1 december: 12th annual risk management for law firms

SPEAKERS FROM:

[email protected]+44 (0) 20 7324 2365 www.ark-group.com

WHY ATTEND?• Stay compliant - essential updates

from your regulators• Participate in live polls to

benchmark your thinking and practice

• Share your experiences with your peers and get feedback on your judgements

• Meet the brightest and the best from legal compliance

The risk landscape is constantly changing and the 12th annual Risk management for law firms conference will enable delegates to learn about developing issues, and how to deal with them. The 9th Regulatory compliance for law firms conference is not going to be about ticking boxes. It is about resolving the real-life dilemmas posed by clients and others on a daily basis, and the framework within which law firms operate. Both conferences provide the opportunity to meet with and learn from your peers.Frank Maher, Partner, Legal Risk

1 December: 12th annual Risk management for law firms

PRESENTS

A WORD FROM THE CHAIR:

ENDORSED BY:

Hold on to your profit, and your reputation, in 2016 with ARK’s annual risk and compliance conferences

SPONSORED BY:

Welcome to 12th Annual Risk Management for Law Firms Conference 2015.

So that we can keep everything running as smoothly as possible please take note of the following points:

z Delegate pack – this is correct at time of publication, whilst every effort is made to include all material, there are occasions where slides need to be changed at the last minute to ensure any duplication of content is kept to a minimum. An electronic link will be sent to you following the conference where you can download all of the slides presented throughout the conference.

z Delegate feedback form - you’ll find the form in the delegate pack handed out to you at registration. Your comments and suggestions are invaluable to us and our speakers so please don’t forget to complete this during the event.

z Dietary requirements – please tell us no later than morning break if you have any specific dietary requirements we should be aware of. Lunch will have a vegetarian option, but if you have any other requirements please let us know.

z Electronic devices – please ensure these are switched OFF as they can interfere with AV equipment and the use of them can be a distraction to other delegates.

z Health and Safety – please familiarise yourself with the nearest emergency exits and take note of any Health and Safety announcements given by ARK Group staff in the morning.

Please do not hesitate to ask a member of ARK Group staff if you need anything.

Leah DarbyshireHead of Content, Events, and Community Manager for Legal Compliance AssociationARK Group

12th ANNUAL RISK MANAGEMENT FOR LAW FIRMS CONFERENCE 2015

Background

ARK Group is a leading provider of business management information delivered via live events and printed publications. With offices in London and Chicago, we are an international information provider to a wide range of businesses.

ARK Group is a member of Wilmington PLC, a group that delivers essential training, information and knowledge to organisation and professionals across a wide range of sectors. Wilmington companies thrive on creative collaboration and shared expertise, and we have a common goal - to help our clients maximise their potential. At ARK Group we believe that effective management strategies and techniques are valid across industry and geographic divides.

Our goal is to help professionals and organisations work more intelligently by delivering reliable information and techniques that can be used to benchmark, instigate, develop and improve fundamental business processes and procedures.

Our events

ARK Group conferences, masterclasses and webinars complement and coordinate with our management strategy publications. They are rigorously researched and provide companies around the world with a practical, progressive and enjoyable alternative to traditional conference formats. Our events are designed to meet the needs of forward thinking business representatives who need to maintain an edge in today’s fast-moving global market place.

Our comprehensive product range includes:

z International conferences: these conferences address business-critical topics in our core arena of expertise, namely: legal services businesses management; legal compliance; knowledge, content and information management; trade finance and business optimisation for both the private and public sectors.

z Masterclasses: these are intimate one-day or half-day intensive events led by industry thought leaders and are designed to be interactive and informal.

z Webinars: one hour of specific instruction on up-to-the minute topics by industry-leading speakers, delivered to your desktop.

Our publications

ARK Publishing is committed to delivering practical advice and expertise to business professionals worldwide through a range of specialist magazines and reports. Written by expert practitioners, ARK Group’s reports offer behind-the-scenes access and an opportunity to benchmark your initiatives against those of your competitors and peers. Our reports are published in association with Managing Partner, Private Client Adviser (formerly Elderly Client Adviser), Solicitors Journal and Trade & Forfaiting Review magazines.

For more information on our wide range of products, please call ARK Group on +44 (0)2073 242365 or visit our website: www.ark-group.com

DISCLAIMER

The material for this presentation has been designed as an integral part of the presentation solely for the benefit of delegates attending the presentation. The material does not necessarily stand on its own and is not intended to be relied upon for giving specific advice.

To the fullest extent permitted by law, neither ARK Group nor its presenters will be liable by reason of breach of contract, negligence or otherwise for any loss or damage (whether direct or indirect) occasioned to any person acting or omitting to act or refraining from acting upon the conference material or presentation of the conference or, except to the extent that any such loss or damage does not exceed the price of the conference, arising from or connected with any error or omission in the conference material or presentation of the conference. Nothing in this paragraph shall be deemed to exclude or limit ARK Group’s nor its presenters liability for death or personal injury caused by negligence or for fraud or fraudulent misrepresentation.

Loss and damage as referred to above shall be deemed to include, but is not limited to, any loss of profits or anticipated profits, damage to reputation or goodwill, loss of business or anticipated business, damages, costs, expenses incurred or payable to any third party (in all cases whether direct or indirect) or any other direct or indirect loss or damage.

Copyright in these materials belongs or is licensed to ARK Group and no permissions or licences in relation to these materials are granted. No part of the handout material may be reproduced in any form or for any purpose without the prior permission of ARK Group.

849-15

12th Annual Risk Management for Law Firms Conference 2015 - 1 December 2015

1

CONTENTS

SPONSORS 2

CHAIR’S OPENING REMARKS 5

ESSENTIAL UPDATESKeynote: The future of regulation 6

PROTECTING CLIENT INFORMATIONConfidentiality in an international market place 14

PROFESSIONAL INDEMNITY INSURANCEWhat can legal businesses expect in terms of professional indemnity insurance (PII) in 2016? 22

PROTECTING CLIENT INFORMATIONTechnical surveillance – it’s not a future threat, it’s happening today, worldwide 30

Cybercrime and scams: What you need to know 32

PREVENTING HUMAN ERRORManaging the ‘human factors’ in legal services risk 44

CHANGING RELATIONSHIPS WITH CLIENTSAdvice – commercial or legal? 45

CROSS-SECTOR INSIGHT PANELWhat can be learned from other sectors? 60

WHAT TO LOOK OUT FOR INTERACTIVE PANEL:Horizon scanning – what’s next? 62

DELEGATE LIST 65


2

Willis Limited is a leading global insurance broker.

Willis develops and delivers professional insurance, reinsurance, risk management, financial and human resource consulting and actuarial services to corporations, public entities, institutions and firms around the world.

Willis has more than 400 offices in nearly 120 countries, with a global team of approximately 17,000 Associates serving clients in virtually every part of the world.

Willis has considerable experience in the legal services sector. The Legal Services Practice Group within Willis’s FINEX Global division is dedicated to handling the Professional Indemnity Insurance (PII) requirements of the legal services industry. With excellent market access, dedicated service teams and commitment to risk management the group has developed a market leading position.

http://www.willisfinexglobal.com/

SPONSOR


3

SPONSOR

Advanced 365, a division of Advanced Computer Software Group has been supporting dynamic organisations since 1987 to align IT services with business requirements.

