Bressler Risk Blog

Excellent analysis by Clifford Chance Partner Marie Berard and Senior Associate Sam Brown: “Court of Appeal addresses expert’s duties and conflicts of interest” (for those not immersed in all things international: “The Court of Appeal is the highest court within the Senior Courts of England and Wales, and deals only with appeals from other courts or tribunals”) —

• “In Secretariat Consulting PTE Ltd v A Company, the Court of Appeal considered for the first time the question of an expert’s duty to avoid a conflict of interest.(1) The Court of Appeal’s decision, while not deciding the point finally, means that it is unlikely that a court will now recognise such a duty as a matter of law.”
• “The issue is a matter of contract. On the terms of the expert firm’s engagement in this case, the Court of Appeal upheld the High Court’s decision to grant an injunction restraining the firm from acting for a third party in a connected arbitration. The judgment contains a useful analysis of when conflicts can arise in related cases and the circumstances in which a large organisation offering expert or litigation support services may find itself conflicted.”
• “At first instance, Mrs Justice O’Farrell (the judge) granted the injunction on the basis that the whole Secretariat group (including SCL and SIUL) owed Company A a fiduciary duty of loyalty.(3) This was the first time that an English court had recognised that an expert witness was subject to such a duty.”
• “The judge noted the unhelpful dearth of authorities on the matter, and that those which were referred to in submissions did not deal with duties during the course of a retainer but the distinct obligation to protect confidential information after the engagement had ended.”
• “The leading case in that area remains Prince Jefri Bolkiah v KPMG,(4) which concerned accountants providing litigation support services. That case clearly informed the position which Secretariat took in its communications with Company A, as it insisted that it had established appropriate information barriers to prevent Company A’s confidential information from being disclosed to the PM.”
• “The judge saw no impediment to identifying a fiduciary duty of loyalty so long as there was a relationship of trust and confidence. The judge identified a fiduciary duty of loyalty on the basis that SCL had been engaged not only to provide a delay expert report, but also to ‘provide extensive advice and support for the claimant throughout the arbitration proceedings.'”
• “The Court of Appeal agreed with the judge at first instance when it unanimously rejected the suggestion that there was no fiduciary duty because the expert owed an overriding duty towards the court or, as in this case, an arbitral tribunal.”
• “Coulson LJ and Males LJ concluded that the clause dealing with conflicts in SCL’s engagement letter created an ongoing obligation for SCL to avoid conflicts of interest. The clause confirmed not only that SCL had no conflicts at the time of signing but also that it would ‘maintain this position for the duration of [SCL’s] engagement’.”
• “Coulson LJ and Males LJ also agreed that SCL’s undertaking to avoid conflicts extended to all other entities within the Secretariat group (including SIUL). Coulson LJ held that this was a matter of contractual construction (dismissing arguments that it improperly pierced any corporate veils) and that it was the proper construction for a number of reasons.”
• “The Court of Appeal’s decision is pragmatic and consciously seeks to avert further litigation on the question of whether a particular expert-client relationship gives rise to fiduciary duties. It leaves parties to protect themselves with suitable contractual terms but also empowers parties and experts to define the relationship most suited to their circumstances.”

“Hacker Claims to Have Stolen Files Belonging to Prominent Law Firm Jones Day” —

• “A hacker claims to have stolen files belonging to the global law firm Jones Day and posted many of them on the dark web. Jones Day has many prominent clients, including former President Donald Trump and major corporations.”
• “Jones Day, in a statement, disputed that its network has been breached. The statement said that a file-sharing company that it has used was recently compromised and had information taken. Jones Day said it continues to investigate the breach and will continue to be in discussion with affected clients and appropriate authorities.”
• “The posting by a person who self-identified as the hacker, which goes by the name Clop, includes a few individual documents that are easily reviewed by the public, including by The Wall Street Journal. One memo is to a judge and is marked ‘confidential mediation brief,’ another is a cover letter for enclosed ‘confidential documents.’ The Journal couldn’t immediately confirm their authenticity.”
• “‘We have over 100 gigabytes of data,’ the hacker wrote in response to an email from the Journal.”
• “Jones Day, in its statement, said it hasn’t been the subject of a ransomware attack. Rather, Jones Day said, it has been informed that a company the law firm used to transfer large files electronically, Accellion, ‘was recently compromised and information taken.’ Jones Day said that Accellion is used by many law firms, companies and organizations.”
• “Law firms’ computer files often contain confidential information, including the size and nature of settlements, negotiations about pending deals, and legal strategy that would normally be shielded from the public by attorney-client privilege.”
• “Law firms have long been considered an attractive target for hackers because firm files contain information on sensitive deals and legal matters that firms have a strong incentive to keep confidential. Information on yet-to-be-announced deals can also be used for insider trading. In 2016, federal investigators explored whether a hack of large law firms including Cravath, Swaine & Moore LLP had been used by insider traders.”

