Ilta09 Law Firm Risk Management D Cunningham


Published on

Presented by Dave Cunningham at ILTA 2009.

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Ilta09 Law Firm Risk Management D Cunningham

  1. 1. Law Firm Risk Management: Can It Grow Profitability? Moderator: Adam Hansen Director of Information Security, Sonnenschein Nath & Rosenthal Panel: Pat Archbold, VP of Risk Practice, IntApp David Cunningham, Managing Director, Baker Robbins & Company
  2. 2. Agenda • Risk Defined • Legal Risk Types • Business Benefits • UK vs. US Risk Environment • Risk Roles and Organization • Risk Management Approach • Future of Risk Management • Three Next Steps • Questions and Answers
  3. 3. Risk Defined Risk is the uncertainty caused by the occurrence of an event that might affect the achievement of objectives. • The management of a law firm’s risks involves decisions that are not simply about avoiding a negative impact but also about pursuing a positive (but un-guaranteed) impact on business opportunities. • Consequently, effective risk management not only mitigates losses but can also positively contribute to the competitive standing of a firm. • This tension between adverse risks and desirable business opportunities makes risk management an essential element of firm governance.
  4. 4. Legal Risk Types Risk Types Example Risks Key Roles IT Systems: Continuity, Recovery, Security, and Access Management. CIO, Data: Confidentiality, Integrity, Ethical Walls, Retention, Data General Counsel Protection, Data Transfers, Hosting of Third-Party or Client Data. Third Party Suppliers: Maintenance/Support, Contracts and Outsourcing. Financial Audit, Financial Internal Controls, Financial Transparency and CFO Disclosure, Anti-Money Laundering, Counter-Terrorist Financing, Credit, Firm Investments, Currency, and Portfolio Risks. Practice Client Relations, Lateral, Professional Responsibilities (including Practice Leaders, General Management malpractice, conflicts, records, and litigation support), and Counsel, Directors of Professional Development Risks. Conflicts, Records, Lit Support, Library, and KM. Strategic / Firm Governance, Risk Management Governance, Reputational, Managing Partner, Corporate Marketing, and Market Risks. Marketing Director, General Counsel Operational Employment, Fraud, Damage to Assets, and Insurance Mediation HR Director, COO, Risks. General Counsel Environmental Natural Disasters, Epidemics, and Resource Access Risks. COO, Business Continuity Team
  5. 5. Business Benefits • Loss Prevention • Cost Savings • Departmental Efficiencies • Competitive Edge – Growth in Lateral Talent – Growth and Retention of Clients – Quality of Client Relationships – Alternative Fee Arrangements • Quality of Working Environment • Reputation
  6. 6. In the News… (03/10/2009) Top five risks identified as facing law firms (order of severity): • Bankruptcy or acquisition of significant clients • IT security • Pressure on fees and the need for 'instant' advice leading to claims • Conflicts of interest •Errors made by staff/lawyers on complex, high-value transactions A firm’s responses to application questions about risk management and loss prevention programs are often among the most important qualitative information an insurer uses to gauge the risk it may pose, according to Stuart Pattison, a vice president at Chicago-based CNA, one of the nation’s largest commercial insurers.
  7. 7. UK vs. US Risk Environment
  8. 8. In the News… (05/21/2009) “The Financial Services Authority (03/13/2009) (FSA) has brought charges of “In a much-touted speech on insider trading against two Thursday (12 March), FSA chief lawyers – including a current executive Hector Sants outlined a partner in the London office of break with light-touch, principles- Dorsey & Whitney – it has based regulation, arguing the emerged. City should be ‘very frightened’ of the body.” The move marks a more aggressive stance from the FSA, which earlier this year secured its first successful insider trading prosecution…”
  9. 9. US News 3/20/2009 08/06/2009 The FTC Strikes Back: (Essentially) Everyone Should Be Complying Dept. of Heath and Human Services With Red Flags Rules, Especially 45 CFR Parts 160 and 164 The Healthcare Industry Examples of business associates include The FTC, with unusual third party administrators or pharmacy frankness, emphasizes that no benefit managers for health plans, claims industry is exempt as a “creditor” processing or billing companies, …….The FTC also pulls no punches when identifying potential “creditors,” transcription companies, and persons who listing a wide range of industries and perform legal, actuarial, accounting, businesses, including physicians, management, or administrative services for lawyers, merchants” covered entities and who require access to protected health information.
  10. 10. Who’s Ultimately Responsible for Risk Management? 2007 2009 Single Individual: 36% Single Individual: 63%
  11. 11. Risk Roles and Organization • Firm Internal Roles – General Counsel – Directors of Loss Prevention, Conflicts, Records – Professional Responsibility Partners/Ethics Partner – CIO or IT Director – Directors of Security, Business Continuity – Business Departmental Directors – Partners / Lawyers – Committees • External Roles – Insurance Underwriters/brokers – Clients – External Assessors
  12. 12. Risk Management Becomes a Department in Law Firms
  13. 13. Risk and IT Speak in Different Languages DR, Engagement Letters, Malware, VPN, Vicarious Disqualification, LDAP, SharePoint, Rule 1.10, SLAs, Five-9s, P2P Advanced Waivers, Consider: Matter Centricity + Search= Exposure
  14. 14. Future Org Chart?
  15. 15. Risk Management Approach • Successful Risk Management Environment – Communicate and Consult – Establish the Context – Promote Self Assessment – Monitor and Review
  16. 16. Risk Management Approach • Risk Assessment Process • Risk Treatment Process – Identify Options – Evaluate and Select Options – Prepare and Implement Treatment Plans
  17. 17. Future: Risk Register/ERM The Risk: The Consequence What can of an Event Adequacy Happening Consequence Likelihood Level of Risk # Happen and of Existing Rating Rating Risk Priority How Can it Conse- Like- Controls Happen? quence lihood
  18. 18. Future: Client Requests 2007 2009 Clients have asked firm for Clients have asked firm for additional protections: 61% additional protections: 86%
  19. 19. Intake and Insider List Next Steps: Integrate Risk and Management TechnologyManagement List Insider Management Workflow software to manage intake processes Matter designated “confidential” Tracks access, locks across “firm confidential” systems, hides matter “price sensitive” names
  20. 20. Next Steps: Leverage Risk Management Budgets
  21. 21. Next Steps: Plan for Certification
  22. 22. Adam Hansen Director of Information Security, Sonnenschein Nath & Rosenthal Pat Archbold VP of Risk Practice, IntApp David Cunningham Managing Director, Baker Robbins & Company
  23. 23. SRA Rule 5: Marsh UK Risk Study-Insurance Journal: KornFerry Evolution of Law Firm Risk Management Article: UK Conflicts Rule Changes Article-Legalweek Red Flag Rules Article: everyone-should-be-complying-with-red-flags-rules-especially-the-healthcare-industry/ HITECH Act Update, DHHS: Risk Roundtable West Legal Education, Practice Area Ethics and Professional Responsibility