Advanced 365 is a leading UK based provider of IT Managed Services and Business Innovation solutions. Over 250 organisations rely on our expertise and service excellence to improve their operational efficiencies, control costs and provide visibility of their IT estates.

Place Sponsors ad over this page and the word Sponsor above (text

shouldn’t be visible, only needed for contents page link when there isn’t a

profile)

SPONSOR


5

Biography

Frank Maher is a practising solicitor and partner in Legal Risk LLP. He specialises in advising major US, European and UK 100 law firms, their insurers and other professions on professional regulation and professional indemnity. His practice covers transactional advice, litigation and disciplinary proceedings. He is advising a number of practices on regulation as Alternative Business Structures under the new regulatory regime in the UK which permits non-lawyer investment and involvement in law firms.

Frank has a diploma in Anti Money Laundering and a Practitioner Certificate in Data Protection.

Frank is author of Risk and Compliance for Law Firms in a Changed World and co-author with Sue Mawdsley of The Money Laundering Reporting Officer’s Handbook: A Guide for solicitors. He is also a contributor to Ark Group’s Future of Legal Services Report and is a contributor to the International Bar Association book on Risk Management In Law Firms, with contributions on several topics including conflicts and confidentiality.

He has over 30 years’ experience of defending many of the largest law firm claims for insurers. His claims experience includes many involving fraud issues in the UK and elsewhere, property, undertakings, financial services and consumer credit.

He has advised City firms and many other UK, US and international practices.

He is also a frequent contributor to the legal and insurance press and a regular speaker at events worldwide.

Organisation Profile

Legal Risk LLP is a UK law firm whose clients include six Am Law 100 and ten Am Law 200 firms, many of the leading European and UK law firms and US and UK insurers on professional regulation, risk management, anti-money laundering, and professional indemnity. The partners’ combined experience covers a wide range of commercial, banking, insolvency, anti-money laundering, professional indemnity insurance and disciplinary and compliance issues. The firm is frequently instructed in the insurance aspects of law firm mergers.

Legal Risk is recommended by Legal 500 and Chambers and Partners for professional indemnity and professional regulation, and was winner of the Law Society’s Gazette Centenary Award for Excellence in Risk Management.

Direct Dial: 0151 231 6232Telephone: 0845 330 6791International Telephone +44 151 231 6230International Fax +44 151 231 [email protected]

Frank Maher, Partner, Legal Risk

CHAIR’S OPENING REMARKS


6

Biography

Crispin Passmore was appointed as Executive Direct at the Solicitors Regulation Authority, responsible for its policy development in January 2014. At the SRA he is leading the next phase of modernisation of its regulatory approach with a strong focus on reducing regulatory burdens, reforming its approach to education and training and improving its focus on consumers. Previously he was Strategy Director at the Legal Services Board. He joined the LSB during its start-up in May 2009 and was responsible for the development and delivery of a long term strategy for liberalisation of regulation in the English & Welsh legal sector that delivers appropriate consumer protection and supports innovation, choice and diversity. Previously Crispin was at the Legal Services Commission, responsible for legal aid in England & Wales. At the LSC he undertook a range of senior policy roles over five years, driving many innovations and reforms to civil legal aid. Prior to the LSC he led Coventry Law Centre where he introduced significant innovations in the way the Law Centre delivered services. he has worked in legal services sector for over 20 years.

Crispin Passmore, Executive Director, Solicitors Regulation Authority

ESSENTIAL UPDATESKeynote: The future of regulation


7

Cost pressures, IT opportunities

Access to justice

Legal firms as PLCs

400+ SBR changes, opportunity for traditional firms

Recognition of unmet need from SMEs

A dynamic market

Regulatory reformCrispin Passmore

Executive Director, PolicySolicitors Regulation Authority


8

Reform package delivering proportionate and targeted regulation

MDP/SBR changes

Cut 36 pieces of unnecessary regulation in the last 18 months, including

Accounting requirementsStreamlining training regulationsSmall firms

Plans to do much more: major Handbook reform

Regulatory reform

New structures and ownership models not a significant risk factor

Firms need freedom to develop and grow

Disproportionate regulatory models get in the way

Support firms to comply and to innovate

Regulatory reform to cut bureaucracy and create opportunity

Supporting the market


9

Handbook review

Issues with current Handbook...

Restrictive and focused on legal structure

Remains overly detailed and prescriptive

Large, complex and wide in scope and applicability

Operates on a ‘one size fits all’ basis

Why further reform?

Ensuring regulation remains relevant in the changing market

Making it easier for solicitors and firms to focus on their customers and business by ensuring regulation is proportionate

Logical next step


10

Benefits Flexibility for solicitors and firms

Increases the availability of solicitors to consumers

Regulation is proportionate to risk

An individual Code that focuses clearly on ethics and competence

Entity regulation that focuses on systems and controls

Handbook review

Model for discussion:

All solicitors are subject to professional principles and Code of Conduct at all times

Solicitors will be free to provide non-reserved legal services across the whole market

Clarity between individual and entity regulation


11

Question of Trust

Question of TrustProportionate regulation places emphasis on individual professional values

Renewed regulatory focus on standards and enforcement

‘A Question of Trust’

A consumer complains that each time he sees his solicitor there are other clients’ files open on the desk in the waiting area.


12

36 significant cuts in bureaucracy in 18 months

Regulatory reform at pace - targeted and proportionate regulation

Landmark work calibrating professional standards and values – and what happens when things go wrong

What are we doingIn summary

Next steps

Position Paper outlines direction of travel

Spring 2016 consultation

Get involved

SRA Innovate


13

Any questions?

Thank you


14

Biography

Eddie is General Counsel at Wragge Lawrence Graham & Co LLP (WLG) advising the firm’s board on corporate governance, regulatory and compliance issues and risk management. Before taking on his current role Eddie led the firm’s Dispute Resolution practice and before that he was head of the firm’s Insurance practice. Prior to his legal career Eddie was a Chartered Loss Adjuster with an international Loss Adjusting practice and Claims Manager to a leading Lloyd’s Syndicate.


WLG is a UK-headquartered international law firm providing a full service to clients worldwide. In January 2016 WLG and Gowlings, a leading Canadian law firm, are joining forces to create Gowling WLG which will be top 50 Global firm with 1,400 professionals in 18 cities worldwide.

Eddie Breen, General Counsel, Wragge Lawrence Graham & Co LLP

PROTECTING CLIENT INFORMATIONConfidentiality in an international market place


15

A G E N D A Introduction

Confidentiality v due diligence

Managing confidentiality post-merger

Managing confidentiality in a verein, etc

Big data and confidentiality

Outside Counsel guidelines and confidentiality

PROTECTING CLIENT INFORMATION

Confidentiality in an international market place

Ark Group Conference Risk Management for Law Firms

1 December 2015Eddie Breen, General Counsel

Wragge Lawrence Graham & Co LLP


16

…CONFIDENTIALITY v DUE DILIGENCE Regulatory

You must keep the affairs of clients confidential unless:

- Permitted by law or the client consents; and

- You must have effective systems and controls in place to enable you to identify risks to client confidentiality and to mitigate those risks. 2

2 SRA Code of Conduct 2011 Output 4.1cont’d…

CONFIDENTIALITY v DUE DILIGENCE Duty of confidentiality

Fundamental to a firm’s and a solicitor’s relationship with their prospective,current and former clients.

