Download - Ilta09 Law Firm Risk Management D Cunningham
![Page 1: Ilta09 Law Firm Risk Management D Cunningham](https://reader033.vdocuments.site/reader033/viewer/2022052619/55669e2dd8b42a78708b54c6/html5/thumbnails/1.jpg)
Law Firm Risk Management:Can It Grow Profitability?
Moderator: Adam Hansen
Director of Information Security, Sonnenschein Nath & Rosenthal
Panel:
Pat Archbold, VP of Risk Practice, IntApp
David Cunningham, Managing Director, Baker Robbins & Company
![Page 2: Ilta09 Law Firm Risk Management D Cunningham](https://reader033.vdocuments.site/reader033/viewer/2022052619/55669e2dd8b42a78708b54c6/html5/thumbnails/2.jpg)
Agenda• Risk Defined
• Legal Risk Types
• Business Benefits
• UK vs. US Risk Environment
• Risk Roles and Organization
• Risk Management Approach
• Future of Risk Management
• Three Next Steps
• Questions and Answers
![Page 3: Ilta09 Law Firm Risk Management D Cunningham](https://reader033.vdocuments.site/reader033/viewer/2022052619/55669e2dd8b42a78708b54c6/html5/thumbnails/3.jpg)
Risk Defined
Risk is the uncertainty caused by the occurrence of an event that might affect the achievement of objectives.
• The management of a law firm’s risks involves decisions that are not simply about avoiding a negative impact but also about pursuing a positive (but un-guaranteed) impact on business opportunities.
• Consequently, effective risk management not only mitigates losses but can also positively contribute to the competitive standing of a firm.
• This tension between adverse risks and desirable business opportunities makes risk management an essential element of firm governance.
![Page 4: Ilta09 Law Firm Risk Management D Cunningham](https://reader033.vdocuments.site/reader033/viewer/2022052619/55669e2dd8b42a78708b54c6/html5/thumbnails/4.jpg)
Legal Risk TypesRisk Types Example Risks Key Roles
IT Systems: Continuity, Recovery, Security, and Access Management.Data: Confidentiality, Integrity, Ethical Walls, Retention, Data Protection, Data Transfers, Hosting of Third-Party or Client Data.Third Party Suppliers: Maintenance/Support, Contracts and Outsourcing.
CIO, General Counsel
Financial Audit, Financial Internal Controls, Financial Transparency and Disclosure, Anti-Money Laundering, Counter-Terrorist Financing, Credit, Firm Investments, Currency, and Portfolio Risks.
CFO
Practice Management
Client Relations, Lateral, Professional Responsibilities (including malpractice, conflicts, records, and litigation support), and Professional Development Risks.
Practice Leaders, General Counsel, Directors of Conflicts, Records, Lit
Support, Library, and KM.
Strategic / Corporate
Firm Governance, Risk Management Governance, Reputational, Marketing, and Market Risks.
Managing Partner, Marketing Director, General Counsel
Operational Employment, Fraud, Damage to Assets, and Insurance Mediation Risks.
HR Director, COO, General Counsel
Environmental Natural Disasters, Epidemics, and Resource Access Risks. COO, Business Continuity Team
![Page 5: Ilta09 Law Firm Risk Management D Cunningham](https://reader033.vdocuments.site/reader033/viewer/2022052619/55669e2dd8b42a78708b54c6/html5/thumbnails/5.jpg)
Business Benefits• Loss Prevention
• Cost Savings
• Departmental Efficiencies
• Competitive Edge– Growth in Lateral Talent
– Growth and Retention of Clients
– Quality of Client Relationships
– Alternative Fee Arrangements
• Quality of Working Environment
• Reputation
![Page 6: Ilta09 Law Firm Risk Management D Cunningham](https://reader033.vdocuments.site/reader033/viewer/2022052619/55669e2dd8b42a78708b54c6/html5/thumbnails/6.jpg)
In the News…
(03/10/2009)
Top five risks identified as facing law firms (order of severity):
• Bankruptcy or acquisition of significant clients
• IT security
• Pressure on fees and the need for 'instant' advice leading to claims
• Conflicts of interest
•Errors made by staff/lawyers on complex, high-value transactions
A firm’s responses to application questions about risk management and loss prevention programs are often among the most important qualitative information an insurer uses to gauge the risk it may pose, according to Stuart Pattison, a vice president at Chicago-based CNA, one of the nation’s largest commercial insurers.
