01 July 2008

Directors Q & A: Outside Counsel Risk...

Every Board Member needs to ask "Six Legal Questions" of corporate management because the answers will help you determine what law firms your company should fire, or even consider hiring. This special report by Randy Myers in Corporate Board Member highlights the Operational Risk of litigation and whether you are prepared for offense, defense and the next reputation scandal:

  1. How well do our outside law firms know our business?
  2. Are we prepared to handle litigation against us in the best way?
  3. Under what circumstances should we consider suing another company?
  4. When should we use a big law firm? When are we better off with a small one?
  5. What clues can tell us if our outside lawyers are no longer right for us?
  6. How well will we stand up to scrutiny?

We have to highlight the commentary on #6 (H. Rodgin Cohen, partner and chairman of New York City-based Sullivan & Cromwell LLP)

Directors must let the compliance office and general counsel know that they are to be informed anytime the company is put under investigation, Cohen says; government regulators and prosecutors expect the board to take a role in such matters. Having a clear policy in place is critical, says attorney Matthew Powers.

There is no cookbook recipe to prepare a company for an investigation. But what directors have to do, says Cohen, is approach any such inquiry with the understanding that in today’s environment, with laws and regulations being rigorously enforced, fighting a government investigation is almost always a bad idea. Companies must be seen as cooperative, he says, which means that they must conduct thorough investigations of their own when alerted to potential wrongdoing and provide the government with whatever it requests. If problems are uncovered, they should move quickly to take remedial action, implement policies and procedures to prevent further troubles, and penalize the people responsible. “If the company fails to take action,” Cohen warns, “it must expect that it will receive harsher punishment.”

He says it makes sense to report suspected violations of the law voluntarily when an internal examination uncovers them. “You’re really rolling the dice if you don’t, because if the government later finds out, it will have no confidence in you. And remember, the government has two ways to find out—on its own or from someone inside the company.” If the government decides it needs to find out on its own, he says, any penalties are likely to be much more painful.

Firing your long time outside firm is not easy and like any third party supplier who has been embedded for years or decades, "Breaking Up is Hard to Do." Every Corporate General Counsel's greatest fear. Have you every received advice that the negative results of an internal investigation needs to be buried, hushed up or even worse, ignored in hopes that nothing will happen?

Corporate Governance is taking on a new resonance in a politically charged election year here in the United States. The Democrats are gearing up for more oversight, investigation and compliance laws focused on areas that the Republicans have been long to scrutinize. Laws that have been gathering momentum in the halls of Capitol Hill are targeting some of the industry sectors that have benefited the most from the Defense Industrial Base windfall.

In a global survey by Fulbright & Jaworkski LLP, 40% of US companies had at least one lawsuit with $20M. or more at risk. 60% had one or more plaintiff class actions pending and 36% say that the government regulators have stepped up their visits.

So if you are on the Board of Directors and you want to be proactive on the upcoming front for litigation, where do you look? The Accounting department. Sales and Marketing. Information Technology. Legal Department. The easy answer may be, who has the most laptops? Brian Krebs talks about the Data Breach problem from The Washington Post blog:

The San Diego-based Identity Theft Resource Center tracked 342 data breach reports from Jan. 1 to June 27. Nearly 37 percent of reports came from businesses -- an increase from almost 29 percent last year.

Data breach reports from health care providers (14.9 percent of the total) and banks (10 percent) continued to rise, while the share of breaches from educational institutions (21.3 percent of the total) government entities and the military (17 percent) declined for the third year in a row, the ITRC found.

Hacking was the least-cited cause of data breaches in the first six months of 2008 (11.7 percent of the total). Instead, lost or stolen laptops and other digital storage media remain the most frequently cited cause of data breaches, accounting for more than 20 percent of all reported cases, the ITRC found. The inadvertent posting of personal and financial data online prompted roughly 15 percent of the data breach disclosures.

The nexus of data, plaintiff law suits and your outside counsel (3rd party suppliers) will be the Board of Directors #1 priority in the next few years. This is the vortex of Operational Risk in the 21st century.

1 comment:

  1. The GC has little interaction with the CIO in a proactive mode these days. In our company, the IT people are only interacting with the legal team when the "fire" is already burning out of control.

    Maybe someday the Board of Directors will get us all together in the same room to give us some direction and create some new strategy on this growing exposure.