Applies to support staff, consultants and locums.

Legal

“A solicitor is under a duty not to communicate to others any information inhis possession which is confidential to the [client or] former client.” 1

cont’d…1 Lord Hope – Prince Jefri Case (1998) AER (D) 767


17

…CONFIDENTIALITY v DUE DILIGENCE Business v profession?

Are law firms like any other business?

Risks to privilege

When it goes wrongSquire Patton Boggs & Tate & Lyle

When sugar turns sour!

Squaring the circle by informed consent- Who?

- What?

- When?

- How?

…CONFIDENTIALITY v DUE DILIGENCE Duty to manage risk

You must run your business in accordance with proper governance andsound financial and risk management principles. 3

“Law firms are businesses like any other and as such might use othercompanies to advise on specialist matters. Firms must ensure that indoing so they do not breach client confidentiality [or legal professionalprivilege].” 4

Due diligence in a merger

Involves the detailed examination of the other firm before entering into abusiness arrangement with that other firm with the aim of identifying andquantifying the value in the firm and the risks in the proposed transaction.

cont’d…

3 SRA Code of Conduct 2011 Principle 74 David Middleton SRA Executive Director (Legal and Enforcement) 7 Jan 2015


18

…MANAGING CONFIDENTIALITY POST MERGER“In addition it must be remembered that members of large firms working indifferent departments in different locations can communicate by telephone andoften meet for events organised by the firm.”

There but for the grace of …

Effective systems

- Hardwired not ad hoc

- Training and on-going monitoring

- Location of teams

- Physical security

- On-line security

MANAGING CONFIDENTIALITY POST MERGER Mergers do not change history

Acting as a single firm whilst protecting client confidentiality. So how does that work then?

Judicial scepticism

Georgian American Alloys Inc v White & Case LLP 5

Mr Justice Field:

“As Lord Millett observed in [the Prince Jefri case] the starting point is that unless specialmeasures are taken, information moves within a firm … and the physical separation of most butnot all of the members of the two teams do not discharge the evidential burden on White & Caseas to the risk of past disclosure in the period down to the introduction of ethical screens.”

5 [2014] EWHC 94 (Comm)cont’d…


19

… MANAGING CONFIDENTIALITY IN A VEREIN ETC Managing the risks

- Effective systems (see above)

- Central conflict checking

- Data warehousing / outsourcing

MANAGING CONFIDENTIALITY IN A VEREIN ETC Legal and regulatory issues

LEGAL

Gap Inc & Dentons US LLP

Conflict of interest but relevant to confidentiality

REGULATORY

“The risk is greater for example in complex firm structures, oftencomprising a number of separate legal entities typically with commonbranding and operating in different jurisdictions not all of which are subjectto SRA regulation.” 6

cont’d…6 “Protecting and maintaining client confidentiality” SRA Ethics Guidance 9 January 2015


20

OUTSIDE COUNSEL GUIDELINES AND CONFIDENTIALITY

ENOUGH SAID!

BIG DATA AND CONFIDENTIALITY What is it?

The exponential growth and availability of data, both structured and unstructured

The 5 “V’s” of Big Data:

- Volume

- Velocity

- Variety

- Veracity

- Visualisation

Data analytics – why is it a risk?

Providing access and preserving anonymity


21

www.wragge-law.com


22

Biography

T: + 44 (0) 20 3193 9418E: [email protected]

Colin has over 24 years’ experience in the PII market and has for some time focused on the risk management requirements for larger law firms. He has assisted firms with the implementation of risk management training programmes for partners, fee earners and support staff and is a regular speaker at conferences and PII and risk management.

Colin is a Client Advocate on a number of larger law firms and works with many in-house risk managers to create and maintain a dynamic risk culture.

He has been widely published in Managing Partner, FD Legal, Modern Law, Lexcel Link and many others legal publications. Colin is a member of the Managing Partners Forum and is a qualified Lexcel Consultant.

Colin holds the International Certificate in Risk Management qualification (CIRM) from the Institute of Risk Management.

In 2011 and 2013 he was shortlisted for Risk Manager of the Year at the IRM Risk Management awards.


Willis Limited is a leading global insurance broker.

Willis develops and delivers professional insurance, reinsurance, risk management, financial and human resource consulting and actuarial services to corporations, public entities, institutions and firms around the world.

Willis has more than 400 offices in nearly 120 countries, with a global team of approximately 17,000 Associates serving clients in virtually every part of the world.

Willis has considerable experience in the legal services sector. The Legal Services Practice Group within Willis’s FINEX Global division is dedicated to handling the Professional Indemnity Insurance (PII) requirements of the legal services industry. With excellent market access, dedicated service teams and commitment to risk management the group has developed a market leading position.

http://www.willisfinexglobal.com/

Colin S Taylor, CIRM, Executive Director, FINEX Global Professional Indemnity, Willis

PROFESSIONAL INDEMNITY INSURANCEWhat can legal businesses expect in terms of professional

indemnity insurance (PII) in 2016?


23

The Insurance Market Cycle

2000 2007 2014 2021

The Economy

Claims

Premiums

UK Solicitors Professional Indemnity Review and Key Risk/Insurance Themes

Colin Taylor CIRM

Executive Director, Finex GlobalProfessional Indemnity

WE BUILD RESILIENCE TO REALISE AMBITIONS


24

Home Price Index 2002 - 2015

Economy/House Prices 1975 – 2011


25

2015 – Market observations

England and Wales compulsory premium pot - was around £250m –now expected to be around £225m

Many firms reduced premium despite increases in rateable fee income.

Change of renewal date? - 18 month policies

Insurer security - Rated v Unrated insurers - QIC Europe Ltd

Incidence of Claims from Property continues to reduce

Insurer focus on Financial Stability (or lack of)

England and Wales Solicitors Compulsory PII Premium

255

154166

225

272

243 244

215204

225

249

213

256239

250 250

225

0

50

100

150

200

250

300

1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015

Prem

ium

inco

me(

£m)


26

Analysis of Willis’s Law Firm Claims

• Communications with client

Scope of engagement Adequate communication of legal advice

• Supervision failures

Management culture Dual roles

• Administrative errors

File audits, Second pair of eyes Diary management

• Lack of knowledge

Solicitor acting outside area of expertise

Risk Management Lessons

40%

35%

17%

8% Supervision Failure

Administrative errors

Communications with Clients

Lack of Knowledge

Working in Finance, Compliance or Risk


27

Willis Risk Barometer - Key Findings

What are the top three risks in terms of financial umpact on your firm?

100+ Partners

PII Claims

Losing Clients

Cyber

11-100 Partners

Losing Clients

PII Claims

Cyber

2-10 Partners

PII Claims

Losing Clients

Departing Lawyers

Sole Practitioners

Losing Clients

PII Claims

Credit Risk

Willis &The Lawyer Risk Survey Report 2015

Willis consulted 130 Partners, COLPs, COFAs, Risk Directors from Magic Circle to Sole Practitioners

Findings broken down into:• 100+ Partners,

• 11-100 Partners,

• 2-11 Partners

• Sole Practitioners


28

Key Issues

Merger/Acquisition

Lateral Hires

Conversion to ABS

Data Protection

Cyber

Willis Risk Barometer - Key Findings

What are the top three things your firm is doing to improve risk management?

100+ Partners

Improving data protection and client

confidentiality

Maintaining a firm wide risk register

Analysing Past Claims

11-100 Partners


Regular file audits

Analysing Past Claims

2-10 Partners

Regular file audits



confidentiality

Sole Practitioners


confidentiality

Regular file audits



29

For further information contact:

Colin S.Taylor CIRMExecutive Director, Finex GlobalProfessional Indemnity

Willis GroupThe Willis Building51 Lime StreetLondon EC3M 7DQT +44 (0) 20 3193 9418E [email protected] www.willisfinexglobal.com

Willis Ltd is an accredited Lloyd’s Broker and is authorised and regulated by the Financial Conduct Authority


30

Biography

Jeff Jenkinson is a Former Special Forces Warrant Officer with many years’ experience of command from the bottom to the top of the ladder. He is a professional, diligent and energetic person with a broad and in-depth knowledge and experience of security and procedures.

Jeff is always forward thinking, with excellent planning and organisational abilities and a highly developed aptitude for designing innovative solutions and delivering them. He has a positive attitude to management and a positive approach to challenges and is a confident and highly motivated individual who is very accustomed to operating in high-pressure environments.

Specialities:

z Technical Surveillance Counter Measures (TSCM). z Adaptive problem solving to deliver high quality inventive solutions. z Innovative Design Solutions. z Threat analysis and risk identification. z Designing clear operational procedures that are relevant, effective and of value.


Corporate Information Group Limited (CIG) is a UK owned Technical Surveillance Counter Measures (TSCM) Company based in London. CIG was formed in 1998 and we offer bespoke world-class counter espionage solutions in the United Kingdom as well as internationally.

CIG currently carries out Technical Surveillance Counter Measures (TSCM) for our clients worldwide. Our TSCM Service client’s range from High Net Worth individuals, through large Financial Corporations and Banks, to international Law Companies. It goes without saying that client confidentiality is assured. Our team is from the following backgrounds: Electronics, Intelligence, Military and the Police with many years of experience in the TSCM field working all over the world.

As a leading TSCM company we are constantly investing in new counter measures equipment to keep up to date with the latest technical threats as they evolve. We also design and build our own TSCM equipment to counter these threats and ensure that we are at the cutting edge of new developments and technology.

At CIG we keep our clients up to date on emerging issues and send out literature and information sheets to our own clients on a needs basis, thus ensuring that any targeted security threats are reported to those who need to know in a timely manner.

Jeff Jenkinson, Managing Director, Corporate Information Group

PROTECTING CLIENT INFORMATIONTechnical surveillance – it’s not a future threat, it’s happening

today, worldwide


31

Technical Surveillance Countermeasures (TSCM) can best be defined as the systematic physical and electronic examination of a designated area by properly trained, qualified and equipped persons in an attempt to discover electronic eavesdropping devices, security hazards or security weaknesses. The threat is a real threat and evolving and it cannot be ignored. There are people out there who carry out the attacks and there are hackers on the internet that you can hire and not be linked with the attack.

Corporate Espionage can often (but not always) be linked to Cyber Security. It depends on the motivation and aims of the offender.


32

Biography

Ashley Roughton is an IP lawyer who also specialises in Data Protection and Cyber Security. He is a barrister of 25 years call and has written extensively on IP, IT and cyber security. He has appeared regularly in criminal and civil courts.


Nabarro is a leading international law firm with offices in London, Brussels, Dubai, Manchester, Sheffield and Singapore. We offer our clients clarity. Clear thinking applied to their needs and objectives, and clarity in the way we deliver our advice. We favour plain English over legal jargon.

Ashley Roughton, Barrister – Intellectual Property, Nabarro

Cybercrime and scams: What you need to know


33

My top 10

1. Governance

2. Data Inventory

3. Develop Policies

4. Notice

5. Security

6. Training

7. Contracts

8. Record Retention and Destruction Programme

9. Breach Action Plan

10. PR Management

Cybercrime and scams: What you need to know

Ashley RoughtonNabarro LLP


34

The anti-hacking actComputer Misuse Act 1990

• The Computer Misuse Act –– passed to deal with hacking of computer systems– In 1990 hacking was not taken very seriously — it was seen

as mischievous behaviour– Not seen as something which had the potential to cause

serious loss or problems– Before the Act it was difficult to prosecute people for

hacking — existing laws were not written with that in mind• Three offences:

– Unauthorised access to computer material– Unauthorised access with intent to commit or facilitate

commission of further offences– Unauthorised modification of computer material.

Agenda

• Misuse – the crime.• Global and UK statistics.• Scale of economic damage.• Network threats.• Consumer risks.• The remedy – sentencing and compensation.• Sentencing discounts as a means to discourage large scale

anonymisation.• POCA – a viable option?• What actions can I take in anticipation of and to minimise the

effects of a cyber-attack? - a basic checklist of things to do, watch out for and concentrate on.


35

DoS and DDoS – s3A

• Unauthorised acts with intent to impair.• Can be act or acts.• No need for any modification• Impairment can be temporary

In some detail

• Unauthorised access to computer material• Lowest level of offence. e.g. finding or guessing someone's

password, then using that to get into a computer system and have a look at the data it contains.

• Offence even if no damage is done, and no files deleted or changed

• The very act of accessing materials without authorisation is illegal. This offence carries a penalty of imprisonment up to six months and/or a fine.

• Unauthorised access with intent to commit or facilitate commission of further offences


36

Types of cyber attacks, actors and motives- Targeted attacks

• include:• spear-phishing - sending emails to targeted individuals that

could contain an attachment with malicious software, or a link that downloads malicious software

• botnet - executing a distributed denial of service (DDoS) attack which aims to flood an information gateway with data exceeding its bandwidth thus rendering the gateway or website inaccessible

• subverting the supply chain - attacking equipment or software being delivered to organisations

Types of cyber attacks, actors and motives- Untargeted attacks

• Aim to exploit vulnerabilities in systems

– phishing – sending emails to large number of people asking for sensitive information (e.g. bank details) or encouraging them to visit a fake website

– water holing - setting up a fake website or compromising a legitimate one in order to exploit visiting users

– ransomware - disseminating disk encrypting extortion malware

– scanning - attacking wide swathes of the internet at random


37

Estimates (admittedly)

• Estimates : $.4-1trn• Losses to the four largest economies (US, China, Japan and

Germany) reached $200 billion in 2014 (Center for Strategic and International Studies, 2014)

• UK : economic cost of cyber crime is estimated at about £27 billion p.a. (of which £9bn is associated with the theft of IP from UK businesses) (Detica & Cabinet Office, 2011)

• Average cost of data breach for a UK company in 2014 was about £2.3 million (Ponemon Institute, 2015)

• Probably under-reported• Increases the cost of doing business and distorts the pattern of

long-term investment (Oxford Economics & CPNI, 2014)

Talk Talk

• 21 of October – Attack starts – Looks like a DDoS attack

• Under that screen a penetration attack is also launched whereby information is copied and expropriated

• The information includes : Names, addresses, DoB, email addresses, telephone numbers, account information and Credit card and bank details

• That information is passed on to contact agents

• By 23 October the contact agents start to contact weary Talk Talk customers to excise information from them

• By the end of that day something like £53m has been expropriated


38

Consumer risks

• 44% check a website is secure when buying online

• 44% install internet security software on new internet devices

• 30% use complex passwords

• 37% download the latest software updates when prompted

• 21% smartphone software updates as soon as prompted

• 21% adjust online social media account settings to ensure privacy and security

Network Threats – top 5

1. Social Engineering - taking advantage of the human aspect of security

2. Employee fraud or vengence

3. BYOD – downloading/uploading/lost devices

4. Cloud security – data theft/DoS

5. Botnets (robot network). A series of infected computers (usually with some hidden software called a rootkit) which a single hacker can control


39

Compensation

• Court ordered or CICB

• Generally loss based

• However in criminal cases the attitude of the courts is mealy

– For instance no amount exceeding the totally of specimen counts may be awarded

• Loss must be proven

– Not always possible to get costs back for doing that exercise

– Might be better to go to the civil courts

– If compensation is not paid then there is no alternative of imprisonment

Penalties• For acts of computer misuse resulting in material damage or risk

of material damage there will in certain cases be a maximum penalty of life imprisonment

• Damage must be serious and the risk must be significant

• Damage must be material (four classes: human welfare, the economy, the environment and national security)

• Cases involving the environment or the economy sentence is capped at 14 years imprisonment

• For the other two, however, the maximum term is life

• Otherwise the maximum penalty is 6 months/2/5/10 years and unlimited fine


40

POCA – a viable option?

• Yes – if there is benefit

• No – if there is not

• Depending on the amount failure to pay the available amount results in imprisonment without remission

• There must be a finding that the defendant has a criminal lifestyle – often difficult to prove

• Can lead to plea bargaining (we will not pursue you under POCA if you plead – powerful incentive)

• Can be costly – often need to employ an ex-proceeds of crime officer if you are acting for the defence

Sentencing discounts as a means to discourage large scale anonymisation

• A problem because botnets are anonymous and hard to crack

• Has been shown to be effective

• However it does not work if there is US involvement because no deal can bind the US or state attorney-generals

• A form of plea bargaining

• Guilty plea + providing assistance can result in considerable sentencing discounts


41

How can I anticipate a cyber attack?1. Security assessment and roadmap

2. Board-level support for a security transformation

3. Review and update security policies, procedures and supporting standards

4. Establish a Security Operations Centre. Develop monitoring of known cases and incident response procedures

5. Design and implement cybersecurity controls

6. Harden the security of IT assets, such as servers and firewalls, network components and databases.

7. Test, test, test

8. business continuity plans and incident response procedures Instigate regular penetration testing of the network perimeter, ingress points and software applications; and identify exploitable weaknesses

How can I anticipate a cyber attack?Core principles

• Make sure your executive buy-in to the mentality. CEO access is key (only 14% of companies have a direct link)

• Ensure that resources are available during compliance and attack phases – insurance may not be the answer (the re-insurance market is under capitalised for large scale attacks, exclusion clauses almost invalidate the policy – the insurers may go bankrupt – they do not know what the risk is)

• Performance – make sure that your minions can perform pre-planned functions and effectively

• Access to data – are employees only accessing that which they ought – review regularly

• Cost/value – make sure that you have a simple message which outlines the downside of doing nothing or not enough


42

Simple things1. Don’t open attachments

2. Just ban detachable media unless it is handled by IT

3. Telephone is the main risk – say nothing

4. Training – educating employees – make IT security attractive; have an incentive system

5. Information management – don’t have stuff online if it does not need to be

6. I N S U R A N C E – can create a moral hazard; might create more risks than it reduces

7. Introduce a policy of cybersense

8. Introduce a key things to do policy – a few easy to understand rules

What is the most important thing to do if there is a cyber attack?

Many things but first and foremost:

Manage your PR


43

[email protected]


44

Biography

Guy was a British Airways pilot from 1972 until 2006. He flew over 18,000 hours. He was a Training Standardisation Captain Boeing 747-400 aircraft. and responsible for regulating the airlines Training Pilots on behalf of the CAA. He was a pioneer of the introduction of Human Factors (HF) Training into Airline culture.

Since 2001 Guy has been instrumental in designing and presenting HF courses in Healthcare and other safety critical industries. He has been designing and delivering training and coaching programmes in association with many healthcare organisations in the UK.

Guy has recently featured on BBC Horizon and National Geographic Air Crash Investigators as an expert on human factors in aviation and surgery. He is ITV’s aviation consultant. Guy is the human factors expert for Medical Protection Society

He is the co-founder of Risky Business (www.risky-business.com)

Guy Hirst, a former pilot has been instrumental in introducing human factors training at British Airways, to the Merchant Navy; the National Air Traffic Service; Great Ormond Street and the John Radcliffe, in

conjunction with Oxford University.

PREVENTING HUMAN ERRORManaging the ‘human factors’ in legal services risk


45

Biography

Peter Rogers is Director of Risk at Bevan Brittan LLP. Prior to joining Bevan Brittan in December 2013, he was Lead Professional Regulation Adviser in the Quality & Risk team at Osborne Clarke (OC).

Peter became a full time risk & compliance lawyer in 2005, having previously worked at OC as a commercial litigation solicitor specialising in professional negligence and shareholder/partnership disputes. In 2004 he was appointed as a Deputy District Judge on the Western Circuit, although he no longer sits in that capacity.

He lives in Backwell, near Bristol. He is married with two children, aged 14 and 11. Peter is a keen cyclist and in June 2015 he cycled 280 miles from Bristol to Paris over 3 days to raise money for a Children’s charity in Nepal.


Bevan Brittan provides practical, high quality and commercially relevant legal advice to public, private and third sector organisations.

Reflecting the nationwide location of our clients and their markets, our experience includes working with clients across central and local government, NHS commissioning and provider organisations, 40 housing associations and over 100 private sector companies.

We know our clients are working in an environment of greater transparency and accountability and that ever increasing expectations are being placed upon them. That is why Bevan Brittan clients do not need to explain themselves to us over and over again – we get it.

Peter Rogers, Director of Risk, Bevan Brittan LLP

CHANGING RELATIONSHIPS WITH CLIENTSAdvice – commercial or legal?


