th, the day the scandal broke, Gordon Caplan, the co-chairman of megafirm Willkie Farr & Gallagher, was arrested and charged with criminal conspiracy to bribe college admissions officials to gain college admission for his daughter… On the same day, Law360 also ran a critical story, quoting several ethics experts and crisis management and PR strategy consultants, all saying that the firm’s response was too little, too late. One said the law firm’s first misstep was the fact it took a whole day to respond publicly to news that was generating enormous media attention. Others said the law firm’s statement did not go far enough in condemning the alleged behavior. Some even went so far as to say placing Caplan on leave was not a strong enough response from the firm in light of the allegations, and that a resignation would be better when it comes to preserving the firm’s brand. “From a spin control standpoint, the sooner he is referred to as a former co-chairman and attorney at the firm, the better,” said one of the consultants.”


  • “Another recent blockbuster news story, the Jeffrey Epstein prosecution for child sex trafficking, presents a very different kind of risk management issue: Can a lawyer be criticized for negotiating too good a deal for the client? Put differently, would a legal malpractice claim alleging that one’s lawyer got the client ‘too good a deal’ state a claim for relief?”
  • “In any event, the 33-page written record of the long negotiations in the Order vacating the non- prosecution agreement is fascinating to read and should be an instructive story for many lawyers.8 One imagines that at least one of Epstein’s Dream Team of lawyers had the presence of mind to tell him, ‘Jeff, I just want you to know that there’s a possibility that the whole settlement could be vacated years from now because we got the feds to agree to too much, including not to tell the victims about the agreement. Are you sure you want to take that risk?'”
If you liked this post, please share it:
Risk Update

Outside Counsel Guidelines (OCG) — Looking a Gift Horse in the Mouth?

Posted on

I’m a sucker for a creative headline, we all know. And an effort in story form. And this topic is always of interesting. So from Dentons partners Shari L. Klevens and Alanna Clair we have: “Looking a Gift Horse in the Mouth: Negotiating Terms for Outside Counsel Guidelines” —

  • “You receive a call about a new client with a very large potential matter. The client is a corporation whose regular outside counsel has a conflict, and this new matter creates an opportunity to establish a good relationship with a potentially lucrative client. But there’s a catch… Although your firm routinely begins new client representations by means of a standard engagement letter, this client sends you ‘outside counsel guidelines’ to which it requires agreement. The guidelines cover a host of issues, from billing protocols to technology requirements to the scope of the representation. Is there a risk to accepting the client’s guidelines? Can you negotiate the terms?”
  • “Agreeing to comply with a client’s outside counsel guidelines can help law firms obtain work in a competitive marketplace. However, the guidelines also can create risks for law firms that do not take the time to fully consider or vet the requirements’ guidelines.”
  • “Engagement letters from a law firm are often drawn to define the relationship and, at times and where permissible, to shape a law firm’s potential exposure to the client. If the attorney-client relationship is governed solely by the client’s outside counsel guidelines, however, those same protections may not be in place.”
  • “For example, the definition of who the ‘client’ is in a set of outside counsel guidelines could be expansive, including not only the direct corporate client but also related entities. Such a scenario could create complications for a law firm’s exposure or in future conflicts analysis. Indeed, the law firm could be found to owe duties to an entity that the law firm did not expect—but might have been able to consider or negotiate if the risk had been identified.”
  • “The competition for high-profile or other legal work can be significant: law firms may be tempted to agree to terms without giving proper consideration to whether the law firm has the ability to comply with the terms.”
  • “For example, many outside counsel guidelines will have specific requirements regarding billing (frequency of invoices, rates, compliance with an electronic system). It can create issues for a law firm to agree to a required electronic billing process if it then lacks the staff or resources to comply, as required.”
  • “If a law firm agrees to incorporate certain cybersecurity protections or protocols but then is unable to do so, the client may argue that the law firm is liable to the client for any future breaches or issues. The law firm could then be in the difficult position of having to explain why it agreed to protocols that were beyond what was realistic.”
  • “After the law firm reviews and approves of outside counsel guidelines, a next step is for the law firm to educate the team members working on a particular matter about the specifics of the guidelines. By agreeing to the guidelines but then failing to implement the guidelines among the team, a law firm could create an uncomfortable situation with the client…As such, many firms in this situation will discuss the terms with the team working on a matter to reduce the administrative overhead of compliance.”


