The European Lawyer

All Continent All Practice Area

23 Sep 2011

LEGAL PROCESS OUTSOURCING HANDBOOK - The ethics of legal outsourcing

Editors: Mark Ross, Integreon

The ethics of legal outsourcing

By Mark Ross, Vice President Legal Solutions, Integreon

The practical reality for US and UK lawyers engaging in or contemplating legal process outsourcing (LPO) is that the outsourcing of both core legal and support services across the legal profession is nothing new. Think about the following examples:

a. Whenever a client sends work to his/her lawyer, it is “outsourcing” the work.
b. Whenever a law firm sends work to local counsel in another jurisdiction, or to a specialist outside the firm, it is “outsourcing” the work.
c. Lawyers have outsourced legal and law-related services for generations (eg from one lawyer to another lawyer, paralegal or trainee within a single firm and from a law firm to a legal research or document review staffing company, etc).

What is different today with the emergence of the LPO industry is that both core legal and legal-support-related services are being outsourced to lawyers, law firms and corporations with facilities located offshore in countries such as India, South Africa and the Philippines. The outsourcing of legal work by a law firm or legal department to a legal outsourcing company or an entity located offshore raises specific issues pertaining to the outsourcing lawyer’s ethical obligations to his or her client. In addition there are legislative issues that have a direct impact on the ability to outsource legal work overseas. Taking this into account, the concept of outsourcing elements of the legal process, particularly offshore, is provocative to say the least.

During the formative years (2005-2009) of the LPO industry, the relevant regulatory and professional bodies in the UK – the Solicitors Regulation Authority (SRA) and the Law Society – were virtually silent bystanders as market acceptance of LPO began to gather momentum. In the US, the picture was slightly different with some limited guidance available from the American Bar Association (ABA) and a number of individual state bar associations.

Over the course of the last two years, however, the regulatory and professional bodies on both sides of the Atlantic have begun studying the area intently and both have recently issued more detailed draft guidance. In the US, the ABA established the Commission on Ethics 20/20 (the Commission) to examine the ethical and regulatory impact of advancing technology and increasing globalization – including outsourcing – on the legal profession. In May 2011, the Commission issued an initial draft proposal on outsourcing.1 The Commission concluded that, although changes to the text of the Model Rules of Professional Conduct (MRPC)2 were not required, practitioners would benefit from appropriate “comments” to some of the Rules to help more easily determine their ethical obligations. In the UK, the SRA released its long-awaited new draft handbook in April 2011 containing the most comprehensive guidance pertaining to LPO available to date.3 It is important to note, however, that this most recent guidance from both the A
BA and SRA is still in draft form and may well be subject to change over the course of the coming months.

The overriding principles governing both US and UK lawyers’ compliance with their ethical obligations are remarkably similar in both jurisdictions. This paper will initially examine the position as it stands in the US before turning its attention to the UK. While not professing to be a definitive “how to” guide to ethical compliance, the paper will also provide some practical suggestions aimed at ensuring US and UK lawyers avoid falling foul of their respective ethical obligations.

In addition, it is worth noting that a lawyer’s ethical obligations differ depending on whether outsourcing is for “substantive legal support services” such as legal research, drafting, contracts, document review, writing legal memoranda, drafting patent applications, or for “administrative support” including IT, transcription, document coding, accounting and clerical support. For the purposes of discussion, this paper references primarily the obligations associated with outsourcing of substantive legal support services. While there is a degree of overlap with the ethical and legislative obligations associated with administrative support outsourcing, particularly when client confidences are disclosed, it is further beyond the scope of this paper to disaggregate each and every administrative support function to determine which ethical rule applies and which does not.

US

“I do have concern about confidence, confidentiality, privacy, conflict of interest, ethical values, and those are issues that are a real concern.”
– Jerome Shestack, former President of the American Bar Association4

In the early part of the decade, as the first signs of this new industry began to emerge, proponents of LPO were often met with the question: “Is this ethically permissible or even legal?”

In the US to date, seven bar association ethics committees5, the Supreme Court of Ohio Board of Commissioners on Grievances and Discipline6, the Association of the Bar of the City of New York Committee on Professional Responsibility7, and the American Bar Association Standing Committee on Ethics and Professional Responsibility8 have released opinions discussing the outsourcing of legal work. All of the opinions have concluded that a lawyer in the US can outsource legal work and at the same time satisfy his or her ethical obligations. Arguably the opinion that carries the most weight is the one released by the American Bar Association in August 2008, Opinion 08-451. One novel point about the ABA Opinion, as opposed to those by the individual bar associations, is the noticeably conciliatory tone utilized with regards to outsourcing both generally and specifically within the legal profession. At page 2 the Opinion comments:

The outsourcing trend is a salutary one for our globalized economy.

It is the Digest to the New York Opinion, however, that most succinctly consolidates the major ethical issues for consideration:

A New York lawyer may ethically outsource legal support services overseas to a non-lawyer, if the New York lawyer (a) rigorously supervises the non-lawyer, so as to avoid aiding the non-lawyer in the unauthorized practice of law and to ensure that the non-lawyer’s work contributes to the lawyer’s competent representation of the client; (b) preserves the client’s confidences and secrets when outsourcing; (c) avoids conflicts of interest when outsourcing; (d) bills for outsourcing appropriately; and (e) when necessary, obtains advance client consent to outsourcing.

While individual states may reference their own particular rules of conduct, there is sufficient overlap among the states that, for the purposes of understanding a lawyer’s ethical obligations when outsourcing legal work overseas, reference to the MRPC is often sufficient. It is beyond the scope of this paper to explore in detail each and every bar association opinion, together with each individual state’s rules of conduct. This paper will, however, attempt to provide a broad level of oversight into some of the most crucial areas of concern while highlighting the relevant rules.

Avoiding aiding and abetting the unauthorised practice of law

The defining genuine, as opposed to perceived, ethical issue associated with the LPO industry is the problem of the unauthorized practice of law (UPL) by individuals not qualified to practice law in a particular jurisdiction, and the associated aiding and abetting of UPL.

The MRPC at 5.5 (a) states:
A lawyer shall not practice law in a jurisdiction in violation of the regulation of the legal profession in that jurisdiction or assist another in doing so.

The reasoning behind UPL is that “limiting the practice of law to members of the bar protects the public against rendition of legal services by unqualified persons.”9

In its Initial Draft Proposal, the Commission concluded that it was important to make the point explicitly in proposed Comment [1] to Model Rule 5.5 that 5.5 (a) applied not only to a lawyer’s own actions but also his or her actions when assisting another.

For example, a lawyer may not assist a person in practicing law in violation of the rules governing professional conduct in that person’s jurisdiction.

The key determining issue pertains to what is classified as the practice of law and, if an activity would otherwise be considered as the practice of law, what safeguards and procedures are put in place, if any, to negate the possibility that the LPO employees are engaged in UPL. For the purposes of discussion in this paper as mentioned earlier, the assumption is that the “legal work” being outsourced is of a substantive rather than an administrative nature, hence viewed as the practice of law in the normal course of events.

The opinions all conclude that outsourcing legal work overseas does not constitute aiding and abetting the unauthorized practice of law where the outsourcing lawyer enacts an appropriate degree of supervision. The necessity to supervise is analogous to the duty owed when delegating work to a paralegal. The necessity to supervise remains in place irrespective of the degree of seniority and level of experience of the lawyers located offshore or in another jurisdiction employed by the LPO entity. The New York Bar Opinion comments that the New York Code of Professional Responsibility describes both a foreign lawyer not admitted to practice in New York or in any other US jurisdiction and a layperson as “non-lawyers.”

The Commission offered further guidance in the proposed Comment [4] to Model Rule 5.3 relating to where the responsibility lies for the monitoring of non-lawyers in the specific scenario whereby a corporate client instructs its outside counsel to use the services of a particular LPO provider.

Where the client has chosen or suggested a particular nonlawyer service provider outside the firm, the lawyer or law firm ordinarily should consult with the client concerning the allocation of responsibility for monitoring as between the client and the lawyer or law firm.

The Commission made it clear that the choice of the word “monitoring” was intentional. Even when the corporate client has chosen and instructed the LPO provider, outside counsel may have a duty to be aware of how the LPO provider is performing. The nature of the tripartite relationship between law firm, in-house counsel and LPO provider has been the focus of much debate by the Commission. Unfortunately, while this additional comment is welcome it does not, in my opinion, go far enough. Guidance on when the burden to provide direct supervisory authority shifts from outside to in-house counsel, if at all, based on the nature of the engagement would be welcome. Irrespective of this additional recommendation to consult regarding responsibility for monitoring, this does nothing to detract from the formal necessity to supervise the work of the non-lawyer to ensure that the non-lawyer is not engaged in the unauthorized practice of law.

The outsourcing lawyer should establish practices and procedures for the supervision of offshore legal support that are adaptable and compensate for the physical separation, time zone differences, and any differences in legal systems and legal education and training. There is no all-encompassing checklist of steps to take to avoid aiding and abetting UPL; however, it is recommended that the outsourcing law firm become sufficiently familiar with the professional training of the LPO company’s employees, participate in the training program specifically as it relates to relevant legal and ethical rules, and establish regular communication practices to ensure that the LPO employees have reasonable access to supervising lawyers in the outsourcing law firm.

The physical degree of separation inherent in the offshore outsourcing relationship may make this act of supervision somewhat more difficult from a practical perspective. The outsourcing lawyer should undertake appropriate due diligence to determine the competence of the legal outsourcing company in performing the desired services. Proactive steps that can be taken in terms of supervision include reviewing communications between and among the outsource provider, attorney and client and instigating a defined protocol for quality checking of assignments. Work with your chosen LPO provider to create a documented, defensible process, which if necessary, can be referenced in a court of law as evidence that an appropriate system of supervision was in place.

The crucial issue is that, at all times, the US attorney retains ultimate responsibility for the outsourced work and is subject to the particular state bar acts and rules of professional conduct relating to violation of professional responsibilities.

Ensure that the outsourcing company assists a California Attorney in practicing law, NOT the other way around.10

Competent representation

MRPC 1.1 A lawyer shall provide competent representation to a client. Competent representation requires the legal knowledge, skill, thoroughness and preparation reasonably necessary for the representation.

Taking the opinions as a whole, they are useful in that they provide an extended checklist, paraphrased below for US attorneys contemplating outsourcing legal work overseas. Adherence to the below list helps ensure compliance with the duty competently to represent one’s client. The below list, however, is neither all-encompassing nor compulsory in each and every outsourcing situation.

• Conduct reference checks.
• Investigate the background of the lawyers, non-lawyers and service provider.
• Interview the principal lawyers involved in your matters and assess their educational background.
• Inquire into the LPO company’s hiring practices to evaluate the quality and character of the employees likely to have access to client information.
• Investigate the security of the provider’s premises and computer network.
• Conduct a site visit.
• Assess the country to which services are being outsourced for its legal training, judicial system, legal landscape, disciplinary system and core ethical principles.
• Disclose the outsourcing relationship to the client and obtain informed consent.

The San Diego Opinion references a useful hypothetical scenario whereby a small law firm takes on a complex intellectual property dispute in the San Diego Superior Court. The law firm has limited experience in intellectual property litigation. The law firm then contracts with a fictional India-based LPO company, Legalworks, to undertake substantive legal support work associated with the case. Although Legalworks’ particular area of expertise lies in the field of intellectual property, in questioning whether this satisfies the duty to act competently the Opinion comments that:

…nor does procuring work product from a firm experienced in American intellectual property litigation fulfill the attorney’s duty to act competently. To satisfy that duty, an attorney must be able to determine for himself or herself whether the work under review is competently done. To make such a determination, the attorney must know enough about the subject in question to judge the quality of the work.

It is clear that, to satisfy the duty of competently representing one’s client, a US lawyer engaging an LPO provider cannot rely on the LPO provider to evaluate its own work product and must himself be able critically and independently to evaluate the work product received.

The Commission proposed further guidance to assist lawyers in complying with their duty to competently represent their client with additional Comment [6] to Model Rule 1.1 “Retaining or Contracting with Other Lawyers.” The most relevant sections are detailed below:

Before a lawyer retains or contracts with other lawyers outside the lawyer’s own firm to provide or assist in the provision of legal services to a client, the lawyer should ordinarily obtain informed consent from the client and must reasonably conclude that the other lawyers’ services will contribute to the competent and ethical representation of the client. See also Rules 1.2 (allocation of authority), 1.4 (communication with client), 1.5(e) (fee sharing), 1.6 (confidentiality), and 5.5(a) (unauthorized practice of law). The reasonableness of the decision to retain or contract with other lawyers outside the lawyer’s own firm will depend upon the circumstances, including the education, experience and reputation of the nonfirm lawyers; the nature of the services assigned to the nonfirm lawyers; and the legal protections, professional conduct rules, and ethical environments of the jurisdictions in which the services will be performed, particularly relating to confidential information. When using the services of nonfirm lawyers in providing legal services to a client, a lawyer also must reasonably conclude that such services meet the standard of competence under this Rule.

Although the above proposed new comment references the retaining of and contracting with other “lawyers,” and we have already established that the individuals working within LPO providers to all intents and purposes are to be viewed as “non-lawyers,” the guidance contained therein still holds true. This is because in a further proposed additional comment to rule 5.3 “Responsibility Regarding Non Lawyer Assistance,” the Commission states that lawyers with managerial authority must make reasonable efforts to ensure that:

…nonlawyers within or outside the firm act in a way compatible with the Rules of Professional Conduct. See Comment [6] to Rule 1.1 (retaining lawyers outside the firm).

It is clear that the intent of the Commission is that the guidance detailed above in the proposed Comment to Rule 1.1 be applied not only to the outsourcing of legal work to lawyers, but also non-lawyers, that is LPO providers.

Duty to disclose

a) If Client Confidences and Secrets are to be Disclosed MRPC 1.6 Confidentiality of Information (a) A lawyer shall not reveal information relating to the representation of a client unless the client gives informed consent, the disclosure is impliedly authorized in order to carry out the representation or the disclosure is permitted by paragraph (b).

The outsourcing lawyer in virtually all instances will be under a duty to disclose the nature of the outsourcing relationship to his or her client. If any client confidential information is to be disclosed then the client must be informed. The implied authorization Rule 1.6(a) relates to the disclosure of client confidential information within a law firm. The ABA Opinion comments that where the relationship between the firm and the individuals performing the services is attenuated, as in a typical outsourcing relationship, no client confidential information may be revealed without the client’s informed consent. It is difficult to envisage a legal outsourcing engagement that does not involve client confidential information, and thus in each and every situation it is recommended that the client provides informed consent.

b) If Client “reasonably expects” work to be performed in-house

The San Diego Opinion indicates that the duty to inform the client is determined by the client’s reasonable expectation as to who will perform those services.

If the work to be performed by the legal process outsourcing provider is within the client’s “reasonable expectation under the circumstances” that it will be performed by the initially instructed US attorney, the client must be informed when the service is “outsourced.” Conversely, if the work is not such that it is within the client’s reasonable expectation that it will be performed by the attorney, the attorney is not necessarily required to inform the client of the arrangement.

Unfortunately, this is an overly simplistic and static view of the attorney-client relationship and the ever-changing world of legal support services. Clearly, at this current juncture, the drafting of complex motions and pleadings on a particular case or the provision of premium legal advice comes within the ambit of a client’s reasonable expectations that the work would be performed by their instructed attorney. However, the Opinion only considers the here and the now. A client’s “reasonable expectations” are not static, immovable or unchanging over time. The legal industry now operates in a global marketplace and clients are increasingly sophisticated and accepting of the concept of globalization. A client’s reasonable expectations today will be vastly different tomorrow. Within a very short period of time, it is conceivable that this argument will become, to an extent, redundant. Soon, a client’s only “reasonable expectation” may be that the quality and confidentiality of the work-product is maintained by whoever completes it, wherever he or she may be. As the legal profession continues along its evolutionary journey towards commoditization, particularly for certain process-driven legal tasks such as document review or the large scale review of documents for an M&A due diligence, we may soon reach the day when a client’s reasonable expectations will be that work-product should be outsourced to the most efficient and cost-effective provider.

c) If Cost of Engagement is Marked Up

The Ohio Opinion discusses the current modus operandi within law firms of engaging with and subsequently marking up the cost of domestically based contract attorneys, and the lack of disclosure of this practice to clients. According to the Supreme Court of Ohio, disclosure, consultation and informed consent is not necessary when a law firm engages a contract attorney in a situation when, for example, a sudden illness of an employee requires a temporary replacement who functions as an employee of the law firm. The Opinion states:

Outside this narrow circumstance, disclosure, consultation, and consent are the required ethical practice.

Although the Ohio Opinion does not reference the common practice of engaging domestic contract attorneys for large-scale document review projects, as I interpret it, that would not fall within the “narrow circumstance” detailed above. In any event, if a US lawyer engages an LPO provider and wishes to charge anything other than the basic cost of the services then, according to the Ohio Opinion:

…if any amount beyond cost is added…The decision must be communicated to the client preferably in writing, before or within a reasonable time after commencing the representation…

The ABA Opinion states that when engaging contract lawyers you can mark up:

In Formal Opinion No. 00-420, we concluded that a law firm that engaged a contract lawyer could add a surcharge to the cost paid by the billing lawyer provided the total charge represented a reasonable fee for the services provided to the client…In the absence of an agreement with the client authorizing a greater charge, the lawyer may bill the client only its actual cost plus a reasonable allocation of associated overhead, such as the amount the lawyer spent on any office space, support staff, equipment, and supplies for the individuals under contract.

The crucial words are “in the absence of an agreement authorizing a greater charge.” Clearly, if the outsourcing attorney wishes to mark up the cost of outsourced services then there must be prior consent on the part of the client.

Protecting client confidences and secrets

The Ohio Opinion comments:

Client confidentiality is a hallmark of the attorney client relationship.

The San Diego County Bar Association Ethics Opinion 2007-1 states that an additional duty of an attorney who outsources work, whether within the US or abroad, is to “maintain inviolate the confidence, and at every peril to himself or herself, to preserve the secrets of his or her client.” (See California Business & Professions Code section 6068(e).)

The New York State Unified Court System’s Rules of Professional Conduct at Rule 1.6 imposes a duty on a lawyer to preserve the “confidential information” of its clients. Under Rule 1.6, “confidential information” consists of “information gained during or relating to the representation of a client, whatever its source, that is (a) protected by the attorney-client privilege, (b) likely to be embarrassing or detrimental to the client if disclosed, or (c) information that the client has requested be kept confidential.”

This additional duty to protect client confidences and secrets extends beyond the requirements as set out in MRPC Rule 1.6(a), and compels the outsourcing attorney to take proactive steps to ensure the preservation of client confidential information.

The San Diego Opinion comments on one unfortunate example of a breach of confidentiality involving an outsourced project subcontracted to India. There, the subcontractor threatened to post confidential patient records on the Internet unless the UC San Francisco Medical Center retrieved money owed to the subcontractor from a middleman.

Attorneys need to carry out their own research into the confidentiality and security safeguards that the LPO company with which they are contemplating contracting has in place. Ensuring that potential providers’ internal information and facility security procedures meet the stringent standards imposed by the aforementioned organizations assists in compliance with this additional duty. Proactive steps can include requiring potential providers to demonstrate compliance with and/or certification by independent facility and security auditing bodies, such as SAS 70, IS0 27001, HIPAA or EU Safe Harbor. The US-EU Safe Harbor, for example, is a streamlined process for US companies to demonstrate compliance with the EU Directive 95/46/EC on the protection of personal data. Intended for organizations within the EU or US that store customer data, the Safe Harbor Principles are designed to prevent accidental information disclosure or loss.

The master services agreement (MSA) with the LPO company should specifically address the issue of client confidential information. One area worth highlighting particularly in reference to an LPO engagement relates to the issue of subcontracting, a practice not uncommon within the LPO world. Taking into account that in virtually all legal outsourcing engagements client confidential data will be involved, subcontracting should be prohibited or subject to stringent approval requirements in the MSA.

Avoiding conflicts of interest

The New York Opinion comments that New York Lawyers’ Code of Professional Responsibility at DR 5-105(E) requires a law firm to maintain contemporaneous records of prior engagements and to have a system for checking proposed engagements against current and prior engagements.

Discussing the engagement of an LPO provider and the associated conflict of interest checking requirements, the Florida Opinion confirms agreement with the conclusions reached in the Los Angeles Opinion, which states:

[T]he attorney should satisfy himself that no conflicts exist that would preclude the representation. The attorney must also recognize that he or she could be held responsible for any conflict of interest that may be created by the hiring of Company and which could arise from relationships that Company develops with others during the attorney’s relationship with Company.

The outsourcing law firm/legal department should ask the LPO provider about its own conflict checking procedures and about how it monitors work performed for other clients. The outsourcing law firm/legal department should also ask the LPO provider whether it is performing or has performed services for any parties adverse either to the firm’s clients or to the corporation itself. Furthermore, the outsourcing law firm/legal department should seek assurances that the individuals within the LPO provider performing the legal support service have never previously performed nor are currently performing services for any parties adverse to the lawyer’s client or the corporation. To assist in fulfilling this obligation, it is highly recommended that the outsourcing lawyer develop a conflict-of-interest questionnaire for utilization in situations where he or she wishes to outsource work either domestically or offshore. The MSA between the parties should make as a requirement of any retention of the LPO company the satisfactory completion of the conflict-of-interest questionnaire.

One as yet unresolved difficulty within the LPO industry is that it is commonplace for employees to sign comprehensive non-disclosure and confidentiality agreements with their LPO employers. This raises an issue with potential lateral movement across the LPO industry to other providers. Subject to their confidentiality agreement with previous employers, candidates may be unwilling to disclose pertinent information pertaining to previous client engagements. One possible solution is for the outsourcing law firm/legal department seeking to engage these resources to identify a “hot list” of potential conflicts, and the concerned employees can indicate in general terms as to whether any of the listed clients raise possible conflict concerns.

Billing for outsourced legal support

MRPC 1.5 (a) A lawyer shall not make an agreement for, charge, or collect an unreasonable fee or an unreasonable amount for expenses.

The issue of how to bill appropriately for outsourced legal support services has not been determined definitively as yet. There is consensus across the ABA and individual state bar association opinions that a simple pass-through of the cost of the services together with appropriate billing for supervision and overhead is permissible. However, the issue of whether a reasonable markup of the cost of the outsourced support is allowed warrants further debate.

The Ohio Board comments:
The most straightforward approach…may be for a lawyer or law firm to bill the client for the outsourced services as an expense based upon the actual cost of the service to the law firm, with an adjustment if necessary to cover a lawyer or law firm’s costs of supervision of the outsourced services.

The determination as to whether to bill for outsourced services as an expense (plus cost of supervision) or as part of legal fees, is according to the Ohio Board:

…left to a lawyer’s exercise of professional judgment.

In Formal Opinion No. 00-42011, the ABA concluded that a law firm that engaged a contract lawyer could mark up the cost provided that the total charge represented a reasonable fee for the services provided to the client.

As dealt with earlier in the discussion surrounding the outsourcing attorney’s duty to disclose, “In the absence of an agreement with the client authorizing a greater charge…” (ABA 08-451), no markup is permissible. This implies that, in the presence of such an agreement, the question reverts back to simply whether the fee is reasonable pursuant to rule 1.5 MRPC.

Whether billing as an expense or as part of legal fees, the overarching requirement identified by the ABA is that the fee charged should not be unreasonable and must be in keeping with the general requirements of Rule 1.5, as set out below:

1.5 (a) A lawyer shall not make an agreement for, charge, or collect an unreasonable fee or an unreasonable amount for expenses. The factors to be considered in determining the reasonableness of a fee include the following:

 (1) the time and labor required, the novelty and difficulty of the questions involved, and the skill requisite to perform the legal service properly;
 (2) the likelihood, if apparent to the client, that the acceptance of the particular employment will preclude other employment by the lawyer;
 (3) the fee customarily charged in the locality for similar legal services;
 (4) the amount involved and the results obtained;
 (5) the time limitations imposed by the client or by the circumstances;
 (6) the nature and length of the professional relationship with the client;
 (7) the experience, reputation, and ability of the lawyer or lawyers performing the services; and
 (8)  whether the fee is fixed or contingent.

Rule 1.5 is clear that not only shall a lawyer not charge or collect an unreasonable fee, they shall not “make an agreement” for one. There is no definitive answer as to what level of markup agreed to between a client and attorney would be considered as unreasonable. However, while the overhead costs involved in an LPO engagement are clearly less than those associated with the law firm’s own employees, they are certainly not non-existent. In addition, there are other forces at play that justify a degree of markup. The engagement itself will no doubt be covered by the outsourcing law firm’s own malpractice insurance policy. In ensuring compliance with ethical obligations, the outsourcing lawyer will have gone through a rigorous due diligence and selection process in determining their choice of LPO provider. Depending on the nature of the relationship between the law firm and the LPO provider there may be IT, HR, litigation support and other ancillary overhead costs associated with the successful maintenance of the relationship. In addition, there is the layer of supervision and project management that the firm will wish to have in place to govern the relationship. The available advice pertaining to the instruction of domestically based contract attorneys in no way implies that the firm cannot profit in any way from such an engagement when undertaken domestically, and the position is not substantially different when going offshore. The only difference is the degree of markup considered reasonable.

A separate yet related point, and one worthy of debate, is whether there is a valid argument that, given the requirement set out above not to charge an unreasonable fee, whether a US law firm is under a duty at the very least to inform their clients of the “offshore” LPO option for certain routine, commoditized legal tasks, such as first pass document review.

If one works with the premise that offshore first pass document review is significantly more cost-competitive and also comparable in terms of productivity and quality, then if one doesn’t inform a client that conducting first pass document review offshore is an option, how does this sit with one’s ethical obligation set out in the MRPC at Rule 1.5 not to charge or make an agreement for an “unreasonable fee”? Is it reasonable to assume that billing anything approaching AmLaw 200 junior associate hourly rates for first pass document review could be deemed to be “an unreasonable fee,” given “the time and labor required, the novelty and difficulty of the questions involved, and the skill requisite to perform the legal service properly?” This question warrants further debate.

Malpractice insurance and LPO errors and omissions

It is incumbent upon US law firms and lawyers carefully to review the coverage and any associated limitations on their professional liability insurance. If the policy does not cover the instruction by the firm of temporary attorneys or non-lawyers, subject to adequate supervision by the firm’s own lawyers, then in the event of an error or omission on the part of an LPO employee the firm will not be covered.

Many malpractice insurance policies provide coverage to law firms for the acts and omissions of domestically engaged contract attorneys and will not preclude coverage based on a firm’s engagement of foreign lawyers through an LPO provider. However, this can be easily and quickly clarified by addressing the issue with the insurer directly.

The US lawyer seeking to engage an LPO provider as part of its own due diligence should determine whether the LPO company itself holds sufficient professional liability insurance. The market leaders routinely carry comprehensive liability insurance; however, if one takes a broad snapshot of the LPO provider market and the plethora of smaller companies that have sprung into existence over the last two to three years, many do not.

Export control regulations

Meriting a separate discussion are the legislative barriers in place governing the outsourcing of patent support services overseas. In the US, the Export Administration Regulations (EAR) govern the international dissemination of certain technologies. These restrictions also apply to technology and are not solely limited to tangible goods. Invention disclosures enabling the drafting of patent applications or the undertaking of certain types of patent searches may meet the definition of technology. For the purposes of this discussion, technology is defined in the relevant regulations as “specific information necessary for development, production or use of a product.” (15 CFR 772.1.)

The Bureau of Industry and Security (BIS) is responsible for enforcing and implementing EAR and has regulatory control over a vast array of technologies ranging from “dual-use” items to purely commercial goods.

On July 23, 2008 the USPTO released a notice titled “the Scope of Foreign Filing Licenses.” The notice reminds US patent attorneys and agents that a foreign filing license does not authorize them to send invention disclosures abroad to draft patent applications for eventual filing in the United States.

The most relevant portion of the notice states:

Applicants who are considering exporting subject matter abroad for the preparation of patent applications to be filed in the United States should contact the Bureau of Industry and Security (BIS…)The BIS has promulgated the Export Administration Regulations (EAR) governing exports of dual-use commodities, software, and technology, including technical data, which are codified at 15 CFR Parts 730–774.

Adhering to the BIS regulatory framework is absolutely essential for any organization interested in outsourcing patent support work to a foreign country. The regulations are also applicable to the outsourcing of documentation perhaps pertaining to an intellectual property litigation matter, when the particular documentation falls within the EAR definition of technology. Failure to comply with federal export regulations can result in severe fines and even imprisonment. Items subject to EAR are enumerated on the Commerce Control List (CCL).

The CCL references a list of technologies (covered items) under the export control jurisdiction of the BIS. The CCL contains 10 categories of controlled items:

 Category 0 - Nuclear Materials, Facilities & Equipment (and Miscellaneous Items)
 Category 1 - Materials, Chemicals, Microorganisms, and Toxins
 Category 2 - Materials Processing
 Category 3 - Electronics
 Category 4 - Computers
 Category 5 (Part 1) - Telecommunications
 Category 5 (Part 2) - Information Security
 Category 6 - Sensors and Lasers
 Category 7 - Navigation and Avionics
 Category 8 - Marine
 Category 9 - Propulsion Systems, Space Vehicles and Related Equipment

Following review of the above list, it appears that numerous technical fields fall under the 10 categories listed in the CCL. US lawyers and patent agents engaging the services of an LPO for support in drafting patent applications must:

a. Conduct an export clearance check/invention classification before sending invention disclosures overseas.
b. Seek the necessary clearance from the BIS if the export clearance check/invention classification reveals that the subject matter is a controlled item.

The regulations governing the export of technology and the practical reality of the type of work most frequently outsourced should prevent US law firms and corporations from becoming overly discouraged with the consequences of potential export violations. Only information that is unpublished (not in the public domain) is restricted by US export controls. (15 C.F.R. 734 (EAR) and 22 C.F.R. 120.11 (ITAR).) This means that many patent services and documentation relating to intellectual property litigation can be freely outsourced, even if the technology in question falls within the scope of the EAR. Patent application drafting represents only a tiny percentage of the work currently being outsourced overseas by US law firms and corporations. Invalidity, Freedom to Operate and Landscape searches, together with most novelty searching (subject to appropriate tailoring of the invention disclosure so as not to fall foul of the EAR), can all be freely outsourced, as can issued patent proofreading, file wrapper analysis and competitive research.

UK

Over the course of the past 18 months, the Law Society and subsequently the SRA have turned their attention to LPO. In early 2010 the Law Society established an ad hoc LPO investigatory committee which took evidence from key stakeholders from law firms, in-house legal departments, LPO consultants and LPO providers. The goal was to obtain as broad a perspective as possible and to attempt to formulate guidelines and make recommendations to the SRA. Then in July 2010 the SRA issued its first statement on the subject, commenting:

Where law firms are outsourcing … the SRA’s guidance is that this is allowed on the basis that all relevant rules are complied with (Solicitors’ Code of Conduct 2007) and that the arrangement is made transparent and is agreed with the client.

More recently, in April 2011, the SRA released its long awaited draft handbook which provided further guidance for UK solicitors engaging in legal outsourcing. However, until the official launch of the handbook and formal approval by the Legal Services Board, one must turn to the existing guidance contained in the Solicitors’ Code of Conduct and the relevant obligations set forth therein. The rules affecting outsourcing are detailed in Rules 1-512 and deal with in particular: acting in clients’ best interests, providing a good standard of service, avoiding conflicts of interest, keeping client confidences and supervision.

Rule 4: Confidentiality and Disclosure, 8(f)If you outsource services such as word processing, telephone call handling or photocopying you must be satisfied that the provider of those services is able to ensure the confidentiality of any information concerning your clients. This would normally require confidentiality undertakings from the provider and checks to ensure that the terms of the arrangements regarding confidentiality are being complied with. Whilst you might have implied consent to confidential information being passed to external service providers, it would be prudent to inform clients of any such services you propose to use in your terms of business or client care letters.

Elsewhere, the Law Society model client care letter and accompanying practice note13 at s 4.1.7 indicate that outsourcing should be disclosed and informed client consent obtained, consistent with duty of confidentiality.

Rule 4.1.7 Outsourcing of work

Where you outsource work on client files, there is a risk your outsourced provider may breach client confidentiality. Drawing attention to this risk may mitigate any breach of confidentiality which then occurs, but you still risk a finding of misconduct or inadequate professional service. You should ensure that you have a confidentiality agreement with your suppliers. In your terms and conditions you should: advise the client if the practice outsources work and the type of work it outsources; alert the client to the potential risks in relation to preserving client confidentiality; ask the client to tell you if they object to this practice.

The practice note suggests including in the client care letter a paragraph seeking the client’s informed consent.