46

Some familiar themes:

• Failure to define scope of retainer• Failure to distinguish role from that of other

professionals• Failure to record instructions and advice in

attendance notes or correspondence• Lack of supervision

Advice – commercial or legal?

Peter RogersDirector of Risk

Bevan Brittan LLP


47

2 key areas where breach arises:

• Giving wrong advice• Failure to give advice

Classification of breaches

5 forms which solicitor’s breach of duty takes:I. Breach of specific contractual dutyII. Breach of implied contractual duty to exercise

reasonable skill & careIII. Breach of duty of care owed by solicitor to

client independently of contractual dutiesIV. Breach of duty of care owed to a third partyV. Breach of fiduciary or trust duties


48

• Practical advice:

“A solicitor is often called upon to give practical advice,in which legal considerations are only one factor. Insuch a situation, a mere error of judgment … is lesslikely to amount to negligence. Where, however, thesolicitor advises a course of action that is plainly wrong,then he will be liable. The more the advice is based onlegal considerations, the more likely it is that an errorwill be found to be negligent.”

- Jackson & Powell, para 11-164

Giving wrong advice

• On the law:

“Giving advice is one of the principal functionsof solicitors. If the solicitor gives incorrectadvice on a point of common occurrence,where the law is clear, then he will be liable innegligence”

– Jackson & Powell 7th edition, para 11-162


49

Case law

• Starting point is the retainer (per Midland Bankv Hett, Stubbs Kemp [1979] Ch 384):

“…the court must beware of imposing uponsolicitors…duties which go beyond the scope ofwhat they are requested and undertake todo…the duty is directly related to the confinesof the retainer.”

Failure to give advice

• Where specifically requested by client• Where not specifically requested but solicitor is

under a duty to provide


50

But:1. Cases are fact-specific – no hard & fast rule2. Scope of retainer not limited to client’s express

instructions:“Solicitors’ duties are governed by the scope of their retainer, but itwould be unreasonable and artificial to define that scope byreference only to the client’s express instructions. Matters whichfairly and reasonably arise in the course of carrying out thoseinstructions must be regarded as coming within the scope of theretainer” (per Gilbert v Shanahan – Jackson para 11-170).

See also Credit Lyonnais SA v Russell Jones & Walker [2002]EWHC 1310 (Ch); Minkin v Lesley Landsberg (Practising As BarnetFamily Law) [2015] EWCA Civ 1152

• No duty to travel outside instructions (ClarkBoyce v Mouat [1994] 1 A.C, Pickersgill –v-Riley [2004] PNLR 31):

“In the ordinary way a solicitor is not obliged totravel outside his instructions and makeinvestigations which are not expressly orimpliedly requested by the client”

- Jackson & Powell, 11-169 per Pickersgill, ibid.


51

Client character & experience

“An inexperienced client will need and be entitledto expect the solicitor to take a much broader viewof the scope of his retainer and of his duties thanwill be the case with an experienced client.”

- Carradine Properties Ltd –v- D J Freeman Co[1999] PNLR 12

3. Character and experience of client is relevant todetermining scope of retainer

4. Duty to warn of obvious risks5. Duty to provide explanation of content of legal

documents (Newcastle International Airport –v-Eversheds [2012] EWHC 2648 (Ch))


52

“In determining what advice is reasonably incidental (to the work which the solicitor is carrying out), it is necessary to have regard to all the circumstances of the case, including the character and experience of the client. ……it is not possible to give definitive guidance (on this) but one can give fairly bland illustrations. An experienced businessman will not wish to pay for being told that which he/she already knows. An impoverished client will not wish to pay for advice which he/she cannot afford. An inexperienced client will expect to be warned of risks which are (or should be) apparent to the solicitor but not to the client”.- Minkin v Lesley Landsberg (Practising As Barnet Family Law), ibid

See also National Home Loans Corp Plc v Giffen Couch & Archer[1998] 1 W.L.R. 207

“a youthful client, unversed in business affairs,might need explanation and advice from hissolicitor before entering into a commercialtransaction that it would be pointless, or even animpertinence, for the solicitor to offer to anobviously experienced businessman.”

- Pickersgill –v- Riley, ibid


53

Advice on matters of business• Cases give no encouragement to claimants

seeking to make solicitor responsible forbusiness decision:• Clarke –v- Boyce Mouat [1994] 1 AC 428• Pickersgill v Riley [2004] PNLR 31• Football League Limited v Edge Ellison

[2007] PNLR

Duty to warn of risks

“if, in the course of taking instructions, a professional manlike…a solicitor learns of facts which reveal to him as aprofessional man the existence of obvious risks, then heshould do more than merely advise within the strict limits ofhis retainer. He should call attention to and advise uponthe risks”– Boyce v Rendells (1983) 286 EG

• NB also duty of disclosure (under common law andChapter 4 of the SRA Code) – NB Orientfield HoldingsLtd v Bird & Bird [2015] EWHC 1963 (Ch)


54

Business LegalWhether transaction is prudent(Clarke v Boyce Mouat, ibid)

Whether counterparty is solvent &whether guarantees should besought (Football League Limited –v- Edge Ellison, ibid)

….but: (1) FLL succeeded on onehead of claim (2) Court influencedby sophistication of FLL? (3) NBAustralian cases in Jackson [11-177] (4) NB Mortgage Express vBowerman duty to lender client toadvise on matters pertaining toadequacy of the security

Whether client should determinelease or keep in existence & seeknew tenant (Yager –v- Fishman Co,[1944] 1 All ER 552)

….but note that one judge attachedweight to fact that claimant wasexperienced businessman

“Is the solicitor supposed to review the whole range of commercial considerations that underlie a particular deal, work out which ones he is concerned the client may not have given sufficient thought to and remind him about them? In my judgment the answer is no.”

- Football League Limited v Edge Ellison, ibid


55

However:

• Each case turns on its own facts• Not always easy to distinguish between legal

and business matters:“I cannot accept the distinction drawn betweenlegal consequences and financial implications,because in this case the significance of thelegal consequences lay in the financialimplications”- County Personnel Ltd v Alan R Pulver Co [1987] 1WLR 916

Business LegalWhether the claimants wereinsured in respect of the claim onwhich solicitor was instructed(Carradine Properties v DJFreeman, ibid)Whether VAT might be payable &possibility of negotiating a dealwhereby the counterparty wouldpay it (Virgin Management v DeMorgan, [1996] NPC 8)Whether there were adversecommercial implications or risksassociated with restrictions onaccess to car park of hotel beingacquired (the legal implicationshaving been explained) (Reeves vThrings Long [1996] 1 PNLR 265)


56

• Claim might succeed on alternative basis:− failure to warn of obvious risks: Luffeorm Ltd

v Kitsons LLP [2015] EWHC B10 (QB);− failure to explain content of legal documents:

Newcastle International Airport v Eversheds,ibid

• Football League case was the largest law firmliability claim to go to trial (£142m), & only a‘bad’ claim in hindsight. FLL was sophisticated.Many firms/insurers would have settled?

