Risk management has become an area of intense interest for law firms, mostly because certain aspects of it — technology, security, compliance and client satisfaction — have become major issues of concern for the legal industry.
Legal Executive Institute sat down with James Jones, Senior Fellow at the Center for the Study of the Legal Profession at Georgetown University Law Center, to discuss how law firms can better manage their risk in these high-profile areas.
Legal Executive Institute: Risk management seems to have gotten more attention from law firms recently. Is that true?
James Jones: This is a topic that has changed a lot over the last decade or so. Historically, when law firms thought about risk, they thought about practice-related risk. This was mainly making sure that their lawyers complied with applicable canons of ethics and rules of practice, and that they were duly licensed in all the places where they were supposed to be working.
About 10 or 12 years ago, when firms began creating General Counsel functions within the firm, that’s what those guys did. Over the last decade, those responsibilities have really broadened dramatically, in part because of a huge change in the risk environment relating to law firms.
Legal Executive Institute: What is that change and how should law firms make sure they’re addressing it in their risk management strategy?
James Jones: Overall, it’s a lot riskier to be a big law firm today than it used to be, from a lot of different perspectives. For example, law firms never had to have compliance departments before. The only compliance they had to worry about was making sure everybody was licensed in the right states and that they didn’t have insider trading. Now there’s a long list of compliance stuff that is under the bailiwick of the General Counsel, a lot of it related to so-called “gatekeeper” requirements. These include rules holding lawyers responsible for certain fraudulent conduct of their clients imposed by the RTC and the FDIC; “suspicious activity” reporting required by Treasury (FinCEN), the Federal Reserve, the Office of the Comptroller of the Currency, the FDIC, OTS, and the National Credit Union Administration; the misleading or deceiving information rule imposed by the INS (now Customs & Border Protection); tax shelter rules imposed by the IRS; anti-terrorism provisions under the U.S.A. Patriot Act; and anti-money laundering requirements of the “Gatekeeper Initiative” of the Financial Action Task Force.
These regulatory requirements have expanded to the point that. in some large firms, they are now hiring Chief Compliance Officers, in addition to the General Counsel.
Legal Executive Institute: Are there any specific compliance risks that law firms need to be especially aware of?
James Jones: For one thing, you now have other lawyers, regulators and courts that are more willing than ever before to hold lawyers responsible in some way for the actions of their clients. You see that built into an increasing number of “gatekeeper” type regulations as I just described.
But we have also seen in recent years a growing willingness of government to charge lawyers with aiding and abetting clients in the commission of crimes. Prosecutors never used to go after lawyers for aiding and abetting unless it was obvious that the lawyer was involved in the fraud. But now, if you issue an opinion to a client saying that this is okay and the IRS subsequently determines that it’s an illegal tax shelter, they’ll go after the lawyer and the accountant, as well as the client. That willingness to go after the lawyers for the misdeeds of their clients has been on the uptick.
As I mentioned before, there are similar rules now in place with respect to financial transactions and money laundering. There are rules imposed under the Patriot Act and the “Know Your Client” regulations, providing that if a law firm accepts a client that is engaged in money laundering and the firm, by doing proper due diligence could have figured out the client was in the process of laundering money, then the firm may be held responsible as well. The ante has been upped. So, what that has done is force law firms into compliance efforts in ways quite similar to what goes on in commercial companies.
Legal Executive Institute: Beyond compliance issues, what else is there to be concerned about?
James Jones: The risks related to the business of law have gotten more serious, as well. You see examples of firms bringing in bad lateral hires — laterals that, again, with enough due diligence the firm should have been able to figure out that this is not somebody a firm would want, for ethical reasons.
You see firms entering into merger agreements or other kinds of business deals with other law firms or other entities with provisions that you really ought to be thinking long and hard about. The best recent example of this is undoubtedly the unfortunate outcome of the Dewey & LeBoeuf merger that resulted in a large number of undisclosed compensation guarantees that ultimately contributed significantly to the demise of the firm.
Historically, law firm general counsels had nothing to do with that stuff. But now they are thinking about their role as much more like a general counsel at a company. Anything that potentially puts the organization at risk ought to be something that the general counsel has supervisory authority over — and some of those are really existential risks.