Download - Ilta09 Law Firm Risk Management D Cunningham
Law Firm Risk Management:Can It Grow Profitability?
Moderator: Adam Hansen
Director of Information Security, Sonnenschein Nath & Rosenthal
Panel:
Pat Archbold, VP of Risk Practice, IntApp
David Cunningham, Managing Director, Baker Robbins & Company
Agenda• Risk Defined
• Legal Risk Types
• Business Benefits
• UK vs. US Risk Environment
• Risk Roles and Organization
• Risk Management Approach
• Future of Risk Management
• Three Next Steps
• Questions and Answers
Risk Defined
Risk is the uncertainty caused by the occurrence of an event that might affect the achievement of objectives.
• The management of a law firm’s risks involves decisions that are not simply about avoiding a negative impact but also about pursuing a positive (but un-guaranteed) impact on business opportunities.
• Consequently, effective risk management not only mitigates losses but can also positively contribute to the competitive standing of a firm.
• This tension between adverse risks and desirable business opportunities makes risk management an essential element of firm governance.
Legal Risk TypesRisk Types Example Risks Key Roles
IT Systems: Continuity, Recovery, Security, and Access Management.Data: Confidentiality, Integrity, Ethical Walls, Retention, Data Protection, Data Transfers, Hosting of Third-Party or Client Data.Third Party Suppliers: Maintenance/Support, Contracts and Outsourcing.
CIO, General Counsel
Financial Audit, Financial Internal Controls, Financial Transparency and Disclosure, Anti-Money Laundering, Counter-Terrorist Financing, Credit, Firm Investments, Currency, and Portfolio Risks.
CFO
Practice Management
Client Relations, Lateral, Professional Responsibilities (including malpractice, conflicts, records, and litigation support), and Professional Development Risks.
Practice Leaders, General Counsel, Directors of Conflicts, Records, Lit
Support, Library, and KM.
Strategic / Corporate
Firm Governance, Risk Management Governance, Reputational, Marketing, and Market Risks.
Managing Partner, Marketing Director, General Counsel
Operational Employment, Fraud, Damage to Assets, and Insurance Mediation Risks.
HR Director, COO, General Counsel
Environmental Natural Disasters, Epidemics, and Resource Access Risks. COO, Business Continuity Team
Business Benefits• Loss Prevention
• Cost Savings
• Departmental Efficiencies
• Competitive Edge– Growth in Lateral Talent
– Growth and Retention of Clients
– Quality of Client Relationships
– Alternative Fee Arrangements
• Quality of Working Environment
• Reputation
In the News…
(03/10/2009)
Top five risks identified as facing law firms (order of severity):
• Bankruptcy or acquisition of significant clients
• IT security
• Pressure on fees and the need for 'instant' advice leading to claims
• Conflicts of interest
•Errors made by staff/lawyers on complex, high-value transactions
A firm’s responses to application questions about risk management and loss prevention programs are often among the most important qualitative information an insurer uses to gauge the risk it may pose, according to Stuart Pattison, a vice president at Chicago-based CNA, one of the nation’s largest commercial insurers.
A firm’s responses to application questions about risk management and loss prevention programs are often among the most important qualitative information an insurer uses to gauge the risk it may pose, according to Stuart Pattison, a vice president at Chicago-based CNA, one of the nation’s largest commercial insurers.
UK vs. US Risk Environment
In the News…
(03/13/2009)
“In a much-touted speech on Thursday (12 March), FSA chief executive Hector Sants outlined a break with light-touch, principles-based regulation, arguing the City should be ‘very frightened’ of the body.”
(05/21/2009)
“The Financial Services Authority (FSA) has brought charges of insider trading against two lawyers – including a current partner in the London office of Dorsey & Whitney – it has emerged.
