All banks rely upon their critical vendors, including law firms that handle sensitive, complicated, and high-risk matters. And yet vendor oversight of law firms has been awkward for all parties involved – fitting square pegs into round holes. We believe opportunities exist to ameliorate this awkwardness and enhance law firm oversight.
Banks should develop standards they expect law firms to follow, particularly with regard to how law firms handle repetitive functions in areas such as the residential lending space. The standards must encompass policies and procedures and regular audits of law firm work. These standards will provide guidance for law firms to follow and form the basis of the testing metrics the bank will use to monitor performance. Additionally, the documented monitoring is evidence that banks can provide regulators to validate the sufficiency of the bank’s oversight functions.
Where law firms fail to meet standards, there must be consequences. Once identified, issues must be remediated and banks must retain evidence that the law firms have corrected the specific issues identified and that they have taken steps to ensure those issues do not reoccur. If significant errors continue to occur, the bank must consider more serious measures, up to and including termination of the attorney-client relationship.
While not every complaint raised by law firms about oversight, is reasonable, some complaints are, and banks are best served when they make an effort to know the difference between the two. For example, banks occasionally request the right to perform direct disaster recovery or information security/penetration tests on law firms. Unfortunately, law firms face ethical challenges to such requests because they cannot risk having the bank access – intentionally or unintentionally – another client’s confidential information. There are many other similar examples, but the overall point is that it is important to recognize that law firms face challenges simply not applicable to other vendors.
There is an inevitable tension between the role of law firms as vendors and as trusted, closely held advisors. Navigating these inherently contradictory characterizations remains a significant challenge. However, by approaching these issues collaboratively, cooperatively, and thoughtfully, a bank and its law firms can develop clear standards and processes that not only meet regulatory expectations, but that provide an important risk management mechanism designed to further enhance the quality of legal services provided by those law firms.
The complete article was originally published in May–July 2020 issue of CeFPro Magazine.