Bressler Risk Blog

Kevin Shepherd, partner at Venable, writes: “Inside The New Anti-Money Laundering Guidance For Attys” —

• “Over a decade ago at its plenary meeting in October 2008, the Paris-based Financial Action Task Force [FATF] issued a guidance paper for the global legal profession on how to detect and prevent money laundering and terrorist financing. “
• “At its June 2019 plenary meeting, FATF adopted an updated ‘Guidance for a Risk-Based Approach — Legal Professionals.’ The 2019 guidance bears structural similarities to the 2008 guidance, but contains several significant changes. This article will provide an overview of the 2019 guidance and highlight several of these changes that may be of most interest to U.S. lawyers.”
• “In addition to identifying broadly the specified activities covered by the 2019 guidance, the 2019 guidance lists 15 areas that may — or may not — fall within the category of a specified activity.”
• “Unlike the 2008 guidance, the 2019 guidance devotes six paragraphs[16] to legal professional privilege and professional secrecy, and recognizes that these concepts present challenges in implementing a risk-based approach.”
• “The analogous concept of legal professional privilege is known in the United States as the attorney-client privilege, and the 2019 guidance notes that the United States recognizes a ‘crime-fraud’ exception to the attorney-client privilege.”
• “Supervision of Risk-Based Approach in the U.S. Recommendation 28 of the FATF standards requires that legal professionals be subject to adequate AML/CFT regulation and supervision. Section IV of the 2019 guidance provides detailed guidance to supervisors, much of which is inapplicable to the U.S. given its ‘alternative supervisory system.’ In recognition of this different system, the FATF included a text box in Annex 4 focused on the U.S., which the FATF recognizes as the country with the largest number of lawyers subject to such a system. The lengthy text box describes the fit and proper requirements in the U.S., including the entry and ongoing requirements for lawyer licensing.”

In the US, see: “The American Bar Association is fighting Washington’s efforts to tackle money laundering” —

• “The body representing America’s lawyers has staked out an eye-opening position in recent years—lobbying against efforts in Congress to close a loophole that enables terrorism, human trafficking, money laundering, and a host of other crimes.”
• “Unlike banks, law firms don’t legally have to do due diligence before taking on clients—the closest thing they have to regulation is ABA guidelines.”
• “When the Financial Action Task Force (FATF), an international anti-money laundering organization, analyzed 106 global cases of the owners of illicit money hiding their identities, it found that most schemes used either lawyers, trust or corporate service providers, or accountants. Lawyers were the most likely of those three to be used in the real estate schemes outlined in the Global Witness sting, FATF found.”

And for those looking for some training, I found a consult’s webinar recording on law firm compliance: “Anti Money Laundering – Ask me anything! Join me for this AML update webinar, where you can ask me anything you’ve always wanted to know about AML.”

Hat tip to Karen Rubin at Thomson Hine: “No marketing using client’s info without express consent, says S.C. supreme court, even if ‘generally known‘” —

• “As we’ve noted before (here and here), the ethical duty of confidentiality is broad, and can even cover publically-available information. Now comes a reminder that based on the confidentiality rule you should obtain consent before using your client’s name in marketing materials — and that some jurisdictions go even farther. For instance, South Carolina last month added a comment to its version of Model Rule 1.6 that expressly requires permission before using client information for advertising purposes, even including “generally-known” client information.”
• “The South Carolina bar had filed a petition last year seeking to amend Rule 1.6 to allow lawyers to reveal citations to published judicial opinions without getting consent from clients involved in the case. But the law of unintended consequences kicked in.”
• “Instead of approving the petition, the state supreme court tightened the confidentiality rule, saying in its order, ‘We decline to amend the rule as proposed by the Bar. Instead, we … add a new comment to the rule reminding lawyers that Rule 1.6 requires lawyers obtain informed consent from clients before revealing information about the representation to advertise their services. The comment further clarifies [that] this obligation applies regardless of whether any information revealed is contained in court filings or has become generally known.'”
• “This goes farther than other state versions of Model Rule 1.6, and may be a burdensome slippery slope when it comes to ‘generally-known’ information.”
• “On the other hand, clients value confidentiality and many want complete control over whether a firm publicizes its relationship with that client. For instance, as a condition of the representation, many large organizations expressly prohibit their outside counsel from mentioning the fact of the representation in their marketing materials without express consent.”

And to Joseph Corsmeier: “California Bar examines proposal that non-lawyers be permitted to provide legal advice and have a financial interest in law firms” —

• “… the recent proposals of a State Bar of California task force which would, inter alia, permit legal technicians to offer legal advice and also permit non-lawyers to have a financial interest in law firms. The proposals were approved by the State Bar Board of Trustees on July 11, 2019.”
• “The proposals were developed by the California Bar’s Task Force on Access Through Innovation of Legal Services. The task force’s proposals would make sweeping changes by modifying the restrictions on the unauthorized practice of law and ethics rules that prohibit fee sharing with nonlawyers and would also permit legal technicians to provide legal advice and practice law. The California Bar press release announcing the proposals is here. The California Bar agenda item with the proposals is here.”
• “The proposals also would also permit state-approved businesses to use legal technology to deliver legal services. Regulatory standards governing the provider and the technology would be established and client communications with such entities would be covered by attorney-client privilege/confidentiality.”
• “Bottom line: These California Bar proposals have a long way to go before being potentially implemented; however, if they are eventually implemented, California will be another one of the few states which would permit legal technicians to offer legal advice and the only jurisdiction (other than the District of Columbia) to permit nonlawyers to hold a financial interest in law firms. Stay tuned…”

“A Warning to Law Firms and Litigants: Unlawful Disclosure of PHI in Litigation Can Lead to Trouble” —

• “The handling of sensitive data with appropriate care in litigation is a critical aspect of legal practice. Recent ABA Formal Opinions 477 and 483 discuss requirements for securing protected client information and lawyers’ obligations after a cyberattack. Conduct during litigation is no different. Unless stated otherwise by statute, the context of litigation does not effect a person’s legal duties when handling sensitive data. In Menorah Park Ctr. for Senior Living v. Rolston, 2019 Ohio App. LEXIS 2175 (May 30, 2019 Ohio Ct. App.), a plaintiff of a small-claims matter is learning this lesson the hard way.”
• “Menorah Park attached to its complaint non-redacted copies of several account billing statements that included descriptions of medical services provided, dates the services were rendered, medical procedure codes, charges, credits, and balances.”
• “Rolston opposed the motion, arguing that her claim was not preempted and that, in any event, Menorah Park’s disclosure was unlawful under HIPAA because, by filing non-redacted copies of the statements, Menorah Park had not undertaken ‘reasonable efforts’ to limit the disclosure of the protected health information (PHI) to the ‘minimum necessary’ for the purpose of collecting payment.”
• “The Court of Appeals appeared to reject the contention that the disclosure of Rolston’s medical information was authorized under HIPAA, noting that Menorah Park had used non-redacted copies of the account statements.”
• “There are several implications that arise from this decision, the first being that law firms and litigants must undertake care when handling personal information, even an adversary’s in litigation… The clear lesson here is to take care when handling sensitive data.”

And for those looking for a refresher, Thomson Reuters recently published: “Understanding HIPAA compliance for law firms” —

• “The definition of business associate under HIPAA’s regulations expressly includes attorneys who perform legal services for a HIPAA-covered entity (for example, a health plan), if the attorneys are not members of the covered entity’s workforce. For purposes of HIPAA’s privacy and security requirements, the definition applies if the legal services provided involve disclosure of PHI from the covered entity (or from another business associate) to the attorney.”
• “An attorney who is a business associate must comply with HIPAA’s requirements as applicable to business associates (for example, by providing satisfactory assurances to the covered entity that it will safeguard PHI).”
• “HIPAA non-compliance may result in severe penalties and correction requirements. HHS has taken an aggressive approach to enforcing HIPAA’s requirements in recent years. HHS’s enforcement actions have resulted in numerous highly publicized settlement agreements with noncompliant covered entities, and typically require significant monetary payments and stringent corrective actions.”

In a six page PDF well worth the read, Arnold & Porter partner and former head of the Market Abuse Unit of the SEC’s Division of Enforcement notes: “The SEC Is Cracking Down On Insider Trading By Lawyers” —

• “A recent series of insider trading actions charging senior lawyers in legal departments of prominent public companies suggests that insider trading by lawyers may be on the rise.”
• “Over the past several months, the U.S. Securities and Exchange Commission has brought enforcement actions charging insider trading in advance of earnings announcements by senior lawyers at Apple and SeaWorld. In a third action, filed in early May 2019, the general counsel of Cintas Corporation was an unwitting victim of a house guest, a lifelong friend, who, the SEC alleges, surreptitiously pilfered merger related information from a folder in the lawyer’s home office.”
• “These actions are noteworthy not only for the brazenness of the conduct involved,
  but because they suggest that insider trading by lawyers remains a ‘profound problem.'[1] And, as the case of the Cintas general counsel demonstrates, innocent lawyers may also fall prey to others, such as close friends and family, looking to exploit their access to material nonpublic information, or MNPI.”
• “In recent years, however, a new wave of enforcement actions, coupled with the SEC’s development of new technology, and its adoption of the trader-based approach[3] to insider trading investigations, has rekindled the question of whether companies and law firms should be doing more to protect against the misuse of MNPI by lawyers and legal personnel. Increasingly, the SEC has touted its use of data analysis to identify patterns of suspicious trading and relationships… Because legal departments and law
  firms are repositories of large amounts of MNPI, they are among the first places that regulators look to determine whether a lawyer is the source of prohibited information.”
• Improved Controls Over MNPI: “Law firms and legal departments should revisit their insider trading policies and procedures and consider whether improvements can be made for how they handle MNPI. The use of project code words for transactional matters is generally effective at protecting against
  disclosure of the identities of the parties to the transaction. The risk of disclosure, however, increases if members of the deal team are inconsistent in their use of code words.[18]”
• Similarly, where law firm attorneys and legal personnel share information in connection with running conflict of interest checks, there is an increased risk of such information being misused. Adopting procedures to shield incoming public company transactional matters from firmwide disclosure can reduce the number of attorneys and employees exposed to MNPI.”
• File Access on a Need-to-Know Basis: “When new project files or client file directories are established, law firms and legal departments should
  consider restricting access to persons on a need-to-know basis. Establishing a permissions process will
  prevent employees who are outside the deal team or earnings process from being able to access file
  folders concerning MNPI.”