intapp

Risk Resources & Webinars — Risk Assessment, AML, and Client Due Diligence (Sponsor Spotlight)

Posted on

In this month’s sponsor spotlight, Intapp is highlighting new resources on risk assessment, anti-money launderings and client due diligence:

WEBINAR RECORDING:Intapp Risk and Compliance Roundtable: An Expert Panel Discussion on Risk Assessment, AML, and CDD” —

  • “One of the many ever-increasing challenges firms currently face is ensuring proper due diligence while managing their risk assessment processes. Firms are constantly seeking out new ways to address this issue and implement best practices for conducting necessary checks throughout the client and matter opening processes.”
  • “on March 3, WE will SPOKE with two leading subject matter experts on risk-related issues such as Solicitors Regulation Authority (SRA) expectations and expanding risk awareness.”

UPCOMING WEBINAR:The Intapp Advantage: Streamlining Risk Assessment and AML Processes” —

  • “As a follow-up to our March discussion, on April 21, 2022, at 2 pm BST, 9 am ET we will be hosting a webinar to demonstrate how Intapp Intake for AML Compliance will support your firm’s anti-money-laundering processes and provide you with a comprehensive, configurable, and integrated AML solution.”
  • “Firms continue to struggle with the challenge of managing their risk assessment processes in this post-pandemic environment. The past 2 years have seen a steady increase in the growth of fraud cases and data breaches — a trend that’s expected to continue into 2022. European Union anti-money-laundering (AML) legislation and Solicitors Regulation Authority (SRA) expectations have raised the imperative for firms to expand their risk awareness.”
  • “At this webinar, you’ll learn how Intapp can provide your firm with an AML solution that integrates with your key systems as well as third-party data and a reputable ID verification partner to enable seamless, efficient, and accurate intake and AML compliance processes.”
  • “This session will highlight:
    • Conducting AML compliance with prebuilt configurable forms and workflows
    • Integrating the Intapp AML solution with key firmwide systems, third-party data, and a reputable ID verification partner
    • Generating an AML risk score based on key inputs and firm business rules to quickly assess risk levels and escalate or resolve the risk
    • Streamlining documents delivery and managing client interactions using a secure external client portal
    • Automating real-time monitoring and notifications that may impact the risk assessment”
  • Register Here
Risk Update

OCGs and IG — Outside Counsel Guidelines, Information Governance, Best Practices, Fresh Opportunities

Posted on

Published a several months ago (even the best of us don’t always keep up on our risk reading lists…), this white paper crafted by a “who’s who” of information governance experts: “Client Information Governance Requests: How the Landscape Has Changed” —

  • “The Law Firm Information Governance Symposium (LFIGS) wrote our seminal white paper on Outside Counsel Guidelines (OCGs) in 2014 and has since added to it with entries in 2016 and 2018.”
  • “Client guidelines may come in the form of OCGs, engagement letters or client agreements and, collectively, are referred to as Client Information Governance Requirements (CIGRs). Our papers discuss the opportunities for law firms provided by CIGRs and how Information Governance (IG) professionals can help promote various initiatives by focusing on the topics that clients care about.”
  • “In addition, we’ve included a myriad of practical and specific assistance, such as best approaches for setting up CIGR intake procedures, some typical client technology requirements, and ways to better partner with your General Counsel. Chances are, if you have a specific question related to CIGRs, we’ve covered it before or it’s addressed in this paper.”
  • “The goal of this paper is to dive into some topics in more detail while also exploring some new topics that have become increasingly important. Where in past papers we briefly touched upon Firm priorities and initiatives that can be furthered with CIGRs as featured considerations, in this paper we delve further into how you can leverage client mandates in a big way. We also get into some best practices by giving anecdotal evidence on what’s been working, what hasn’t, and what we plan to try next.”
  • “The last three years have brought a lot of changes to the information landscape and with that comes meaningful changes to the mandates issued by our clients. To that end, we take a look at the Association of Corporate Counsel (ACC) guidelines and how best to develop a standard approach. We also explore the new normal of remote work and how clients are changing their requirements to account for this new way of working.”
  • Topics Include:
    • Engagement Letters v OCGs
    • Impact of CIGRS on Firm Priorities and Initiatives
    • OCG Provisions Impacting Multiple Administrative Groups
    • Workflows and Tools
    • Proven Practices
    • Remote Working Environments and Their Impact on CIGRS
    • Standardization and Association of Corporate Counsel (“ACC”) Guidelines
Risk Update

OCGs and DEI — Outside Counsel Guidelines that Counsel on Language

Posted on

Stop Saying ‘Powwow’ for Meeting: CMG Adds Language Policy to Outside Counsel Guidelines” —