A firm’s responses to application questions about risk management and loss prevention programs are often among the most important qualitative information an insurer uses to gauge the risk it may pose, according to Stuart Pattison, a vice president at Chicago-based CNA, one of the nation’s largest commercial insurers.
![Page 7: Ilta09 Law Firm Risk Management D Cunningham](https://reader033.vdocuments.site/reader033/viewer/2022052619/55669e2dd8b42a78708b54c6/html5/thumbnails/7.jpg)
UK vs. US Risk Environment
![Page 8: Ilta09 Law Firm Risk Management D Cunningham](https://reader033.vdocuments.site/reader033/viewer/2022052619/55669e2dd8b42a78708b54c6/html5/thumbnails/8.jpg)
In the News…
(03/13/2009)
“In a much-touted speech on Thursday (12 March), FSA chief executive Hector Sants outlined a break with light-touch, principles-based regulation, arguing the City should be ‘very frightened’ of the body.”
(05/21/2009)
“The Financial Services Authority (FSA) has brought charges of insider trading against two lawyers – including a current partner in the London office of Dorsey & Whitney – it has emerged.
The move marks a more aggressive stance from the FSA, which earlier this year secured its first successful insider trading prosecution…”
![Page 9: Ilta09 Law Firm Risk Management D Cunningham](https://reader033.vdocuments.site/reader033/viewer/2022052619/55669e2dd8b42a78708b54c6/html5/thumbnails/9.jpg)
US News
3/20/2009The FTC Strikes Back: (Essentially) Everyone Should Be Complying With Red Flags Rules, Especially The Healthcare Industry
The FTC, with unusual frankness, emphasizes that no industry is exempt as a “creditor”…….The FTC also pulls no punches when identifying potential “creditors,”listing a wide range of industries and businesses, including physicians, lawyers, merchants”
Examples of business associates include third party administrators or pharmacy benefit managers for health plans, claims processing or billing companies, transcription companies, and persons who perform legal, actuarial, accounting, management, or administrative services for covered entities and who require access to protected health information.
08/06/2009Dept. of Heath and Human Services45 CFR Parts 160 and 164
![Page 10: Ilta09 Law Firm Risk Management D Cunningham](https://reader033.vdocuments.site/reader033/viewer/2022052619/55669e2dd8b42a78708b54c6/html5/thumbnails/10.jpg)
Who’s Ultimately Responsible for Risk Management?
2007Single Individual: 36%
2009Single Individual: 63%
![Page 11: Ilta09 Law Firm Risk Management D Cunningham](https://reader033.vdocuments.site/reader033/viewer/2022052619/55669e2dd8b42a78708b54c6/html5/thumbnails/11.jpg)
Risk Roles and Organization• Firm Internal Roles
– General Counsel
– Directors of Loss Prevention, Conflicts, Records
– Professional Responsibility Partners/Ethics Partner
– CIO or IT Director
– Directors of Security, Business Continuity
– Business Departmental Directors
– Partners / Lawyers
– Committees
• External Roles– Insurance Underwriters/brokers
– Clients
– External Assessors
![Page 12: Ilta09 Law Firm Risk Management D Cunningham](https://reader033.vdocuments.site/reader033/viewer/2022052619/55669e2dd8b42a78708b54c6/html5/thumbnails/12.jpg)
Risk Management Becomesa Department in Law Firms
![Page 13: Ilta09 Law Firm Risk Management D Cunningham](https://reader033.vdocuments.site/reader033/viewer/2022052619/55669e2dd8b42a78708b54c6/html5/thumbnails/13.jpg)
Risk and IT Speakin Different Languages
DR,Malware, VPN,
LDAP, SharePoint,SLAs, Five-9s, P2P
Engagement Letters,Vicarious Disqualification, Rule 1.10, Advanced Waivers,
Consider: Matter Centricity + Search= Exposure
Consider: Consider: Matter Centricity + Search= ExposureMatter Centricity + Search= Exposure
![Page 14: Ilta09 Law Firm Risk Management D Cunningham](https://reader033.vdocuments.site/reader033/viewer/2022052619/55669e2dd8b42a78708b54c6/html5/thumbnails/14.jpg)
Future Org Chart?