“Jones Day 2nd Big Law Victim of Accellion Breach” —

• “Two weeks after Goodwin Procter came forward with news that a vendor it used had been compromised, information surfaced that Jones Day was also affected.”
• “After confirming earlier this month that Accellion was the vendor linked to Goodwin’s breach, Law.com reached out to all the law firm clients listed on Accellion’s website. None that responded said it has been affected.”

“How can lawyers balance materially adverse interests? New ABA ethics opinion explores” —

• “Suing or negotiating against a former client: A lawyer suing a former client or defending a new client against a claim by a former client on the same or substantially related matter is a classic example of creating an impermissible conflict with “materially adverse” interests.”
• “This applies not just to lawsuits but also to negotiations. The opinion explains that ‘being across the table, so to speak, from a former client and negotiating against that former client in transactional matters typically constitutes ‘material adverseness.’”
• “A lawyer attacking their own work: A lawyer attacking their own prior work also constitutes material adverseness. The opinion cited as an example a federal circuit opinion in which a lawyer attempted to challenge a patent that the lawyer had previously obtained for a former client. ‘When a lawyer represents a current client challenging the lawyer’s own prior work done for a former client on the same or a substantially related matter, the situation creates a materially adverse conflict,’ the opinion explains.”
• “The opinion also notes that material adverseness may exist when a lawyer seeks to undermine work or a result achieved for a former client.”
• “Examining a former client: A lawyer cannot use information from a former client to the disadvantage of the former client under Rule 1.9(c)(1). Thus, if a lawyer has to use such information in examining a former client, the lawyer has a conflict of interest unless the negative information is ‘generally known.’ For example, the opinion cites an ethics opinion from Ohio holding that a lawyer can only impeach a former client with a criminal conviction if that conviction is ‘generally known’ under Rule 1.9(c).”
• “The opinion adds that a lawyer could avoid this conflict by having the current client retain another attorney to examine the former client and screen the lawyer with the conflict from participating in such an examination of the former client.”

“ABA issues new guidance on definition of ‘material adverseness’ in client representation” —

• “The American Bar Association Standing Committee on Ethics and Professional Responsibility released today a formal opinion explaining when ABA model rules prohibit a lawyer from representing a new client against the interests of a former one.”
• “Formal Opinion 497 interprets both Rule 1.9(a) and Rule 1.18(c) of ABA Model Rules of Professional Conduct to find “material adverseness” exists when a lawyer is negotiating or litigating against a former or prospective client or attacking the work done for the former client on behalf of a current client in the same or a substantially related matter.”
• “The formal opinion also lists other specific instances when the model rules related to ‘material adverseness’ would apply, such as if the former client can point to some specific material legal, financial or other identifiable concrete detriment that would be caused by the current representation. ‘However, neither generalized financial harm nor a claimed detriment that is not accompanied by demonstrable and material harm or risk of such harm to the former or prospective client’s interests suffices,’ the opinion said.”