  • “Nestled alongside the run-of-the-mill policies outlined in Cox Media Group Inc.’s latest outside counsel guidelines, which include such classics as how to get reimbursed for overpriced chocolate-covered peanuts from the hotel minibar and rules on confidentiality, is a curious section on diversity, equity and inclusion that focuses on language.”
  • “When he was crafting the policy, CMG general counsel Eric Greenberg realized he had a unique opportunity to, as he says, ‘have some influence on how people think about and use language,’ more specifically, inclusive and non-inclusive language. “
  • “‘I’ve been in meetings with people who have used language like, ‘We had a big powwow and now we’ve made a decision,’’ Greenberg said. ‘Then you have things that are seemingly more benign, where people talk about information barriers as a ‘Chinese wall,’ or describe regulatory compliance as being ‘kosher,’ which I think people don’t even think twice about'”
  • “CMG’s policy includes examples of non-inclusive language that pop up frequently in daily life, from addressing letters and emails to ‘ladies and gentlemen’ and using ‘Nazi’ or ‘lynch’ to describe aggressive or punitive positions or tactics to asserting that someone is ‘deaf’ to a concern or ‘blind to the truth.'”
  • “‘Our goal is neither to police nor mandate the language of our counsel, but to raise the point as a matter of awareness and share with you illustrations of our belief that inclusion is critical in thought, action—and word,’ the guideline states. ‘Moreover, we note that in this engagement, you may be literally speaking on behalf of CMG. Accordingly, we hope that our values of inclusivity will be reflected in the way that we communicate.'”
  • “Since CMG unveiled its new guidelines in January, Greenberg said he hasn’t noticed much of a reaction from his outside counsel on the language policy, though other in-house leaders seem enthusiastic about the idea.”
  • “One of CMG’s outside lawyers, Wiley Rein partner Ari Meltzer, said the language policy ‘goes above and beyond what we would typically see in outside counsel guidelines,’ but noted that he’s not had to make any language changes in contracts or otherwise as a result of the guideline.”
  • “Another CMG outside counsel, Sidley Austin partner Hille Sheppard, stated that the language guidelines ‘capture, in an elegant and non-preachy manner, the true essence of what DEI is and should be, why it is important, and how we can all advance it together in authentic, significant and sustainable ways… CMG’s language guidelines opened my eyes in several respects, and I have forwarded them to Sidley’s training and development professionals to incorporate into our lawyer programming.'”
Risk Update

Russia Risks — Financial Risk, AML, Sanctions, KYC, Compliance Considerations

Posted on

How One Oligarch Used Shell Companies and Wall Street Ties to Invest in the U.S.” —

  • “Using a network of banks, law firms and advisers in multiple countries, Roman Abramovich invested billions in American hedge funds.”
  • “In July 2012, a shell company registered in the British Virgin Islands wired $20 million to an investment vehicle in the Cayman Islands that was controlled by a large American hedge fund firm.”
  • “The wire transfer was the culmination of months of work by a small army of handlers and enablers in the United States, Europe and the Caribbean. It was a stealth operation intended, at least in part, to mask the source of the funds: Roman Abramovich.”
  • “For two decades, the Russian oligarch has relied on this circuitous investment strategy — deploying a string of shell companies, routing money through a small Austrian bank and tapping the connections of leading Wall Street firms — to quietly place billions of dollars with prominent U.S. hedge funds and private equity firms, according to people with knowledge of the transactions.”
  • “The key was that every lawyer, corporate director, hedge fund manager and investment adviser involved in the process could honestly say he or she wasn’t working directly for Mr. Abramovich. In some cases, participants weren’t even aware of whose money they were helping to manage.”
  • “The manager of the fund, which oversaw billions of dollars but wasn’t a big name on Wall Street, provided a detailed accounting of his involvement on the condition that neither he nor his firm be named.”
  • “The fund manager hired Mourant, an offshore law firm, to get the paperwork for the Cayman vehicle in order. The managing partner of Mourant did not respond to requests for comment.”

SRA on “The importance of complying with Russian financial sanctions” —

  • “In the wake of the UK Government imposing sanctions on Russia, we want to remind you and your firm of the importance of your role in ensuring all measures and restrictions are complied with. We have also set out the actions we are taking to both assess and support compliance.”
  • “Breaching the financial sanctions requirements can result in criminal prosecution or a fine by OFSI. However, our Code of Conduct also requires all firms we regulate to keep up to date with and follow the law and regulation relating to their work, and we would take disciplinary action should we see evidence of serious non-compliance.”
  • “Your firm must have appropriate policies in place to ensure you comply with sanctions legislation, including carrying out regular and appropriate checks of sanctions lists. We expect you to take your responsibilities under the regime to safeguard the UK and protect the reputation of the legal services industry seriously.”
  • “The financial sanctions regime prevents law firms from doing business or acting for listed individuals, entities or ships (without a licence). Firms should check the financial sanctions lists before offering services or undertaking transactions for clients. If an individual is on the sanctions list and subject to an asset freeze, firms may not deal with those funds or make resources available to that person.”
  • “We are commencing a process of spot checks on firms to assess compliance with the financial sanctions regime.”
  • “You must take a risk-based approach to preventing money laundering, meaning you must understand the risks of how your business may be used to launder money and take steps to appropriately mitigate those risks.”
  • “Concerns have been raised about Strategic litigation against public participation (SLAPP), the term used to describe misuse of the legal system to discourage public criticism and reporting or action to address serious concerns (such as corruption/money laundering). It can include preliminary steps as well as actual litigation, for example letters from firms suggesting that litigation may follow.”
  • “The Rule of Law and our legal system provides that there is a right to legal advice and representation for all. However, you must ensure that proceedings are pursued properly and that your duties to your client don’t override your public interest obligations and duties to the court. That means for example you must not bring cases that are not properly arguable; bring excessive or oppressive proceedings; or mislead or take advantage of others.”

