Risk Reading — More Biglaw PE Investment News, Verein Pain Explained, Copy and Paste Risk, Lateral Leaver Litigation

“US law firm McDermott Will & Schulte weighs sector’s first private equity tie-up” —

• “McDermott Will & Schulte is exploring a restructuring that would allow it to sell a stake to private equity groups, a move that would test ethics rules preventing non-lawyers from owning legal firms.”
• “The reorganisation would involve creating a complex structure giving investors a slice of the law firm’s revenues without breaking traditional ownership rules, according to five people with knowledge of the matter.”
• “Such a move, by one of the world’s largest law firms by revenue, could set a precedent for other large players in an industry that — in the US — has been impervious to outside investment.”
• “Zack Coleman, the son of the firm’s chair Ira Coleman, joined McDermott from private equity and venture capital group Odyssey Investment Partners in July and had been sounding out bankers, advisers and private equity executives about the structure, the people said. However, no agreement had been finalised and no commitments had been made, the people cautioned, with some saying it was at an exploratory stage.”
• “The younger Coleman, who started his career at the investment bank Moelis in 2015 and joined McDermott as senior director of business opportunities, is considering a model in which some of the revenues that lawyers generate will be diverted to buy services from a separate entity in which outside investors could own a stake.”
• “The Chicago-headquartered firm, formed in a merger of McDermott Will & Emery and Schulte Roth & Zabel this year, has $3bn in revenues, it said in August. That would put it in the top 20 firms globally by revenue.”
• “The structure under consideration would split it into two parts: a business giving advice to clients that is fully owned by its lawyers, and a separate ‘managed service organisation’ that the lawyer-owned firm would buy services from. That could include back-office work, licensing its brand and buying IT services. Investors could buy a stake in the MSO, giving them a revenue stream designed to be attractive to private equity investors.”
• “There has been an explosion of interest in the potential use of the structure in law this year, but no large firm has adopted it and opponents believe it could breach professional ethics rules designed to keep commercial considerations out of the provision of legal advice.”
• “Ethics rules set by the American Bar Association that ban non-lawyer ownership of US firms are being questioned after some states, such as Arizona, have explicitly licensed alternative business structures that can include private equity control. The potentially more controversial MSO structure has so far been used by only a handful of small practices or start-up law firms.”

“Swiss Vereins: Lessons from Big Law Breakups” —

• “Swiss vereins may offer the impression of unity, but for global law firms they can resemble long-distance romances—captivating at first, until the strain leads to a messy split.”
• “Norton Rose Fulbright confronted that hard reality when the break-up with its South African partners became public last week. Norton Rose and its Johannesburg, Cape Town and Durban offices framed the separation as a ‘natural evolution’ of their 14-year relationship, the legal world’s equivalent of ‘it’s not you, it’s me’.”
• “Beneath the PR polish, undercurrents of conflict have been simmering for months though, including sniping from the City of Gold and other offices about low client referrals, consternation over declining deal visibility, rising associate departures, and an allegation of discrimination. The split also comes after the South African offices were sidelined during the financial integration of Norton Rose’s Australian practice with the EMEA, and their chairperson was passed over in the global chair rotation.”
• “Sometimes, breakups come down to one question: Are we stronger together or better apart? NRF partners announced their decision jointly: South Africa will go it alone starting April 1, meaning there are months of tricky discussions still ahead, not least delicate matters involving client custody.”
• “This highlights a broader problem with Swiss vereins. While the arrangement binds firms across borders, even the most disciplined structures can’t contain ambition, ego, and competing interests. While financially integrated law firms are the equivalent of a marriage, verein offices are more like a perpetual engagement, which means splits can happen more easily.”
• “The Swiss verein lets firms flaunt a single brand and governance structure while keeping offices financially separate. While they don’t necessarily share profits, they do share the name—and, at times, the drama. Disputes, scandals, and failures in one jurisdiction can seriously impact a firm’s global reputation and even lead to litigation.”
• “In the last few years, Baker McKenzie has experienced uncomfortable headlines from South Africa to the UAE to Belgium. And who can forget the Gary Senior saga? The former London managing partner was accused of trying to kiss and embrace a junior colleague and then improperly influence an internal law firm inquiry. The firm was cleared of mishandling an investigation in 2020 (eight years later) but Senior was fined £55,000 plus £40,000 in costs ($125,000 in all) for what the Solicitors’ Disciplinary Tribunal described as his ‘extraordinary abuse of position’ and a ‘lack of integrity’.”
• “The Senior scandal didn’t rupture the Chicago-headquartered firm’s ties with London, but Big Law’s #MeToo moment made for uncomfortable headlines. Baker McKenzie’s verein model has always drawn attention and it was back in the headlines again last month, when Baker McKenzie failed to strike out a malpractice claim tied to its former Russian affiliate.”
• “Dentons’ 2015 tie-up with China’s Dacheng allowed both firms to boast about their massive headcounts, turning scale into a badge of prestige and a competitive edge. When the partnership fizzled in 2023, Dentons blamed China’s ‘evolving regulatory environment’. But as Asia Editor Jessica Seah pointed out, the rupture may have also been a face-saving tactic to disguise that Dacheng had grown weary of footing Dentons’ franchise fees.”

