1 December: 12th annual Risk management for law firms
Transcript of 1 December: 12th annual Risk management for law firms
SPEAKERS FROM:
[email protected]+44 (0) 20 7324 2365 www.ark-group.com
WHY ATTEND?• Stay compliant - essential updates
from your regulators• Participate in live polls to
benchmark your thinking and practice
• Share your experiences with your peers and get feedback on your judgements
• Meet the brightest and the best from legal compliance
The risk landscape is constantly changing and the 12th annual Risk management for law firms conference will enable delegates to learn about developing issues, and how to deal with them. The 9th Regulatory compliance for law firms conference is not going to be about ticking boxes. It is about resolving the real-life dilemmas posed by clients and others on a daily basis, and the framework within which law firms operate. Both conferences provide the opportunity to meet with and learn from your peers.Frank Maher, Partner, Legal Risk
1 December: 12th annual Risk management for law firms
PRESENTS
A WORD FROM THE CHAIR:
ENDORSED BY:
Hold on to your profit, and your reputation, in 2016 with ARK’s annual risk and compliance conferences
SPONSORED BY:
Welcome to 12th Annual Risk Management for Law Firms Conference 2015.
So that we can keep everything running as smoothly as possible please take note of the following points:
z Delegate pack – this is correct at time of publication, whilst every effort is made to include all material, there are occasions where slides need to be changed at the last minute to ensure any duplication of content is kept to a minimum. An electronic link will be sent to you following the conference where you can download all of the slides presented throughout the conference.
z Delegate feedback form - you’ll find the form in the delegate pack handed out to you at registration. Your comments and suggestions are invaluable to us and our speakers so please don’t forget to complete this during the event.
z Dietary requirements – please tell us no later than morning break if you have any specific dietary requirements we should be aware of. Lunch will have a vegetarian option, but if you have any other requirements please let us know.
z Electronic devices – please ensure these are switched OFF as they can interfere with AV equipment and the use of them can be a distraction to other delegates.
z Health and Safety – please familiarise yourself with the nearest emergency exits and take note of any Health and Safety announcements given by ARK Group staff in the morning.
Please do not hesitate to ask a member of ARK Group staff if you need anything.
Leah DarbyshireHead of Content, Events, and Community Manager for Legal Compliance AssociationARK Group
12th ANNUAL RISK MANAGEMENT FOR LAW FIRMS CONFERENCE 2015
Background
ARK Group is a leading provider of business management information delivered via live events and printed publications. With offices in London and Chicago, we are an international information provider to a wide range of businesses.
ARK Group is a member of Wilmington PLC, a group that delivers essential training, information and knowledge to organisation and professionals across a wide range of sectors. Wilmington companies thrive on creative collaboration and shared expertise, and we have a common goal - to help our clients maximise their potential. At ARK Group we believe that effective management strategies and techniques are valid across industry and geographic divides.
Our goal is to help professionals and organisations work more intelligently by delivering reliable information and techniques that can be used to benchmark, instigate, develop and improve fundamental business processes and procedures.
Our events
ARK Group conferences, masterclasses and webinars complement and coordinate with our management strategy publications. They are rigorously researched and provide companies around the world with a practical, progressive and enjoyable alternative to traditional conference formats. Our events are designed to meet the needs of forward thinking business representatives who need to maintain an edge in today’s fast-moving global market place.
Our comprehensive product range includes:
z International conferences: these conferences address business-critical topics in our core arena of expertise, namely: legal services businesses management; legal compliance; knowledge, content and information management; trade finance and business optimisation for both the private and public sectors.
z Masterclasses: these are intimate one-day or half-day intensive events led by industry thought leaders and are designed to be interactive and informal.
z Webinars: one hour of specific instruction on up-to-the minute topics by industry-leading speakers, delivered to your desktop.
Our publications
ARK Publishing is committed to delivering practical advice and expertise to business professionals worldwide through a range of specialist magazines and reports. Written by expert practitioners, ARK Group’s reports offer behind-the-scenes access and an opportunity to benchmark your initiatives against those of your competitors and peers. Our reports are published in association with Managing Partner, Private Client Adviser (formerly Elderly Client Adviser), Solicitors Journal and Trade & Forfaiting Review magazines.
For more information on our wide range of products, please call ARK Group on +44 (0)2073 242365 or visit our website: www.ark-group.com
DISCLAIMER
The material for this presentation has been designed as an integral part of the presentation solely for the benefit of delegates attending the presentation. The material does not necessarily stand on its own and is not intended to be relied upon for giving specific advice.
To the fullest extent permitted by law, neither ARK Group nor its presenters will be liable by reason of breach of contract, negligence or otherwise for any loss or damage (whether direct or indirect) occasioned to any person acting or omitting to act or refraining from acting upon the conference material or presentation of the conference or, except to the extent that any such loss or damage does not exceed the price of the conference, arising from or connected with any error or omission in the conference material or presentation of the conference. Nothing in this paragraph shall be deemed to exclude or limit ARK Group’s nor its presenters liability for death or personal injury caused by negligence or for fraud or fraudulent misrepresentation.
Loss and damage as referred to above shall be deemed to include, but is not limited to, any loss of profits or anticipated profits, damage to reputation or goodwill, loss of business or anticipated business, damages, costs, expenses incurred or payable to any third party (in all cases whether direct or indirect) or any other direct or indirect loss or damage.
Copyright in these materials belongs or is licensed to ARK Group and no permissions or licences in relation to these materials are granted. No part of the handout material may be reproduced in any form or for any purpose without the prior permission of ARK Group.
849-15
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
1
CONTENTS
SPONSORS 2
CHAIR’S OPENING REMARKS 5
ESSENTIAL UPDATESKeynote: The future of regulation 6
PROTECTING CLIENT INFORMATIONConfidentiality in an international market place 14
PROFESSIONAL INDEMNITY INSURANCEWhat can legal businesses expect in terms of professional indemnity insurance (PII) in 2016? 22
PROTECTING CLIENT INFORMATIONTechnical surveillance – it’s not a future threat, it’s happening today, worldwide 30
Cybercrime and scams: What you need to know 32
PREVENTING HUMAN ERRORManaging the ‘human factors’ in legal services risk 44
CHANGING RELATIONSHIPS WITH CLIENTSAdvice – commercial or legal? 45
CROSS-SECTOR INSIGHT PANELWhat can be learned from other sectors? 60
WHAT TO LOOK OUT FOR INTERACTIVE PANEL:Horizon scanning – what’s next? 62
DELEGATE LIST 65
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
2
Willis Limited is a leading global insurance broker.
Willis develops and delivers professional insurance, reinsurance, risk management, financial and human resource consulting and actuarial services to corporations, public entities, institutions and firms around the world.
Willis has more than 400 offices in nearly 120 countries, with a global team of approximately 17,000 Associates serving clients in virtually every part of the world.
Willis has considerable experience in the legal services sector. The Legal Services Practice Group within Willis’s FINEX Global division is dedicated to handling the Professional Indemnity Insurance (PII) requirements of the legal services industry. With excellent market access, dedicated service teams and commitment to risk management the group has developed a market leading position.
http://www.willisfinexglobal.com/
SPONSOR
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
3
SPONSOR
Advanced 365, a division of Advanced Computer Software Group has been supporting dynamic organisations since 1987 to align IT services with business requirements.
Advanced 365 is a leading UK based provider of IT Managed Services and Business Innovation solutions. Over 250 organisations rely on our expertise and service excellence to improve their operational efficiencies, control costs and provide visibility of their IT estates.
Place Sponsors ad over this page and the word Sponsor above (text
shouldn’t be visible, only needed for contents page link when there isn’t a
profile)
SPONSOR
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
5
Biography
Frank Maher is a practising solicitor and partner in Legal Risk LLP. He specialises in advising major US, European and UK 100 law firms, their insurers and other professions on professional regulation and professional indemnity. His practice covers transactional advice, litigation and disciplinary proceedings. He is advising a number of practices on regulation as Alternative Business Structures under the new regulatory regime in the UK which permits non-lawyer investment and involvement in law firms.
Frank has a diploma in Anti Money Laundering and a Practitioner Certificate in Data Protection.
Frank is author of Risk and Compliance for Law Firms in a Changed World and co-author with Sue Mawdsley of The Money Laundering Reporting Officer’s Handbook: A Guide for solicitors. He is also a contributor to Ark Group’s Future of Legal Services Report and is a contributor to the International Bar Association book on Risk Management In Law Firms, with contributions on several topics including conflicts and confidentiality.
He has over 30 years’ experience of defending many of the largest law firm claims for insurers. His claims experience includes many involving fraud issues in the UK and elsewhere, property, undertakings, financial services and consumer credit.
He has advised City firms and many other UK, US and international practices.
He is also a frequent contributor to the legal and insurance press and a regular speaker at events worldwide.
Organisation Profile
Legal Risk LLP is a UK law firm whose clients include six Am Law 100 and ten Am Law 200 firms, many of the leading European and UK law firms and US and UK insurers on professional regulation, risk management, anti-money laundering, and professional indemnity. The partners’ combined experience covers a wide range of commercial, banking, insolvency, anti-money laundering, professional indemnity insurance and disciplinary and compliance issues. The firm is frequently instructed in the insurance aspects of law firm mergers.
Legal Risk is recommended by Legal 500 and Chambers and Partners for professional indemnity and professional regulation, and was winner of the Law Society’s Gazette Centenary Award for Excellence in Risk Management.
Direct Dial: 0151 231 6232Telephone: 0845 330 6791International Telephone +44 151 231 6230International Fax +44 151 231 [email protected]
Frank Maher, Partner, Legal Risk
CHAIR’S OPENING REMARKS
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
6
Biography
Crispin Passmore was appointed as Executive Direct at the Solicitors Regulation Authority, responsible for its policy development in January 2014. At the SRA he is leading the next phase of modernisation of its regulatory approach with a strong focus on reducing regulatory burdens, reforming its approach to education and training and improving its focus on consumers. Previously he was Strategy Director at the Legal Services Board. He joined the LSB during its start-up in May 2009 and was responsible for the development and delivery of a long term strategy for liberalisation of regulation in the English & Welsh legal sector that delivers appropriate consumer protection and supports innovation, choice and diversity. Previously Crispin was at the Legal Services Commission, responsible for legal aid in England & Wales. At the LSC he undertook a range of senior policy roles over five years, driving many innovations and reforms to civil legal aid. Prior to the LSC he led Coventry Law Centre where he introduced significant innovations in the way the Law Centre delivered services. he has worked in legal services sector for over 20 years.
Crispin Passmore, Executive Director, Solicitors Regulation Authority
ESSENTIAL UPDATESKeynote: The future of regulation
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
7
Cost pressures, IT opportunities
Access to justice
Legal firms as PLCs
400+ SBR changes, opportunity for traditional firms
Recognition of unmet need from SMEs
A dynamic market
Regulatory reformCrispin Passmore
Executive Director, PolicySolicitors Regulation Authority
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
8
Reform package delivering proportionate and targeted regulation
MDP/SBR changes
Cut 36 pieces of unnecessary regulation in the last 18 months, including
Accounting requirementsStreamlining training regulationsSmall firms
Plans to do much more: major Handbook reform
Regulatory reform
New structures and ownership models not a significant risk factor
Firms need freedom to develop and grow
Disproportionate regulatory models get in the way
Support firms to comply and to innovate
Regulatory reform to cut bureaucracy and create opportunity
Supporting the market
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
9
Handbook review
Issues with current Handbook...
Restrictive and focused on legal structure
Remains overly detailed and prescriptive
Large, complex and wide in scope and applicability
Operates on a ‘one size fits all’ basis
Why further reform?
Ensuring regulation remains relevant in the changing market
Making it easier for solicitors and firms to focus on their customers and business by ensuring regulation is proportionate
Logical next step
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
10
Benefits Flexibility for solicitors and firms
Increases the availability of solicitors to consumers
Regulation is proportionate to risk
An individual Code that focuses clearly on ethics and competence
Entity regulation that focuses on systems and controls
Handbook review
Model for discussion:
All solicitors are subject to professional principles and Code of Conduct at all times
Solicitors will be free to provide non-reserved legal services across the whole market
Clarity between individual and entity regulation
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
11
Question of Trust
Question of TrustProportionate regulation places emphasis on individual professional values
Renewed regulatory focus on standards and enforcement
‘A Question of Trust’
A consumer complains that each time he sees his solicitor there are other clients’ files open on the desk in the waiting area.
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
12
36 significant cuts in bureaucracy in 18 months
Regulatory reform at pace - targeted and proportionate regulation
Landmark work calibrating professional standards and values – and what happens when things go wrong
What are we doingIn summary
Next steps
Position Paper outlines direction of travel
Spring 2016 consultation
Get involved
SRA Innovate
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
13
Any questions?
Thank you
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
14
Biography
Eddie is General Counsel at Wragge Lawrence Graham & Co LLP (WLG) advising the firm’s board on corporate governance, regulatory and compliance issues and risk management. Before taking on his current role Eddie led the firm’s Dispute Resolution practice and before that he was head of the firm’s Insurance practice. Prior to his legal career Eddie was a Chartered Loss Adjuster with an international Loss Adjusting practice and Claims Manager to a leading Lloyd’s Syndicate.
Organisation Profile
WLG is a UK-headquartered international law firm providing a full service to clients worldwide. In January 2016 WLG and Gowlings, a leading Canadian law firm, are joining forces to create Gowling WLG which will be top 50 Global firm with 1,400 professionals in 18 cities worldwide.
Eddie Breen, General Counsel, Wragge Lawrence Graham & Co LLP
PROTECTING CLIENT INFORMATIONConfidentiality in an international market place
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
15
A G E N D A Introduction
Confidentiality v due diligence
Managing confidentiality post-merger
Managing confidentiality in a verein, etc
Big data and confidentiality
Outside Counsel guidelines and confidentiality
PROTECTING CLIENT INFORMATION
Confidentiality in an international market place
Ark Group Conference Risk Management for Law Firms
1 December 2015Eddie Breen, General Counsel
Wragge Lawrence Graham & Co LLP
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
16
…CONFIDENTIALITY v DUE DILIGENCE Regulatory
You must keep the affairs of clients confidential unless:
- Permitted by law or the client consents; and
- You must have effective systems and controls in place to enable you to identify risks to client confidentiality and to mitigate those risks. 2
2 SRA Code of Conduct 2011 Output 4.1cont’d…
CONFIDENTIALITY v DUE DILIGENCE Duty of confidentiality
Fundamental to a firm’s and a solicitor’s relationship with their prospective,current and former clients.
Applies to support staff, consultants and locums.
Legal
“A solicitor is under a duty not to communicate to others any information inhis possession which is confidential to the [client or] former client.” 1
cont’d…1 Lord Hope – Prince Jefri Case (1998) AER (D) 767
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
17
…CONFIDENTIALITY v DUE DILIGENCE Business v profession?
Are law firms like any other business?
Risks to privilege
When it goes wrongSquire Patton Boggs & Tate & Lyle
When sugar turns sour!
Squaring the circle by informed consent- Who?
- What?
- When?
- How?
…CONFIDENTIALITY v DUE DILIGENCE Duty to manage risk
You must run your business in accordance with proper governance andsound financial and risk management principles. 3
“Law firms are businesses like any other and as such might use othercompanies to advise on specialist matters. Firms must ensure that indoing so they do not breach client confidentiality [or legal professionalprivilege].” 4
Due diligence in a merger
Involves the detailed examination of the other firm before entering into abusiness arrangement with that other firm with the aim of identifying andquantifying the value in the firm and the risks in the proposed transaction.
cont’d…
3 SRA Code of Conduct 2011 Principle 74 David Middleton SRA Executive Director (Legal and Enforcement) 7 Jan 2015
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
18
…MANAGING CONFIDENTIALITY POST MERGER“In addition it must be remembered that members of large firms working indifferent departments in different locations can communicate by telephone andoften meet for events organised by the firm.”
There but for the grace of …
Effective systems
- Hardwired not ad hoc
- Training and on-going monitoring
- Location of teams
- Physical security
- On-line security
MANAGING CONFIDENTIALITY POST MERGER Mergers do not change history
Acting as a single firm whilst protecting client confidentiality. So how does that work then?
Judicial scepticism
Georgian American Alloys Inc v White & Case LLP 5
Mr Justice Field:
“As Lord Millett observed in [the Prince Jefri case] the starting point is that unless specialmeasures are taken, information moves within a firm … and the physical separation of most butnot all of the members of the two teams do not discharge the evidential burden on White & Caseas to the risk of past disclosure in the period down to the introduction of ethical screens.”
5 [2014] EWHC 94 (Comm)cont’d…
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
19
… MANAGING CONFIDENTIALITY IN A VEREIN ETC Managing the risks
- Effective systems (see above)
- Central conflict checking
- Data warehousing / outsourcing
MANAGING CONFIDENTIALITY IN A VEREIN ETC Legal and regulatory issues
LEGAL
Gap Inc & Dentons US LLP
Conflict of interest but relevant to confidentiality
REGULATORY
“The risk is greater for example in complex firm structures, oftencomprising a number of separate legal entities typically with commonbranding and operating in different jurisdictions not all of which are subjectto SRA regulation.” 6
cont’d…6 “Protecting and maintaining client confidentiality” SRA Ethics Guidance 9 January 2015
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
20
OUTSIDE COUNSEL GUIDELINES AND CONFIDENTIALITY
ENOUGH SAID!
BIG DATA AND CONFIDENTIALITY What is it?
The exponential growth and availability of data, both structured and unstructured
The 5 “V’s” of Big Data:
- Volume
- Velocity
- Variety
- Veracity
- Visualisation
Data analytics – why is it a risk?
Providing access and preserving anonymity
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
22
Biography
T: + 44 (0) 20 3193 9418E: [email protected]
Colin has over 24 years’ experience in the PII market and has for some time focused on the risk management requirements for larger law firms. He has assisted firms with the implementation of risk management training programmes for partners, fee earners and support staff and is a regular speaker at conferences and PII and risk management.
Colin is a Client Advocate on a number of larger law firms and works with many in-house risk managers to create and maintain a dynamic risk culture.
He has been widely published in Managing Partner, FD Legal, Modern Law, Lexcel Link and many others legal publications. Colin is a member of the Managing Partners Forum and is a qualified Lexcel Consultant.
Colin holds the International Certificate in Risk Management qualification (CIRM) from the Institute of Risk Management.
In 2011 and 2013 he was shortlisted for Risk Manager of the Year at the IRM Risk Management awards.
Organisation Profile
Willis Limited is a leading global insurance broker.
Willis develops and delivers professional insurance, reinsurance, risk management, financial and human resource consulting and actuarial services to corporations, public entities, institutions and firms around the world.
Willis has more than 400 offices in nearly 120 countries, with a global team of approximately 17,000 Associates serving clients in virtually every part of the world.
Willis has considerable experience in the legal services sector. The Legal Services Practice Group within Willis’s FINEX Global division is dedicated to handling the Professional Indemnity Insurance (PII) requirements of the legal services industry. With excellent market access, dedicated service teams and commitment to risk management the group has developed a market leading position.
http://www.willisfinexglobal.com/
Colin S Taylor, CIRM, Executive Director, FINEX Global Professional Indemnity, Willis
PROFESSIONAL INDEMNITY INSURANCEWhat can legal businesses expect in terms of professional
indemnity insurance (PII) in 2016?
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
23
The Insurance Market Cycle
2000 2007 2014 2021
The Economy
Claims
Premiums
UK Solicitors Professional Indemnity Review and Key Risk/Insurance Themes
Colin Taylor CIRM
Executive Director, Finex GlobalProfessional Indemnity
WE BUILD RESILIENCE TO REALISE AMBITIONS
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
24
Home Price Index 2002 - 2015
Economy/House Prices 1975 – 2011
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
25
2015 – Market observations
England and Wales compulsory premium pot - was around £250m –now expected to be around £225m
Many firms reduced premium despite increases in rateable fee income.
Change of renewal date? - 18 month policies
Insurer security - Rated v Unrated insurers - QIC Europe Ltd
Incidence of Claims from Property continues to reduce
Insurer focus on Financial Stability (or lack of)
England and Wales Solicitors Compulsory PII Premium
255
154166
225
272
243 244
215204
225
249
213
256239
250 250
225
0
50
100
150
200
250
300
1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015
Prem
ium
inco
me(
£m)
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
26
Analysis of Willis’s Law Firm Claims
• Communications with client
Scope of engagement Adequate communication of legal advice
• Supervision failures
Management culture Dual roles
• Administrative errors
File audits, Second pair of eyes Diary management
• Lack of knowledge
Solicitor acting outside area of expertise
Risk Management Lessons
40%
35%
17%
8% Supervision Failure
Administrative errors
Communications with Clients
Lack of Knowledge
Working in Finance, Compliance or Risk
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
27
Willis Risk Barometer - Key Findings
What are the top three risks in terms of financial umpact on your firm?
100+ Partners
PII Claims
Losing Clients
Cyber
11-100 Partners
Losing Clients
PII Claims
Cyber
2-10 Partners
PII Claims
Losing Clients
Departing Lawyers
Sole Practitioners
Losing Clients
PII Claims
Credit Risk
Willis &The Lawyer Risk Survey Report 2015
Willis consulted 130 Partners, COLPs, COFAs, Risk Directors from Magic Circle to Sole Practitioners
Findings broken down into:• 100+ Partners,
• 11-100 Partners,
• 2-11 Partners
• Sole Practitioners
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
28
Key Issues
Merger/Acquisition
Lateral Hires
Conversion to ABS
Data Protection
Cyber
Willis Risk Barometer - Key Findings
What are the top three things your firm is doing to improve risk management?
100+ Partners
Improving data protection and client
confidentiality
Maintaining a firm wide risk register
Analysing Past Claims
11-100 Partners
Maintaining a firm wide risk register
Regular file audits
Analysing Past Claims
2-10 Partners
Regular file audits
Maintaining a firm wide risk register
Improving data protection and client
confidentiality
Sole Practitioners
Improving data protection and client
confidentiality
Regular file audits
Maintaining a firm wide risk register
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
29
For further information contact:
Colin S.Taylor CIRMExecutive Director, Finex GlobalProfessional Indemnity
Willis GroupThe Willis Building51 Lime StreetLondon EC3M 7DQT +44 (0) 20 3193 9418E [email protected] www.willisfinexglobal.com
Willis Ltd is an accredited Lloyd’s Broker and is authorised and regulated by the Financial Conduct Authority
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
30
Biography
Jeff Jenkinson is a Former Special Forces Warrant Officer with many years’ experience of command from the bottom to the top of the ladder. He is a professional, diligent and energetic person with a broad and in-depth knowledge and experience of security and procedures.
Jeff is always forward thinking, with excellent planning and organisational abilities and a highly developed aptitude for designing innovative solutions and delivering them. He has a positive attitude to management and a positive approach to challenges and is a confident and highly motivated individual who is very accustomed to operating in high-pressure environments.
Specialities:
z Technical Surveillance Counter Measures (TSCM). z Adaptive problem solving to deliver high quality inventive solutions. z Innovative Design Solutions. z Threat analysis and risk identification. z Designing clear operational procedures that are relevant, effective and of value.
Organisation Profile
Corporate Information Group Limited (CIG) is a UK owned Technical Surveillance Counter Measures (TSCM) Company based in London. CIG was formed in 1998 and we offer bespoke world-class counter espionage solutions in the United Kingdom as well as internationally.
CIG currently carries out Technical Surveillance Counter Measures (TSCM) for our clients worldwide. Our TSCM Service client’s range from High Net Worth individuals, through large Financial Corporations and Banks, to international Law Companies. It goes without saying that client confidentiality is assured. Our team is from the following backgrounds: Electronics, Intelligence, Military and the Police with many years of experience in the TSCM field working all over the world.
As a leading TSCM company we are constantly investing in new counter measures equipment to keep up to date with the latest technical threats as they evolve. We also design and build our own TSCM equipment to counter these threats and ensure that we are at the cutting edge of new developments and technology.
At CIG we keep our clients up to date on emerging issues and send out literature and information sheets to our own clients on a needs basis, thus ensuring that any targeted security threats are reported to those who need to know in a timely manner.
Jeff Jenkinson, Managing Director, Corporate Information Group
PROTECTING CLIENT INFORMATIONTechnical surveillance – it’s not a future threat, it’s happening
today, worldwide
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
31
Technical Surveillance Countermeasures (TSCM) can best be defined as the systematic physical and electronic examination of a designated area by properly trained, qualified and equipped persons in an attempt to discover electronic eavesdropping devices, security hazards or security weaknesses. The threat is a real threat and evolving and it cannot be ignored. There are people out there who carry out the attacks and there are hackers on the internet that you can hire and not be linked with the attack.
Corporate Espionage can often (but not always) be linked to Cyber Security. It depends on the motivation and aims of the offender.
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
32
Biography
Ashley Roughton is an IP lawyer who also specialises in Data Protection and Cyber Security. He is a barrister of 25 years call and has written extensively on IP, IT and cyber security. He has appeared regularly in criminal and civil courts.
Organisation Profile
Nabarro is a leading international law firm with offices in London, Brussels, Dubai, Manchester, Sheffield and Singapore. We offer our clients clarity. Clear thinking applied to their needs and objectives, and clarity in the way we deliver our advice. We favour plain English over legal jargon.
Ashley Roughton, Barrister – Intellectual Property, Nabarro
Cybercrime and scams: What you need to know
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
33
My top 10
1. Governance
2. Data Inventory
3. Develop Policies
4. Notice
5. Security
6. Training
7. Contracts
8. Record Retention and Destruction Programme
9. Breach Action Plan
10. PR Management
Cybercrime and scams: What you need to know
Ashley RoughtonNabarro LLP
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
34
The anti-hacking actComputer Misuse Act 1990
• The Computer Misuse Act –– passed to deal with hacking of computer systems– In 1990 hacking was not taken very seriously — it was seen
as mischievous behaviour– Not seen as something which had the potential to cause
serious loss or problems– Before the Act it was difficult to prosecute people for
hacking — existing laws were not written with that in mind• Three offences:
– Unauthorised access to computer material– Unauthorised access with intent to commit or facilitate
commission of further offences– Unauthorised modification of computer material.
Agenda
• Misuse – the crime.• Global and UK statistics.• Scale of economic damage.• Network threats.• Consumer risks.• The remedy – sentencing and compensation.• Sentencing discounts as a means to discourage large scale
anonymisation.• POCA – a viable option?• What actions can I take in anticipation of and to minimise the
effects of a cyber-attack? - a basic checklist of things to do, watch out for and concentrate on.
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
35
DoS and DDoS – s3A
• Unauthorised acts with intent to impair.• Can be act or acts.• No need for any modification• Impairment can be temporary
In some detail
• Unauthorised access to computer material• Lowest level of offence. e.g. finding or guessing someone's
password, then using that to get into a computer system and have a look at the data it contains.
• Offence even if no damage is done, and no files deleted or changed
• The very act of accessing materials without authorisation is illegal. This offence carries a penalty of imprisonment up to six months and/or a fine.
• Unauthorised access with intent to commit or facilitate commission of further offences
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
36
Types of cyber attacks, actors and motives- Targeted attacks
• include:• spear-phishing - sending emails to targeted individuals that
could contain an attachment with malicious software, or a link that downloads malicious software
• botnet - executing a distributed denial of service (DDoS) attack which aims to flood an information gateway with data exceeding its bandwidth thus rendering the gateway or website inaccessible
• subverting the supply chain - attacking equipment or software being delivered to organisations
Types of cyber attacks, actors and motives- Untargeted attacks
• Aim to exploit vulnerabilities in systems
– phishing – sending emails to large number of people asking for sensitive information (e.g. bank details) or encouraging them to visit a fake website
– water holing - setting up a fake website or compromising a legitimate one in order to exploit visiting users
– ransomware - disseminating disk encrypting extortion malware
– scanning - attacking wide swathes of the internet at random
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
37
Estimates (admittedly)
• Estimates : $.4-1trn• Losses to the four largest economies (US, China, Japan and
Germany) reached $200 billion in 2014 (Center for Strategic and International Studies, 2014)
• UK : economic cost of cyber crime is estimated at about £27 billion p.a. (of which £9bn is associated with the theft of IP from UK businesses) (Detica & Cabinet Office, 2011)
• Average cost of data breach for a UK company in 2014 was about £2.3 million (Ponemon Institute, 2015)
• Probably under-reported• Increases the cost of doing business and distorts the pattern of
long-term investment (Oxford Economics & CPNI, 2014)
Talk Talk
• 21 of October – Attack starts – Looks like a DDoS attack
• Under that screen a penetration attack is also launched whereby information is copied and expropriated
• The information includes : Names, addresses, DoB, email addresses, telephone numbers, account information and Credit card and bank details
• That information is passed on to contact agents
• By 23 October the contact agents start to contact weary Talk Talk customers to excise information from them
• By the end of that day something like £53m has been expropriated
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
38
Consumer risks
• 44% check a website is secure when buying online
• 44% install internet security software on new internet devices
• 30% use complex passwords
• 37% download the latest software updates when prompted
• 21% smartphone software updates as soon as prompted
• 21% adjust online social media account settings to ensure privacy and security
Network Threats – top 5
1. Social Engineering - taking advantage of the human aspect of security
2. Employee fraud or vengence
3. BYOD – downloading/uploading/lost devices
4. Cloud security – data theft/DoS
5. Botnets (robot network). A series of infected computers (usually with some hidden software called a rootkit) which a single hacker can control
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
39
Compensation
• Court ordered or CICB
• Generally loss based
• However in criminal cases the attitude of the courts is mealy
– For instance no amount exceeding the totally of specimen counts may be awarded
• Loss must be proven
– Not always possible to get costs back for doing that exercise
– Might be better to go to the civil courts
– If compensation is not paid then there is no alternative of imprisonment
Penalties• For acts of computer misuse resulting in material damage or risk
of material damage there will in certain cases be a maximum penalty of life imprisonment
• Damage must be serious and the risk must be significant
• Damage must be material (four classes: human welfare, the economy, the environment and national security)
• Cases involving the environment or the economy sentence is capped at 14 years imprisonment
• For the other two, however, the maximum term is life
• Otherwise the maximum penalty is 6 months/2/5/10 years and unlimited fine
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
40
POCA – a viable option?
• Yes – if there is benefit
• No – if there is not
• Depending on the amount failure to pay the available amount results in imprisonment without remission
• There must be a finding that the defendant has a criminal lifestyle – often difficult to prove
• Can lead to plea bargaining (we will not pursue you under POCA if you plead – powerful incentive)
• Can be costly – often need to employ an ex-proceeds of crime officer if you are acting for the defence
Sentencing discounts as a means to discourage large scale anonymisation
• A problem because botnets are anonymous and hard to crack
• Has been shown to be effective
• However it does not work if there is US involvement because no deal can bind the US or state attorney-generals
• A form of plea bargaining
• Guilty plea + providing assistance can result in considerable sentencing discounts
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
41
How can I anticipate a cyber attack?1. Security assessment and roadmap
2. Board-level support for a security transformation
3. Review and update security policies, procedures and supporting standards
4. Establish a Security Operations Centre. Develop monitoring of known cases and incident response procedures
5. Design and implement cybersecurity controls
6. Harden the security of IT assets, such as servers and firewalls, network components and databases.
7. Test, test, test
8. business continuity plans and incident response procedures Instigate regular penetration testing of the network perimeter, ingress points and software applications; and identify exploitable weaknesses
How can I anticipate a cyber attack?Core principles
• Make sure your executive buy-in to the mentality. CEO access is key (only 14% of companies have a direct link)
• Ensure that resources are available during compliance and attack phases – insurance may not be the answer (the re-insurance market is under capitalised for large scale attacks, exclusion clauses almost invalidate the policy – the insurers may go bankrupt – they do not know what the risk is)
• Performance – make sure that your minions can perform pre-planned functions and effectively
• Access to data – are employees only accessing that which they ought – review regularly
• Cost/value – make sure that you have a simple message which outlines the downside of doing nothing or not enough
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
42
Simple things1. Don’t open attachments
2. Just ban detachable media unless it is handled by IT
3. Telephone is the main risk – say nothing
4. Training – educating employees – make IT security attractive; have an incentive system
5. Information management – don’t have stuff online if it does not need to be
6. I N S U R A N C E – can create a moral hazard; might create more risks than it reduces
7. Introduce a policy of cybersense
8. Introduce a key things to do policy – a few easy to understand rules
What is the most important thing to do if there is a cyber attack?
Many things but first and foremost:
Manage your PR
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
44
Biography
Guy was a British Airways pilot from 1972 until 2006. He flew over 18,000 hours. He was a Training Standardisation Captain Boeing 747-400 aircraft. and responsible for regulating the airlines Training Pilots on behalf of the CAA. He was a pioneer of the introduction of Human Factors (HF) Training into Airline culture.
Since 2001 Guy has been instrumental in designing and presenting HF courses in Healthcare and other safety critical industries. He has been designing and delivering training and coaching programmes in association with many healthcare organisations in the UK.
Guy has recently featured on BBC Horizon and National Geographic Air Crash Investigators as an expert on human factors in aviation and surgery. He is ITV’s aviation consultant. Guy is the human factors expert for Medical Protection Society
He is the co-founder of Risky Business (www.risky-business.com)
Guy Hirst, a former pilot has been instrumental in introducing human factors training at British Airways, to the Merchant Navy; the National Air Traffic Service; Great Ormond Street and the John Radcliffe, in
conjunction with Oxford University.
PREVENTING HUMAN ERRORManaging the ‘human factors’ in legal services risk
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
45
Biography
Peter Rogers is Director of Risk at Bevan Brittan LLP. Prior to joining Bevan Brittan in December 2013, he was Lead Professional Regulation Adviser in the Quality & Risk team at Osborne Clarke (OC).
Peter became a full time risk & compliance lawyer in 2005, having previously worked at OC as a commercial litigation solicitor specialising in professional negligence and shareholder/partnership disputes. In 2004 he was appointed as a Deputy District Judge on the Western Circuit, although he no longer sits in that capacity.
He lives in Backwell, near Bristol. He is married with two children, aged 14 and 11. Peter is a keen cyclist and in June 2015 he cycled 280 miles from Bristol to Paris over 3 days to raise money for a Children’s charity in Nepal.
Organisation Profile
Bevan Brittan provides practical, high quality and commercially relevant legal advice to public, private and third sector organisations.
Reflecting the nationwide location of our clients and their markets, our experience includes working with clients across central and local government, NHS commissioning and provider organisations, 40 housing associations and over 100 private sector companies.
We know our clients are working in an environment of greater transparency and accountability and that ever increasing expectations are being placed upon them. That is why Bevan Brittan clients do not need to explain themselves to us over and over again – we get it.
Peter Rogers, Director of Risk, Bevan Brittan LLP
CHANGING RELATIONSHIPS WITH CLIENTSAdvice – commercial or legal?
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
46
Some familiar themes:
• Failure to define scope of retainer• Failure to distinguish role from that of other
professionals• Failure to record instructions and advice in
attendance notes or correspondence• Lack of supervision
Advice – commercial or legal?
Peter RogersDirector of Risk
Bevan Brittan LLP
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
47
2 key areas where breach arises:
• Giving wrong advice• Failure to give advice
Classification of breaches
5 forms which solicitor’s breach of duty takes:I. Breach of specific contractual dutyII. Breach of implied contractual duty to exercise
reasonable skill & careIII. Breach of duty of care owed by solicitor to
client independently of contractual dutiesIV. Breach of duty of care owed to a third partyV. Breach of fiduciary or trust duties
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
48
• Practical advice:
“A solicitor is often called upon to give practical advice,in which legal considerations are only one factor. Insuch a situation, a mere error of judgment … is lesslikely to amount to negligence. Where, however, thesolicitor advises a course of action that is plainly wrong,then he will be liable. The more the advice is based onlegal considerations, the more likely it is that an errorwill be found to be negligent.”
- Jackson & Powell, para 11-164
Giving wrong advice
• On the law:
“Giving advice is one of the principal functionsof solicitors. If the solicitor gives incorrectadvice on a point of common occurrence,where the law is clear, then he will be liable innegligence”
– Jackson & Powell 7th edition, para 11-162
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
49
Case law
• Starting point is the retainer (per Midland Bankv Hett, Stubbs Kemp [1979] Ch 384):
“…the court must beware of imposing uponsolicitors…duties which go beyond the scope ofwhat they are requested and undertake todo…the duty is directly related to the confinesof the retainer.”
Failure to give advice
• Where specifically requested by client• Where not specifically requested but solicitor is
under a duty to provide
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
50
But:1. Cases are fact-specific – no hard & fast rule2. Scope of retainer not limited to client’s express
instructions:“Solicitors’ duties are governed by the scope of their retainer, but itwould be unreasonable and artificial to define that scope byreference only to the client’s express instructions. Matters whichfairly and reasonably arise in the course of carrying out thoseinstructions must be regarded as coming within the scope of theretainer” (per Gilbert v Shanahan – Jackson para 11-170).
See also Credit Lyonnais SA v Russell Jones & Walker [2002]EWHC 1310 (Ch); Minkin v Lesley Landsberg (Practising As BarnetFamily Law) [2015] EWCA Civ 1152
• No duty to travel outside instructions (ClarkBoyce v Mouat [1994] 1 A.C, Pickersgill –v-Riley [2004] PNLR 31):
“In the ordinary way a solicitor is not obliged totravel outside his instructions and makeinvestigations which are not expressly orimpliedly requested by the client”
- Jackson & Powell, 11-169 per Pickersgill, ibid.
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
51
Client character & experience
“An inexperienced client will need and be entitledto expect the solicitor to take a much broader viewof the scope of his retainer and of his duties thanwill be the case with an experienced client.”
- Carradine Properties Ltd –v- D J Freeman Co[1999] PNLR 12
3. Character and experience of client is relevant todetermining scope of retainer
4. Duty to warn of obvious risks5. Duty to provide explanation of content of legal
documents (Newcastle International Airport –v-Eversheds [2012] EWHC 2648 (Ch))
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
52
“In determining what advice is reasonably incidental (to the work which the solicitor is carrying out), it is necessary to have regard to all the circumstances of the case, including the character and experience of the client. ……it is not possible to give definitive guidance (on this) but one can give fairly bland illustrations. An experienced businessman will not wish to pay for being told that which he/she already knows. An impoverished client will not wish to pay for advice which he/she cannot afford. An inexperienced client will expect to be warned of risks which are (or should be) apparent to the solicitor but not to the client”.- Minkin v Lesley Landsberg (Practising As Barnet Family Law), ibid
See also National Home Loans Corp Plc v Giffen Couch & Archer[1998] 1 W.L.R. 207
“a youthful client, unversed in business affairs,might need explanation and advice from hissolicitor before entering into a commercialtransaction that it would be pointless, or even animpertinence, for the solicitor to offer to anobviously experienced businessman.”
- Pickersgill –v- Riley, ibid
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
53
Advice on matters of business• Cases give no encouragement to claimants
seeking to make solicitor responsible forbusiness decision:• Clarke –v- Boyce Mouat [1994] 1 AC 428• Pickersgill v Riley [2004] PNLR 31• Football League Limited v Edge Ellison
[2007] PNLR
Duty to warn of risks
“if, in the course of taking instructions, a professional manlike…a solicitor learns of facts which reveal to him as aprofessional man the existence of obvious risks, then heshould do more than merely advise within the strict limits ofhis retainer. He should call attention to and advise uponthe risks”– Boyce v Rendells (1983) 286 EG
• NB also duty of disclosure (under common law andChapter 4 of the SRA Code) – NB Orientfield HoldingsLtd v Bird & Bird [2015] EWHC 1963 (Ch)
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
54
Business LegalWhether transaction is prudent(Clarke v Boyce Mouat, ibid)
Whether counterparty is solvent &whether guarantees should besought (Football League Limited –v- Edge Ellison, ibid)
….but: (1) FLL succeeded on onehead of claim (2) Court influencedby sophistication of FLL? (3) NBAustralian cases in Jackson [11-177] (4) NB Mortgage Express vBowerman duty to lender client toadvise on matters pertaining toadequacy of the security
Whether client should determinelease or keep in existence & seeknew tenant (Yager –v- Fishman Co,[1944] 1 All ER 552)
….but note that one judge attachedweight to fact that claimant wasexperienced businessman
“Is the solicitor supposed to review the whole range of commercial considerations that underlie a particular deal, work out which ones he is concerned the client may not have given sufficient thought to and remind him about them? In my judgment the answer is no.”
- Football League Limited v Edge Ellison, ibid
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
55
However:
• Each case turns on its own facts• Not always easy to distinguish between legal
and business matters:“I cannot accept the distinction drawn betweenlegal consequences and financial implications,because in this case the significance of thelegal consequences lay in the financialimplications”- County Personnel Ltd v Alan R Pulver Co [1987] 1WLR 916
Business LegalWhether the claimants wereinsured in respect of the claim onwhich solicitor was instructed(Carradine Properties v DJFreeman, ibid)Whether VAT might be payable &possibility of negotiating a dealwhereby the counterparty wouldpay it (Virgin Management v DeMorgan, [1996] NPC 8)Whether there were adversecommercial implications or risksassociated with restrictions onaccess to car park of hotel beingacquired (the legal implicationshaving been explained) (Reeves vThrings Long [1996] 1 PNLR 265)
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
56
• Claim might succeed on alternative basis:− failure to warn of obvious risks: Luffeorm Ltd
v Kitsons LLP [2015] EWHC B10 (QB);− failure to explain content of legal documents:
Newcastle International Airport v Eversheds,ibid
• Football League case was the largest law firmliability claim to go to trial (£142m), & only a‘bad’ claim in hindsight. FLL was sophisticated.Many firms/insurers would have settled?
• Experience of client likely to play a major factor– see Pickersgill, FLL, etc. The lessexperienced the client, the greater the risk of anadverse finding
• Court’s interpretation as to what fairly &reasonably falls within the retainer may differfrom ours – especially where there is noChapter 1 letter, wording is ambiguous orthere’s been scope creep
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
57
5. Where consciously providing practical/commercial advice with limited if any legalelement (where qualified to do so), considerrisk/reward ratio and limitation of liability
6. Look out for & advise on unusual risks7. Consider need to explain content & effect of
legal documents8. Attendance notes!9. Beware of risks in advising on reputational/PR
issues – see 5 above10.Care when taking on other roles – NED etc
Practice points
1. Agree detailed and specific scope of work atoutset (NB Balogun v Boyes Sutton & Perry[2015] EWHC 275 (QB); also Minkin (ibid))
2. Remember that extraneous client-facingdocuments (e.g. tenders) may be taken intoaccount by Court
3. Take into account the experience of the client4. Keep scope under review & avoid (or formalise)
scope creep
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
58
Why Bevan Brittan?
We are the largest specialist provider of commercial legal services to the Public Sector in the UK. Our clients include a third of all NHS Bodies and all Local Authorities in England, 30 Housing Associations, and over 100 private sector firms who serve these sectors, covering areas such as social infrastructure and waste.
Questions?
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
59
Thank you!
Our promises
• To understand you• To provide solutions that contribute to your
success• To give you fair pricing and clarity on costs• To give you the right team• To communicate clearly• To care about our relationship with you
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
60
Biography - Poul Gade
e-mail: [email protected].
Member of Bech-Bruun Corporate Compliance & Investigations team.
Former Chief Prosecutor, specialized in Serious Fraud and Organized Crime.
Member of the Board, Danish Anti-Doping Agency.
Vice-president of the Disciplinary Committee, Danish Football Association.
Council of Europe: Member of expert groups re. Transnational Organized Crime and Match-fixing.
Part of the Raul Wallenberg Institute (University of Lund, Sweden) program of cooperation with the Chinese Prosecution Service in human rights issues.
Resident in Aarhus, married to Marianne, 4 children, 1 dog.
Organisation Profile
Bech-Bruun is one of Denmark’s leading law firms with approximately 505 specialized and experienced employees. Bech-Bruun has offices in Copenhagen, Aarhus and Shanghai. Measured by the number of lawyers, Bech-Bruun is the largest law firm in Denmark and second in Scandinavia.
As a full-service law firm, Bech-Bruun renders advice on all aspects of corporate and commercial law. Clients are Danish and international enterprises, organizations and public authorities. Our business is divided into 10 overall practice areas: Banking & Capital Markets, Corporate Compliance & Investigations, Dispute Resolution, Employment & Labour, EU & Competition, Financial Analysis, Insolvency & Restructuring, IP & Technology, M&A Corporate, Public Law, Real Estate & Construction, Tax, Transport & Insurance.
www.bechbruun.com
Panellists including: Poul Gade, Associate Ph.D, Bech-Bruun, Denmark, Poul is a former chief prosecutor and is currently on leave from the prosecution service in Denmark. He sits on Bech-Bruun’s
Corporate Compliance & Investigations team and Keith Read, Former Group Compliance Director, BT and Board Member, Legal Compliance Association
CROSS-SECTOR INSIGHT PANELWhat can be learned from other sectors?
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
61
Biography - Keith Read
Keith Read is an award-winning thought leader and expert in compliance, ethics, culture, risk, supply chain and governance
He is currently director and principal of his own compliance consultancy and advises a diverse range of international organisations on compliance, ethics and risk. Keith was formerly the Group Director of Compliance and Ethics for BT (British Telecom) in London, when he won the Compliance Register’s Best Compliance Officer award, and also the Best Compliance Company award. He was subsequently the subject of a full-page Daily Telegraph national press article - ‘Compliance and Science’. BT is a high-profile £20Billion company, with some 150,000 employees and contractors operating in 176 countries
Prior to this appointment, Keith was the General Manager, Governance, responsible for all governance and compliance activities in the management of BT’s £5.7Billion supply chain, with a particular focus on supply chain integrity
He has an innovative and practical approach to compliance, using novel techniques that address critical issues such as ‘Compliance Complacence’ and the ‘Cost of Compliance’; his work is regularly published on both sides of the Atlantic in a range of governance, compliance, ethics and procurement industry journals. His Whitepaper - ‘The Compliance Covenant’ - was the featured article in Compliance and Ethics Professional, the US’s leading industry journal, and takes a new and highly original approach to the challenge facing all compliance officers; that of changing the significant ‘push’ needed to deliver and maintain an effective compliance programme into employee ‘pull’
Keith is a frequently-requested international speaker, drawing on his wide-ranging practical experience of compliance, including Anti-Bribery and Corruption, whistleblowing, modern slavery, competition/anti-trust and third-party compliance. His thought-provoking ideas and infectious enthusiasm appeal to diverse compliance, ethics, supply chain and governance audiences, and readers, worldwide
[email protected]+44 (0)7900 046042
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
62
Moderator: Rachel Khiara, Partner, Khiara Law and Board Member, Legal Compliance AssociationPanellists Include: Andrew Cheung, Partner and General Counsel, Dentons,
Julie Herriott, Head of Risk and Compliance Operations, Pinsent Masons, Daniel Macaluso, Head of Law and Compliance, Linklaters and
Pearl Moses, Lead Consultant: Risk and Compliance, The Law Society and Board Member, Legal Compliance Association
WHAT TO LOOK OUT FORINTERACTIVE PANEL:
Horizon scanning – what’s next?
Biography - Rachel Khiara
Rachel Khiara, Principal at Khiara Law LLP, is a pre-eminent advisor in the professional practices sector, working with leading and niche firms, and new entrants into the legal services sector on a wide range of constitutional, financial and structuring issues. Rachel has a particular specialisation for regulatory and compliance work and sat on the Solicitors Regulation Authority’s ABS/OFR Committee. Prior to founding Khiara Law LLP, Rachel was a Partner at Addleshaw Goddard LLP and Counsel at Allen & Overy LLP. “Rachel Khiara’s growing presence in the market is noted and she is recognised for her non-contentious practice” Chambers & Partners Directory 2012”
Organisation Profile
Khiara Law LLP is a boutique law firm servicing the requirements of legal services businesses and their professional advisors. We advise clients directly and on an outsourced basis on all areas of professional regulation, offering practical advice to legal businesses regarding their compliance obligations. Khiara Law LLP also provides restructuring advice for firms looking to accommodate growth or establish as an ABS. Further, we advise professional practices on a wide range of constitutional issues, including profit and capital sharing structures, partner exits and discrimination issues. Rachel Khiara provides a bespoke training programme for staff and compliance offices, by looking at a firm’s business and operations and considering issues of disclosure, risk reporting and record keeping.
Biography - Andrew Cheung
Andrew Cheung is a partner and the General Counsel for the Dentons’ UK, Middle East and Africa operations. He sits on the firm’s Board as well as being a member of its Global and Regional Risk Management Committees and Global and Regional Operations Committee. He is the firm’s Money Laundering Reporting Officer, Deputy COLP, Data Protection Officer, Anti-Bribery Officer and FSA Compliance Officer. He is responsible for the firm’s claims, risk management, corporate advice and regulatory compliance across the UKMEA region. In addition, Andrew advises clients on international financial sanctions, AML and anti-bribery issues. Andrew also writes and regularly speaks on regulatory and risk issues, in particular those affecting law firms. He is admitted as a solicitor in England and Wales and as a barrister and solicitor in Western Australia and the High Court of Australia.
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
63
Organisation Profile
Dentons is a client-focused global law firm delivering quality and value. It serves clients in key business and financial centres from 79 locations in 52 countries, through offices, associate firms and special alliances across the US, Canada, the UK, Central & Eastern Europe, the Middle East, Russia and the CIS, Asia Pacific and Africa, making it a top 10 legal services provider by lawyers and professionals worldwide.
Biography - Julie Herriott
Julie is Head of Risk and Compliance Operations has day to day responsibility for all areas of risk at operational level and compliance with professional and regulatory obligations throughout the firm including overseas offices.
She is also secretary to the firm’s Conflicts Committee dealing with many of the firm’ conflict issues.
Organisation Profile
Pinsent Masons LLP is a full-service international law firm. The firm ranks among the top fifteen law firms in the United Kingdom by turnover. Pinsent Masons LLP has over 350 partners, a total legal team of around 1,500 and more than 2,500 staff.
Biography - Daniel Macaluso
Since 2013, Daniel Macaluso has been heading Linklaters’ Law & Compliance team, which provides advice and handles the firm’s compliance on a wide range of legal and regulatory requirements worldwide. Prior to that he was responsible for all aspects of risk management for the firm’s Western European region. He also serves as the firm’s Data Protection Officer in a number of jurisdictions.
Prior to joining the Risk Department in 2008, Daniel began his legal career in 2003 practicing litigation at Skadden, joining Linklaters in 2006.
Daniel is licensed to practice law in New York, England & Wales, and Paris. He divides his time between the London and Paris offices.
Organisation Profile
Linklaters is an integrated global law firm, established and operating as a limited liability partnership under English law with branches and related local entities or firms across the world.
Biography - Pearl Moses
Pearl Moses is the Practice Lead Consultant in Risk and Compliance for the Law Society of England and Wales. She is a seasoned legal professional and a solicitor with over 12 years experience in private practice, legal publishing and regulatory compliance issues.
Pearl joined the Law Society in 2003 and since then has held a range of regulatory roles including senior technical adviser with a policy formulation, training and adjudication remit.
Within risk and compliance circles Pearl is a sought after speaker, trainer facilitator and coach. As a consultant she specialises in creating tailored compliance solutions and interventions to help firms and in-house legal teams embed sound risk management principles and best practice client care and complaints handling systems.
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
64
Organisation Profile
The Law Society is the independent professional body, established for solicitors in 1825, that works globally to support and represent its members, promoting the highest professional standards and the rule of law.
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
65
Note: This list and the information contained herein is confidential. It should not be passed to third parties without the express permission of the event organiser or to be used for any other purpose than to aid networking at this event.
First Name Last Name Role Company
Victoria Anderson Director of Risk and Compliance Cooley (UK) LLP
Rebecca Atkinson Head of Risk & Compliance Howard Kennedy LLP
Robin Bayly Executive Director Willis
Polly Branch Bird & Bird LLP
Eddie Breen General CounselWragge Lawrence Graham & Co
Niall Brook Risk and Compliance Partner Blake Morgan LLP
Jodie Burch Head of Marketing Advanced 365
Tonia CamachoHead of New Business and Strategy, Risk & Compliance Ashurst LLP
Richard Carter Managing PartnerMartin Tolhurst Partnership LLP
Sakina Chenot In-house Counsel Clyde & Co
Andrew Cheung Partner & General Counsel Dentons
Omar Choudhury Senior Risk & Compliance ManagerRopes & Gray International LLP
Andrew Coates Partner Kennedys Law LLP
Jonathan Cornes Compliance Officer Ramsdens Solicitors
Frankie Davies Internal Legal & Risk Associate Baker & McKenzie LLP
Ryan Davies Marketing Assistant Advanced 365
Marion Deferi Linklaters LLP
DELEGATE LIST
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
66
Helen Donegan Publisher, Managing Partner ARK Group
Jennifer Duff Senior Marketing Executive Advanced 365
Charlotte Duran Compliance officer Penningtons Manches LLP
Lee Edwards Compliance ManagerDavis Polk & Wardwell London LLP
Katherine Foran Head of Risk Dentons UKMEA LLP
Poul Gade Associate Bech Bruun
Michelle Garlick Solicitor Weightmans LLP
Nina Gaston Partner Mason Hayes & Curran
Paul Glenfield General Counsel and Head of Risk Matheson
Andy Goodall Head of Risk & Compliance Withers LLP
Gavin Hadfield Senior Risk and Compliance Lawyer Holman Fenwick & Willan LLP
Julie HerriottHead of Risk and Compliance Operations Pinsent Masons LLP
Guy Hirst Speaker Risky Business
Gary James Hopkins Risk and Compliance Controller Farrer & Co LLP
Anna Hudson Director of Quality & Risk Thrings LLP
Jeff Jenkinson Managing Director Corporate Information Group
Funmilayo Kolaru Compliance Manager Stewarts Law LLP
Barbora Lezatkova Attorney at Law
Daniel Macaluso Head of Law and Compliance Linklaters LLP
Frank Maher Partner Legal Risk
Manju Manglani Editor, Managing Partner ARK Group
Richard McDowell Partner, Risk & Compliance
Mike Mortlock Willis
Pearl Moses Lead Consultant The Law Society
12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015
67
Per Nilsson Lawyer Advokat Per Nilsson AB
Marie Nuth Compliance Manager Appleby Global
Nicola Oakley Risk PSL Keoghs LLP
Olivia Omideyi Linklaters LLP
Sam Osborn Business Development Executive Advanced 365
Crispin Passmore Executive DirectorSolicitors Regulation Authority
Jenine Pickering
Matthew Poli Partner Palmers Solicitors
Rieneke Van Praag Sigaar Risk & Compliance Officer Stibbe BV
Reshma Raja Partner - Professional StandardsMatthew Arnold & Baldwin LLP
Keith Read Board Member Legal Compliance Association
Emma Reitano Commissioning Editor (UK) ARK Group
Alexandra Resina da Silva Managing AssociateVieira de Almeida & Associados
Peter Rogers Director of Risk & Best Practice Bevan Brittan LLP
Ashley Roughton Barrister - Intellectual Property Nabarro
Jo Saunders General Counsel Hill Dickinson LLP
Ann Shanahan Head of Compliance Bedell Group
Jonathan Simon Executive Director Willis
Andrew Skinner Partner Palmers Solicitors
David Smythe General Counsel Kingsley Napley LLP
Guido Stam Director of Finance Stibbe BV
David Swaffield Head of Property Hill Dickinson LLP
Colin Taylor Executive Director Willis
Karin UlberstadRisk and Quality Management Partner Advokatfirman Vinge KB