Ilta 2009 law firm risk management can it grow profitability - panel member dave cunningham aug...
-
Upload
davecunningham -
Category
Business
-
view
1.026 -
download
1
description
Transcript of Ilta 2009 law firm risk management can it grow profitability - panel member dave cunningham aug...
Law Firm Risk Management:Can It Grow Profitability?Moderator: Adam HansenDirector of Information Security, Sonnenschein Nath & Rosenthal
Panel:Pat Archbold, VP of Risk Practice, IntAppDavid Cunningham, Managing Director, Baker Robbins & Company
Agenda• Risk Defined• Legal Risk Types• Business Benefits• UK vs. US Risk Environment• Risk Roles and Organization• Risk Management Approach• Future of Risk Management• Three Next Steps• Questions and Answers
Risk Defined
Risk is the uncertainty caused by the occurrence of an event that might affect the achievement of objectives.
• The management of a law firm’s risks involves decisions that are not simply about avoiding a negative impact but also about pursuing a positive (but un-guaranteed) impact on business opportunities.
• Consequently, effective risk management not only mitigates losses but can also positively contribute to the competitive standing of a firm.
• This tension between adverse risks and desirable business opportunities makes risk management an essential element of firm governance.
Legal Risk TypesRisk Types Example Risks Key Roles
IT Systems: Continuity, Recovery, Security, and Access Management.Data: Confidentiality, Integrity, Ethical Walls, Retention, Data Protection, Data Transfers, Hosting of Third-Party or Client Data.Third Party Suppliers: Maintenance/Support, Contracts and Outsourcing.
CIO, General Counsel
Financial Audit, Financial Internal Controls, Financial Transparency and Disclosure, Anti-Money Laundering, Counter-Terrorist Financing, Credit, Firm Investments, Currency, and Portfolio Risks.
CFO
Practice Management
Client Relations, Lateral, Professional Responsibilities (including malpractice, conflicts, records, and litigation support), and Professional Development Risks.
Practice Leaders, General Counsel, Directors of Conflicts, Records, Lit
Support, Library, and KM.
Strategic / Corporate
Firm Governance, Risk Management Governance, Reputational, Marketing, and Market Risks.
Managing Partner, Marketing Director, General Counsel
Operational Employment, Fraud, Damage to Assets, and Insurance Mediation Risks.
HR Director, COO, General Counsel
Environmental Natural Disasters, Epidemics, and Resource Access Risks. COO, Business Continuity Team
Business Benefits• Loss Prevention• Cost Savings• Departmental Efficiencies• Competitive Edge
– Growth in Lateral Talent– Growth and Retention of Clients– Quality of Client Relationships– Alternative Fee Arrangements
• Quality of Working Environment• Reputation
In the News…
(03/10/2009)
Top five risks identified as facing law firms (order of severity):
• Bankruptcy or acquisition of significant clients • IT security • Pressure on fees and the need for 'instant' advice leading to claims • Conflicts of interest •Errors made by staff/lawyers on complex, high-value transactions A firm’s responses to application questions about risk management and loss prevention programs are often among the most important qualitative information an insurer uses to gauge the risk it may pose, according to Stuart Pattison, a vice president at Chicago-based CNA, one of the nation’s largest commercial insurers.
A firm’s responses to application questions about risk management and loss prevention programs are often among the most important qualitative information an insurer uses to gauge the risk it may pose, according to Stuart Pattison, a vice president at Chicago-based CNA, one of the nation’s largest commercial insurers.
UK vs. US Risk Environment
In the News…
(03/13/2009)
“In a much-touted speech on Thursday (12 March), FSA chief executive Hector Sants outlined a break with light-touch, principles-based regulation, arguing the City should be ‘very frightened’ of the body.”
(05/21/2009)
“The Financial Services Authority (FSA) has brought charges of insider trading against two lawyers – including a current partner in the London office of Dorsey & Whitney – it has emerged.
The move marks a more aggressive stance from the FSA, which earlier this year secured its first successful insider trading prosecution…”
US News3/20/2009
The FTC Strikes Back: (Essentially) Everyone Should Be Complying With Red Flags Rules, Especially The Healthcare Industry
The FTC, with unusual frankness, emphasizes that no industry is exempt as a “creditor” …….The FTC also pulls no punches when identifying potential “creditors,” listing a wide range of industries and businesses, including physicians, lawyers, merchants”
Examples of business associates include third party administrators or pharmacy benefit managers for health plans, claims processing or billing companies, transcription companies, and persons who perform legal, actuarial, accounting, management, or administrative services for covered entities and who require access to protected health information.