• Experience of client likely to play a major factor– see Pickersgill, FLL, etc. The lessexperienced the client, the greater the risk of anadverse finding

• Court’s interpretation as to what fairly &reasonably falls within the retainer may differfrom ours – especially where there is noChapter 1 letter, wording is ambiguous orthere’s been scope creep


57

5. Where consciously providing practical/commercial advice with limited if any legalelement (where qualified to do so), considerrisk/reward ratio and limitation of liability

6. Look out for & advise on unusual risks7. Consider need to explain content & effect of

legal documents8. Attendance notes!9. Beware of risks in advising on reputational/PR

issues – see 5 above10.Care when taking on other roles – NED etc

Practice points

1. Agree detailed and specific scope of work atoutset (NB Balogun v Boyes Sutton & Perry[2015] EWHC 275 (QB); also Minkin (ibid))

2. Remember that extraneous client-facingdocuments (e.g. tenders) may be taken intoaccount by Court

3. Take into account the experience of the client4. Keep scope under review & avoid (or formalise)

scope creep


58

Why Bevan Brittan?

We are the largest specialist provider of commercial legal services to the Public Sector in the UK. Our clients include a third of all NHS Bodies and all Local Authorities in England, 30 Housing Associations, and over 100 private sector firms who serve these sectors, covering areas such as social infrastructure and waste.

Questions?


59

Thank you!

Our promises

• To understand you• To provide solutions that contribute to your

success• To give you fair pricing and clarity on costs• To give you the right team• To communicate clearly• To care about our relationship with you


60

Biography - Poul Gade

e-mail: [email protected].

Member of Bech-Bruun Corporate Compliance & Investigations team.

Former Chief Prosecutor, specialized in Serious Fraud and Organized Crime.

Member of the Board, Danish Anti-Doping Agency.

Vice-president of the Disciplinary Committee, Danish Football Association.

Council of Europe: Member of expert groups re. Transnational Organized Crime and Match-fixing.

Part of the Raul Wallenberg Institute (University of Lund, Sweden) program of cooperation with the Chinese Prosecution Service in human rights issues.

Resident in Aarhus, married to Marianne, 4 children, 1 dog.


Bech-Bruun is one of Denmark’s leading law firms with approximately 505 specialized and experienced employees. Bech-Bruun has offices in Copenhagen, Aarhus and Shanghai. Measured by the number of lawyers, Bech-Bruun is the largest law firm in Denmark and second in Scandinavia.

As a full-service law firm, Bech-Bruun renders advice on all aspects of corporate and commercial law. Clients are Danish and international enterprises, organizations and public authorities. Our business is divided into 10 overall practice areas: Banking & Capital Markets, Corporate Compliance & Investigations, Dispute Resolution, Employment & Labour, EU & Competition, Financial Analysis, Insolvency & Restructuring, IP & Technology, M&A Corporate, Public Law, Real Estate & Construction, Tax, Transport & Insurance.

www.bechbruun.com

Panellists including: Poul Gade, Associate Ph.D, Bech-Bruun, Denmark, Poul is a former chief prosecutor and is currently on leave from the prosecution service in Denmark. He sits on Bech-Bruun’s

Corporate Compliance & Investigations team and Keith Read, Former Group Compliance Director, BT and Board Member, Legal Compliance Association

CROSS-SECTOR INSIGHT PANELWhat can be learned from other sectors?


61

Biography - Keith Read

Keith Read is an award-winning thought leader and expert in compliance, ethics, culture, risk, supply chain and governance

He is currently director and principal of his own compliance consultancy and advises a diverse range of international organisations on compliance, ethics and risk. Keith was formerly the Group Director of Compliance and Ethics for BT (British Telecom) in London, when he won the Compliance Register’s Best Compliance Officer award, and also the Best Compliance Company award. He was subsequently the subject of a full-page Daily Telegraph national press article - ‘Compliance and Science’. BT is a high-profile £20Billion company, with some 150,000 employees and contractors operating in 176 countries

Prior to this appointment, Keith was the General Manager, Governance, responsible for all governance and compliance activities in the management of BT’s £5.7Billion supply chain, with a particular focus on supply chain integrity

He has an innovative and practical approach to compliance, using novel techniques that address critical issues such as ‘Compliance Complacence’ and the ‘Cost of Compliance’; his work is regularly published on both sides of the Atlantic in a range of governance, compliance, ethics and procurement industry journals. His Whitepaper - ‘The Compliance Covenant’ - was the featured article in Compliance and Ethics Professional, the US’s leading industry journal, and takes a new and highly original approach to the challenge facing all compliance officers; that of changing the significant ‘push’ needed to deliver and maintain an effective compliance programme into employee ‘pull’

Keith is a frequently-requested international speaker, drawing on his wide-ranging practical experience of compliance, including Anti-Bribery and Corruption, whistleblowing, modern slavery, competition/anti-trust and third-party compliance. His thought-provoking ideas and infectious enthusiasm appeal to diverse compliance, ethics, supply chain and governance audiences, and readers, worldwide

[email protected]+44 (0)7900 046042


62

Moderator: Rachel Khiara, Partner, Khiara Law and Board Member, Legal Compliance AssociationPanellists Include: Andrew Cheung, Partner and General Counsel, Dentons,

Julie Herriott, Head of Risk and Compliance Operations, Pinsent Masons, Daniel Macaluso, Head of Law and Compliance, Linklaters and

Pearl Moses, Lead Consultant: Risk and Compliance, The Law Society and Board Member, Legal Compliance Association

WHAT TO LOOK OUT FORINTERACTIVE PANEL:

Horizon scanning – what’s next?

Biography - Rachel Khiara

Rachel Khiara, Principal at Khiara Law LLP, is a pre-eminent advisor in the professional practices sector, working with leading and niche firms, and new entrants into the legal services sector on a wide range of constitutional, financial and structuring issues. Rachel has a particular specialisation for regulatory and compliance work and sat on the Solicitors Regulation Authority’s ABS/OFR Committee. Prior to founding Khiara Law LLP, Rachel was a Partner at Addleshaw Goddard LLP and Counsel at Allen & Overy LLP. “Rachel Khiara’s growing presence in the market is noted and she is recognised for her non-contentious practice” Chambers & Partners Directory 2012”


Khiara Law LLP is a boutique law firm servicing the requirements of legal services businesses and their professional advisors. We advise clients directly and on an outsourced basis on all areas of professional regulation, offering practical advice to legal businesses regarding their compliance obligations. Khiara Law LLP also provides restructuring advice for firms looking to accommodate growth or establish as an ABS. Further, we advise professional practices on a wide range of constitutional issues, including profit and capital sharing structures, partner exits and discrimination issues. Rachel Khiara provides a bespoke training programme for staff and compliance offices, by looking at a firm’s business and operations and considering issues of disclosure, risk reporting and record keeping.

Biography - Andrew Cheung

Andrew Cheung is a partner and the General Counsel for the Dentons’ UK, Middle East and Africa operations. He sits on the firm’s Board as well as being a member of its Global and Regional Risk Management Committees and Global and Regional Operations Committee. He is the firm’s Money Laundering Reporting Officer, Deputy COLP, Data Protection Officer, Anti-Bribery Officer and FSA Compliance Officer. He is responsible for the firm’s claims, risk management, corporate advice and regulatory compliance across the UKMEA region. In addition, Andrew advises clients on international financial sanctions, AML and anti-bribery issues. Andrew also writes and regularly speaks on regulatory and risk issues, in particular those affecting law firms. He is admitted as a solicitor in England and Wales and as a barrister and solicitor in Western Australia and the High Court of Australia.