“Coca-Cola demands action on law firm diversity” —

• “The Coca-Cola Company is updating its outside counsel guidelines to require that the US law firms it uses take concrete steps toward promoting diversity within their ranks.”
• “In an open letter released last week, Coca-Cola senior vice president and global general counsel Bradley Gayton complains that decades of discussions in the legal profession about the importance of diversity have led to score cards, summits, committees and plans – but that these are not working.”
• “He also outlines initiatives Coca-Cola’s legal department is engaging with and encourages peers at other companies to do the same. Those initiatives include joining an American Bar Association project intended to expand and create opportunities at all levels of responsibility for diverse attorneys and direct a greater percentage of the legal work the company buys to diverse attorneys.”
• “Coca-Cola is not alone in pushing for diversity at the outside law firms it works with. General counsel at 12 major financial institutions including JPMorgan Chase, Bank of America and Goldman Sachs last September published an open letter in which they committed to gaining a deeper understanding of the progress the law firms they hire are making in having racially and ethnically diverse employees – and including that data in the factors they consider when selecting external counsel.”

Some of the interesting details in the letter, which worth reviewing in full to understand how the client is prioritizing and addressing specific elements of compliance:

• “Quarterly Evaluation: The responsible KO attorney for each New Matter will review performance against your commitment for New Matters each quarter. For New Matters failing to meet the commitment, you will be required to provide a plan to meet your commitment. Failure to meet the commitment over two quarterly reviews will result in a non-refundable 30% reduction in the fees payable for such New Matter going forward until the commitment is met and, continued failure may result in your firm no longer being considered for KO work.”
• “Collaboration with Other Firms: If your firm cannot internally meet the above commitments, we encourage you to work collaboratively with other firms, including member firms of the National Association of Minority and Women Owned Law Firms, to assemble matter teams that meet the commitments. We can assist you in this regard and provide introductions and suggestions.”
• “Publish Diversity Plans: Your Managing Partner will publish a personal commitment to diversity, inclusion and belonging and related action plans setting forth measurable goals.”
• “Relationship / Matter Credit: You will provide transparency as to how origination, relationship, and matter credit is apportioned on KO matters, or if the firm does not use origination, relationship, and matter credit as a compensation or evaluation metric, how work on KO matters is factored into a firm attorney’s performance evaluation and compensation.”
• “Preferred Firm Panel: KO expects to select a panel of preferred firms within 18 months following implementation of the revised guidelines. Meeting the commitments above will be a significant factor in determining your firm’s inclusion and ongoing status on the panel.”

We noted new AML guidance last week. But this detail caught my eye in particular: “AI can form part of anti-money laundering armoury, law firms told” —

• “New technologies such as biometrics, machine learning and artificial intelligence can now form part of the anti-money laundering (AML) armoury, law firms have been told.”
• “The Legal Sector Affinity Group, made up of all the UK’s legal regulatory and representative bodies, has published a 212-page draft of its updated AML guidance, which is subject to approval by HM Treasury.”
• “The guidance also considers new technology. ‘The use of biometric indicators such as facial recognition software as part of an overall identity verification process is now widely used across various industries, and may be considered proven technology, helpful in meeting a practice’s AML obligations, especially in non-face to face situations, remote client take-on situations,’ it said.”
• “‘Where used, consideration must always be given to the use and storage of such data, where collected, stored and retained.'”

For those curious, my eye was caught due to that last bit — questions about information governance and security relating to personal biometric data. You see, just the other week an expert in the matter was sharing some shocking stories of law firms haphazardly storing passport and other PII data generally open in the DMS and sent around via email (where it can live forever).

The thing about biometric data is that it can be great for security, but carries its own risks. Hard enough to change your social security number if there’s a hack and leak — impossible to change your irises.

And there are plenty looking for this kind of data — though arguable not within the email systems of law firms, just yet. (For more general risk reading, see: “Intel agency warns of threats from China collecting sensitive US health data“.

And for more law firm AML perspective, see: “AML Risks – why did I agree to be the MLRO?!“ —

