One of the stark new realities facing law firm leaders and managers across the country is a dramatic increase in the risk of significant liabilities that can affect their firms.
The recent actions filed against lawyers in connection with the Enron and other corporate scandals are a clear reminder of the potential vulnerability of law firms to the actions or mistakes of individual partners. And the rapid collapse of Arthur Andersen is disturbing proof of the inherent fragility of all professional service firms.
But the new risks facing law firms go well beyond the problem of the so-called "rogue partner" arguably evidenced in these corporate scandals. In an effort to address the issues raised by Enron-type situations, Congress last year passed the Sarbanes-Oxley Act. Section 307 of the act requires the Securities and Exchange Commission to prescribe minimum standards of professional conduct for lawyers representing public companies. The SEC has now adopted such standards, imposing new obligations that effectively make lawyers responsible - in at least some circumstances - for the character and conduct of their clients.
These new rules significantly increase the risks of lawyers representing public companies and, in the view of some commentators, begin to treat the practice of law as if it were a regulated industry.
Moreover, this approach may be part of a larger trend. In recent years, there has been a noticeable expansion in the definition of "fraud" in federal and state law, and a growing tendency to criminalize more and more activities that may be labeled as fraudulent. This trend is clearly evident in health care, in environmental law, in consumer matters, and in the expanded use of RICO. As lawyers are called upon to represent clients who, with increasing frequency, may be accused of fraud and criminal behavior, the stakes for the lawyers increase as well - particularly when they are representing clients who may have "pushed the envelope" of legality in their activities.
Although most law firms of any size have for many years had ethics and practice committees or risk management partners charged with broad oversight of risk issues, most such committees or partners have spent their time dealing with more traditional risk questions, such as conflicts of interest, review of fee arrangements, screening of laterals, and dealing with partners with substance abuse problems.
They have not generally focused on the more subtle - and arguably more important - risks now confronting their firms.
The problems posed by these new risks have, of course, been greatly exacerbated by the rapid growth of law firms and the dispersion of firm lawyers in numerous offices across the country or around the world.
Simply put, how can firm leaders know if one or more of their lawyers, somewhere in the world, is "pushing the envelope too far" or taking risks that are unacceptable from the firm's standpoint? The question is even more difficult where the lawyer concerned is practicing in a highly esoteric field that takes an expert to understand the risks being taken.
Traditionally, law firms relied on a common culture and shared sense of quality standards among their partners to address these issues. And, in a time when firms were relatively small and when partners were "home grown," learning their craft from senior lawyers who mentored them, the system worked well enough.
Today, the situation is far different. In an era of rapid expansion, frequent mergers, and constant lateral acquisitions, most firms can no longer claim to have anything like the common culture of bygone days.
Experts agree that the most effective way to manage the growing risks facing law firms is not simply through the issuance of elaborate rules or policies [as useful as those may be], but rather through the creation of a genuinely risk-sensitive culture in which acceptable risk levels are understood and lawyers seek consultation and guidance when confronting questionable situations.
Since that kind of culture does not exist naturally in most law firms today, it must be consciously created. Unfortunately, there are not many models in the legal profession for how to do it.
Thus, it is instructive to look to the experience of other professional service industries - such as health care, investment banking, and accounting - that also have had to deal with risk management and compliance issues.
While their risk management programs have certainly not been without blemish, these three industries have focused on risk management questions far longer and in a more systematic way than has the legal profession.
Several important factors have emerged from their experience, including:
A clear definition of roles and responsibilities so that every professional understands the extent of his or her authority and the circumstances under which consultation with others is required;
A system of supervision and monitoring that provides general oversight and periodic reviews of the work of every professional;
Written policies and procedures [and codes of conduct, in some cases] that define expectations and clarify when consultation is required;
Comprehensive training programs to insure that all professionals understand the policies and procedures under which they are expected to work;
Compensation systems that are designed to incentivize compliance with the risk management program and disincentivize non-compliance;
Reporting mechanisms that recognize that mistakes will be made and that encourage rapid "no fault" reporting of circumstances that may give rise to claims; and
Enforcement mechanisms to "put teeth" into the written policies and procedures.
Unfortunately, most law firms have implemented very few of these steps in any significant way. Indeed, some of the ideas articulated above would be counter-cultural in most law firms.
For example, the notion that making mistakes is a normal part of any professional's learning and experience [an essential element of a "no fault" reporting concept] flies in the face of the strong culture of perfection that exists in most law firms.
Likewise, an effort to clearly define roles and responsibilities and to impose supervision and monitoring over their activities might cause many lawyers to bristle at a perceived loss of professional independence, even though the supervision is provided by other lawyers.
In short, the adoption of a comprehensive and effective risk management program in most law firms will not be easy, but firm leaders can simply not afford to ignore the problem. As a starter, firms might focus on the following manageable steps:
Adopt and implement a strong practice management program. Comprehensive practice management is a firm's first line of defense against the "rogue partner" problem. If implemented correctly, a practice management program will provide both supervision and intake control over all matters handled by a particular practice group and provide firm management with a powerful tool for monitoring the risk exposure of the firm.
Institute an intake screening program that identifies clients and matters requiring special scrutiny. Such special review might be triggered by the type or financial condition of the client or by the nature of the transaction or other matter that the firm is requested to handle. Practice groups should be asked to identify matters in their areas that would justify such scrutiny.
Institute a process for special review of the firm's advice in particularly risky matters. Many firms have an "opinions committee" that is required to approve all formal opinions issued by the firm [particularly in financial or securities transactions], but there are many risks a firm can incur short of the issuance of a formal opinion. Other firms have a "two-partner rule" that is applicable to any significant advice rendered by the firm. That approach may be somewhat better but only if there is an assurance that the "second partner" will be disinterested and objective.
Adopt and implement a formal risk management program with a designated partner in charge who spends a significant portion of his or her time focusing on these issues [and who is adequately compensated for these efforts]. Such a program should include a comprehensive training plan - ideally implemented through the practice groups - to insure that all lawyers are aware of the standards and procedures applicable to their work.
Institute a formal audit program to check compliance with the firm's quality and risk management standards. One global law firm conducts regular "quality audits" of its offices and practices, such audits often being conducted by retired partners who report their findings to the firm's general counsel and risk management partner.
And finally, make certain the firm's compensation system does not operate at cross purposes with its risk management objectives. A compensation system that rewards only client originations or billings and takes no account of a partner who saves the firm from significant risk by withdrawing from a client matter is a system that disincentivizes lawyers to act in the firm's best interest.
Given the significant and growing risks of liability confronting virtually every mid- and large-size law firm today, it is incumbent upon firm managers to take the lead in implementing strong and effective risk management programs.
While there may be "pushback" from some partners to some aspects of such a program, the stakes are simply too high to allow such reactions to deter the effort.
Interested in Learning More About Legal Hiring? Read the Definitive Guide: