A Mid-Size Firm Gets Ahead of the Compliance Curve
In general, mid-size law firms lack compliance programs, and their leadership tends to defer to the partners to conduct themselves as they feel appropriate, according to attorney John Remsen Jr., a consultant who has worked with about 250 midsized firms on marketing and management issues.
Lawyers like autonomy, not rules, Remsen told CorpCounsel.com. It [a law firm] is a pretty loose form of governance.
But as we continue our look into law firm compliance programs, at least one firm appears to be an exception to Remsens experience.
At Chicago-based Much Shelist, partner Steven Schwartz is the chief operating officer, and by default, the general counsel and chief compliance officer, Schwartz said.
He and managing partner Mitchell Roth serve on the firms executive committee, and Schwartz also heads a four-lawyer compliance committee. Both men also have full practices.
How do they split their time? It depends on the day, Roth replied. But we both have a full-time responsibility to our clients, and a full-time responsibility to our firm. Some days we start at 6 a.m. and were still here late at night.
The compliance committee, Schwartz explained, is very active and deals with issues ranging from conflicts of interest for the firms 85 lawyers to ethical obligations, licensing, and risk management.
Roth added, Being an entrepreneurial firm, our lawyers are very active in relations with our clients. So when were collecting money from clients and discussing whether to go into business with clients, its not always black and white. We need to make sure we are on the right side of any gray area.
Schwartz works with the firms IT department on file retention and cybersecurity issues, with the help of another lawyer who is well versed in the field.
One of the key tech problems Much Shelist has resolved is the troubling issue of people using their own digital devices for firm work. The solution: an outright ban.
We dont permit people to plug anything into our system, Schwartz said. If you need it, we provide devices such as iPads, and all our attorneys have [firm-issued] laptops now. We discourage people from even using their own iPhones for work.
He said their security system is set up to remotely wipe out the firms mobile phones and lock down laptops if one is lost or left on a plane. Each device also requires a password and a fingerprint ID for access, he said.
The compliance program includes monitoring the accounting department, which does the firms billing. The good news is we havent had a big problem with that historically, he said.
The law firm offers periodic compliance training as well as impromptu meetings to deal with any emerging issue. And it has hired strong directors of technology and human resourcesthe two areas where they believe most risks lie.
Roth conceded that the firm spends more on its non-legal staff than do most midsized law firms.
Attorney Sharon Nelson, president of Sensei Enterprises Inc. of Fairfax, Virginia, provides data security solutions to small and mid-sized law firms. Nelson thinks firms like Much Shelist are way ahead of the curve.
For example, many firms have email and Internet policies, but not bring-your-own-device policies, Nelson said. Some would say a disaster recovery plan is an ethical requirement, but most firms dont have one, she added. Because you cant bill [a client] for doing a compliance program.
Nelson said there is a wide range of policies that more law firms should have in placeand they probably intend to do it one day. But its remarkable what people dont have. Its gotten to the point that I have instructed my staff that when a client refuses to follow security recommendations, we document it in writing.
In one problem area, Nelson said, Its not unusual for law firms to hold client credit card information in the clear [not encrypted]. And its not unusual to email it. Youre not supposed to do that.
Remsen, head of The Remsen Group consultants, agrees that firms like Much Shelist tend to be the exception. He believes, however, that more law firms are beginning to move toward compliance programs.
He agreed with Roth that a compliance program can protect the bottom line. It makes for a much more profitable, cohesive, sustainable law firm, Remsen noted.
But Remsen added that law firms have just been bumping along and not really getting into troubleat least not yet.
Much Shelists Roth indicated that just bumping along isnt good enough. Thats because one big mistake could be disruptive, or even catastrophic, to our business, he said. You need to stay in front of it.