• “This is a question I ask myself many times each day since being appointed the MLRO for Weightmans in May 2020! As a compliance specialist advising law firms on all aspects of legal sector regulation, including AML, I was familiar with the obligations and responsibilities which come with being the MLRO so it made sense that I applied that knowledge internally at Weightmans when it became apparent that the role had become too onerous and time consuming for one person to be both MLRO and MLCO.”
• “Thankfully I inherited effective (touching wood as I speak!) and compliant policies and procedures but of course I am not resting on my laurels and there is always more work to be done to remain one step ahead of the crooks who seek to launder their ill-gotten gains through a law firm’s client account. My priorities currently are the updating of the firmwide risk assessment and PCPs to reflect the latest LSAG guidance and the SRA’s latest sectoral risk assessment dated 28 January 2021.”
• “One of the key areas of non-compliance with the ML Regs identified by the SRA is the requirement to independently audit the firm’s PCPs. The need for independence in auditing is an area that many firms seem to have neglected or misunderstood. Only the very smallest practices will not have to establish an independent audit function and yet, according to the SRA’s November 2020 report referred to above, more than 50% of the firms visited required follow up action on this issue.”
• “While ‘independent’ does not necessarily mean the audit has to be carried out by someone external to the firm, there needs to be someone suitable to carry out the audit within the firm who:
  • Is independent of the work areas being audited (so not the MLRO/MLCO/compliance team or the team who did the original work)
  • has the requisite skills and knowledge of audit and the requirements of the anti-money laundering regulations;
  • is a senior member of the firm with authority to access all relevant material and to make recommendations/report findings to senior management; and
  • has the necessary time and capacity to carry out the audit.”
• “Such a person is not always easy to find! Thankfully, Weightmans has an established internal, independent audit team, the head of which is responsible for auditing the AML PCPs, but many firms will not have this resource and, unless you can justify not having an independent audit (which will need to be carefully documented), this is where external expert support should be considered.”

The repeating nature of this one caught my eye. (It was just Groundhog Day after all.): “Two Troutman Pepper Partners Size Down for Boutiques Post-Merger” —

• “As large firms grow larger, some partners are opting for smaller shops. In the past couple weeks, two partners have left Troutman Pepper Hamilton Sanders for boutiques, on the heels of last July’s merger between Troutman Sanders and Pepper Hamilton that created a 1,200-lawyer firm.”
• “Mandel said client conflicts prompted his departure. He’d joined Troutman two years ago from Andrews Kurth after that firm merged with Hunton & Williams in April 2018 to form 1,000-lawyer Hunton Andrews Kurth, also because of client conflicts.”
• “‘It was almost deja vu,’ Mandel said. ‘Before I joined Troutman I was seriously considering going to a boutique firm because of conflict issues.'”
  “‘Troutman is a great place with great people,’ he added. ‘I made sure Lewis Baach isn’t planning any large-scale mergers in the near future.'”

That had me thinking about pre-lateral terms with financial contingencies in the case of future conflicts. Maybe those already exist? Maybe they will? And then I spotted not quite this point but the related: “Law Firm Penalties On Departing Partners Just Got Riskier” —

• “The D.C. Court of Appeals, on Feb. 4, issued an important decision that sharply limits the ability of law firms to penalize departing partners who leave for other law firms and take clients with them. Even before COVID-19, large law firms were experiencing significant volatility with partners changing firms. COVID-19 has escalated these lateral moves and the resulting economic hit that law firms will suffer.”
• “Fortunately for departing partners, any substantial financial penalty that the law firms may impose will violate Rule 5.6(a) of state bar ethics rules and the American Bar Association’s Model Rules of Professional Conduct, which many states follow as guidance. The D.C. Court of Appeals, in Jacobson Holman PLLC v. Gentner, has now provided a clear road map for the numerous law firms in Washington, D.C., and their equity partners, and confirms that the law is continuing in the direction of prohibiting financial penalties on departing partners.”
• “Historically, law firms had a range of so-called golden handcuffs that they could use to prevent their rainmaking partners from leaving, or to impose financial penalties on them if they did leave. The Model Rules of Professional Conduct and bar ethics opinions have had to respond to new strategies by law firms that violate the rules by interfering with the attorney-client relationship.”
• “The most recent decision, from the D.C. Court of Appeals, involved an intellectual property litigation boutique, in which the two name partners informed the other partners in 2013 that they were going to dissolve the firm and do business under a new entity. Marsha Gentner and several other attorneys instead decided to leave the firm, and they demanded their accrued capital be returned to them.”
• “Gentner had an accrued capital balance of $141,569, but the firm tried to offset that with (1) pending member bonuses and allowances; and (2) writeoff of accounts receivable unlikely to be paid, resulting in Gentner now owing $21,762 to the firm. Further, the firm asserted that if a court were to find a positive balance, it should be cut by 50% because clients followed Gentner to her new law firm, Dykema Gossett PLLC.”
• “Judge Catharine Easterly, joined by Judges Roy McLeese and Eric Washington, held that although the firm’s partnership agreement allowed for adjustments to the year-end accrued capital balance, those adjustments could only be based on costs or events arising after the year-end financial statement. Here, the firm knew all along that it had to budget for bonuses and that it had numerous uncollectible accounts unlikely ever to be paid. The court held that allowing these adjustments would ‘simply invite the remaining equity members to make unpredictable, self-interested, post hoc changes to the firm’s financial statements.'”
• “Thus, the law firm could not enforce the financial penalty provision of its partnership agreement against Gentner and other departing partners.”