If you liked this post, please share it:
Risk Update

Anti Money Laundering (AML) — New Guidance for Lawyers, ABA Pushback & More

Posted on

Kevin Shepherd, partner at Venable, writes: “Inside The New Anti-Money Laundering Guidance For Attys” —

  • “Over a decade ago at its plenary meeting in October 2008, the Paris-based Financial Action Task Force [FATF] issued a guidance paper for the global legal profession on how to detect and prevent money laundering and terrorist financing. “
  • “At its June 2019 plenary meeting, FATF adopted an updated ‘Guidance for a Risk-Based Approach — Legal Professionals.’ The 2019 guidance bears structural similarities to the 2008 guidance, but contains several significant changes. This article will provide an overview of the 2019 guidance and highlight several of these changes that may be of most interest to U.S. lawyers.”
  • “In addition to identifying broadly the specified activities covered by the 2019 guidance, the 2019 guidance lists 15 areas that may — or may not — fall within the category of a specified activity.”
  • “Unlike the 2008 guidance, the 2019 guidance devotes six paragraphs[16] to legal professional privilege and professional secrecy, and recognizes that these concepts present challenges in implementing a risk-based approach.”
  • “The analogous concept of legal professional privilege is known in the United States as the attorney-client privilege, and the 2019 guidance notes that the United States recognizes a ‘crime-fraud’ exception to the attorney-client privilege.”
  • “Supervision of Risk-Based Approach in the U.S. Recommendation 28 of the FATF standards requires that legal professionals be subject to adequate AML/CFT regulation and supervision. Section IV of the 2019 guidance provides detailed guidance to supervisors, much of which is inapplicable to the U.S. given its ‘alternative supervisory system.’ In recognition of this different system, the FATF included a text box in Annex 4 focused on the U.S., which the FATF recognizes as the country with the largest number of lawyers subject to such a system. The lengthy text box describes the fit and proper requirements in the U.S., including the entry and ongoing requirements for lawyer licensing.”

In the US, see: “The American Bar Association is fighting Washington’s efforts to tackle money laundering” —

  • “The body representing America’s lawyers has staked out an eye-opening position in recent years—lobbying against efforts in Congress to close a loophole that enables terrorism, human trafficking, money laundering, and a host of other crimes.”
  • “Unlike banks, law firms don’t legally have to do due diligence before taking on clients—the closest thing they have to regulation is ABA guidelines.”
  • “When the Financial Action Task Force (FATF), an international anti-money laundering organization, analyzed 106 global cases of the owners of illicit money hiding their identities, it found that most schemes used either lawyers, trust or corporate service providers, or accountants. Lawyers were the most likely of those three to be used in the real estate schemes outlined in the Global Witness sting, FATF found.”

And for those looking for some training, I found a consult’s webinar recording on law firm compliance: “Anti Money Laundering – Ask me anything! Join me for this AML update webinar, where you can ask me anything you’ve always wanted to know about AML.”

If you liked this post, please share it:
Risk Update

Professional Rules Under Revision: Marketing Restriction + Non-lawyer Financial Interest Coming in California?

