It’s no secret that lawyers have been stereotyped as evil, stuffy, lying, legalese-spouting, risk-averse ambulance chasers. As the joke goes, “what’s the difference between a lawyer and a catfish?  One’s a scum-sucking bottom dweller, the other’s a fish.”  William Shakespeare’s famous line in Henry VI, Part 2 – “the first thing we do, let’s kill all the lawyers,” found everywhere from t-shirts to Eagles song lyrics – is commonly referenced to bash lawyers. (It was actually meant in the play as praise for lawyers as guardians of justice and keepers of law and order.)

You have an in-house attorney whom you view as a valued business partner.  While having lunch together, you ask him about an employee issue on your team and ask him for a short email summarizing his thoughts.  It can be confusing and frustrating when an hour later he sends you an email laden with designations of “ATTORNEY/CLIENT COMMUNICATION – PRIVILEGED AND CONFIDENTIAL” copying the head of Human Resources; pronouncements of potentially dire consequences for the company if you move forward with firing the employee; requests that you obtain approval from someone higher in your reporting structure; confirmations of something you have already discussed with him in person and said you would do; and warnings about forwarding the email on to others.  What’s going on?  Why do in-house lawyers get so lawyerly sometimes?

First, remember who your in-house attorneys represent.  Their client is the company that employs them – not you, or your supervisor, or management, or the CEO, or the Board of Directors.  (If you have wondered why in-house attorneys can’t advise employees on personal matters such as tax issues, family law issues, real estate issues, and wills & trusts, that’s the reason.)  In most cases in-house counsel can provide legal advice to you about company matters as you are an employee (and representative) of its client, but only where the matters fall within the scope of your official duties. This is why attorneys sometimes remove people from an email thread when they need to provide potentially privileged advice. Unlike many other employees, in-house attorneys must have a valid license in order to practice their craft, and are bound by a detailed code of professional ethics, which includes protecting their clients and their interests.

When outside counsel (attorneys at law firms retained by companies) provide advice to a client, that advice is generally presumed to be legal advice. Legal advice from an attorney to a client is generally considered confidential, and protected from disclosure to third parties, by what’s known as the “attorney-client privilege.” A company has a right to private communications with its legal counsel, and can refuse to disclose attorney-client privileged communications.  Unlike outside counsel, in-house attorneys dispense business advice as well as legal advice, or in some cases just business advice.  Because of this, there is no presumption that advice provided by in-house attorneys to their client and its representatives (employees) is legal advice and therefore protected by the attorney-client privilege.  They have to clearly demonstrate that the advice they are providing is protected legal advice and not unprotected business advice if they hope to assert an attorney-client privilege in the communication.

Additionally, part of an in-house attorney’s central role within a company is risk management.  Whether explicit or implicit in a Legal department’s mission statement, part of their job is to facilitate the company’s business objectives while at the same time managing risk to within the company’s stated risk tolerance level.  As I explained in my Risk Management 101 blog entry, any risk management decision comes down to some combination of accepting, mitigating, shifting, or avoiding risk.  To ensure risk is properly managed, in-house attorneys strive to ensure that business decision-makers understand the pros and cons of a business decision before making a risk management decision.  Lawyers often perform a risk management analysis as part of providing legal advice – they identify the potential risks and benefits of a particular course of action (and provide a suggested or recommended course of action if asked or expected to do so), and identify the person or role who needs to make the risk management decision, so that decision-maker can make an informed risk management decision on what to do about the identified risks.

Protecting the attorney/client privilege and managing risk while facilitating business objectives are the two primary reasons why in-house lawyers get “lawyerly” at times – they are doing their job representing and protecting the company and its interests while driving business forward.  When an in-house attorney provides legal advice, he/she “puts on their legal hat” and may seek to preserve attorney-client privilege in the advice to prevent its disclosure in later litigation or other proceedings, which could hurt the client.  This is why legal advice from an in-house attorney is clearly marked as being attorney-client privileged, why attorneys limit the number of recipients on emails or memos containing potentially privileged advice, and why in-house attorneys sometimes state that the email or memo should not be forwarded without their permission. If an in-house attorney formally asks you to do something in an email or memo that you have already discussed with them, this too is to help preserve privilege by ensuring you are acting at the direction of or under the supervision of counsel.

With respect to the legal advice itself, the attorney’s email may seem like “doom and gloom” by pointing out the risks (as well as the benefits) of a course of action, but the role of in-house counsel is not to accentuate the positive and eliminate the negative – our job is to facilitating the company’s business objectives while managing risk.  A good attorney does not say “yes” or “no” to a particular course of action (unless it’s illegal of course), but instead points out all the material pros and cons, provides an opinion if asked, and then lets the appropriate decision-maker call the ball on what to do about the risk.  In-house attorneys strive to ensure that decision-makers are making informed business risk management decisions based on a solid analysis of the pros and cons, not a quick decision based only on the potential benefits of doing (or not doing) something.

The next time your in-house lawyer starts sounding more lawyerly than normal, there’s likely a good reason they’re doing it — so suppress that urge to follow Shakespeare’s suggestion.

“We want to start selling our [app/product/service] in Canada,” says your Digital business executive.  “Any legal problems we should know about?”   Selling an app, product or service in Canada can seem like an easy way for a US company to expand the market for, and revenues generated from, something developed for the US market.  However, there are a number of considerations to consider, both from a legal and business perspective.  Some of them include:

• Localize for the Canadian Market. As an American, I imagine that Canadians can easily tell whether a product is one designed for the US market being offered in Canada, or is one designed for the Canadian market.  Apps, websites, and services should be localized for the Canada market.  Canadian English is different than US English, and localization something that should not be overlooked.  If there is address information collected or displayed through an app or corresponding website, they should support provinces, Canadian postal codes, etc.  Localization is more than just translation; the app, website or service should be reviewed (ideally by one or more Canadian employees) to identify any pages, language, or content that may need adjusting for a Canadian audience.

• Bilingual Requirements. The official language of Quebec is French, and many other provinces recognize both English and French as official languages. Websites (and apps) in Quebec are required to be bilingual.  Even without that requirement, it’s a good idea for websites and apps to be bilingual in Canada given the significant number of French Canadian speakers in the country.  Consider translating your license/services agreement and policies into French.  If you make your agreements bilingual, consider using a “dual-column” format so the English and French versions appear next to each other.  Ensure any bilingual agreements contain a provision stating that the parties agree that controlling version of the agreement shall be in the English language.

• Data Privacy.�From a legal perspective, Canada has a much more stringent national data privacy law than the US does.  Under Canada’s national data privacy laws, affirmative consent is generally required by consumers for a company to process personal information from Canadian consumers. Many provinces have their own privacy laws for private entities and public bodies. In addition, certain provinces also have provincial data privacy laws that can impact US companies.  For example, British Columbia’s data privacy law governing public bodies prevents any public body in BC from using a cloud-based service that stores data outside of Canada. (This law dates to 2004 and was a backlash against US government access to data under the USA PATRIOT Act of 2001.)  While many BC entities, such as schools, have complained about this law, it’s still on the books in British Columbia.

• Marketing Communications. In addition, sending commercial electronic messages can be trickier in Canada due to a more complex Canadian law called CASL (Canada’s Anti-Spam Law) that governs commercial electronic messages (not just emails).  We’d want to look at that to see if it had an impact.  For more information, see my earlier post on preparing for CASL compliance.

• Branding and IP. Companies should look at their branding, trademarks, and other IP used in or in connection with their app, websites, and services.  US trademark registrations don’t help in Canada if someone else is already using an identical or similar brand name in Canada. Dropping your US-branded app into the Canadian market could result in a cease-and-desist letter, or a lawsuit brought in Canadian courts. Patent protection in the US are not enforceable in Canada; you’d need to file Canadian registrations to obtain similar protections.

• Other Considerations. Other considerations include looking at whether there are any export requirements or restrictions on exporting your product to Canada; whether NAFTA (the North American Free Trade Agreement) comes into play if there are any physical goods being sent to Canada; and ensuring you are complying with any local, provincial, or national tax requirements that may apply.

Before moving on up north, business teams should consider performing a cost/benefit analysis of the potential ROI of entering the Canadian market, evaluating these and other factors, to determine if adapting an app, website and/or service to the Canadian market is a sound business decision.

Bankruptcy is boon to debtors in trouble, and a pain for creditors of those debtors.  You provide goods or services to a company only to find that their receivable is noncollectable once that company enters bankruptcy, and if you’re lucky if you receive cents on the dollar on the amount owed.  However, preference payments can sting even worse.  This blog entry gives an overview of preference payments and the common defenses.

Section 547 of the Bankruptcy Code allows a bankruptcy trustee (or a debtor-in-possession under Chapter 11) to “recapture,” or invalidate, payments made by the debtor for the benefit of a creditor during the 90 day period prior to the date the bankruptcy petition was filed (the “preference period”), regardless of whether the debtor received anything in return for the payment.  This is called a “preference payment,” so named because one of the goals of bankruptcy is to promote equality of distribution of assets to similarly-situated creditors, and to prevent a debtor from paying off its preferred creditors before filing for bankruptcy leaving basically nothing for the other creditors. There are certain requirements for a preference payment, e.g., that the payment was for an “antecedent” debt (the payment to the creditor followed provision of the goods and services to the debtor), and that the payment was made when the debtor was insolvent (there is a presumption of insolvency during the 90-day preference period).

Once a bankruptcy is filed, the trustee will often look at payments made by the debtor during the preference period, and will send demand letters (or complaints) seeking repayment of the alleged preference payments from creditors. These are the letters and court actions that vex many companies.  In some cases, repaying the alleged preference payment is more economical to a company than fighting it out with the trustee, resulting in attorneys’ fees and distractions for internal personnel.  However, companies can, and often do, fight back against preference payment recapture demands.  The Bankruptcy Code includes a number of defenses to a trustee’s attempted recapture of preference payments.  The three most common of these are:

• Ordinary Course of Business Defense.  Under Section 547(c)(2) of the Bankruptcy Code, if a payment was made in the “ordinary course of business,” the recipient of the payment can avoid the obligation to return the payment.  (The reasoning for this is that if a payment was made in the ordinary course, there’s nothing preferential about it.)  A payment was made in the “ordinary course of business” if the creditor can prove (it has the burden of proof here) that the alleged preference payment was made either (a) consistent with the parties general business practices, such as the parties’ course of dealing; amount, timing and circumstances of previous payments; and contractual terms (the “Subjective Test”), or (b) consistent with common industry practice (the “Objective Test”). If you don’t have a payment history, you may not be able to use this exception. A trustee will likely give greater credibility to contractual terms where there’s a long history between the parties.  If that doesn’t exist, look to the actual payment history, not just the contractual terms.  The more consistency you have in your accounts payable practices with your partners and suppliers and the less “one-off” exceptions you allow, and the farther back your history goes, the easier it will likely be for you to claim the ordinary course defense. Good record-keeping is essential here.  It’s unclear whether payments made pursuant to an installment plan would be considered made in the ordinary course of business.

• Contemporaneous New Value Defense.  Under Section 547(c)(1), if a payment by the debtor is substantially contemporaneous with the provision of “new value” by the creditor, the party receiving that payment can avoid the obligation to return the payment.  If the payment is essentially offset by new value contemporaneously provided to the debtor, the debtor’s estate is unaffected and thus there just a payment (but not a preferential payment).  A good example of this is a purchase of goods by check or cash – if the debtor paid $1,000 by check and received $1,000 in office supplies on a one-off purchase, the contemporaneous new value of office supplies received by the debtor offsets the $1,000 payment to the creditor.  To assert this defense, you must demonstrate (1) that the parties intended for the exchange of payment for value to be contemporaneous; (2) that the exchange was in fact contemporaneous; and (3) that the exchange was for new value.  If you’re concerned that a vendor may be in financial trouble, one approach is to restructure payment terms to provide for contemporaneous exchanges to better enable you to assert this defense later on.

• Subsequent New Value Defense.  Under Section 547(c)(4) of the Bankruptcy Code, if following receipt of a preference payment a company provides new value to the debtor in the form of subsequent goods or services during the preference period, the amount of that “new value” can offset the corresponding amount of a prior preference payment.   For example, if you receive a preference payment of $10,000 sixty days prior to bankruptcy, and provide new services valued at $6,000 thirty days prior to bankruptcy (for which you do not receive another payment prior to bankruptcy), the $10,000 preference payment is offset by the $6,000 in new value, leaving a remaining preference amount of $4,000.  Credit cannot be carried forward; if there is a new payment in any amount after new value is provided but before the bankruptcy filing date, the new value is extinguished for the purposes of this defense.  This defense primarily differs from the contemporaneous new value defense in that the new value is not contemporaneous with the alleged preference payment.

One other important defense to consider is that it’s only a preference payment if made in the preference period.  For any payments made close to the 90-day mark, it may be worth a careful review of when the payment was received. In a number of courts, a “date of delivery” rule is used when determining the date of a payment for preference purposes.  Also note that for insiders of the debtor, the preference period is 1 year.

Two closing thoughts.  The possibility of recapture of preference payments shouldn’t automatically preclude you from doing business with companies which may not be fully financially stable – it’s often better to have the money and have to potentially return it than to never have it at all.  Finally, there are a lot of additional nuances to dealing with preference payment claims and litigation – consider talking with bankruptcy counsel to ensure you know your rights and defenses.

Risk management is, whether actively or passively, an ongoing process at all levels of an organization, one that can lead a company down the path to prosperity or ruin.  Any time someone asks, out loud or to themselves, “What if…,” “That could mean…,” “That might cause…,” “Have we considered…,”, or the like, they’re engaging in risk management.  Attorneys, whether in-house or in private practice, practice risk management in their daily activities – the core of our job is to facilitate our client’s business objectives while managing legal risk (attorneys are often viewed as the “de facto” risk management group within an organization).  Moreover, effectively managing risks can be a lot more difficult in practice than it sounds in theory. Fostering a culture throughout an organization that embraces, rather than shies away from, risk management (understanding what potential risks are, being able to identify them, knowing who should make risk management decisions, and making reasoned decisions) is critical to the success of any company.

At its core, “risk management” in the business and legal context can be defined as “the process of identifying, analyzing, and determining how to handle risks that may result from a proposed course of action or inaction.”  In other words, it’s the process of weighing both the positive and negative consequences from any particular course of action in making business and legal decisions. I use the following in my business discussions to summarize the importance of good risk management practices:  “It’s much easier to stop a snowball from rolling the wrong way while it’s still at the top of the hill.”

There are four core parts of risk management – (1) understanding what “risks” need to be managed, (2) identifying manageable risks during day-to-day business activities, (3) determining who makes risk management decisions, and (4) making risk management decisions.  I’ll save a detailed analysis of each for a broader article, but provide an overview and some basic guidance here.

Understanding the risk.  Risk management isn’t “avoiding all risk” – risk is an important part of business.  (There is an old AIG slogan – “the greatest risk is not taking one.”)  The trick is to manage risk to a level acceptable to the company.  Every company has a different tolerance for risk – e.g., start-ups may be willing to take more risk than a well-established company. Understanding what risks must be managed and an appropriate risk tolerance level is something that senior management (with the advice and guidance of internal or external attorneys) must determine, and must re-evaluate over time as the company grows and changes. The main types of risks that companies face on a day-to-day basis are (1) revenue risks (getting the business versus lost opportunity); (2) precedent-setting risks (the slippery slope); (3) legal risks; and (4) operational risks (writing checks the company can’t cash).

Identifying the risk.  If you remember anything after reading this, let it be this – you can’t make a risk management decision if you can’t identify and escalate the risk that needs to be managed.  Many companies are equipped to manage a risk, but don’t have good processes or training on how to spot them in the first place.  Company personnel – whether attorneys, sales team members, business owners, or any other employee, contractor, or advisor – must learn to spot risks associated with a proposed or ongoing course of action or inaction and escalate them internally (e.g., to their manager, to a designated risk management officer or team, etc.).  Managers should be responsible for educating their teams on spotting and escalating risks, and this should be a core component of any corporate-wide risk management training.

Approving the risk.  Once a risk has been identified, the next step is to determine the right approver of a risk management decision.  One of the hardest aspects of an effective risk management culture is getting someone to make a risk management decision, which is why effective risk management approval structure is essential.  Everyone is willing to take credit for a good risk management decision – no one wants to take the blame if the risk exposure actually happens.  If people fear they’ll be “thrown under the bus” for bad risk management decisions (whether that person is the presenter or the approver), establishing a robust risk management culture is not going to succeed.  Companies should consider assigning roles for approval of certain risks, discouraging/punishing individuals who do not follow the proper approval process, keeping good records of risk management approvals, and ensuring that individuals who make informed, well-analyzed risk management decisions aren’t thrown under the bus if the risk exposure ultimately occurs. (If proper risk management practices are followed, the realization of a risk exposure should not result in a “witch hunt” to find someone to blame, but should result in a re-analysis of the risk management decision to see if other “hindsight” data points would have affected the risk management decision and determine if changes to the risk profile of the company and/or risk management practices are appropriate.)

Making the risk management decision.  There are four things a company can with an identified risk – avoid it (don’t take the proposed course of action or inaction); mitigate it (implement new processes, obtain insurance, or take some other action to control the risk exposure) shift it (make another party responsible for the risk exposure, e.g., through a contractual indemnity and hold harmless); or accept it (proceed with the action or inaction knowing what might happen).  Each of these is a completely valid risk management decision, and they can be used individually or in combination once the identified risk has been evaluated (i.e., both the benefits and risks of a particular course of action or inaction should be presented to the appropriate decision-maker).  There are only two “bad” risk management choices – (1) accepting the risk because of a perceived need on the part of the business to “act quickly” and not take the necessary time to evaluate and manage the risk, and (2) accepting the risk because the risk was never identified in the first place.