Koumentakis

Tag: legal advisor

  • The insurance of the liability of the Members of the BoD and of the Executives of the S.A.

    The insurance of the liability of the Members of the BoD and of the Executives of the S.A.

    1.Introductory

    The liability insurance of the members of the board of directors of the Société Anonyme and of its executives is referred to in the international practice as “Directors’ and Officers’ liability insurance” or “D & Os liability insurance”. This insurance covers the damages of such persons:

    (a) arising from claims against them raised by third parties (lenders, employees, shareholders) or by the company itself for injurious and negligent acts or omissions in the performance of their duties,

    (b) for the risks incurred by the insurer.

    In Greek legal terminology, as well as in the context of private insurance law, it is commonly referred to as insurance of the civil liability of members of the board of directors of Société Anonyme. However, the scope of the relevant insurance contract goes beyond civil liability, since its coverage extends to both the criminal and the pecuniary costs incurred in administrative courts or authorities, as will be set out below. Moreover, the relevant insurance cover is not limited to the persons who form the board of directors of the Société Anonyme but also extends to the members of the executive committee, to the substitute members as well as to the executives who carry out management duties. In fact, it is often agreed also the insurance cover of the external directors, even of the spouses, heirs or administrators of inheritance, in respect of the claims against them concerning breaches of the duties of the insured persons.

    Consequently, legally more correct and more compatible with the content of the relevant insurance contract is to refer to liability insurance of the members of the management of the Sociétés Anonymes.

     

    2.The robust growth of this insurance product

    The cover of the liability of the members of the management of the Société Anonyme is a relatively new insurance product, which has strong growth in the international business community. This growth is, among other things, due to:

    (a) the judicial and legislative strengthening of the liability of the members of the management over the company itself but also vis-à-vis third parties,

    (b) the adoption of international corporate governance rules and the gradual imposition of a single corporate regulatory framework through Union law of the European Union,

    (c) the increase in corporate insolvency as caused by the international financial crisis of 2007-2008, which has grown into an international corporate financial crisis as well as,

    (d) the tendency of corporate creditors to turn against either the managers of the corporate entity or solely against them.

     

    3.The economic and business benefits of the relevant insurance

    Insuring the liability of management members of the Société Anonyme has a number of advantages that make it an attractive insurance product. It would not be an exaggeration if we described it as a necessary action and expense for individual legal entities. Indicatively, some of the reasons for confirming the need to conclude the relevant insurance contract are mentioned:

    (a) such insurance cover constitutes an alternative form of financing both of the company and of the third parties in respect of the damages they have suffered under the liability of those who manage the entity,

    (b) the terms and sizes of the relevant insurance contract make it easier for third parties and, in particular, for the shareholders of the recipient company to assess the risk profile of the latter,

    (c) the conclusion of this insurance contract ensures control and oversight (monitoring) of the company and contributes to prudent risk management,

    (d) offering this insurance cover is a fairly important reason to attract competent management executives, while

    (e) the conclusion of the specific insurance contract protects the company’s reputation and credibility.

     

    4.The nature of this insurance contract

    4.1. In the context of private insurance law, liability insurance for members of the Société Anonyme is part of third party liability insurance, although, as mentioned above, it has a broader scope. This insurance is in principle general in character and is not legally required. It is included in the non-life insurance and not in the insurance of persons, as the particular damage caused to the insured’s property is restored from the realization of the insured risk. In addition, it is classified as liability insurance, as it safeguards the risk of the creation or increase of liabilities in the assets of the insured.

    4.2. The liability insurance of the members of the management of the Société Anonyme usually takes the form of a genuine third-party contract, as three (3) different persons are involved:

    (a) the Société Anonyme in its capacity as recipient, which concludes the relevant contract as the policyholder of the insurer and, at the same time, on behalf of third parties (that is to say, members of its management),

    (b) an insurance company in its capacity as an insurer, which assumes the above-mentioned obligation to recover the damage to property not from the policyholder company but from third parties (ie members of its management) from the realization of the insured risk; and

    (c) the members of the company’s management in their capacity as insured persons as well as the beneficiaries of the insurance, as their right to expect the insurance indemnity is born directly and directly incurred .