Ethics, Sanctions or Reputation? Why Are Firms Really Leaving Russia?” —

  • “That all 25 major commercial law firms with a presence in Russia have confirmed plans to leave in such a short space of time is nothing short of monumental. Even two weeks ago few would have predicted such a rout. But it would be a mistake to believe they are all thinking the same way.”
  • “Law.com International’s U.K. team discussed these exact questions and more on a webinar this week all about the war and its implications for the industry… A generous interpretation of events would surmise that firms have pulled out for ethical reasons. They do not want to operate in a regime that wages unprovoked war on a democratic state. Some firms – though not many – have said as much. One London partner is travelling by car to Poland to personally deliver sleeping bags and medical kit to Ukrainian refugees.”
  • “A more cynical view would be that the decision is simply a commercial one. Sanctions have forced firms to stop acting for many clients and the Russian operations weren’t very profitable anyway. An excellent analysis of limited liability partnership accounts by Jack Womack found most firms for which data is available had seen their Russia revenues declining and most had suffered a loss at least once in recent years.”
  • “An even less charitable view is that firms are thinking only about their reputation. It doesn’t look good to graduates and clients and therefore we need to follow the herd and be seen to be taking action. Particularly as companies (and indeed clients) like BP, Shell, Coca Cola, PepsiCo and McDonalds—companies not exactly known for their glittering ethical records—are pulling out.”
  • “Likely, all three issues will have been factored into the decisions to close in Moscow. But if a ceasefire does happen and the war ends – and let’s hope it does soon – then the question some firms will be asking is when they can re-open in the country. At that point we’ll learn what was motivating each firm.”

German Law Firm to Retain Moscow Presence in Rare Move” —

  • “German corporate law firm Advant Beiten is to maintain its Moscow office, in a sharply counter-narrative move that comes at a time when most other Western firms are exiting Russia.”
  • “Though its Moscow office remains open, a spokesperson said the firm had ceased work for clients which have any connection to the Russian state or are affiliated with any Russian state-owned enterprises, and would not be accepting new instructions from any such clients.”
  • “The Moscow office currently has one partner, 14 lawyers and tax advisors, for a total headcount of 38 (including business support staff), according to another spokesperson. It opened the office in 1992.”
  • “Like many other firms, Advant Beiten has condemned the conflict and is engaging in humanitarian support for Ukrainians.”
  • “Meanwhile, Gleiss Lutz, one of Germany’s largest full-service firms with six offices in Germany plus Brussels and London, said that it does not have an office in Russia and stopped accepting mandates immediately after February 24, then the invasion began. “

Other interesting, recent stories I’ve noted, which may be of interest:

Risk Update

*engagement Letters — The Importance of Disengagement Letters

Posted on

Just honored as the 2022 recipient of the Michael Franck Professional Responsibility Award, Lucian Pera reminds us: “Ethics: The Power of the Disengagement Letter