Posted on

Hat tip to Karen Rubin at Thomson Hine: “No marketing using client’s info without express consent, says S.C. supreme court, even if ‘generally known‘” —

  • “As we’ve noted before (here and here), the ethical duty of confidentiality is broad, and can even cover publically-available information. Now comes a reminder that based on the confidentiality rule you should obtain consent before using your client’s name in marketing materials — and that some jurisdictions go even farther. For instance, South Carolina last month added a comment to its version of Model Rule 1.6 that expressly requires permission before using client information for advertising purposes, even including “generally-known” client information.”
  • “The South Carolina bar had filed a petition last year seeking to amend Rule 1.6 to allow lawyers to reveal citations to published judicial opinions without getting consent from clients involved in the case. But the law of unintended consequences kicked in.”
  • “Instead of approving the petition, the state supreme court tightened the confidentiality rule, saying in its order, ‘We decline to amend the rule as proposed by the Bar. Instead, we … add a new comment to the rule reminding lawyers that Rule 1.6 requires lawyers obtain informed consent from clients before revealing information about the representation to advertise their services. The comment further clarifies [that] this obligation applies regardless of whether any information revealed is contained in court filings or has become generally known.'”
  • “This goes farther than other state versions of Model Rule 1.6, and may be a burdensome slippery slope when it comes to ‘generally-known’ information.”
  • “On the other hand, clients value confidentiality and many want complete control over whether a firm publicizes its relationship with that client. For instance, as a condition of the representation, many large organizations expressly prohibit their outside counsel from mentioning the fact of the representation in their marketing materials without express consent.”

And to Joseph Corsmeier: “California Bar examines proposal that non-lawyers be permitted to provide legal advice and have a financial interest in law firms” —

  • “… the recent proposals of a State Bar of California task force which would, inter alia, permit legal technicians to offer legal advice and also permit non-lawyers to have a financial interest in law firms. The proposals were approved by the State Bar Board of Trustees on July 11, 2019.”
  • “The proposals were developed by the California Bar’s Task Force on Access Through Innovation of Legal Services. The task force’s proposals would make sweeping changes by modifying the restrictions on the unauthorized practice of law and ethics rules that prohibit fee sharing with nonlawyers and would also permit legal technicians to provide legal advice and practice law. The California Bar press release announcing the proposals is here. The California Bar agenda item with the proposals is here.”
  • “The proposals also would also permit state-approved businesses to use legal technology to deliver legal services. Regulatory standards governing the provider and the technology would be established and client communications with such entities would be covered by attorney-client privilege/confidentiality.”
  • “Bottom line: These California Bar proposals have a long way to go before being potentially implemented; however, if they are eventually implemented, California will be another one of the few states which would permit legal technicians to offer legal advice and the only jurisdiction (other than the District of Columbia) to permit nonlawyers to hold a financial interest in law firms. Stay tuned…”


If you liked this post, please share it:
Risk Update

HIPAA & PHI: Law Firm Disclosure Risk and Compliance Requirements

Posted on

A Warning to Law Firms and Litigants: Unlawful Disclosure of PHI in Litigation Can Lead to Trouble” —

  • “The handling of sensitive data with appropriate care in litigation is a critical aspect of legal practice. Recent ABA Formal Opinions 477 and 483 discuss requirements for securing protected client information and lawyers’ obligations after a cyberattack. Conduct during litigation is no different. Unless stated otherwise by statute, the context of litigation does not effect a person’s legal duties when handling sensitive data. In Menorah Park Ctr. for Senior Living v. Rolston, 2019 Ohio App. LEXIS 2175 (May 30, 2019 Ohio Ct. App.), a plaintiff of a small-claims matter is learning this lesson the hard way.”
  • “Menorah Park attached to its complaint non-redacted copies of several account billing statements that included descriptions of medical services provided, dates the services were rendered, medical procedure codes, charges, credits, and balances.”
  • “Rolston opposed the motion, arguing that her claim was not preempted and that, in any event, Menorah Park’s disclosure was unlawful under HIPAA because, by filing non-redacted copies of the statements, Menorah Park had not undertaken ‘reasonable efforts’ to limit the disclosure of the protected health information (PHI) to the ‘minimum necessary’ for the purpose of collecting payment.”
  • “The Court of Appeals appeared to reject the contention that the disclosure of Rolston’s medical information was authorized under HIPAA, noting that Menorah Park had used non-redacted copies of the account statements.”
  • “There are several implications that arise from this decision, the first being that law firms and litigants must undertake care when handling personal information, even an adversary’s in litigation… The clear lesson here is to take care when handling sensitive data.”

