Your client’s outside counsel guidelines (OCGs) can open your firm to several risks. If left unchecked, these risks could expose your firm to additional liability that may not be covered by your Professional Liability Insurance.

Where OCGs exist, they often serve as a substitute for the firm’s retainer agreement and become the governing contractual document in representation. OCGs of large corporate clients may contain terms or conditions that a law firm cannot satisfy, either because those terms and conditions exceed the firm’s resources or because they are inconsistent with ethical or other legal obligations.

The duty of managing outside counsel guidelines falls chiefly to a firm’s general counsel or management committee, but all lawyers within a firm have a responsibility to manage the risk posed by OCGs, ensuring that:

  • OCGs are reviewed and approved in advance
  • Problematic provisions are addressed prior to representation
  • Agreements with a particular client are monitored

Be aware of five common issues that can arise with OCGs and do what you can to address them:

1. Expanded conflict policies

A firm’s standard retainer addresses the ethical rules of conflicts of interest, specifically where a lawyer may not represent a client with interests “directly adverse” to another current client. ABA Model Rules of Professional Conduct 1.7 explains that “directly adverse” applies “even when matters are wholly unrelated.” However, Comment 7 of Model Rule 1.7 goes on to state that:

“[S]imultaneous representation in unrelated matters of clients whose interests are only economically adverse, such as representation of competing economic enterprises in unrelated litigation, does not ordinarily constitute a conflict of interest and thus may not require consent of the respective clients.”

Clients tend to use OCGs to expand the law firm’s duty of loyalty, asking the firm to refrain from representing industry competitors, even if no actual conflict of interest exists.

To manage this risk, pay special attention to any broad OCG provisions that address conflicts and determine if requirements are workable, doing your best to limit the definition of conflict of interest to align with applicable ethics rules.

2. Cyber security requirements

Model Rule 1.6 requires a law firm to safeguard clients’ confidential documents and information, while ethics opinions have noted a lawyer’s duty of competence extends to becoming knowledgeable about pertinent cyber security technologies and taking reasonable care to stay abreast of technological advances.

With data breaches becoming increasingly common, many OCGs place additional cyber security requirements on law firms. Such requirements can be onerous for the firm, considering that each client’s OCG may be dozens to hundreds of pages long, with cyber security requirements for each differing greatly.

Sound risk management should involve a comprehensive review of the firm’s cyber security and data privacy protections prior to signing any OCGs. If you do not believe your firm can analyze privacy and data security issues, consult with an outside professional. If your firm cannot comply with a client’s OCG cyber security requirements, notify the client and try to negotiate a solution. You should also ensure your cyber insurance policy extends adequate coverage in the event of a breach.

3. Billing guidelines

To control costs, many OCGs include a list of billing guidelines regarding the time charges for which a client will and will not pay. Although refusal to pay for administrative tasks or overhead costs does not generally lead to substantive issues in the representation, other billing guidelines do.

For example, many OCGs may:

  • Require prior approval before a lawyer may perform substantive legal research
  • Prohibit lawyers from billing for reviewing a colleague’s work product
  • Prohibit lawyers from conferring with one another
  • Limit the number of lawyers working on a matter

Such billing restrictions may conflict with a lawyer’s ethical duties to competently represent the client.

To manage this risk, review billing guidelines before representation starts. Guidelines deemed too rigid or inappropriate should be discussed with the client so that a resolution can be reached at the outset.

4. Indemnity provisions

Indemnification provisions are another area where OCGs can place a law firm at risk. In most cases, professional liability insurance policies cover only errors and omissions that result from the law firm’s negligent acts. The statute of limitations for a claim of negligence is generally shorter than for a claim on an indemnity agreement.

However, OCG indemnity provisions often ask the firm to indemnify and hold the client harmless from certain damages, even in situations where the firm has minimal control. These may include damages related to a breach of the OCG guidelines or injuries the client suffers as a result of a third party.

To minimize risk, review any OCG indemnity provisions while consulting the terms of the firm’s professional liability policy and conferring with your insurance broker. You can then address the client, agreeing to indemnify the client solely for otherwise covered events.

5. OCG protocol circumvention

OCGs can unknowingly enter a firm and become a binding contractual obligation. This can occur even when protocols are in place to review, negotiate, approve and monitor OCGs. Generally, this occurs in one of two ways:

Via Originating Lawyers: In many firms, the originating lawyer for a matter is responsible for ensuring the client signs the engagement letter and accepts the retainer agreement. In turn, the client may present the individual lawyer with an OCG to which a lawyer may agree without sending it to the management committee or general counsel as part of OCG management protocol.

To avoid this scenario, establish a clear policy that originating lawyers must send all OCGs to be reviewed and approved by the committee or general counsel before representation starts.

Via Lateral Partnerships: Lateral partnerships are another route OCGs may take into the firm. A prospective partner may provide recent billings and the names of clients for conflict checking but may leave out current OCGs. If your firm does not ask about OCGs and the lawyer does not volunteer the information, the potential partner may bring these undisclosed OCGs into the firm along with the new partner’s existing clients.

Evaluate any potential partners’ OCG obligations as part of your lateral transition process. Comments 13–14 of Model Rule 1.6 state that such “limited information” may need to be disclosed to “detect and resolve conflicts of interest that may arise from the possible new relationship.”


To minimize the risk posed by outside counsel guidelines, it’s important that law firms implement protocols to manage client OCGs. Evaluate the scope of potential conflicts of interests, cyber security guidelines, billing guidelines and liabilities. Ensure all your lawyers understand the risks posed by OCGs and the procedures that are to be followed to ensure successful and constructive client relationships.