08/06/2009Dept. of Heath and Human Services45 CFR Parts 160 and 164
Who’s Ultimately Responsible for Risk Management?
2007Single Individual: 36%
2009Single Individual: 63%
Risk Roles and Organization
• Firm Internal Roles– General Counsel– Directors of Loss Prevention, Conflicts, Records– Professional Responsibility Partners/Ethics Partner– CIO or IT Director– Directors of Security, Business Continuity– Business Departmental Directors– Partners / Lawyers– Committees
• External Roles– Insurance Underwriters/brokers– Clients– External Assessors
Risk Management Becomesa Department in Law Firms
Loss Prevention Director
Global Conflicts
Manager
Global New
Business Manager
Global Strategic Records Manager
Global Loss Prevention Technology
Manager
Global Loss Prevention Compliance
Manager
Global RM Operations Manager
Global RM Compliance
Manager
Global RM Education Manager
Technology Staff – located in different offices but support the Firm globally
Each office has a local Records staff
Conflicts Staff – all located in HQ office
Compliance Staff – all located in HQ office – handles audit letters, ARDC registration, reporting of attorney lobbying activities, reporting of corporate transactions that have a tax implication to the IRS,etc.
New Business Staff- all located i n
HQ office
Global Docket/Calendar/Court
Services Manager
Each office has a local Docket staff
Local Records Managers
RM Education Assistant
RM Operations Assistant
RM Compliance Assistant
Risk and IT Speakin Different Languages
DR, Malware, VPN,
LDAP, SharePoint, SLAs, Five-9s, P2P
Engagement Letters,Vicarious Disqualification, Rule 1.10, Advanced Waivers,
Consider: Consider: Matter Centricity + Search= ExposureMatter Centricity + Search= Exposure
Consider: Consider: Matter Centricity + Search= ExposureMatter Centricity + Search= Exposure
Future Org Chart?
Risk Management Approach
• Successful Risk Management Environment– Communicate and Consult– Establish the Context– Promote Self Assessment– Monitor and Review
Risk Management Approach
• Risk Assessment Process
• Risk Treatment Process– Identify Options– Evaluate and Select Options– Prepare and Implement Treatment Plans
Risk Identification
Risk Analysis Risk Evaluation
Risk Assessment Process
Future: Risk Register/ERM
#
The Risk:What can Happen and How
Can it Happen?
The Consequence of
an Event Happening Adequac
y of Existing Controls
Consequence Rating
Likelihood Rating
Level of Risk
Risk Priority
Conse-quence
Like-lihood
Future: Client Requests2009Clients have asked firm for additional protections: 86%
2007Clients have asked firm for additional protections: 61%
Intake and Insider List Management
Workflow software to manage intake
processes
Matter designated
“confidential”“firm
confidential” “price
sensitive”
Tracks access, locks across systems,
hides matter names
Next Steps: Integrate Risk and TechnologyManagement
Insider List Management
Next Steps: Leverage Risk Management Budgets
Next Steps: Plan for Certification
Adam HansenDirector of Information Security, Sonnenschein Nath & [email protected]
Pat ArchboldVP of Risk Practice, [email protected]
David CunninghamManaging Director, Baker Robbins & [email protected]
SRA Rule 5:http://www.sra.org.uk/solicitors/code-of-conduct/215.article
Marsh UK Risk Study-Insurance Journal:http://www.insurancejournal.com/news/international/2009/03/10/98539.htm
KornFerry Evolution of Law Firm Risk Management Article:http://www.insurancejournal.com/news/international/2009/03/10/98539.htm
UK Conflicts Rule Changes Article-Legalweekhttp://www.legalweek.com/legal-week/analysis/1156494/conflicts-comfort
Red Flag Rules Article:http://www.securityprivacyandthelaw.com/2009/03/articles/recent-legislation-1/the-ftc-strikes-back-
essentially-everyone-should-be-complying-with-red-flags-rules-especially-the-healthcare-industry/
HITECH Act Update, DHHS:http://www.federalregister.gov/OFRUpload/OFRData/2009-20169_PI.pdf
Risk Roundtablewww.riskroundtable.com
West Legal Education, Practice Area Ethics and Professional Responsibilityhttp://westlegaledcenter.com/home/homepage.jsf