    4.3. The aforementioned legal construction has the legal consequence that the Société Anonyme becomes liable for the fulfillment of the obligations arising from the relevant insurance contract due to its bearing capacity as a recipient of the insurance. In addition, the Société Anonyme is also the entity in which the rights to terminate and amend the insurance contract, as well as the right to withdraw or oppose it, are granted. On the contrary, the main obligation of the members of the management of the Société Anonyme is the non-infringement of the insurance obligations, i.e. compliance with the rules of conduct laid down by the law or the relevant insurance contract, in order to fulfill the insurer’s performance and, in particular, the payment of the insurance by the latter.

     

    5.The insurance cover

    5.1. In accordance with the aforementioned, the scope of the relevant insurance contract exceeds the civil liability of the members of the management of the Société Anonyme. However, as the basic scope of the relevant insurance cover refers to civil claims, its main basis is the damaging act which includes any actual or presumed breach of the duties of the members of the management over the company. Also, this insurance cover includes any unjust and injurious third party act or omission, error or negligence in the performance of the duties of the members of the management of the entity. That is, any individual responsibility of a director of a corporate body is enforced, whether he issued severally or jointly or independently. In this context, it is clear that the relevant insurance cover extends to the breach of substantive rules of private law which entail liability for the directors of the company. However, damages claims based on special agreements or conditions introduced by provisions of a subordinate law that exacerbate the liability of the legal entity beyond the legal provision are not covered.

    5.2. In any case, however, the cover of the relevant insurance contract does not extend to activities which are contrary to public policy, which is unfair and immoral and directly oppose prohibitive legislation. For this reason, criminal penalties, fines, and other financial penalties are also excluded from cover. The fines include those imposed by the competent supervisory authorities. Nevertheless, the legal costs of prosecuting the insured person are valid. In some insurance policies, it is agreed that the costs of the criminal proceedings should be covered only if the managing director is found innocent.

    5.3. Furthermore, apart from breaches of private law rules, the relevant insurance cover may extend to infringements of public law rules. Criterion for the relevant insurance cover is the nature of the compensation resulting from compensation under public law provisions. That is, if the indemnity is reparable, it falls within the liability of the members of the management of the Société Anonyme. On the other hand, if the nature of the compensation is valid, it is not covered by the relevant insurance contract. Consequently, subject to compliance with the relevant criterion, it is possible to cover pecuniary claims filed before administrative courts or administrative supervisors and the costs of the investigation by any competent authority.

    5.4. Finally, the exemptions introduced in the relevant insurance contracts fall into multiple categories, depending on the practice of the insurance companies and the criteria adopted by them. In order to avoid long and unnecessary developments in the present analysis, the following clarifications are considered appropriate:

    (a) the relevant insurance cover excludes claims covered by other policies, including but not limited to claims covered by professional liability insurance policies,

    (b) in addition, such acts are excluded from such cover, which involve a high risk for the insurer, which usually includes the liability of the members of the management of a Société Anonyme for defamation and personal injury, the claims related to the bankruptcy of the company and damages associated with transformations of companies,

    (c) furthermore, claims arising out of the liability insurance of members of the management of a Société Anonyme are excluded from claims arising in courts outside the European Union or from breach of legislation of States outside the European Union,

    (d) finally, the cases of fraudulent provocation of the insurance case are reasonably excluded from this insurance cover. In particular, the claims for third-party claims or the insurance of a Société Anonyme arising out of a fraudulent breach of the management duties or the provisions of the law by the management of the corporate entity are excluded.

     

    6.Insurance Clauses

    Apart from the above-mentioned exceptions, the relevant insurance contract applies special clauses, which refer only to the specific insurance contract or have been formulated on the basis of the development of the relevant insurance and which substantially restrict the liability of the insurer. In particular, the insurance policy may include:

    (a) the group clause, which allows for the uniform identification and treatment of the insurance risk and, moreover, charges the group with less expense by covering, with a group insurance policy, all the corporate entities of a group,

    (b) the own contribution clause of the insured, which entails the taking over by the insured member of the management of the Société Anonyme of a part of it and, in particular, of a certain amount or percentage of the indemnity in general or per insurance case,

    (c) the clause of the serial damage (otherwise chain damage) which limits more claims arising from the same unlawful act to the same amount of insurance and the same insurance period as they are treated as a single claim,

    (d) the dismissal clause of the particular member of the management of the Société Anonyme, which requires the entity to have previously denounced the relationship with that person as a necessary condition for the activation of the insurance cover,

    (e) the policyholder’s insured clause, which does not allow the claims of an insured member of the management of the entity to be covered by another insured person either directly or by way of redemption. This clause appears in a variant of the clause as a non-coverage clause, which limits or prevents the relevant insurance cover. This limitation takes place according to the degree and extent of the involvement of the insured persons involved in the management of the recipient’s insurance and includes claims by persons directly or indirectly linked to one of the insured persons. Because of its introduction, it is recommended not to create situations of conflict of interest, collusion and abusive behavior, but also to avoid enrichment.

     

    7.Epilogue

    7.1. The adoption of Law 4548/2018 on the reform of the law of Sociétés Anonymes has brought about a number of changes, sometimes sweeping, in the operation of corporate entities. Regarding the responsibility of the members of their management, a previous article from the blog of this web site has provided a detailed explanation of their intra-company and criminal liabilities, as they are now formed under the new legislative status (read the first part of the article for the liability of the Members of the Board). It is easy to see the intensification of the criminalization of entrepreneurship and it is equally easy to distinguish the discretion of the corporate managers in achieving the corporate purpose.

    7.2. Furthermore, in another article of the same blog, the administrative and criminal responsibilities of corporate managers vis-à-vis the State and the Insurance Organizations, as derived from the tax, insurance and customs legislation, as well as the liabilities attributed to them by specific provisions of the Civil, the Bankruptcy and Penal Code (read the second part of the article for the liability of the Members of the Board). It is clear that the exposure of the members of the Société Anonyme’s management to extremely serious risks.

    7.3. It is obvious, therefore, that the liability insurance of corporate managing directors is an effective means of defending and safeguarding them against the risks stemming from corporate governance and the tightening of the legislative environment. The conclusion of the relevant insurance contract, according to the above mentioned, is characterized by strong economic and business advantages: better corporate organization, higher status and corporate solvency, clearer business image and the ability to attract competent executives. Let us not close our eyes on international business practices and international corporate governance rules: the dissemination and establishment of these policies also into the Greek business community is the only appropriate choice.

    7.4.  Finally, the role of the legal counsel of the company proves to be decisive in the management of the issues related to the liability insurance of the members of the management of the Société Anonyme. In this context, the legal adviser is responsible for working closely with the insurance broker, with whom the corporate entity works, to evaluate the (more) insurance options and products offered and to assist in choosing the best solution. Additionally, the duty of the legal counsel is to ensure maximum insurance of the insurance of a Société Anonyme and the insured corporate managing directors by checking the legality of the conclusion and the valid content of the relevant insurance contract. Finally, in the event of the insured risk occurring, the legal counsel must make a substantiated claim for the fulfillment of the insurer’s obligations and, in particular, for the payment of the insurance.

    It should be perfectly clear:

    At any stage (out of the above mentioned) the appropriate legal advice is not received, it is highly probable that the potential cost of the business will prove to be infrequently high.

    Petros Tarnatoros
    Senior Associate

    P.S.: The article has been published in Greek in MAKEDONIA Newspaper (March 17, 2019).

  • Cyber and Internet Risk Insurance

    Cyber and Internet Risk Insurance

    [vc_row][vc_column][vc_column_text]

    Cyber and Internet Risk Insurance: The Importance of every Company and the Role of the Legal Advisor

    Coverage of the risks arising from the implementation of e-services and from the use of the internet constitutes a new insurance product. This product is expected to show strong growth in the coming years due to the continued development of technology. Further use of the internet and of social media, as well as the development of cloud computing, are parameters that highlight the importance of this new product. In addition, its aid factor is the very low – in proportion to the use and dissemination of Internet services – the number of companies and businesses that currently have insurance against this particular category of risks.

     

    The Necessity of Cyber and Internet Risk Insurance

    It has now been accepted that the development of technology as well as the wide use of the internet, form the ground for the development of criminal behavior, either through negligence or fraudulent one. Such criminal behavior is found both in the professional field and in the context of the privacy of citizens. Indeed, they are growing daily, as they are favored by the loopholes in the regulation of internet use. They are also favored by the corporate entities’ low insurance coverage of cyber and internet risks.

    In this context, it should also be borne in mind that today:

    (a) the protection of personal data and privacy is a fundamental human right, while

    (b) a rigorous legislative environment is built both in the European Union and particularly in Greece on the use of the Internet and cyberspace and, more specifically, on the protection of the personal data of persons and users of electronic services.

    However, it is generally recognized that the gap between e-reality and its legislative/ regulatory environment constitutes an additional risk for businesses. E-reality is changing, evolving and growing rapidly, while legislative initiatives attempt to follow cyber developments late and often incomplete.

    Consequently, there is no doubt that insurance against cyber and internet risks is now a necessity. This necessity concerns large companies, which are major targets for malicious actions. It also concerns smaller companies, which are more vulnerable to malicious actions and more vulnerable in dealing with the damage that can be caused by such.

     

    Choosing the Right Insurance Product

    In this corporate environment of the constantly evolving and changing e-reality, it is crucial to choose the appropriate insurance product against the specific category of risks.

    This choice can no longer be made based on the less expensive premium. Instead, this option should be part of an integrated corporate policy. This policy should aim to tackle offending/criminal behavior that have to do with the use of the internet and e-services. The concern for both the planning of an integrated corporate response and of the choice of the appropriate insurance product can only be the responsibility of the legal entity’s legal advisor.

    However, generally speaking, each company has to plan its reaction to cyber and internet risks and consequently to choose the appropriate insurance product, taking into account its object, the degree of penetration of electronic services in its operation and the type and the range of personal data it processes.

     

    The Insurance Market in Greece

    While checking the insurance programs offered by the insurance companies operating in Greece, one shall find wide variations and discrepancies in the coverage against cyber and internet risks. Specifically, it is noted that the largest insurance companies in Greece:

    (a) either do not provide insurance plans for such risks,

    (b) either includes coverage against specific risks within the framework of the electronic equipment insurance and as an optional and supplementary coverage of business insurance, i.e. not providing a specialized insurance program,

    (c) or have introduced specialized and innovative insurance programs, which combine insurance against these insurable risks with the provision of legal, technical and advisory services, forming a single package.

    It is therefore clear that, as far as tackling the dangers arising from the deployment of e-services and the use of the internet, the tools do exist.

    The company’s responsibility towards its entity, its partners or shareholders, its employees, and third parties is to choose the most appropriate tools. Additionally, the company is required to incorporate these tools into its Cyber Risk Management plan to address these breaches. Accordingly, the responsibility of the lawyer – legal counsel of the company is the evaluation of the offered insurance products and the assistance in choosing the optimal solution. In addition, the duty of the lawyer – legal counsel is also the maximum possible safeguard of the company through the control of the insurance contract. Finally, in the event of the insured risk occurring, the duty of the lawyer – legal counsel extends to the formation of a substantiated claim of the insured company for the fulfillment of the obligations of the insurance company.

     

    Petros Tarnatoros
    Senior Associate

     

    Υ.Γ. The article has been published in Greek in MAKEDONIA Newspaper (October 27, 2018).

     

  • Cyber Attacks And The Role Of The Legal Advisor

    Cyber Attacks And The Role Of The Legal Advisor

    [vc_row][vc_column][vc_column_text] “There are only two types of companies: those that have been hacked, and those that will be”, said on 2012 the then FBI Director Robert Mueller.

    Despite the digitization of information and the use of electronic networks to deal with transactions and operations, it is obvious that most companies in Greece are not aware of the risks they face as well as their customers’ data from cyber-attacks.

    The legal consequences of data leakage due to cyber-attacks are always serious. On the one hand, the injured third parties are entitled to bring legal proceedings against the company for the leakage of their data while on the other hand, the competent authorities must impose the fines provided for by law.

     

    The Νetwork And Information Security Directive

    Most are now aware of the General Data Protection Regulation 2016/679 (also known as GDPR). Few, however, are aware of the Network and Information Security (2016/1148), which also had to be incorporated into the domestic law of the Member States in May 2018.

    With the above-mentioned legislation, the European Union strengthens its attitude towards corporate responsibility for failing to protect and secure data management. Both of these laws provide for unfavorable consequences for the company for data leakage.

     

    The Role of the Legal Advisor

    The duty of the Legal Advisor is to ensure the correct implementation of legislation and best practices, to mitigate the consequences of any breach and, in particular, to harmonize the entire company to comply with the Incident Response Plan, which every company must have. A Response Plan to Cyber- Attacks indicatively includes:

    • The composition of the crisis management team and when / how it is activated.
    • The heads of the action groups, and when / how they are alerted.
    • The person who decides (and the decision-making deadline) for the total shutdown of the company’s networks or the continuation as an attempt to identify the origin of the cyber-attack.
    • The documents that will document the time of cyber-awareness and the actions that have taken place.
    • The communications officer who (possibly) will handle the communicative part of the revelation.

    Your legal advisor knows what actions are required to make clear to the authorities that the company has done its best on both preventive and post-data leakage as well as to collect the appropriate evidence. The role of the legal advisor is also critical for the preparation of a report that will clearly and easily identify the causes of the leakage and the persons responsible for such.

    Also, the company’s legal advisor will identify the most likely sources of risk and will be able to negotiate the content of the proposed insurance contracts and eventually recommend the conclusion of the appropriate insurance coverage contract against cyber-attack.

    All the above actions of the legal advisor (internal policies, Response Plan, Insurance Coverage), but mainly the alignment of the company with everything that is provided to this respect, can only result in the increase of the trust of its clients and associates towards it.

     

    Lambros Timotheou
    Partner

     

    P.S. The article has been published in MAKEDONIA Newspaper (October 21, 2018)

     

  • Companies Vs Investors / Banks: Balance Of Interests

    Companies Vs Investors / Banks: Balance Of Interests

    [vc_row][vc_column][vc_column_text] The financial data of the companies, the current circumstances each time, as well as the business plans often create the need to look for funds: more often in the form of a company’s capital strengthening and / or its financing.

     

    The Expectations of The Parties

    Business interest leads to the search for “cheap” funds (in the sense of the least possible financial burden). What is important is, on the one hand for no significant commitments and collateral to be, while on the other side for the repayment period (when it comes to lending) to be long.

    Investors (most commonly individuals, funds, venture capital, etc.) and, just recently banks, are always looking for

    a) the maximum possible return,

    b) the earliest possible return of the investment,

    c) the maximum possible collateral.

     

    Collateral

    Contractual undertakings and securities (guaranties, liens on mortgage, mortgage, pledges) have lost a significant part in the value scale of investors and banks. It is no longer the basic, and certainly not the only, security they are looking for. They often require (and, as a rule, achieve) important commitments from the company – contrary to their own interests and needs. The threatened sanction in the case of breach of these commitments is a kind of penalty (in the case of investors) or the recognition of a relative reason for terminating financing and claiming immediate return (in the case of banks).

     

    Restrictions, Commitments and Obligations

    The restrictions, commitments and obligations imposed are, generally, diverse. They may concern the company, its business activities, its management and its shareholders. Access to books and close monitoring of the company’s financial data is the minimum. It is quite indicative that one may (in the view of recent experiences) refer to the need for the investor’s or, as the case may be, the (bank) creditor’s assent in cases such as the following:

    (a) Approval of the business plan.

    (b) The composition of the Board of Directors (with the ultimate objective of the involvement of investors’ representatives in it).

    (c) The major decisions making (e.g. merger, demerger, division, interim dividend and dividend distribution, return of capital, purchase, sale, lease, rental and leasing assets, entering into significant commitments, provision of securities, and so.).

    (d) Third party financing either directly (e.g. loans) or indirectly (e.g. guarantees).

    (e) Amendment of core provisions of the Articles of Association.

    (f) Change in equity [transfers of shares either between shareholders or to third parties, including the provision of shares to executives as incentives, for example stock option (!)].

    (g) Insurance of the assets of the company and ban on the transfer of the insurance indemnity, and so on.

     

    The Multi-functional nature of Commitments

    The undertaking of obligations and commitments such as those mentioned above, operate on three levels:

    (a) The investor (or the Bank, as the case may be) feels the (really necessary for them) security in order to proceed with the useful, and sometimes critical, investment or financing of the company.

    (b) The company, its management and its shareholders should be ready to accept control, limitations and / or (worst case) veto rights in their significant business decisions.

    (c) The company on the one hand and the investor (or, as the case may be, the Bank), on the other hand, are linked with extremely strong ties throughout their co-operation, which cannot be broken without dramatic or even extreme adverse effects.

     

    The Enforcement of Commitments

    The commitments undertaken by the company are likely to prove problematic in a dual way – especially when the terms are imposed by a bank that finances:

    (a) The ability to take business decisions is transferred by the company, even partially, to (middle or senior) bankers, who are neither entrepreneurs nor have significant knowledge of the subject. Most important: they never hold a real risk for their choices, they never compromise their own personal property.

    (b) The freedom of the company, its management and its shareholders are limited regarding the implementation of its plans. The company binds to the creditor bank. No significant business decision can be taken without the consent of the latter. The bank even has the (normally uncontrolled) option to block or endorse any business move and any other funding. It also has the option to finance the company’s business itself – thus gaining a dominant position among its funding sources.

     

    The Balance of Interests

    In the context of a free economy like our country’s economy, nobody is obligated to conclude a contract and / or to accept specific unfavorable contractual provisions.

    In the case of searching for funds, the strong party is not, normally, the company: It will be often “drawn” into concluding contracts and to undertaking extremely problematic commitments.

    It often seems, logically, utopian to talk about “balance of interests”.

    There is only one thing for sure: The company shall not be “heard” when it attempts , in the near or distant future, either to discuss on the “small print” or to reproduce the assurance of its creditor (bank, fund or venture capital): “Come on, do not pay attention: these are typical – we are here for you” …

    stavros-koumentakis

    Stavros Koumentakis
    Senior Partner

     

    P.S. This article has been published in MAKEDONIA Newspaper and makthes.gr (October 14, 2018)

     

  • Company’s Capital Enhancement: Partnership With An Investor

    Company’s Capital Enhancement: Partnership With An Investor

    [vc_row][vc_column][vc_column_text] An option to finance a company’s investment plans (either it is a startup or not) is its capital enhancement. When the entrepreneur has funds and chooses to invest and keep his course alone things are, generally, simple. Thus, sometimes he is forced or chooses to partner with an investor looking to his enhancement and support. The investor can be either an individual or a business venture (eg venture capital).

    How An Investor “Enters” Into A Company

    An investor’s entry into a corporate scheme (let’s limit it to a Société anonyme) can be made in different ways. The purchase of existing shares or the participation in the share capital increase are the most common ones. There is, in addition, the case of a bond loan convertible into shares when the lender exercises its relative right to convert its financial claim into shares.

    Investor’s Participation In Capital Enhancement

    In each case of an investor’s entry into the share capital of a company, some of the first issues to be clarified are:

    (a) if the shareholding shall be a minority shareholding or a majority shareholding,

    (b) what will the amount to be paid by him be, and

    (c) what will be the percentage of the share capital to which his participation shall correspond.

    Please note that some percentages of the share capital are assessed as critical for the operation of a Société anonyme, with the clarification that when we refer to majority shareholding as a mean of participation, we may face the issue of the company’s acquisition. Additionally, the investor will always aim to an increased number of shares, while the entrepreneur to the less possible. From the legal perspective, there are always the appropriate tools to implement the object of the (participation) agreement.

    Common Objective And Investor’s Assurance

    The main reason for any investment (either of a high or of a low risk) is earning business profits.

     

    The profit (: common objective) is interwoven, among other things, with the successful implementation of the business plan, which has been agreed between the entrepreneur and the investor. It also corresponds to the percentage of the share capital each one of them holds as well as to the policy for the distribution of profits.

    The investor always claims, in order to safeguard his interests:

    (a) close and multilevel monitoring of the operation of the company (including the legal and financial aspects of the company’s operation),

    (b) participation in the administration and formulation of the (company’s) strategy,

    (c) a veto right in critical decisions,

    (d) shareholders’ commitments (e.g. limitation or prohibition of the transfer of shares) and so on.

    Exit strategy

    The investor often seeks a binding agreement with regard to earning his profit and to withdrawing from the investment. This agreement (also known as the “exit strategy”) includes, among other things, the time, the conditions and the amount the investor expects to receive at the time of withdrawal.

    Contractual Framework

    For the success of such a venture, it is necessary to have secure contractual commitments, an extraterrestrial shareholder agreement and / or statutory amendments. A crucial parameter for the success of the whole venture is always the detailed and accurate recording of everything that has been agreed, the rights and obligations of each party. In any case, it is desirable that the parties involved do not appeal to third parties for the interpretation and implementation of the agreements, at any time in the future.

    stavros-koumentakis

    Stavros Koumentakis
    Senior Partner

     

    P.S. This article has been published in Greek in MAKEDONIA Newspaper and portal makthes.gr (October 9, 2018)

  • Cyber Risk: The Role Of The Legal Advisor

    Cyber Risk: The Role Of The Legal Advisor

    [vc_row][vc_column][vc_column_text]

    Cyber Risk: Does It Concern Everyone Or Exclusively The “Elite” And “Famous People”?

    “Many people working in cybersecurity will tell you that it’s not a question of whether a company shall suffer a cyber-attack but of when it will suffer it in any form. Whether you have been cyberattacked and you have not been aware of it or you have been cyberattacked and you know it, or you will be cyberattacked sometime in the future”.

    This is Martin Felli’s statement (CLO of JDA Software, one of the world’s largest software companies for logistics companies) to Dominic Carman, who conducted a special survey for Kroll.

    What Felli says is in fact an explanation of the statement of former FBI Director Robert Mueller who had already since 2012, stated that: “There are only two types of companies: those who have been already hacked and those that will be hacked in the future”.

    Despite the continuous digitization of all kinds of information and the use of electronic networks to carry out all sorts of transactions and operations, it is more than obvious that most companies in Greece are not aware of the risks they run themselves as well as their customers’ data from of every kind and form of cyberattacks.

    But why should your legal advisor deal with this issue? Isn’t it a matter of IT?

    In order to attempt a satisfactory answer to this question, we must set our sights to the recent past …

     

    Τhe Disclosure Οf Loss Οr Leakage Οf Information Αnd Its Consequences-General.

    The demonstration – disclosure of a loss or leak of information of any nature (whether it is a customer’s personal data or business secrets) starts with admitting publicly this leak. Such public action can be made either to the general public or to a limited circle of persons and legal entities whose data has been lost or leaked due to the cyberattack.

    In either case (: admitting publicly or limitedly a cyberattack) the legal consequences are always serious. Third injured parties are entitled to bring proceedings against the company that has suffered a cyberattack while the competent authorities have to impose the fines provided by the existing institutional framework. The extent of the damages to be awarded and the fines to be imposed will always be directly proportional to the extent of the leakage and the severity of data lost or hucked.

    In both cases (: in the first one immediately, in the second on time) the inevitable publicity attracts media’s interest and causes, inevitably, a serious damage in the company’s prestige and reputation. This second consequence of a cyberattack is similarly severe (sometimes even more) than the legal consequences of such disclosure (lawsuits, administrative fines, criminal liability).

     

    “There Has Not Been A Thorough Investigation Of The Causes Of the Leak Of Information”: Yahoo Case

    Relatively recently (in 2016), Yahoo has revealed two separate incidents of data hacking by hackers who have gained access to data for a billion users (the number actually causes vertigo). The first incident occurred in 2014 and was initially kept secret. But when 2016 a second violation took place the company was forced to make a total disclosure.

    The shock to the business world of the United States was so great that a detail perhaps went unnoticed: The first to resign was Yahoo’s Head IT (: as expected) but the second was the Chief Legal Advisor. Why, though, this second resignation?

    The Special Commission appointed by the Yahoo Board to investigate leakage circumstances, both in 2016 and 2014, considered that the whole group of Yahoo’s Legal Advisers failed to investigate thoroughly the causes and circumstances of the breaches in 2014. Notwithstanding the fact that it also had the data and conditions to do so. This particular failure by the legal counsel team had as a first result that no substantive measure was taken, and that, as a final and yet dramatic (result) to allow the widespread violation of 2016.

    What was the duty that Yahoo’s Chief Legal Advisor omitted? What is the responsibility of the Legal Advisors of a company?

     

    The Changes Brought In The Global Business Environment By The EU Regulation GDPR And The NIS Directive

    In 2016 the European Union legislated two major legal instruments: the General Data Protection Regulation 2016/679 and the Network and Information Security Directive 2016 / 1148).

    Many people are already aware of the first of them (GDPR). However, the second is ignored, despite the fact that it must also be incorporated into the domestic law of the Member States from May 2018. Member States are obliged to identify by November 2018 the operators and service providers of basic services (who now have increased responsibility for maintaining high security measures).

    These laws will affect (more precisely: they already affect) directly and in one way or another all the companies that process Personal Data of European citizens. It is emphasized that they affect not only European companies but also non-European Union entities that process Union citizens’ data.

    In Europe (as in North America earlier in the past), something important is changing in relation to the assessment of the risks posed by electronic data processing. The attitude of the legislative and auditing authorities appears to be abrupt and significant. With the above-mentioned legislation, the European Union is spearheaded on the issue of corporate responsibility for failing to protect and securely process information that in one way or another is processed by the companies.