63


Dentons is a client-focused global law firm delivering quality and value. It serves clients in key business and financial centres from 79 locations in 52 countries, through offices, associate firms and special alliances across the US, Canada, the UK, Central & Eastern Europe, the Middle East, Russia and the CIS, Asia Pacific and Africa, making it a top 10 legal services provider by lawyers and professionals worldwide.

Biography - Julie Herriott

Julie is Head of Risk and Compliance Operations has day to day responsibility for all areas of risk at operational level and compliance with professional and regulatory obligations throughout the firm including overseas offices.

She is also secretary to the firm’s Conflicts Committee dealing with many of the firm’ conflict issues.


Pinsent Masons LLP is a full-service international law firm. The firm ranks among the top fifteen law firms in the United Kingdom by turnover. Pinsent Masons LLP has over 350 partners, a total legal team of around 1,500 and more than 2,500 staff.

Biography - Daniel Macaluso

Since 2013, Daniel Macaluso has been heading Linklaters’ Law & Compliance team, which provides advice and handles the firm’s compliance on a wide range of legal and regulatory requirements worldwide. Prior to that he was responsible for all aspects of risk management for the firm’s Western European region. He also serves as the firm’s Data Protection Officer in a number of jurisdictions.

Prior to joining the Risk Department in 2008, Daniel began his legal career in 2003 practicing litigation at Skadden, joining Linklaters in 2006.

Daniel is licensed to practice law in New York, England & Wales, and Paris. He divides his time between the London and Paris offices.


Linklaters is an integrated global law firm, established and operating as a limited liability partnership under English law with branches and related local entities or firms across the world.

Biography - Pearl Moses

Pearl Moses is the Practice Lead Consultant in Risk and Compliance for the Law Society of England and Wales. She is a seasoned legal professional and a solicitor with over 12 years experience in private practice, legal publishing and regulatory compliance issues.

Pearl joined the Law Society in 2003 and since then has held a range of regulatory roles including senior technical adviser with a policy formulation, training and adjudication remit.

Within risk and compliance circles Pearl is a sought after speaker, trainer facilitator and coach. As a consultant she specialises in creating tailored compliance solutions and interventions to help firms and in-house legal teams embed sound risk management principles and best practice client care and complaints handling systems.


64


The Law Society is the independent professional body, established for solicitors in 1825, that works globally to support and represent its members, promoting the highest professional standards and the rule of law.


65

Note: This list and the information contained herein is confidential. It should not be passed to third parties without the express permission of the event organiser or to be used for any other purpose than to aid networking at this event.

First Name Last Name Role Company

Victoria Anderson Director of Risk and Compliance Cooley (UK) LLP

Rebecca Atkinson Head of Risk & Compliance Howard Kennedy LLP

Robin Bayly Executive Director Willis

Polly Branch Bird & Bird LLP

Eddie Breen General CounselWragge Lawrence Graham & Co

Niall Brook Risk and Compliance Partner Blake Morgan LLP

Jodie Burch Head of Marketing Advanced 365

Tonia CamachoHead of New Business and Strategy, Risk & Compliance Ashurst LLP

Richard Carter Managing PartnerMartin Tolhurst Partnership LLP

Sakina Chenot In-house Counsel Clyde & Co

Andrew Cheung Partner & General Counsel Dentons

Omar Choudhury Senior Risk & Compliance ManagerRopes & Gray International LLP

Andrew Coates Partner Kennedys Law LLP

Jonathan Cornes Compliance Officer Ramsdens Solicitors

Frankie Davies Internal Legal & Risk Associate Baker & McKenzie LLP

Ryan Davies Marketing Assistant Advanced 365

Marion Deferi Linklaters LLP

DELEGATE LIST


66

Helen Donegan Publisher, Managing Partner ARK Group

Jennifer Duff Senior Marketing Executive Advanced 365

Charlotte Duran Compliance officer Penningtons Manches LLP

Lee Edwards Compliance ManagerDavis Polk & Wardwell London LLP

Katherine Foran Head of Risk Dentons UKMEA LLP

Poul Gade Associate Bech Bruun

Michelle Garlick Solicitor Weightmans LLP

Nina Gaston Partner Mason Hayes & Curran

Paul Glenfield General Counsel and Head of Risk Matheson

Andy Goodall Head of Risk & Compliance Withers LLP

Gavin Hadfield Senior Risk and Compliance Lawyer Holman Fenwick & Willan LLP

Julie HerriottHead of Risk and Compliance Operations Pinsent Masons LLP

Guy Hirst Speaker Risky Business

Gary James Hopkins Risk and Compliance Controller Farrer & Co LLP

Anna Hudson Director of Quality & Risk Thrings LLP

Jeff Jenkinson Managing Director Corporate Information Group

Funmilayo Kolaru Compliance Manager Stewarts Law LLP

Barbora Lezatkova Attorney at Law

Daniel Macaluso Head of Law and Compliance Linklaters LLP

Frank Maher Partner Legal Risk

Manju Manglani Editor, Managing Partner ARK Group

Richard McDowell Partner, Risk & Compliance

Mike Mortlock Willis

Pearl Moses Lead Consultant The Law Society


67

Per Nilsson Lawyer Advokat Per Nilsson AB

Marie Nuth Compliance Manager Appleby Global

Nicola Oakley Risk PSL Keoghs LLP

Olivia Omideyi Linklaters LLP

Sam Osborn Business Development Executive Advanced 365

Crispin Passmore Executive DirectorSolicitors Regulation Authority

Jenine Pickering

Matthew Poli Partner Palmers Solicitors

Rieneke Van Praag Sigaar Risk & Compliance Officer Stibbe BV

Reshma Raja Partner - Professional StandardsMatthew Arnold & Baldwin LLP

Keith Read Board Member Legal Compliance Association

Emma Reitano Commissioning Editor (UK) ARK Group

Alexandra Resina da Silva Managing AssociateVieira de Almeida & Associados

Peter Rogers Director of Risk & Best Practice Bevan Brittan LLP

Ashley Roughton Barrister - Intellectual Property Nabarro

Jo Saunders General Counsel Hill Dickinson LLP

Ann Shanahan Head of Compliance Bedell Group

Jonathan Simon Executive Director Willis

Andrew Skinner Partner Palmers Solicitors

David Smythe General Counsel Kingsley Napley LLP

Guido Stam Director of Finance Stibbe BV

David Swaffield Head of Property Hill Dickinson LLP

Colin Taylor Executive Director Willis

Karin UlberstadRisk and Quality Management Partner Advokatfirman Vinge KB


68

David Whitney Senior Risk & Compliance Manager Bird & Bird LLP

Correct at time of printing ~ ARK Group

1 december: 12th annual risk management for law firms

Documents