  • “Most lawyers understand the importance of engagement letters. Sometimes they’re even required by our ethics rules or our law firms. But fewer lawyers understand the power of a simple letter or email to a client saying our representation is over—the disengagement letter.”
  • “In 2001, Plum Creek Timber retained a large, national law firm, Holland & Knight LLP, to work on real estate matters. Over the next 14 years, the firm worked on about 20 matters for the client. Those concluded in 2015.”
  • “In 2015, Plum Creek merged with Weyerhaeuser, which then engaged the law firm on a Florida utilities matter. That engagement ended on June 14, 2017. Two days later, a careful firm lawyer emailed Weyerhaeuser…This should bring the matter to a close. It has been our pleasure to represent Weyerhaeuser. Please let us know if we can be of further assistance. The lawyer’s Weyerhaeuser contact responded by email, ‘[i]t is nice to bring this to a close.'”
  • “Fast forward about a month. Weyerhaeuser revealed an ‘off-gassing’ issue with fire-resistant joists it produced. They allegedly emitted dangerous levels of formaldehyde. Another client of the firm, Dream Finders Homes, had purchased some of these joists. They asked the firm to advise on legal options.”
  • “In running a conflict check, the firm found its prior—and very recently concluded—Weyerhaeuser work. The firm concluded that, under Rule of Professional Conduct 1.9(a) concerning former clients, it was free to represent Dream Finders adverse to its former client Weyerhaeuser because Dream Finders’ joists issue was not ‘substantially related’ to any of the firm’s former Weyerhaeuser work. The firm took on the Dream Finders matter, and sued Weyerhaeuser in December 2017.”
  • “…Weyerhaeuser was unhappy with the firm’s involvement and moved to disqualify it. The district court’s ruling on that motion offers a potent reminder of the power of a disengagement letter.”
  • “Most importantly, the district court quickly determined that Weyerhaeuser must be treated as a former client of the firm, not a current client. After all, the firm’s very clear email (quoted above) established that the firm’s representation was at an end. The firm’s clear written disengagement allowed the court to reach this decision quickly and definitively.”
  • “As a practical matter, if the firm had not sent a disengagement email here, the district court would have been required to take on a detailed factual analysis to determine whether Weyerhaeuser was then a current or former client.”
  • “The court would have looked at all kinds of facts surrounding the matter to decide whether, in the few weeks between the utility order attached to the email and the firm’s taking on the Dream Finders matter adverse to Weyerhaeuser, the attorney-client relationship with Weyerhaeuser had continued. A client in Weyerhaeuser’s position often then offers affidavit proof that they had continued to believe—quite reasonably, they might say—that the firm still represented them. That type of proof can be hard to overcome.”
  • “My advice: Write from a place of gratitude… Do you have to write, ‘This matter is now over, and we are no longer your lawyers’? Or ‘Please consider yourself disengaged. This attorney-client relationship is terminated’? Of course not.”
  • “System Solutions Can Help… Knowing that won’t always work, also think about a policy that identifies all open matters in your office that have had no activity in, say, four or six months, and then asks the lawyer responsible for these matters to close them—and send a form disengagement letter.”
Risk Update

Risk Updates — Jones Day Cancer Conflict Cleared, Freivogel Findings

Posted on

Jones Day Cleared to Represent J&J’s Bankrupt Talc Subsidiary” —

  • “A bankruptcy judge authorized Jones Day to continue representing Johnson & Johnson’s talc subsidiary in chapter 11, rejecting arguments that the law firm can’t be trusted to look out for the interests of cancer victims because it designed the strategy to limit J&J’s liability.”
  • “A bankruptcy judge authorized Jones Day to continue representing Johnson & Johnson’s talc subsidiary in chapter 11, rejecting arguments that the law firm can’t be trusted to look out for the interests of cancer victims because it designed the strategy to limit J&J’s liability.”
  • “Judge Michael Kaplan of the U.S. Bankruptcy Court in Trenton, N.J., said on Tuesday that Jones Day’s past work for J&J on a transaction that sent its talc-related liabilities into chapter 11 doesn’t mean the firm has a disqualifying conflict of interest, as injury lawyers allege.”
  • “Judge Kaplan said Jones Day’s work for J&J, which ended two days before the recently-formed talc subsidiary filed chapter 11 in October, doesn’t mean the law firm will favor the interests of the parent company over its bankrupt unit, LTL Management LLC.”
  • “Instead, the judge said evidence shows that LTL and J&J have a shared interest in settling the talc liability in chapter 11. That fact ensures that neither Jones Day nor LTL could give priority to a competing interest favoring J&J that could influence the bankruptcy case, Judge Kaplan said.”
  • “The committees representing talc claimants argued the restructuring that created LTL was executed for the purpose of capping J&J’s talc liability, which by extension pits Jones Day against plaintiffs seeking to recover as much money as they can from the consumer goods giant.”
  • “Judge Kaplan disputed those allegations and said the restructuring that created LTL won’t be central to the chapter 11 case. The key issue is whether talc claimants and LTL can reach an agreement that resolves LTL’s liability, he said.”

And the latest from Bill Freivogel:

  • Simmons v. Royal Newfoundland Constabulary Public Complaints Comm’n, 2022 NLSC 27 (S. Ct. Newf. & Lab. Feb. 24, 2022).
    • “Two persons filed a complaint with the Commission regarding the conduct of three police officers who had arrested them (“The Incident”). Lawyer A, a member of Firm X, appeared for one of the officers (“Simmons”). The problem was that Lawyer B, also a member of Firm X, was representing a Sergeant Cole, Simmons’ supervisor, in other proceedings arising out of The Incident.”
    • “Cole was not present at The Incident and is not a party in this proceeding. However, during The Incident they consulted by telephone about what Simmons should do. Given this relationship, the adjudicator assigned to hear this case ruled that Lawyer A had a conflict of interest and could not represent Simmons.”
    • “In this opinion the court reversed the adjudicator. The court discussed the possible ways Cole and Simmons might be adverse, but could not come up with a scenario in which either of them would likely be prejudiced by A’s involvement. Moreover, both Cole and Simmons had consented in writing to A’s involvement. Given the limitations of this site, our discussion leaves out a lot, even as to the conflicts analysis. Among other things, the court discusses at length the applicability of the Supreme Court’s decisions in Neil, MacDonald Estate, McKercher, and Strother.”
  • Mehra v. Morrison Cohen LLP, 2022 WL 618995 (N.Y. App. Div. 1st Dept. March 3, 2022).
    • “This case involves a business relationship between Plaintiffs, Mr. and Mrs. Mehra, and Jonathan Teller. In 2014 Defendant Law Firm advised the Mehras and Teller how to reorganize their relationship. In 2019 Law Firm allegedly turned on the Mehras and assisted Teller in disadvantaging the Mehras. In this case the Mehras are suing Law Firm (1) for malpractice in negligently advising the Mehras about the reorganization in 2014, and (2) for breach of fiduciary duty in 2019 (harming the Mehras being a conflict).”
    • “The trial court granted Law Firm’s motion to dismiss, holding that the malpractice claim was filed too late, and that the conflict claim failed because the Mr. Mehra had signed an advance waiver, 2020 WL 5874858 (N.Y. Cty. Oct. 2020). The Mehras appealed the second holding. In this opinion the appellate court reversed the dismissal of the fiduciary duty claim, holding, in effect, that the efficacy of the waiver was a fact issue.”
  • Federal Ins. Co. v. Pixarbio Corp., 2022 WL 623735 (S.D.N.Y. March 3, 2022).
    • “Federal brought this interpleader action against a number of parties, including Pixarbio and several of its law firms. Federal is requesting the court to determine where the proceeds of a Federal’s “securities liabilities” policy should be paid. One of the parties was a law firm (The Mintz Fraade Law Firm P.C.). Other parties in the case claimed Mintz Fraade should not receive any of the funds because it had a conflict of interest.”
    • “This whole set of circumstances began when the SEC commenced an investigation of Pixarbio and several of its principals. The SEC told Mintz Fraade that it, too, was a party of interest in the investigation. Nevertheless, Mintz Fraade represented Pixarbio and two officers in the investigation. In this opinion the court ruled that the conflict was unwaivable and that Mintz Fraade should receive no share of the Federal payment. While Mintz Fraade and the Pixarbio parties were parties to the same SEC investigation, it is unclear what Mintz Fraade’s role was in the conduct giving rise to the investigation. Thus, this is not a classic underlying work situation. Nevertheless, because of the diversity of interests among Mintz Fraade and its clients, the conflict, being unwaivable, violated N.Y. Rule 1.7.”
Risk Update

Independence Limited? — Accounting Firms Facing SEC Conflicts Concern

Posted on

SEC probing Big Four accounting firms over conflict-of-interest concerns: report” —

  • “The Securities and Exchange Commission (SEC) has launched a probe into conflict-of-interest concerns within the financial sector that includes the Big Four accounting firms — Deloitte , Ernst & Young, KPMG, and PricewaterhouseCoopers.”
  • “Sources told The Wall Street Journal on Tuesday that the probe will focus on whether accounting firms undermined their ability to conduct independent audits by offering other consulting or non-audit services to clients. “
  • “The SEC’s Miami office reportedly sent letters to the big four companies and smaller accounting firms last year seeking information about client work that would cause auditors to violate rules requiring them to be independent of clients whose finances they inspect.”
  • “All four of the biggest firms have paid fines to the agency since 2014 to settle regulatory investigations of audit independence violations, the Journal reported.”
  • “The SEC has also asked audit firms to disclose instances to regulators when they provided non-audit services such as consulting, tax advice, and lobbying to audit clients — and instances in which their financial outcomes depended on those ties, such as making fees contingent on a particular result.”

WSJ: “Big Four Accounting Firms Come Under Regulator’s Scrutiny” —

  • “The Big Four audit 66% of all public companies with a market capitalization over $75 million, according to Audit Analytics. All four have paid fines to the SEC since 2014 to settle prior regulatory investigations of audit independence violations.”
  • “SEC rules prohibit accounting firms from doing other work for an audit client that could impair their objectivity and impartiality as auditors. Companies pay audit firms to test their accounting and then issue an opinion stating whether shareholders can rely on the financial numbers and systems designed to reduce the risk of fraud or error.”
  • “Public companies disclose audit and nonaudit fees in their annual proxy statements. About 47 companies in the S&P 500 index paid significant nonaudit fees to firms hired to test their accounting practices, according to Audit Analytics. The analysis defined significance as nonaudit fees that constituted more than 25% of total fees paid to the accounting firm.”
  • “PwC paid almost $8 million in 2019 to settle SEC claims that it helped an audit client design software that was part of its accounting-compliance systems. The arrangement violated audit-independence rules because it put PwC in the position of potentially auditing its own project-management functions, according to an SEC settlement order.”
  • “Ernst & Young has twice in the past seven years settled SEC investigations alleging it violated independence rules.”
  • “KPMG in 2014 paid $8.2 million to settle an SEC investigation that alleged it provided prohibited nonaudit services such as bookkeeping to affiliates of companies whose books it audited.”
  • “Deloitte & Touche LLP in 2015 paid $1.1 million to settle an SEC enforcement action claiming audit independence violations. Both firms settled without admitting or denying misconduct.”