And for those looking for a refresher, Thomson Reuters recently published: “Understanding HIPAA compliance for law firms” —

  • “The definition of business associate under HIPAA’s regulations expressly includes attorneys who perform legal services for a HIPAA-covered entity (for example, a health plan), if the attorneys are not members of the covered entity’s workforce. For purposes of HIPAA’s privacy and security requirements, the definition applies if the legal services provided involve disclosure of PHI from the covered entity (or from another business associate) to the attorney.”
  • “An attorney who is a business associate must comply with HIPAA’s requirements as applicable to business associates (for example, by providing satisfactory assurances to the covered entity that it will safeguard PHI).”
  • “HIPAA non-compliance may result in severe penalties and correction requirements. HHS has taken an aggressive approach to enforcing HIPAA’s requirements in recent years. HHS’s enforcement actions have resulted in numerous highly publicized settlement agreements with noncompliant covered entities, and typically require significant monetary payments and stringent corrective actions.”
If you liked this post, please share it:
Risk Update

Lawyer Insider Trading Risk In Detail (Controls, Confidentiality, Conflicts & Compliance Concerns)

Posted on

In a six page PDF well worth the read, Arnold & Porter partner and former head of the Market Abuse Unit of the SEC’s Division of Enforcement notes: “The SEC Is Cracking Down On Insider Trading By Lawyers” —

  • “A recent series of insider trading actions charging senior lawyers in legal departments of prominent public companies suggests that insider trading by lawyers may be on the rise.”
  • “Over the past several months, the U.S. Securities and Exchange Commission has brought enforcement actions charging insider trading in advance of earnings announcements by senior lawyers at Apple and SeaWorld. In a third action, filed in early May 2019, the general counsel of Cintas Corporation was an unwitting victim of a house guest, a lifelong friend, who, the SEC alleges, surreptitiously pilfered merger related information from a folder in the lawyer’s home office.”
  • “These actions are noteworthy not only for the brazenness of the conduct involved,
    but because they suggest that insider trading by lawyers remains a ‘profound problem.'[1] And, as the case of the Cintas general counsel demonstrates, innocent lawyers may also fall prey to others, such as close friends and family, looking to exploit their access to material nonpublic information, or MNPI.”
  • “In recent years, however, a new wave of enforcement actions, coupled with the SEC’s development of new technology, and its adoption of the trader-based approach[3] to insider trading investigations, has rekindled the question of whether companies and law firms should be doing more to protect against the misuse of MNPI by lawyers and legal personnel. Increasingly, the SEC has touted its use of data analysis to identify patterns of suspicious trading and relationships… Because legal departments and law
    firms are repositories of large amounts of MNPI, they are among the first places that regulators look to determine whether a lawyer is the source of prohibited information.”
  • Improved Controls Over MNPI: “Law firms and legal departments should revisit their insider trading policies and procedures and consider whether improvements can be made for how they handle MNPI. The use of project code words for transactional matters is generally effective at protecting against
    disclosure of the identities of the parties to the transaction. The risk of disclosure, however, increases if members of the deal team are inconsistent in their use of code words.[18]”
  • Similarly, where law firm attorneys and legal personnel share information in connection with running conflict of interest checks, there is an increased risk of such information being misused. Adopting procedures to shield incoming public company transactional matters from firmwide disclosure can reduce the number of attorneys and employees exposed to MNPI.”
  • File Access on a Need-to-Know Basis: “When new project files or client file directories are established, law firms and legal departments should
    consider restricting access to persons on a need-to-know basis. Establishing a permissions process will
    prevent employees who are outside the deal team or earnings process from being able to access file
    folders concerning MNPI.”
If you liked this post, please share it: