This article is related to a Showcase CLE program that took place at the ABA Business Law Section’s Hybrid Annual Meeting on Saturday, September 17, 2022. All CLE programs were recorded live and will be available for on-demand credit, free for Business Law Section members.
Ethics compliance and risk management in law firms and in-house legal departments start with issue spotting. Some issues—like “Who is the client?”—are fundamental to complying with legal ethics rules. Other such questions include:
- “What does the engagement letter say?”
- “What is the scope of work?”
- “Are there outside counsel guidelines?”
- “Have you conducted client due diligence?”
- “What are the client’s expectations with respect to protecting the confidentiality of their information?”
- “Have we updated our business continuity plan?”
This article and the accompanying program will tackle these issues and more.
To analyze an ethical conflict of interest situation, one must answer the age-old question: who is the client? An attorney-client relationship does not depend upon the existence of a signed engagement letter, nor is the identity of the client necessarily determined by who pays the lawyer; rather, one test for the existence of an attorney-client relationship is the subjective reasonable belief of the would-be client that the lawyer represents the client. Stated somewhat differently: if a person seeks legal advice from a lawyer; that person shares, in confidence, information about the matter; and the lawyer does not disavow an attorney-client relationship, it is likely that an attorney-client relationship has been formed.
Many lawyers give little thought to an engagement letter. The engagement letter is the contract between the lawyer and the client for services the lawyer is being engaged to provide. It identifies the parties to the contract, the scope of the services the lawyer will provide, and how much (or at what rate) the client will pay the lawyer for those services. Engagement letters may also contain other important terms, such as an “advance waiver” provision that allows the lawyer to be adverse to the client on unrelated matters. Clients, too, may have their own Outside Counsel Guidelines that establish terms and conditions for the representation, including the client’s expectation (and the lawyer’s corresponding agreement) as to what other entities are to be considered the client for conflict of interest purposes.
Due diligence on the potential client is also important. Not only can such due diligence identify the “bad actor” client or the “difficult client,” it can also identify the “slow pay” client or “no pay” client, (i.e., one for whom a retainer may be useful to help ensure that the lawyer is compensated for the services rendered).
General counsel and other risk managers also expect lawyers to have a strong grasp of the lawyer’s ethical obligations with respect to confidentiality. Under ABA Model Rule 1.6(a), “A lawyer shall not reveal information relating to the representation of a client unless the client gives informed consent, the disclosure is impliedly authorized in order to carry out the representation or the disclosure is permitted by paragraph (b).” Far broader than the attorney-client privilege evidentiary rule, the lawyer’s ethical obligation of confidentiality encompasses any information relating to the representation of the client, whatever its source.
Advances in technology and the proliferation of devices that may contain client information has prompted the ABA to impress upon lawyers the importance of appreciating the risks that technological advances present. In 2012, the ABA adopted a series of “Technology Amendments” to the ABA Model Rules and Comments that address this issue. First, Comment 8 to ABA Model Rule 1.1 regarding “Competence” was amended as follows: “To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject.” Model R. Prof’l Conduct 1.1, cmt 8 (emphasis added). Perhaps more importantly, the ABA added Model Rule 1.6(c) to highlight a lawyer’s ethical obligations to take reasonable steps to prevent the unauthorized use or disclosure of confidential information. Model Rule 1.6(c) reads: “A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”
As a result, lawyers should establish policies and procedures designed to help prevent the inadvertent disclosure of or unauthorized access to client information; train other lawyers and non-lawyer staff members on cyber-security issues; and communicate with clients about the confidentiality of their information. Lawyers should also have business continuity plans and incident response procedures in place should unexpected circumstances make it difficult to continue seamlessly representing a client. Regardless of whether those unexpected circumstances are a result of a natural disaster (or a once-a-century pandemic), or a “simple” cyber-attack, the lawyer and the law firm should have contingency plans in place for how to address the adversity.