The move marks a more aggressive stance from the FSA, which earlier this year secured its first successful insider trading prosecution…”
US News
3/20/2009The FTC Strikes Back: (Essentially) Everyone Should Be Complying With Red Flags Rules, Especially The Healthcare Industry
The FTC, with unusual frankness, emphasizes that no industry is exempt as a “creditor”…….The FTC also pulls no punches when identifying potential “creditors,”listing a wide range of industries and businesses, including physicians, lawyers, merchants”
Examples of business associates include third party administrators or pharmacy benefit managers for health plans, claims processing or billing companies, transcription companies, and persons who perform legal, actuarial, accounting, management, or administrative services for covered entities and who require access to protected health information.
08/06/2009Dept. of Heath and Human Services45 CFR Parts 160 and 164
Who’s Ultimately Responsible for Risk Management?
2007Single Individual: 36%
2009Single Individual: 63%
Risk Roles and Organization• Firm Internal Roles
– General Counsel
– Directors of Loss Prevention, Conflicts, Records
– Professional Responsibility Partners/Ethics Partner
– CIO or IT Director
– Directors of Security, Business Continuity
– Business Departmental Directors
– Partners / Lawyers
– Committees
• External Roles– Insurance Underwriters/brokers
– Clients
– External Assessors
Risk Management Becomesa Department in Law Firms
Risk and IT Speakin Different Languages
DR,Malware, VPN,
LDAP, SharePoint,SLAs, Five-9s, P2P
Engagement Letters,Vicarious Disqualification, Rule 1.10, Advanced Waivers,
Consider: Matter Centricity + Search= Exposure
Consider: Consider: Matter Centricity + Search= ExposureMatter Centricity + Search= Exposure
Future Org Chart?
Risk Management Approach
• Successful Risk Management Environment– Communicate and Consult
– Establish the Context
– Promote Self Assessment
– Monitor and Review
Risk Management Approach
• Risk Assessment Process
• Risk Treatment Process– Identify Options– Evaluate and Select Options– Prepare and Implement Treatment Plans
Future: Risk Register/ERM
Like-lihood
Conse-quence
Risk Priority
Level of Risk
Likelihood Rating
Consequence Rating
Adequacy of Existing Controls
The Consequence of an Event Happening
The Risk:What can
Happen and How Can it
Happen?
#
Future: Client Requests2009Clients have asked firm for additional protections: 86%
2007Clients have asked firm for additional protections: 61%
Intake and Insider List Management
Workflow software to manage intake processes
Matter designated“confidential”
“firm confidential”“price sensitive”
Tracks access, locks across systems, hides matter
names
Next Steps: Integrate Risk and TechnologyManagement
Insider List Management
Next Steps: Leverage Risk Management Budgets
Next Steps: Plan for Certification
Adam Hansen
Director of Information Security, Sonnenschein Nath & Rosenthal
Pat Archbold
VP of Risk Practice, IntApp
David Cunningham
Managing Director, Baker Robbins & Company
SRA Rule 5:
http://www.sra.org.uk/solicitors/code-of-conduct/215.article
Marsh UK Risk Study-Insurance Journal:
http://www.insurancejournal.com/news/international/2009/03/10/98539.htm
KornFerry Evolution of Law Firm Risk Management Article:
http://www.insurancejournal.com/news/international/2009/03/10/98539.htm
UK Conflicts Rule Changes Article-Legalweek
http://www.legalweek.com/legal-week/analysis/1156494/conflicts-comfort
Red Flag Rules Article:
http://www.securityprivacyandthelaw.com/2009/03/articles/recent-legislation-1/the-ftc-strikes-back-essentially-everyone-should-be-complying-with-red-flags-rules-especially-the-healthcare-industry/
HITECH Act Update, DHHS:
http://www.federalregister.gov/OFRUpload/OFRData/2009-20169_PI.pdf
Risk Roundtable
www.riskroundtable.com
West Legal Education, Practice Area Ethics and Professional Responsibility
http://westlegaledcenter.com/home/homepage.jsf