For more commentary, see this dialogue published in 2018 by the Financial Times and others: “Should the Big Four accountancy firms be split up? Two experts debate how best to reform auditing ” —

  • “Yes — Separating audit from consulting would prevent conflicts of interest”
  • “Auditors are supposed to underpin trust in financial markets. Major stock markets require listed companies to hire auditors to verify their accounts, providing reassurance to shareholders that material matters have been inspected and their capital is protected. In the UK, auditors must certify that the published numbers give a ‘true and fair view’ of circumstances and income; that they have been prepared in accordance with accounting standards; and that they comply with company law.”
  • “Multiple market failures need to be addressed. The most obvious problem is that audit quality is invisible to those whom it is intended to benefit: the shareholders. It is difficult to differentiate good and bad audits. Even with the introduction of extended auditor reports in the UK (and starting in 2019 in the US), formulaic notes about audit risks often hide more than they convey.”
  • “Even when questions are raised about the quality of audits, shareholders almost always vote to retain auditors, with most receiving at least 95 per cent support.”
  • “The dominance of the Big Four in large company audits is another concern: when large and powerful firms are able to crowd out high quality competitors, the damage is lasting.”
  • “Taken together, these failures have resulted in a dysfunctional audit market that needs a broad revamp. Splitting audit from consulting would prevent the most insidious conflict of interest. When non-audit work makes up around 80 per cent of fee income for the Big Four (and just over half of income from audit clients), the influence of this part of the business is huge.”

 

  • “No — Lopping off advisory services would hurt performance”
  • “Forcing Deloitte, EY, KPMG and PwC to shed their non-audit businesses would neither add competition nor boost smaller competitors. Lopping off the Big Four’s consulting and advisory services would degrade their performance, weaken them financially, and hamper their ability to meet the needs of their clients and the capital markets.”
  • “Although the UK regulator is raising competition concerns, the root problem is global. The growth of the Big Four, operating in more than 100 countries, reflects their multinational clients’ needs for breadth of geographic presence and specialised industry expertise.”
  • “The suggestion that competition and choice would be increased by splitting up the Big Four is doubly unrealistic. Forcing them to spin off their non-auditing business would not create any new auditors.”
  • “A split by industry sector — say, assigning auditing of banking and technology to Firm A-1, while manufacturing and energy go to new Firm A-2 — would be no better. Each sector would still be served by just four big firms. If each firm were split in half, the two smaller firms would struggle to amass the expertise, personnel and capital necessary to provide the level of service that big companies expect.”
  • “Splitting auditing from advisory work is a solution in search of a problem. Many jurisdictions, including the UK, EU and US, restrict the ability of firms to cross-sell other services to their audit clients. Concerns about inherent conflicts of interest are overblown.”
  • “Auditors should be held accountable for their mistakes, but these issues are too complex for simplistic solutions. Rather than a quick amputation, we need a full-scale re-engineering of the current model with all of its parts.”
Risk Update

Information Security Risk — Firm Faces Regulatory Fine for Security Gaps (It Pays to Patch Promptly)

Posted on

Firm fined almost £100,000 over ransomware attack” —

  • “Criminal defence firm Tuckers Solicitors has been fined £98,000 after failing to secure sensitive court bundles that were later published on the dark web and held to ransom by organised criminals. The information commissioner found that a ransomware attack on the national firm resulted in the encryption of 972,191 files, of which 24,712 related to court bundles. Of the encrypted bundles, 60 were taken by the attackers and then posted in underground data marketplaces.”
  • “The decision notice said: ‘The commissioner considers that Tuckers’ failure to implement appropriate technical and organisation measures over some or all of the relevant period rendered it vulnerable to the attack.’”
  • “The ICO made clear that while primary culpability for the incident rested with the attacker, the firm had given them a ‘weakness to exploit’ and was responsible for the protection of personal data. The firm had not used multi-factor authentication for remote access to its systems, despite this being recommended since 2018.”
  • “The ICO said this extra protection was a ‘comparably low-cost preventative measure which Tuckers should have implemented’, which would have substantially increased the difficulty of an attacker entering its network. Entry could have been gained through the exploitation of a single username and password, and the Tuckers system was exposed to cyber-attacks because of the lack of multi-factor authentication.”
  • “The ICO said infringements to data protection rules showed that the firm’s approach to data protection compliance ‘was not of an appropriate standard’.”

See the ICO’s “MONETARY PENALTY NOTICE” —

  • “In particular, the privacy watchdog noted the lack of multi-factor authentication (MFA) for remote access to the Tuckers systems, the slow pace at which software vulnerabilities were patched and a failure to encrypt personal data.”

That PDF redacts all the good bits. But it didn’t take much sleuthing to arrive at the likely conclusion that the underlying unpatched software was the firm’s Citrix system.

It took ~six months from when the security patch was issued to when the firm applied it… A powerful reminder for the IT and information security folks out there. The ICO offers a convenient security guide on ransomware and data protection compliance.