![Page 15: Ilta09 Law Firm Risk Management D Cunningham](https://reader033.vdocuments.site/reader033/viewer/2022052619/55669e2dd8b42a78708b54c6/html5/thumbnails/15.jpg)
Risk Management Approach
• Successful Risk Management Environment– Communicate and Consult
– Establish the Context
– Promote Self Assessment
– Monitor and Review
![Page 16: Ilta09 Law Firm Risk Management D Cunningham](https://reader033.vdocuments.site/reader033/viewer/2022052619/55669e2dd8b42a78708b54c6/html5/thumbnails/16.jpg)
Risk Management Approach
• Risk Assessment Process
• Risk Treatment Process– Identify Options– Evaluate and Select Options– Prepare and Implement Treatment Plans
![Page 17: Ilta09 Law Firm Risk Management D Cunningham](https://reader033.vdocuments.site/reader033/viewer/2022052619/55669e2dd8b42a78708b54c6/html5/thumbnails/17.jpg)
Future: Risk Register/ERM
Like-lihood
Conse-quence
Risk Priority
Level of Risk
Likelihood Rating
Consequence Rating
Adequacy of Existing Controls
The Consequence of an Event Happening
The Risk:What can
Happen and How Can it
Happen?
#
![Page 18: Ilta09 Law Firm Risk Management D Cunningham](https://reader033.vdocuments.site/reader033/viewer/2022052619/55669e2dd8b42a78708b54c6/html5/thumbnails/18.jpg)
Future: Client Requests2009Clients have asked firm for additional protections: 86%
2007Clients have asked firm for additional protections: 61%
![Page 19: Ilta09 Law Firm Risk Management D Cunningham](https://reader033.vdocuments.site/reader033/viewer/2022052619/55669e2dd8b42a78708b54c6/html5/thumbnails/19.jpg)
Intake and Insider List Management
Workflow software to manage intake processes
Matter designated“confidential”
“firm confidential”“price sensitive”
Tracks access, locks across systems, hides matter
names
Next Steps: Integrate Risk and TechnologyManagement
Insider List Management
![Page 20: Ilta09 Law Firm Risk Management D Cunningham](https://reader033.vdocuments.site/reader033/viewer/2022052619/55669e2dd8b42a78708b54c6/html5/thumbnails/20.jpg)
Next Steps: Leverage Risk Management Budgets
![Page 21: Ilta09 Law Firm Risk Management D Cunningham](https://reader033.vdocuments.site/reader033/viewer/2022052619/55669e2dd8b42a78708b54c6/html5/thumbnails/21.jpg)
Next Steps: Plan for Certification
![Page 22: Ilta09 Law Firm Risk Management D Cunningham](https://reader033.vdocuments.site/reader033/viewer/2022052619/55669e2dd8b42a78708b54c6/html5/thumbnails/22.jpg)
Adam Hansen
Director of Information Security, Sonnenschein Nath & Rosenthal
Pat Archbold
VP of Risk Practice, IntApp
David Cunningham
Managing Director, Baker Robbins & Company
![Page 23: Ilta09 Law Firm Risk Management D Cunningham](https://reader033.vdocuments.site/reader033/viewer/2022052619/55669e2dd8b42a78708b54c6/html5/thumbnails/23.jpg)
SRA Rule 5:
http://www.sra.org.uk/solicitors/code-of-conduct/215.article
Marsh UK Risk Study-Insurance Journal:
http://www.insurancejournal.com/news/international/2009/03/10/98539.htm
KornFerry Evolution of Law Firm Risk Management Article:
http://www.insurancejournal.com/news/international/2009/03/10/98539.htm
UK Conflicts Rule Changes Article-Legalweek
http://www.legalweek.com/legal-week/analysis/1156494/conflicts-comfort
Red Flag Rules Article:
http://www.securityprivacyandthelaw.com/2009/03/articles/recent-legislation-1/the-ftc-strikes-back-essentially-everyone-should-be-complying-with-red-flags-rules-especially-the-healthcare-industry/
HITECH Act Update, DHHS:
http://www.federalregister.gov/OFRUpload/OFRData/2009-20169_PI.pdf
Risk Roundtable
www.riskroundtable.com
West Legal Education, Practice Area Ethics and Professional Responsibility
http://westlegaledcenter.com/home/homepage.jsf