For example: Sometimes we ask other companies or people to do [typing/photocopying/other work] on our files to ensure this is done promptly. We will always seek a confidentiality agreement with these outsourced providers. If you do not want your file to be outsourced, please tell us as soon as possible.

One particularly relevant section of the Code of Conduct is Rule 2.02 dealing with Client Care. On reviewing these rules it is apparent that any legal outsourcing arrangement necessitates careful thinking, and disclosure to and consent from the client.

Client care (2)
You must, both at the outset and, as necessary, during the course of the matter:
(a) agree an appropriate level of service; and (b) ensure that the client is given, in writing, the name and status of the person dealing with the matter and the name of the person responsible for its overall supervision; and

In the Guidance notes to Rule 2, it states at 2.02, 19:

The status of the person dealing with your client must be made absolutely clear, for legal and ethical reasons. For example, a person who is not a solicitor must not be described as one, either expressly or by implication. All staff having contact with clients, including reception, switchboard and secretarial staff, should be advised accordingly.

Rule 5 of the Code of Conduct deals specifically with Supervision. There are several references throughout Rule 5 dealing with the requirement to supervise when work is delegated to “unqualified staff.”

The accompanying guidance notes to Rule 5 comment:

8. If certain work is to be done by unqualified staff it may only be done at the direction and/or under the supervision of persons who are allowed by law to do that work themselves.

And:

9. Under the rule… practitioners are responsible for the acts and omissions of all staff, admitted and unadmitted alike. The duty to supervise staff covers not only persons engaged under a contract of service, but also those engaged under a contract for services to carry out work on behalf of the firm, e.g. consultants, locums and outdoor clerks.

Although, as stated above, the SRA’s new handbook is still subject to approval by the Legal Services Board, the new guidance in relation to LPO is significant. In the introduction to the handbook, on page 3, it states:

Although firms now have greater freedom in the way they offer services (e.g. outsourcing certain functions), they may not abrogate responsibility for compliance with regulatory requirements.

Then in chapter 4, dealing with Confidentiality and Disclosure, at Indicative Behaviour 4.3 the SRA advises solicitors:

…you only outsource services when you are satisfied that the provider has taken all appropriate steps to ensure that your clients’ confidential information will be protected…

There is no all-encompassing checklist identifying what these appropriate steps are; however, the below list includes some of the standard safeguards reputable providers should routinely have in place:

• Security measures to protect electronic information (e.g., encryption, malware protection, firewalls)
• Biometric and other security measures to restrict physical access
• Separately demised premises for client engagements
• Video surveillance
• Regular identity checks
• Disabling of USB ports
• Background checks on employees
• Requiring employees to sign confidentiality and non-disclosure agreements
• Monitoring employee computers

However, the guidance from the SRA that has attracted the most press attention is the stipulation in Chapter 7, Management of your Business that states at Outcome (7.10):

…where you outsource legal activities or any operational functions that are critical to the delivery of any legal activities, you ensure such outsourcing…is subject to contractual arrangements that enable the SRA or its agent to obtain information from, inspect the records (including electronic records) of, or enter the premises of, the third party, in relation to the outsourced activities or functions…

The perspective from within the LPO industry is that this close attention from the SRA is a long-overdue acknowledgement that outsourcing has become an integral part of the legal services delivery spectrum. Leading LPO providers routinely open their doors to audits of their premises, both by clients and independent auditing bodies. Adding the SRA to the mix should not in any way be an onerous requirement on the part of the LPO providers. Law firms and LPO providers with existing contractual relationships will want to revisit the terms of these agreements and insert appropriately worded clauses to account for the guidance provided in Outcome 7.10.

I can envisage, however, some practical and logistical difficulties on the part of the SRA in formally performing these referenced record and premises inspections. There are as yet a number of unanswered questions. Is it the intention of the SRA to undertake a “fact finding” trip to India, the Philippines and South Africa to inspect the premises of the leading LPO providers? Will this be a one-off visit or do they intend to perform multiple repeat audits? Furthermore, the Law Society has publicly commented that it takes issue with this part of the Code, believing that this will cause unintended difficulties for its members as it is likely that a range of functions will be caught by the term “critical to the delivery of legal activities”. However, my view is that, taken as a whole, these developments and guidance should ultimately provide clarity and encourage good business practices.

UK data protection export issues

There are specific UK data protection law issues that arise as part of legal outsourcing engagements that affect whether personal data can be exported to India, the Philippines and other offshore destinations. It is beyond the scope of this paper to provide a rigorous examination of the relevant legislation; however, it is important to cover the key points.

The relevant piece of UK legislation is the Data Protection Act 1998 (the Act) which implements in UK law the 1995 EU Data Protection Directive. The Eighth Principal of the Act states:

Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

As far as the export of personal data is concerned, India and the Philippines do not have adequate statutory regimes in place. There are, however, several methods available under the Act by which the requirements of the Eighth Principle can be met and the export of data to India and the Philippines can be permitted. Some of these methods are as a matter of law deemed to be compliant with the Act. Other methods involve making a determination that the approach taken is sufficient to establish “adequacy.” The methods that involve a subjective determination as to their veracity clearly do not provide the same degree of certainty.

The most common approach taken in LPO engagements that involve the potential export of personal data to India or the Philippines is to incorporate into the MSA with the client what are termed the “Model Clauses.” This approach has been determined to be compliant with the Act. The Model Clauses have been approved by both the EU and the UK’s Information Commissioner as sufficient to meet the requirements of the Eighth Principle.

It is further important to note that the Act binds the UK customer (law firm or corporate client engaging in LPO) who, as the person who “determines the purposes for which and the manner in which the personal data is, or is to be, processed,” will be deemed to be a “data controller” under the Act. In virtually all legal process outsourcing arrangements, the LPO provider would be deemed to be a “data processor” under the Act. This distinction is important, because:

• most of the obligations under the Act apply to the data controller, not the data processor, including the core eight data protection principles;
• the data controller is responsible for determining how the personal data should be processed and the data processor must follow the data controller’s instructions; and
• the data controller is responsible under the Act for the data processor’s acts in processing the personal data.

The obligations of the LPO provider are to process personal data in accordance with the instructions of the data controller and to ensure that such processing is carried out with “appropriate technical and organizational security measures.”

Recommended proactive steps an LPO provider should take to ensure compliance with the above include:

• Complying with internationally recognized independent security standards such as ISO 27000.
• Inviting client-appointed, third-party information security auditors to inspect the LPO provider’s operations.
• Appointing an “in-house” data protection officer. This ensures that the client has a single point of contact at the LPO provider.

It is worth noting that on April 13, 2011, India issued new privacy regulations – The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011. These rules govern the collection and use of Personal Information by organizations in India, even if the Personal Information applies to individuals outside of India. At the time of writing, it is unclear how these new regulations will be implemented in practice or what the impact of these new rules will be on India’s standing in the eyes of the EU. However, the introduction of these new regulations may in part be motivated by a desire on the part of the Indian government to create a regime that is viewed as having an “adequate level of protection” in place.

Limitation of liability

An interesting dilemma for UK law firms is whether a firm is able to limit its liability with a corporate client, where the corporate client mandates the utilization of an LPO provider for certain legal functions and contracts directly with the LPO provider. This contractual arrangement is not uncommon practice, particularly in the arena of large-scale document review.

For example, envisage the scenario where a corporate client contracts directly with the LPO company to undertake a “first pass” review of a significant volume of electronic documents, while instructing its outside counsel law firm to undertake a “second level” review and to provide comprehensive case strategy and advocacy.

Both statute (s 60(5), Solicitors Act 1974) and the Solicitors’ Code of Conduct (rule 2.07) restrict a firm’s ability to limit liability to its clients; however, these rules only apply to work that falls within the scope of the client engagement, that is detailed within the retainer agreement. The law firm is perfectly capable of excluding a particular task from the scope of legal services which it has been retained by its client to perform. In this scenario, if a particular task is excluded, the Solicitors Act and Code of Conduct would not apply. It then becomes a risk vs. reward consideration on the part of the corporate client who is free to instruct the LPO provider and outside counsel to undertake distinct and separate legal tasks pertaining to the same matter and to accept that each will be liable for its own work.

The engagement letters must define clearly who is responsible for a particular task. This is where, in practice, difficulties may arise, particularly as in the example stated above where the law firm has been engaged to undertake a “second level” review. The practical reality of a document review engagement is that it is a fluid, iterative process with ongoing communication, deliberation and consultation among the parties. The wording in the retainer agreements of the parties would require extremely careful drafting to ensure the proper allocation of liability.

Furthermore, if the law firm has played a role in the selection or recommendation of the chosen LPO provider, there remains the possibility of a claim for either negligent selection or negligent misstatement. In the scenario where the law firm is performing a second level review of work initially undertaken by the LPO provider, it would appear difficult for the law firm to exclude its duty of care, as it is clearly accepting some responsibility for the work performed by the LPO provider. The law firm could limit the potential for such claims in its terms of engagement with the client by expressly excluding liability in relation to the tasks being performed by the LPO provider. Alternatively, the law firm could require the LPO provider to indemnify it for any loss suffered as a result of the provider’s negligence.

Conclusion

It is apparent on careful consideration of the existing and proposed rules and regulations on both sides of the Atlantic that the rules of compliant engagement are similar in both jurisdictions. Whether within an individual state’s rules of conduct or the ABA’s Model Rules of Professional Conduct or in the UK, the Solicitor’s Code of conduct, ethical rules exist that affect a legal outsourcing relationship. These rules ensure that only a lawyer, licensed in the appropriate jurisdiction, practices law within that jurisdiction. Furthermore, if a legal outsourcing company is engaged to assist in the performance of a legal task, the outsourcing lawyer must ensure that adequate supervision is in place by a lawyer within the firm competent to perform the particular legal task and to evaluate the work undertaken by the legal outsourcing company. In addition, in the UK, as discussed above, there is specific legislation in the form of the Data Protection Act that governs the transfer of data overseas.

As new innovative models for delivering legal services continue to emerge, the legal profession is facing a period of evolutionary change. It is reassuring to those of us living and working within this morphing global legal professional ecosystem that the regulatory bodies on both sides of the Atlantic are giving long overdue attention to these developments. In fact, the concluding remarks of the ABA Ethics 20/20 Commission in their Initial Draft Proposal are also a fitting conclusion to this paper.

The Commission does not intend for its proposals to be the final word on outsourcing. Rather, the Commission believes that continuing study of outsourcing practices is essential, especially given that those practices continue to evolve and new issues continue to arise.

Mark Ross is vice president of leading global LPO supplier Integreon. For more information contact:
Mark Ross (mark.ross@integreon.com)

DISCLAIMER: THIS ARTICLE CONTAINS SUGGESTIONS AND THOUGHTS ABOUT LEGAL ETHICS IN THE FIELD OF LEGAL OUTSOURCING. NOTHING IN THIS ARTICLE SHOULD BE CONSTRUED AS LEGAL ADVICE OR BE INTERPRETED TO ADVANCE A POLICY OR IMPOSE A DUTY OR OBLIGATION. ALL STATEMENTS IN THIS ARTICLE ARE THE OPINIONS OF THE AUTHOR.