“A Dominatrix, Cyberstalking, And Sour Grapes: Lawsuit(s) Against Biglaw Partner By Former Firm Is Quite The Journey” —

• “Last week, a lawsuit against Blank Rome finance partner James Cretella was filed by his former firm, Otterbourg P.C., for breach of contract, breach of fiduciary duty, fraudulent concealment, and unjust enrichment. The allegations in the suit are a roller coaster ride that swings between the banal and sensational. For example, Otterbourg alleges Cretella didn’t disclose his impending departure until after he’d collected a seven-figure bonus and that he solicited clients to join him at his new firm. From the complaint: ‘He accepted [the bonus] knowing full well he was leaving and that he had perpetuated a scheme to try to hobble the Firm and bolster a competitor while conspiring with another exiting partner and concealing material facts that would have changed the Board’s decision to give him a bonus.’”
• “Which are interesting, if somewhat expected, allegations following a partner’s lateral move. These things don’t typically come to litigation, but they’re certainly known pain points. But then there are the escort allegations.”
  “According to the complaint, Cretella met up with an escort and other women while traveling on firm business. During a forensic examination of Cretella’s firm-issued and firm-paid phone, it was revealed that he allegedly engaged in ‘highly inappropriate and potentially unlawful personal conduct that Cretella engaged in during Firm-funded travel,’ that included texts messages with an ‘upscale dominatrix’ known as ‘Goddess Kat.’”
• “Then there’s the cyberstalking allegations. There’s a separate federal suit in the U.S. District Court for the District of Connecticut by Otterbourg’s chairman, Richard L. Stehl, and its president, Richard G. Haddad, over those claims, and Cretella has filed a motion to dismiss. The Otterbourg firm leaders allege Cretella engaged in repeated ‘unauthorized surveillance’ of their personal lives. As reported by Law.com:”
• “‘Forensic evidence shows that over a period of years, Cretella repeatedly accessed private, non-client files belonging to both men without their permission or legitimate purpose,’ the most recent suit states. ‘These were not stray clicks or accidental views. The data shows hundreds of deliberate intrusions – often in the dead of night – targeting files that … had nothing to do with firm business.’”
• “Some of this sensitive information allegedly included home security system codes and login credentials for live camera feeds inside and outside the Stehl family residence, personal tax returns and Social Security password files, privileged legal communications relating to ‘deeply personal family matters,’ including divorce proceedings and custody arrangements involving grandchildren, confidential medical records, private financial statements, as well as ‘intimate personal details,’ including children’s employment documents and home renovation plans.”
• “But in Cretella’s motion to dismiss the federal action, he alleges the personal information was saved on the firm’s computer system and accessed through a preview function after performing searches. ‘Although plaintiffs try to hide behind irrelevant allegations about how Otterbourg’s computer system was intended to operate, the complaint confirms a simple fact fatal to plaintiffs’ standing: Using firm-provided credentials, Cretella and other attorneys searched the firm’s computer network and viewed the results of those searches, which allegedly included files plaintiffs saved to the firm-wide network. The only plausible conclusion is that plaintiffs failed to take any measures to prevent their files from being accessed through routine, firmwide network searches.’”

“Copy-paste now exceeds file transfer as top corporate data exfiltration vector” —

• “It is now more common for data to leave companies through copying and paste than through file transfers and uploads, LayerX revealed in its Browser Security Report 2025.”
• “This shift is largely due to generative AI (genAI), with 77% of employees pasting data into AI prompts, and 32% of all copy-pastes from corporate accounts to non-corporate accounts occurring within genAI tools.”
• “‘Traditional governance built for email, file-sharing, and sanctioned SaaS didn’t anticipate that copy/paste into a browser prompt would become the dominant leak vector,’ LayerX CEO Or Eshed wrote in a blog post summarizing the report.”
• “The report highlights data loss blind spots in the browser, from shadow SaaS to browser extension supply chain risks, and provides a checklist for CISOs and other security leaders to gain more control over browser activity.”
  “GenAI now accounts for 11% of enterprise application usage, with adoption rising faster than many data loss protection (DLP) controls can keep up. Overall, 45% of employees actively use AI tools, with 67% of these tools being accessed via personal accounts and ChatGPT making up 92% of all use.”
• “Corporate data makes its way to genAI tools through both copying and pasting — with 82% of these copy-pastes occurring via personal accounts — and through file uploads, with 40% of files uploaded to genAI tools containing either personally identifiable information (PII) or payment card information (PCI).”
• “Tackling the growing use of AI tools in the workplace includes establishing allow- and block lists for AI tools and extensions, monitoring for shadow AI activity and restricting the sharing of sensitive data with AI models, LayerX said.”
• “Monitoring clipboards and AI prompts for PII, and blocking risky copy-pastes and prompting actions, can also address this growing data loss vector beyond just focusing on file uploads and traditional vectors like email.”
• “AI tools are not the only vector through which copied-and-pasted data escapes organizations. LayerX found that copy-pastes containing PII or PCI were most likely to be pasted into chat services, i.e. instant messaging (IM) or SMS apps, where 62% of pastes contained sensitive information. Of this data 87% went to non-corporate accounts.”