Hello and welcome to the Fides Weekly Update, your guide to this week’s key trends, moves and developments in legal and compliance.
This week features a special report on the cyber attack effecting law firm DLA Piper, and a look into the key findings and recommendations of the FCA’s Asset Management Market Study.
1. Expert Insight: The answers behind DLA’s cyber attack
After DLA employees lost access to computer and phone systems in a ransomware attack that affected organisations worldwide, we’ve spoken with cybersecurity experts to take an in-depth look into what this means for the global law firm and how it will affect the sector as a whole.
The latest ransomware outbreak, labelled Petya, comes only a month after the high-profile WannaCry attack let loose on the NHS. Originating in Ukraine, the virus attacked the country’s state power company and Kiev’s main airport, spreading out to numerous multinational companies across the globe, with some of the biggest names including Cadbury owners Mondelez, advertising giant WPP and pharmaceutical company Merck.
As one of the ransomware’s victims, DLA Piper are under serious scrutiny within the legal industry, particularly given that the firm recently published a nine-step cybersecurity guide following the WannaCry attack last month. Managing director at Crossword Cybersecurity Stuart Jubb has told us that: “In the longer term, this could really implicate the firm’s brand. Questions will asked on how secure their networks are and clients will reconsider whether they want their confidential data stored with their law firm advisers.” To make matters worse, DLA is also the first law firm to have made public a ransomware virus within its systems. However, speaking with an FBI Agent, Bloomberg’s Big Law Business discovered that DLA isn’t the only law firm to suffer a ransomware attack, and that “other law firms have avoided such publicity from such attacks by paying a ransom to hackers.”
This isn’t the first major cyber scandal to surface in the legal sector – Panamanian law firm Mossack Fonseca experienced a massive data breach that led to the Panama Papers scandal and a subsequent investigation into the firm. The type of attack however differed to Petya, and as it was likely carried out by insider with knowledge of its systems, this didn’t offer enough concern for firms to revaluate their strategy for data security. “This week’s attack will certainly have more of an impact to law firm attitudes than the Panama Papers did,” says Jubb. “And the more of these incidents that take place can only help firms take notice and realise that changes need to be made.”
This attack brings to a light a major issue that almost all global law firms face today. Peter Wright, the founder and managing director of DigitalLawUK, describes how office mergers and acquisitions have put firms at risk: “DLA were at risk because they operate under an awful lot of legacy systems, and contrasting infrastructure.” These legacy systems exist because firms are rapidly absorbing new offices, without effectively integrating their IT. “Problems arise because individual parts of the network are more vulnerable than others. You could find a whole city’s offices operating in an entirely different way to another”.
“It’s easier for a law firm to grow through acquisition rather than organically. And this issue isn’t just faced by law firms, Mondelez was also attacked, most likely because they also operate under a patchwork of different systems” Wright explains.
So what are the next steps?
It seems in order to remain protected firms must change their attitude towards security measures. Wright states: “You can’t just throw money at it. Firms change and evolve constantly so it needs be an ongoing effort and strategy rather than a quick fix.”
“There needs to be a shift in internal culture and mindset towards cybersecurity,” says Jubb. “And this can only come from the top down. It’s something that needs to feature on a board’s agenda.”
As cyber attacks continue to target and infiltrate global organisations, law firms must place more importance on their cybersecurity measures. An industry that relies so heavily on confidentiality and data, firms need to ensure that not only are senior management up to speed with the threats they face, but that there is a firm-wide understanding of these risks.
Crossword Cybersecurity is a technology commercialisation company focusing exclusively on the cyber security sector.
DigitalLawUK is a UK Law firm specialising in online, data and cyber law.
2. Findings of the FCA’s Asset Management Study Revealed
Greater transparency on costs, increased competition and greater scrutiny of further investment platforms were the main findings of the Financial Conduct Authority’s final report into the UK asset management sector, released on Wednesday.
The shake-up of the UK’s £7tn investment market was ordered by Britain’s financial regulator in an attempt to stamp out conflicts of interest and restore savers’ trust in the asset management industry, following a two-year investigation into competition issues in asset management.
The set of measures, many of which are yet to be finalised, would make the UK one of the toughest regimes in the world for asset managers to operate as London considers its post-Brexit future
The introduction of an ‘all-in’ fee for retail investors was one of the more controversial reform ideas recommended by the report. This would allow investors to make the best available investment choices (and get best value for money) by including an estimation of trading costs in the final price given to them.
An ‘all-in’ price also addresses concern over weak price competition in the sector, especially amongst active funds who do not necessarily compete on price and can carry hidden costs not always visible.
The FCA are also considering tightening rules around performance fees, which will ensure that portfolio managers are only entitled to additional fees if a fund exceeds its most ambitious performance target. The regulator is also considering penalties for funds that charge performance fees but underperform their benchmarks, better linking fees charged to a fund’s performance.
This sits alongside recommendations to improve governance standards across the sector, with asset management firms ordered to appoint two independent members to their boards. The FCA have also introduced the responsibility for asset managers to consider the value for money that they deliver to investors under the Senior Managers and Certification Regime – due to be applied to investment managers in 2018 – but have stopped short of making this a fiduciary duty.
However, despite concerns about the way the asset management sector operates, the FCA has stopped short of referring the industry to the Competition and Markets Authority, which has the power to enforce business change even without a technical breach of competition law. This has led many commentators to brand the report as ‘too soft’.
Despite this, the regulator is also considering whether any new rules should apply to private equity firms or hedge funds as a result of its investigation. The watchdog has also requested that the government allows it to regulate the powerful investment-consulting industry dominated by Aon Hewitt, Mercer and Willis Towers Watson. These consultants determine how the vast majority of UK pension schemes invest their money, and currently remain largely unregulated.
ICI Global, one of the leading trade bodies for the industry and main lobbying representative in the run up to the final report, responded with overall satisfaction to the final findings encouraging transparency and competition within the fund industry. However, they remain concerned with the analysis and tone of the final report around price clustering and the representation of active funds.
It is needless to say that the findings of the FCA’s asset management study come at a pivotal moment for the investment management industry. Britain quitting the EU has introduced fresh challenges for asset managers, including higher compliance costs, changes to how funds can be sold to non-UK investors and the future rights of foreign workers remaining in the country. At the same time, European countries have stepped up efforts to lure UK-based fund companies to relocate staff to the continent.
ESMA is focused on “Substance” and “Delegation” in a post Brexit European investment market, which will naturally draw fund managers with a large European client base away from the London market. So perhaps it is natural for the FCA to impose changes that will create a more competitive market place but not force Asset Managers to turn their backs on London as their main investment centre just yet.
It will be interesting to see the nature and scope of recommendations, whatever they may be, and the impact this has on the asset management industry through this period of change.
3. Movers & Shakers
Co-head of corporate Anselm Raddatz will serve as the new head of private equity in Germany
Matthias Scholz has been elected the upcoming managing partner for Germany and Austria
A total of six private equity lawyers are set to depart White & Case after co-head of private equity Richard Youle left the firm to Skadden Arps Slate Meagher & Flom.
Finance and restructuring partner Carl Dunton and technology partner Henry Goodwin have both joined PwC Legal in Singapore from Ashurst and Taylor Vinters, respectively.
Corporate partner Haitham Hawashin exits Simmons & Simmons to join Herbert Smith Freehills in its Dubai office
Office openings & Closings
DLA Piper has acquired Tunisian law firm El Ajjeri Laywers and Senegalese law firm GENI & KEBE, which brings its African coverage up to 19 countries.
A 100-lawyer patent prosecution practice spun-out off Ropes & Gray in New York is set to launch in August and looks to open in London afterwards
Mergers & Alliances
Kennedys has acquired Manchester-based Berg & Co, introducing 50 new members to its Manchester office