More generally, see: “Zero Trust Architecture: An Imperative for Law Firms” —

  • “Sadly, law firms are a ‘one-stop shop’ for cybercriminals. Break into a company and you will primarily get that company’s data. Break into a law firm and you’ll get the data of many clients. As an example, imagine breaking into a merger and acquisitions firm (among many other desirable law firm targets). Data is the new oil, right? You could hold the data for ransom, make a killing on Wall Street or use the data to infiltrate the law firm’s clients. The nightmare scenarios are endless, as many law firms have discovered to their chagrin.”
  • “Zero Trust Architecture (ZTA) has been coming at us for a while and it is now officially here, championed by the U.S. government, leading technology firms and cybersecurity experts.”
  • “The National Security Agency has stated, ‘The Zero Trust security model assumes that a breach is inevitable or has likely already occurred, so it constantly limits access to only what is needed and looks for anomalous or malicious activity. Zero Trust embeds comprehensive security monitoring; granular risk-based access controls’ and system security automation in a coordinated manner throughout all aspects of the infrastructure in order to focus on protecting critical assets (data) in real-time within a dynamic threat environment. This data-centric security model allows the concept of least-privileged access to be applied for every access decision, allowing or denying access to resources based on the combination of several contextual factors.'”
  • “Assuming a breach means all access should be denied by default. Harsh, but necessary. It also means that we need to have a way to continuously monitor access to all resources, monitor any configuration changes and certainly monitor all network traffic for suspicious activity.”
  • “What Will Zero Trust Implementation Cost? The short answer is that most law firms don’t know — yet. We expect that, by now, the reader understands the complexities of Zero Trust. Implementing it will not be cheap — or easy. Selling it to law firm management may be difficult. Management is not likely to find this wholesale change in security appealing, both because of the monies and time expended, but also because you cannot ‘set it and forget it’ when it comes to Zero Trust.”
Risk Update

Attorney Conflicts Clashes — Called-‘Crook’ CEO Conflicts Cry Called Moot, IP Patent DQ Fight Feels Feisty

Posted on

Appeals court rules convicted CEO doomed by evidence, not by attorney’s conflict of interest” —

  • “The 7th Circuit Court of Appeals ruled Tuesday that Barnes & Thornburg had a conflict of interest when defending James Burkhart against federal fraud charges, but that the disgraced CEO of American Senior Communities failed to show he suffered as a result.”
  • “Burkhart was charged with 32 counts and accused of participating in a scheme in which the nursing home operator’s vendors inflated their invoices and then kicked back profits to Burkhart and other company officials.”
  • “When federal agents executed a search warrant on Burkhart’s home in Carmel during the investigation, he contacted what is now Faegre Drinker Biddle & Reath. However, the firm declined to provide representation because of a conflict it had with the Health and Hospital Corp. of Marion County, which owned the nursing homes that American Seniors had been operating. HHC was one of the victims of the scheme, incurring financial losses.”
  • “On Faegre’s recommendation, Burkhart contacted Larry Mackey at Barnes & Thornburg and signed an engagement letter with the firm in September 2015. Apparently undisclosed and unknown to Burkhart at the time was that HHC was a client of Barnes & Thornburg as well.”
  • “After his sentencing, Burkhart learned of Barnes & Thornburg’s conflict of interest and filed a lawsuit in December 2018. He challenged his conviction and alleged the law firm’s conflict violated his Sixth Amendment right to effective counsel.”
  • “A Southern Indiana District Court ruled against the appeal. And on Monday, the 7th Circuit affirmed the ruling, agreeing that the conflict of interest did not ‘adversely affect Burkhart’s representation.'”
  • “‘Nobody disputes that Barnes & Thornburg was conflicted in its representation of Burkhart,’ Judge Michael Scudder wrote for the court. ‘The question is not close.'”
  • “However, the panel noted Burkhart had to go a step further by establishing that the conflict impaired his lawyer’s performance. In addition, because he resolved his case by a plea agreement, Burkhart must show that his counsel’s conflict affected both the attorney’s actions and the defendant’s decision to plead guilty.”
  • “The 7th Circuit reviewed Barnes & Thornburg’s actions and did not see any indication the firm acted contrary to Burkhart’s interests. During the 2 1/2 years the firm represented Burkhart, it moved to dismiss the charges, hired multiple experts, expired multiple defenses, developed trial exhibits and issued trial subpoenas. Also, it conducted three mock jury exercises which all ended with unanimous votes to convict and the jurors describing Burkhart as manipulative and greedy as well as being a crook.”

