This document outlines the agenda and key topics for a panel discussion on law firm risk management. The panel will discuss how to define risk, common legal risk types like IT, financial, and practice management risks. They will also cover the business benefits of effective risk management, differences between the UK and US risk environments, evolving risk roles in law firms, and future directions for the field. The discussion aims to provide three next steps firms can take to improve their risk management and will conclude with a question and answer session.
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
Ilta09 Law Firm Risk Management D Cunningham
1. Law Firm Risk Management:
Can It Grow Profitability?
Moderator: Adam Hansen
Director of Information Security, Sonnenschein Nath & Rosenthal
Panel:
Pat Archbold, VP of Risk Practice, IntApp
David Cunningham, Managing Director, Baker Robbins & Company
2. Agenda
• Risk Defined
• Legal Risk Types
• Business Benefits
• UK vs. US Risk Environment
• Risk Roles and Organization
• Risk Management Approach
• Future of Risk Management
• Three Next Steps
• Questions and Answers
3. Risk Defined
Risk is the uncertainty caused by the occurrence of an
event that might affect the achievement of objectives.
• The management of a law firm’s risks involves decisions that are not
simply about avoiding a negative impact but also about pursuing a
positive (but un-guaranteed) impact on business opportunities.
• Consequently, effective risk management not only mitigates losses but
can also positively contribute to the competitive standing of a firm.
• This tension between adverse risks and desirable business opportunities
makes risk management an essential element of firm governance.
4. Legal Risk Types
Risk Types Example Risks Key Roles
IT Systems: Continuity, Recovery, Security, and Access Management. CIO,
Data: Confidentiality, Integrity, Ethical Walls, Retention, Data General Counsel
Protection, Data Transfers, Hosting of Third-Party or Client Data.
Third Party Suppliers: Maintenance/Support, Contracts and
Outsourcing.
Financial Audit, Financial Internal Controls, Financial Transparency and CFO
Disclosure, Anti-Money Laundering, Counter-Terrorist Financing,
Credit, Firm Investments, Currency, and Portfolio Risks.
Practice Client Relations, Lateral, Professional Responsibilities (including Practice Leaders, General
Management malpractice, conflicts, records, and litigation support), and Counsel, Directors of
Professional Development Risks. Conflicts, Records, Lit
Support, Library, and KM.
Strategic / Firm Governance, Risk Management Governance, Reputational, Managing Partner,
Corporate Marketing, and Market Risks. Marketing Director,
General Counsel
Operational Employment, Fraud, Damage to Assets, and Insurance Mediation HR Director, COO,
Risks. General Counsel
Environmental Natural Disasters, Epidemics, and Resource Access Risks. COO, Business Continuity
Team
5. Business Benefits
• Loss Prevention
• Cost Savings
• Departmental Efficiencies
• Competitive Edge
– Growth in Lateral Talent
– Growth and Retention of Clients
– Quality of Client Relationships
– Alternative Fee Arrangements
• Quality of Working Environment
• Reputation
6. In the News…
(03/10/2009)
Top five risks identified as facing law firms (order of severity):
• Bankruptcy or acquisition of significant clients
• IT security
• Pressure on fees and the need for 'instant' advice leading to claims
• Conflicts of interest
•Errors made by staff/lawyers on complex, high-value transactions
A firm’s responses to application questions about risk management and loss
prevention programs are often among the most important qualitative information
an insurer uses to gauge the risk it may pose, according to Stuart Pattison, a vice
president at Chicago-based CNA, one of the nation’s largest commercial insurers.
8. In the News…
(05/21/2009)
“The Financial Services Authority (03/13/2009)
(FSA) has brought charges of “In a much-touted speech on
insider trading against two Thursday (12 March), FSA chief
lawyers – including a current executive Hector Sants outlined a
partner in the London office of break with light-touch, principles-
Dorsey & Whitney – it has based regulation, arguing the
emerged. City should be ‘very
frightened’ of the body.”
The move marks a more
aggressive stance from the
FSA, which earlier this year
secured its first successful insider
trading prosecution…”
9. US News
3/20/2009
08/06/2009
The FTC Strikes Back: (Essentially)
Everyone Should Be Complying Dept. of Heath and Human Services
With Red Flags Rules, Especially 45 CFR Parts 160 and 164
The Healthcare Industry
Examples of business associates include
The FTC, with unusual third party administrators or pharmacy
frankness, emphasizes that no benefit managers for health plans, claims
industry is exempt as a “creditor”
processing or billing companies,
…….The FTC also pulls no punches
when identifying potential “creditors,” transcription companies, and persons who
listing a wide range of industries and perform legal, actuarial, accounting,
businesses, including physicians, management, or administrative services for
lawyers, merchants” covered entities and who require access to
protected health information.
11. Risk Roles and Organization
• Firm Internal Roles
– General Counsel
– Directors of Loss Prevention, Conflicts, Records
– Professional Responsibility Partners/Ethics Partner
– CIO or IT Director
– Directors of Security, Business Continuity
– Business Departmental Directors
– Partners / Lawyers
– Committees
• External Roles
– Insurance Underwriters/brokers
– Clients
– External Assessors
15. Risk Management Approach
• Successful Risk Management Environment
– Communicate and Consult
– Establish the Context
– Promote Self Assessment
– Monitor and Review
16. Risk Management Approach
• Risk Assessment Process
• Risk Treatment Process
– Identify Options
– Evaluate and Select Options
– Prepare and Implement Treatment Plans
17. Future: Risk Register/ERM
The Risk: The Consequence
What can of an Event Adequacy
Happening Consequence Likelihood Level of Risk
# Happen and of Existing
Rating Rating Risk Priority
How Can it Conse- Like- Controls
Happen? quence lihood
18. Future: Client Requests
2007 2009
Clients have asked firm for Clients have asked firm for
additional protections: 61% additional protections: 86%
19. Intake and Insider List
Next Steps: Integrate Risk and
Management
TechnologyManagement List
Insider
Management
Workflow software to
manage intake processes
Matter designated
“confidential”
Tracks access, locks across
“firm confidential”
systems, hides matter
“price sensitive”
names
22. Adam Hansen
Director of Information
Security, Sonnenschein Nath &
Rosenthal
ahansen@sonnenschein.com
Pat Archbold
VP of Risk Practice, IntApp
pat.archbold@intapp.com
David Cunningham
Managing Director, Baker
Robbins & Company
dcunningham@brco.com
23. SRA Rule 5:
http://www.sra.org.uk/solicitors/code-of-conduct/215.article
Marsh UK Risk Study-Insurance Journal:
http://www.insurancejournal.com/news/international/2009/03/10/98539.htm
KornFerry Evolution of Law Firm Risk Management Article:
http://www.insurancejournal.com/news/international/2009/03/10/98539.htm
UK Conflicts Rule Changes Article-Legalweek
http://www.legalweek.com/legal-week/analysis/1156494/conflicts-comfort
Red Flag Rules Article:
http://www.securityprivacyandthelaw.com/2009/03/articles/recent-legislation-1/the-ftc-strikes-back-essentially-
everyone-should-be-complying-with-red-flags-rules-especially-the-healthcare-industry/
HITECH Act Update, DHHS:
http://www.federalregister.gov/OFRUpload/OFRData/2009-20169_PI.pdf
Risk Roundtable
www.riskroundtable.com
West Legal Education, Practice Area Ethics and Professional Responsibility
http://westlegaledcenter.com/home/homepage.jsf