External Counsel Guidelines – A Critical Risk and Compliance Challenge
Until recently, law firms would typically dictate the terms of business with their clients. Today, economic pressures and evolving regulatory requirements affecting corporations have put clients in the driver’s seat on the terms of engagement with a law firm.
Evolution of External Counsel Guidelines (ECGs)
ECGs started out as a simple list of client billing guidelines designed to focus on the mechanics of how invoices should be structured and submitted. They have since evolved and now span many topics. For example, they may define expectations on conflicts, confidentiality, media discussions, litigation support processes, matter staffing and records retention requirements (both paper and electronic).
Many ECGs also impose supplier/contractor ethical standards ranging from anti-bribery to diversity requirements (including compliance with international labour conventions) and the right to audit the law firm’s security program.
The Challenges with ECGs
ECGs find their way into law firms via several routes.
- The lead partner with the primary client relationship is sent the firm’s signed engagement letter, along with the ECGs which are incorporated by reference.
- The marketing department receives the ECGs as part of new business pitches or requests for proposal (RFPs).
- ECGs may also find their way into a firm through the billing/finance departments via the e-billing system itself.
- Sometimes, ECGS come into firms through lateral hires who may have client engagements that are brought into the new firm.
ECGs often contain non-standard engagement terms or guidelines that bind the firm. A clear process on how to identify ECGs and non-standard engagement terms and, more importantly, how to escalate them to the proper individuals in the firm is important. It is critical for lawyers to be aware that any document received with, or in response to, an engagement letter should be carefully reviewed and escalated for review and approval. Similarly, administrative departments should be trained to follow any escalation processes which the firm has established when they receive any document directly from the client.
Common “Problematic” ECGs
Each ECG has its own specific conditions and understanding, and assessing the many obligations presents a challenge for law firms. Certain ECGs’ provisions can be unduly restrictive and some of these obligations can result in conflicts and even the loss of client business.
While each ECG is different, there are consistent themes throughout. These include:
1. Billing Requirements
Billing requirements increase costs for law firms. In addition to a lengthy list of what clients will not pay for and complex e-billing task codes, some clients push the cost of their e-billing systems back onto the law firms by taking a percentage off the bill.
A growing number of clients are also setting requirements on when bills must be submitted. For instance, bills that are submitted late (e.g., 90 days or more) can sometimes be rejected completely.
The more aggressive ECGs request “Most Favoured Nation” status, requiring the law firm to provide the client with the lowest rates offered by the law firm to any client for the type of work conducted. This request can be problematic because it equates to giving the client, who may only be giving the firm $100,000 in work, the same rates as a multi-million-dollar, long-term client.
2. Conflicts – Client Loyalty
Many ECGs try to limit the firm’s ability to do business with competitors, with broad definitions of what would entail a conflict of interest. ECG conflicts parameters often include affiliates of the corporate client and prescribe how conflicts of interest should be managed.
Extending the representation to subsidiaries and affiliates can have a deep impact on firms since these limit their ability to do work for other clients.
Conflicts requirements is a commercial negotiation point between the firm and the prospective client. It may result in the firm deciding not to take on the client if the impact is too severe, after weighing the relative importance of the client for current and future business.
3. Information Security – Client Audit and Access
Many ECG provisions now include a lengthy list of security requirements on the measures that firms must take to protect client data, which often extend beyond a typical law firm’s own security policies. Some clients even require security audits which may unduly invasive and even run counter to a law firm’s ethical obligations to other clients.
4. Indemnity and Insurance
Indemnity provisions are common in ECGs. They require law firms to indemnify clients for a laundry list of losses. A closer review of these provisions will reveal that they are more applicable to contractors and vendors whose activities are in the construction sector or product design and development.
It is common for ECGs to require the disclosure of the amount of professional indemnity insurance. Some ECGs may even specify the minimum insurance amount that a law firm must take up as a pre-condition to undertaking work.
As the purpose of professional indemnity insurance is to compensate the client in the event of negligence, and not guarantee the transaction, such requirements are unnecessary but have become an industry norm.
5. Client Business Codes of Conduct and Statutory Compliance
Law firm compliance with their clients’ business codes, for example, on gifts, or confirming/certifying compliance with certain statutes and regulations (in particular, anti-bribery laws in UK and USA) have also become non-negotiable. These requirements may have adverse ethical and business implications on the law firm.
Obstacles to Compliance
Many law firms do not have the processes, staffing or technology to manage ECGs. The obstacles to compliance begin at matter intake, where ECGs are usually handled in an ad-hoc manner, with little to no process to review, analyse and document ECGs as they come in.
In addition to the lack of staffing, the majority of firms do not spend enough time reviewing ECGs because they are simply too lengthy and contain too much information. Reliable and effective communication of ECGs to lawyers is also lacking in many firms. ECGs are communicated to partners mainly by way of e-mail summaries that do not require acknowledgement of receipt of such -emails.
There are some firms that leverage document management systems or the firm’s intranet to communicate ECGs in the hope that lawyers will look at them.
The processes to ensure lawyers adhere ECGs guidelines are also often piecemeal and inconsistent. This situation can be exacerbated by the fact that many lawyers believe the guidelines mostly apply to the billing process and do not apply to them.
Navigating the Landscape of Changing Client Demands
A law firm management’s decision to accept or reject specific ECG provisions will be driven mainly by business considerations. These may include: the size or potential for growth of the client relationship; the practice group involved; or the law firm’s administrative ability to comply with the ECG provisions.
Law firms need to be prepared to discuss ECG requirements, determine practical measures to implement them and properly address the client’s concerns.
The variety of clauses in ECGs also requires various departments in the law firm to weigh in with their views. It is therefore essential to have a workflow management capability to handle the review and approval process. The development of a standardized review process and parameters by which all ECGs can be evaluated is important in promoting a consistent response across the firm’s clients. A sample workflow process is set out below for reference:
Sample workflow process
- Establish a policy to ensure that all ECGs are reviewed prior to being executed.
- Focus on how to identify ECGs and the escalation process for review, negotiation and approval.
- Assign someone to conduct an initial, comprehensive review of the client’s terms and conditions. The objective is to compare the client’s request against the firm’s own terms of business or engagement standards and draft a summary of the differences.
- This review should be completed by someone who understands the implications of the terms. The lawyer who has vested interest in accepting a new engagement or continuing work for the existing client cannot be given sole authority to review or accept ECGs on behalf of the firm.
- When sending ECGs to various stakeholders for review, it is important to communicate timeline expectations for the return of comments, to ensure a timely response to the client.
- Following receipt of comments from various stakeholders, formulate a co-ordinated firm strategy on how to respond to the client.
- It may also be necessary to include the firm’s senior management in the process if the client has unusual requests that will be difficult or costly to deliver on. For example, complimentary secondment or request to carry a certain level of insurance coverage.
- A record of what was and was not agreed to should be tracked in a database for easy reference in future negotiations with other clients.
- Once the ECGs are finalised and agreed, capture the various requirements in a database for alerting or reporting to ensure compliance, especially as new lawyers become involved in different types of engagements with the client.
Standard Terms and Pre-emptive Responses
Expedite the ECGs review and approval process by developing pre-emptive language and adopting a clear position on certain provisions that are routinely encountered in ECGs. This advance planning can save time and provide firms with counter language to facilitate negotiations.
Divide ECGs into the following three categories:
- reasonably required from all external counsel
- those that can reasonably apply to a large law firm
- overreach because they are too intrusive
It is not good enough for the ECGs to be collected and stored centrally in a physical file. They need to be collected and stored in an electronic repository that can be easily accessed and shared amongst all relevant law firm personnel. This should ideally be a one-stop location with all ECGs stored in a searchable format that allows personnel to easily locate specific terms when needed.
Many firms store their ECGs on intranet sites or portals, while others have created a workspace in their document management system. Leveraging on some level of technology would be ideal. This would help avoid intense manual tracking and minimise opportunities for human error and allows firms to optimise staff resources and prevent loss due to non-compliance.
Lawyers who work on a matter must be informed of ECG requirements. For example, specific billing requirements, staffing of legal and non-legal team members or information security requirements. Where possible, send automated alerts to fee earners and include an attachment to the ECGs to remind them to comply when there is a new matter for that client. Automate questions in client matter intake forms, conflicts reports and bills on whether the client has established ECGs.
The flood of increasingly complex ECGs is expected to continue.
To stay on top of client demands, investing in resources and technology to administer and monitor compliance will become a necessity.
Managing ECG Risks – Best Practices
- Establish a committee within the law firm or designate someone to review all ECGs before they are accepted.
- Store all ECGs in a centrally accessible repository.
- Train all lawyers on client guidelines and their implications/pitfalls.
- Approval/acceptance of guidelines should be carried out by an executive committee. Individual partners should not have the authority to agree to client ECGs on behalf of the firm.
- Be prepared to reject the engagement if the client insists on conditions that cannot be accommodated because of ethical or business reasons.
- Familiarise accounting and marketing departments on non-standard conditions in ECGs.