DraftKings Wants Firm DQ’d From Gaming Patent Row” —

  • “DraftKings wants a New Jersey federal court to disqualify Shore Chan LLP from representing an online betting-related patent owner in an infringement lawsuit, arguing that attorneys at the firm are inventors and that they should not be able to get the betting giant’s confidential information.”
  • “DraftKings said Shore Chan attorneys Michael W. Shore and Alfonso G. Chan are inventors who have issued patents and pending patent bids on the kinds of patents-at-issue in the present case. DraftKings argued that it will have to hand over confidential information on the case, and that ‘there is significant risk of misuse’ of such information.”
  • “If the court doesn’t grant DraftKing’s bid, the company wants other relief, such as blocking Shore Chan from being able to see any of DraftKing’s confidential information.”
  • “Shore said that ‘the motion was filed by DraftKings because they and their outside counsel are scared to death of facing Shore Chan’s team in trial,’ and added that ‘the motion will be denied because it is completely, utterly and totally meritless… Taking the arguments of DraftKings to their illogical conclusion, Baker Botts represents multiple clients in active prosecution of patent portfolios that DraftKings likely infringes, but DraftKings has no issue with Baker Botts’ lawyers seeing their confidential information without first banning Baker Botts from prosecuting patents in the technology areas where DraftKings operates,’ Shore said.”
Risk Update

Lawyer Conflicts Appeals — Dental DQ Clash, Divorce Consideration (Post-Prenup Conflict Cleared)

Posted on

No Conflict Found Where Attorney Challenged Prenup She Had Reviewed For Client” —

  • “An attorney who had counselled a client in connection with a prenuptial agreement that barred post-divorce spousal support later represented that same client when she later claimed she had misunderstood and been pressured to sign the agreement.”
  • “By a 2-1 vote, an Oregon Trial Panel concluded that the change in postion did not amount to a sanctionable conflict of interest.”
  • Decision:
    • “Voytyuk came to Oregon on a “fiancée visa,” planning to marry Lamb. She moved in with him and a wedding date was set in June of 2007. A few days before the wedding, Lamb told Voytyuk that she had to sign a prenuptial agreement (the “Agreement”) or else he would not marry her and she would be forced to return to Russia. Lamb presented her with the Agreement that had been drafted by his lawyer. He told Voytyuk that she needed to have the Agreement reviewed by a lawyer. Lamb randomly selected Respondent to advise Voytyuk, apparently picking Respondent’s name from the phone book. Lamb and Respondent had no prior relationship.”
    • “Respondent filed an opposition to the motion on October 13, 2017. The response stated that, “Petitioner did not sign the prenuptial agreement voluntarily … Petitioner was under duress at the time she signed the agreement, and did not understand English well…” Ex. 17. Voytyuk also signed a declaration in which she stated, ‘I showed the prenuptial agreement to Ms. Smith-Koop, but I really did not understand it. I did not speak much English at that time because I had very little practice, and I did not understand listening to it. I signed the prenuptial agreement, but not voluntarily.’ Ex. 17.”
  • “The judge raised the conflicts issue and threatened a bar complaint if the attorney did not withdraw… The attorney withdrew… The trial panel found no conflict.”
    • “The Bar’s argument suffers from the same flaw that caused the judge to believe a conflict existed. The Bar states that “[Respondent] certified that Voytyuk had understood the agreement.” Respondent did not certify that fact. Respondent certified that Voytyuk acknowledged she understood the agreement. There is no dispute that Voytyuk expressly told Respondent that she understood the agreement. Voytyuk later revealed that she lied to Respondent when she said this, but the Bar produced no evidence that Respondent should have been aware of this. Absent evidence to the contrary, an attorney is entitled to rely on a client’s assurances that she understands what the attorney is explaining.”

NJ Court Must Rethink Archer DQ In Dental Office Biz Dispute” —

  • “A New Jersey state appeals panel on Thursday ordered a lower court to rethink its disqualification of law firm Archer from representing a dental practice in a business dispute, ruling that the motion judge didn’t thoroughly probe the matter as required by state Supreme Court precedent.”
  • “A three-judge Appellate Division panel reasoned that a Camden County Superior Court judge merely accepted the argument by defendant RRI Gibbsboro LLC and its principals that attorney Kerri E. Chewning can’t represent plaintiff Dental Health Associates South Jersey and an affiliate. RRI reasoned that disqualification was in order because Chewning’s Archer colleague, Anthony D. Dougherty, represented its principals in separate litigation in New York.”
  • “The Camden County judge must now conduct the “fact-sensitive analysis” set forth under the state high court’s 2010 decision in City of Atlantic City v. Trupos . Trupos requires courts considering disqualification bids to probe if the lawyer received confidential information from the former client that can be used against that client in the firm’s subsequent representation of that client’s adversary, or if facts relevant to the prior matter are relevant and material to the subsequent matter.”
  • “However, the motion judge accepted defendants’ contention that the New York litigation and the New Jersey matter were substantially related.”
  • “In the disqualification motion, Scott Singer argued that Dougherty knew about the trial strategy and defenses in the New York matter and had obtained confidential information about the Singers, the appeals decision said. Chewning and Dougherty each opposed the motion, certifying that they “worked in different Archer offices and had never met, let alone spoken with each other about defendants or their cases,” the appeals decision said. Archer’s general counsel also certified that Dougherty had no access to the file in the present matter, according to the appeals decision.”