Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Vendor Risk Management in Complex Matters (acc sa presentation)
Similar to Vendor Risk Management in Complex Matters (acc sa presentation) (20)
More from Amber Clark
More from Amber Clark (11)
Recently uploaded
Recently uploaded (20)
Vendor Risk Management in Complex Matters (acc sa presentation)
- 1. Norton Rose Fulbright US LLP Vendor Risk Management in Complex Matters Dan Jackson Senior Associate, Norton Rose Fulbright US LLP Ashley Senary Dahlberg Senior Associate, Norton Rose Fulbright US LLP Marissa Helm Senior Counsel, Parallon
- 2. 1 – Vendor Selection 2 – To “Bundle” or Not to “Bundle”? 3 – Ongoing Vendor Risk Assessment
- 4. A Hot Topic for Regulators 4
- 5. • Consumer privacy laws (GDPR, CCPA, Regulation S-P) • Nearly half of firms suffer data loss through dealings with vendors • Opus Study: 59% vs. 16% • NRF Litigation Trends Annual Survey Cybersecurity and Data Privacy 5
- 6. • Key considerations in the selection of vendors include: –Enterprise expectations regarding vendor risk –Regulatory requirements –Cybersecurity –Vendor’s policies and internal risk assessments –Ability to monitor risks that cannot be eliminated –Cost and contract terms Selection Criteria 6
- 7. Internal risk assessments and security checks Written policies for safeguarding confidential information A disaster recovery plan Protocols regarding data breaches (and breach attempts) All vendors should have: 7 This includes law firms!
- 8. • Outside counsel guidelines • Information security protocols –Cybersecurity certifications –CSI • Alternative fee arrangements • “Bundling” of legal services “More than 100 law firms have reported data breaches” since 2014 (law.com). Outside Counsel Management 8
- 9. To “Bundle” or Not to “Bundle”?
- 10. Unbundling • Outside counsel retained for specific legal advice • Other vendors (and often ALSPs) retained separately by client Bundling • Experts, consultants, web hosting, etc. all under “one umbrella” • Typically managed and billed as a package, through outside counsel Unbundling of Legal Services 10
- 11. Pre-selected panels Project management approaches to legal operations “Special” expertise TAR, research, and outcome prediction software Cost ALSPs “AI” Solutions Unbundling – Key Drivers 11
- 12. • Management burdens on in-house counsel • Strategic coordination between providers • Elusive cost savings Challenges of Unbundling 12
- 13. 13
- 14. • Client-dependent • Matter-dependent • Trend may be slowing, as large law firms begin to launch their own on-demand services to compete with ALSPs Unbundling: The Panel’s Verdict 14
- 15. Ongoing Vendor Risk Assessment
- 16. • Data and information sharing • Oversight of fourth-party vendors (e.g., experts retained by outside counsel) • Strong communication between in-house and outside lawyers Ongoing Risk 16
- 17. Questions? 17
- 18. Law around the world nortonrosefulbright.com Norton Rose Fulbright US LLP, Norton Rose Fulbright LLP, Norton Rose Fulbright Australia, Norton Rose Fulbright Canada LLP and Norton Rose Fulbright South Africa Inc are separate legal entities and all of them are members of Norton Rose Fulbright Verein, a Swiss verein. Norton Rose Fulbright Verein helps coordinate the activities of the members but does not itself provide legal services to clients. References to ‘Norton Rose Fulbright’, ‘the law firm’ and ‘legal practice’ are to one or more of the Norton Rose Fulbright members or to one of their respective affiliates (together ‘Norton Rose Fulbright entity/entities’). No individual who is a member, partner, shareholder, director, employee or consultant of, in or to any Norton Rose Fulbright entity (whether or not such individual is described as a ‘partner’) accepts or assumes responsibility, or has any liability, to any person in respect of this communication. Any reference to a partner or director is to a member, employee or consultant with equivalent standing and qualifications of the relevant Norton Rose Fulbright entity. The purpose of this communication is to provide general information of a legal nature. It does not contain a full analysis of the law nor does it constitute an opinion of any Norton Rose Fulbright entity on the points of law discussed. You must take specific legal advice on any particular matter which concerns you. If you require any advice or further information, please speak to your usual contact at Norton Rose Fulbright.
Editor's Notes
- Note advent of specific regulatory guidance regarding cyber-related vendor risk from financial services regulators since 2012-2013. Steep penalties for noncompliance. Cite examples. Spans multiple industries – financial services, healthcare, etc.
- https://www.helpnetsecurity.com/2019/04/24/nearly-half-of-firms-suffer-data-breaches-at-hands-of-vendors/ https://www.businesswire.com/news/home/20181115005665/en/Opus-Ponemon-Institute-Announce-Results-2018-Third-Party In the first half of 2019, data breaches exposed more than 4 billion data records, and companies that experienced data breaches lost an average of $4 million.
- Institutions should reject vendors who cannot meet these criteria.
- PANEL QUESTION: Do you require outside counsel to formally certify cybersecurity capabilities? ABA Formal Opinion 477R (2017): Firms must “take special precautions to protect against inadvertent or unauthorized disclosure(s).”
- “Pressure on budgets, together with a business-minded, procurement-influenced approach, will naturally influence in-house buyers to consider innovative providers in a way they might not have 15 years ago. ALSPs in particular are set up to deliver against the factors that vendors are looking for: business-focused, data-driven, transparent, tech-enabled, budget-minded - run like a business, not a law firm. Emotional intelligence is also a factor companies can pay for when considering an outside resource, and there’s a much greater awareness that huge legal projects are often actually about change management as much as they are about legal process - finding people who can deliver that change sensitivity is extremely valuable. Finally, flexible lawyering has also forced its way into a profession that hasn’t always been keen to adopt new practices; this was ALSP-led, but its success can be measured by the fact that a whole host of top-20 law firms now offer their own on-demand services.” https://blog.juro.com/2018/12/03/legal-operations-vendor-management/
- Only 28% of respondents to the Thomson Reuters survey cited utilization of a preferred vendors/panel program as an effective cost savings tool. https://www.legaltracker.com/en/insights/white-papers-and-reports/ldo-index-benchmarking-and-trends?gatedContent=%252Fcontent%252Fewp-marketing-websites%252Flegal-tracker%252Fgl%252Fen%252Finsights%252Fwhite-papers-and-reports%252Fldo-index-benchmarking-and-trends.
- As in-house counsel face increased pressure to reduce or justify legal costs, they in turn demand more proactive project management and quality service from their outside lawyers. Benefits include: alignment of client and outside counsel goals; informed risk sharing and well-considered alternative fee arrangements; more accurate budgeting; better timelines and task management; more flexible adjustment to contingencies; more effective communication between in-house and outside legal teams. Some larger firms offer bundled project management services (often with technology solutions and e-discovery services) through affiliate companies that tout the ability to provide flexible, innovative services in conjunction with the firm’s lawyers to ensure better overall service with respect to managing eDiscovery, document review, and effective use of technology in connection with the representation of clients. These affiliate firms also assist with flexible, value-based billing arrangements and staffing with the promise that this will result in greater predictability as to the legal spend associated with a representation.