“Solicitors urged to review AML policies as new guidance launches” —

• “It is finally here! You have all waited so patiently, but I am delighted to confirm that the Legal Sector Affinity Group’s (LSAG) revised and much updated anti-money laundering (AML) guidance has, after much anticipation, finally landed. The good news is the Law Society can help making getting through it all easier, but more on that at the end.”
• “The review of the guidance was triggered by the European Union’s fifth money laundering directive, which came into force in January last year and brought in a raft of new requirements including changes to client due diligence and enhanced due diligence as well as a duty to collect proof of registration for companies and trusts.”
• “Where possible the MLTF has sought to ensure regulatory expectations and burdens were tempered by practical reality. Balancing the many demands that practitioners are under while recognising the importance of our role in the fight against financial crime and the need for a minority to up their game.”
• “The guidance is an effective and critical tool in supporting the profession. It is designed to help the legal profession navigate complex AML risks and challenges. It will guide you through what is a ‘must’, a ‘should’ and a ‘may’ to help ensure practices are able to understand and address AML risk to meet regulatory requirements, SRA expectations and identify good practice.”
• “There is also additional advice on understanding and evidencing source of funds and wealth, a new technology section, which examines considerations to apply when using or exploring AML-related technology to effectively mitigate risk and revised, updated and expanded AML governance and internal controls sections.”

“UNETHICAL MISTAKE: Big Firm Sanctioned as Partner Violated Ethics Rule When Calling TCPA Plaintiff in an Effort to Disprove Ownership of Phone” —

• “A big firm partner just got his law firm sanctioned by calling a TCPA Plaintiff in a putative class action in the hopes of proving someone else actually owned and used the phone line. Talk about a bad day at the office.”
• “Setting the stage here—TCPA plaintiffs often sue callers for purported wrong number calls when they (the Plaintiff) actually set up the lawsuit by allowing someone else to use the phone, enter the number, or otherwise have a relationship with a third party that the caller was trying to reach. Its dirty unethical stuff, and it happens all the time.”
• “Defense counsel constantly look for tactics to try to detect and reveal this unsavory behavior to the court. But the one thing most defense lawyers know not to do is to call the Plaintiff’s phone number in an effort to somehow prove that someone else actually uses the phone.”
• “There is a very clear ethical rule that forbids lawyers from talking to represented opposing parties about the substance of the case. This is a big clear bright line that any lawyer that passed their ethics exam has seared into their memory.”
• “And while dialing a number in the first instance might not—in and of itself—violate the rule, having a discussion (even a brief one) with a represented party is a huge no no.”
• “Plaintiff asked to have the attorney’s law firm disqualified from representing the Defendant but the Court felt that was too harsh a penalty. Instead the firm was ordered to pay the cost of Plaintiff’s motion work to address the ethical violation.”
• ore details and decision: In Moore v. Club Exploria, LLC

For those looking to dig into security, see: “Security Assessments and Pen Tests for Law Firms” —

• “The new norm has created an operating environment that hackers once could only dream of. What has been proven over the past year is that cybercrime rises during times of crisis and law firms are still slow to respond. Ransomware is the number one cybersecurity threat that we now face. The perfect storm has been created and is heading towards your firm if it hasn’t arrived already.”
• “What exactly do we mean? Users are now accessing confidential client files from their kitchen or home office through personal computers, tablets, and outdated Wi-Fi that has not had the configuration updated since the Internet Service Provider installed it. Employer-provided systems are not universal, even among the largest of firms. Users are now responsible for keeping their software and operating system patched with critical updates.”
• “Law firms recognize that there are security problems within their networks. Many just don’t know where to start to identify and fix them. Others accept the risks of taking no action. All is not lost. There are steps that law firms can take now to get control of the situation, to identify where the problems exist and remediate them. The first step is realizing that something needs to be done. The next step is finding where the problems exist, and that is accomplished through a security assessment.”

Hat tip to a loyal reader who sent word yesterday of: “Goodwin Points to 3rd-Party Vendor as Root of Data Breach” —

• “Goodwin Procter found itself the victim of a cyberattack, the firm acknowledged Tuesday, after a vendor to the firm that handles large file transfers was hacked, allowing the intruders to access data the third party had handled for the law firm.”
• “Bettencourt stated in the memo that the firm believes Goodwin was not the only client of the vendor that was affected by the breach.”
• “The memo stated that after being notified of the breach, Goodwin disconnected the vendor from its network and ‘halted use of service for any transfers,’ hired an independent forensic security expert and opened its own investigation into the matter.”

“Goodwin Procter Hit With Data Breach Via Vendor Hack” —

• “The investigation also revealed that a few Goodwin workers were impacted by the breach, the memo said. It did not appear that the firm’s human resources system or any firm resources, other than the file transfer service, were impacted, according to the memo. The firm believes that the vendor’s security issue impacted several of the vendor’s customers, not just Goodwin, the memo said.”
• “‘Please know that we were running the most current version of the service and following all directions to ensure the proper maintenance of the system,’ the memo said. ‘This included deploying security patches as soon as [they] were made available to us.'”

Thinking of that eventual report brings to mind recent news about security forensics privilege matters.

Paul Hodkinson, Editor-In-Chief of Law.com International and Legal Week opines: “In a Market Gone Mad, High-End Private Equity Hires Have Gotten Out of Hand“–

• “The demand for private equity partner hires has never been greater. It makes perfect sense, in a way. With more than $1.5 trillion available to spend, the private equity industry has become the most powerful driver of global mergers and acquisitions and economies ravaged by the coronavirus look ripe for a surge of investment. High-level hires are deemed an essential way for law firms to get in on the action because buyout firms rarely operate formal legal rosters, meaning it is crucial to have partners who hold those relationships.”
• “Such a fluid market does not offer any benefit to clients, who no doubt feel frustrated by so many changes. And—I say this as gently as possible—it also has to be asked whether all this hiring is really worth it for law firms.”
• “The chances of consistently winning all the work from any one client are slim—regardless of how close a partner’s relationship is—as there are often so many bidders in auction processes that conflicts are rife.”
• “Individual lawyers face conflict challenges, too. Some of the market’s most prolific private equity lawyers privately admit they sometimes get asked by clients what the other side might be thinking because they’re so familiar. Don’t be surprised if a court claim features such discussions one day.”

“Insurer Seeks To Dodge Mass. Firm’s Overbilling Probe Fees” —

• “An insurance company on Thursday asked a Massachusetts federal court to declare that it is not responsible for paying attorney fees incurred by Thornton Law Firm LLP when the firm faced an investigation over alleged overbilling in a $300 million State Street Corp. settlement.”
• “Continental Casualty Co. should not be obligated to pay Thornton Law the unspecified amount of fees the firm paid to its legal counsel for representation throughout the investigation, along with the unspecified amount the court ordered to be deducted from the firm’s fee award to help cover the investigation’s costs, according to Thursday’s complaint in the District of Massachusetts.”
• “Continental argues that Thornton Law did not take out insurance that would require the insurer to defend or indemnify the firm in the investigation. The company noted that the investigation was not a claim triggered by an ‘act or omission in the performance of legal services’ by Thornton Law, nor does it leave open the possibility of covered damages, according to the complaint.”
• “The investigation’s findings — that Thornton Law and Labaton Sucharow LLP repeatedly violated the rules of professional conduct in part by overbilling — meant that the insurance policy’s ‘intentional acts exclusion’ is also triggered, according to the complaint.”