    Both laws, apart from all their other consequences and the multiple regulatory compliance parameters they create, are also adding further adverse consequences in the event of a cyberattack that may result in data leakage.

     

    The Role Of The Company’s Legal Advisor

    In this context of the rapid (but at the same time important) changes in business behaviors and practices brought by the current legislative trends, the role of the Legal Advisor of a company proves to be extensive and, at the same time, crucial.

    The Legal Advisor of a company, as the head of the team concerned, owes to design, supervise and test in advance an Incident Response Plan for the case of a cyberattack.

    Perhaps it seems strange that a lawyer and not the IT Manager is at the head of such an effort. However, only in this way can there be effective protection of the company’s interests against the consequences of a possible loss or leakage of data.

    In the technical part it is obvious (and self – evident) the assistance of the specialists who will identify the type of invasion, the exploitation weakness, the identification of the volume of data leaked, etc. However, the main concern of the Legal Advisor will not only be disclosing to the management and the responsible employees of the company, but also ensuring the best implementation of the laws and best practices, mitigating the consequences of any breach and, in particular, harmonizing all the departments of the company in the implementation of the Incident Response Plan.

    Your Legal Advisor (ought to) know those provisions (before cyberattack) and the actions required (after cyberattack and data leakage) to:

    • Make clear to the competent Audit and Judicial Authorities that the company has done the best on both preventive (before cyberattack) and post-data leakage.
    • Identify the causes of the leakage, the persons liable, the existence of willful deception or fault that contributed to the leakage of the information in a clear and understandable way (to non-experts).
    • Creating optimal conditions and evidence for seeking to punish perpetrators and / or those responsible for the attack before the competent authorities and bodies.
    • Manage the communication of the consequences of the disclosure of data loss / leakage due to cyberattack.

    The Legal Advisor of the company will identify the specific risks for each of his client companies according to their activity and their exposure to data processing (gap analysis). In cooperation with IT, the Legal Advisor will investigate possible cybercrime scenarios and prepare an Incident Response Plan that will be simple and comprehensible to all executives and departments of the company and, in particular, to a judge who may eventually deal with it later.

    To be clearly understood, let’s take a simple example: The lawyer who defends a client for medical negligence does not need to be a neurosurgeon. It is enough to be prepared to understand the philosophy and sequence of the protocol that his client ought to follow in order to respond to the disputed incident. The Legal Advisor of the company, having understood the technical issues with the valuable help of IT, will “translate” in a comprehensible manner the necessary actions and processes so that they are simple and easy to understand by both the Company’s Management and the employees and by third parties (auditing and judicial authorities).

    It is particularly notable that already in the US and Great Britain, the top law firms have developed their own Cyber Security Division to provide all the services required (legal and IT).

     

    The Issue Of Cyber-Security And Its Integration In The Company’s Regulatory Documents

    On the initiative of the Legal Advisor, the Cyber Security issue must be integrated in the company’s regulatory documents (Internal Working Rules, Internal Rules of Operation, Policies for Data Processing and / or Computer Management etc.).

    For illustrative purposes only it has to be noted that an Incident Response Plan should contain (indicatively – among others):

    • Who are the heads of the action groups, when and how they are alerted.
    • Who decides and within which time framework the (eventually) total shut down of the company’s networks or attempts to resume operations to identify the origin of the cyberattack.
    • Who is the external partner (who may) be involved in system monitoring.
    • What and of what nature are the written notices and reports that will be the proof of the time of awareness of the cyberattack and of the actions that took place.
    • Who is responsible for communication and PR (who may) have to manage the communication part of the disclosure.

     

    Does The Legal Advisor Have To Deal ALSO With The Insurance Against Civil Liability?

    In the same context, the Legal Advisor of the company will accurately identify the most likely sources of risk and will be able to choose the right insurance against civil liability plan in relation to cyberattack. This in contravention of the usual business practice, when the cheapest offer is chosen and the first text / draft insurance contract to be sent by the selected insurance company (which may cover on the one hand absolutely unnecessary risks while on the other hand not cover what is absolutely necessary).

     

    The Link Of The Company’s Good Repute With Its Protection

    All the above actions of the Legal Advisor (: existence of clear regulatory documents, policies, Incident Response Plan, Insurance Coverage etc.), but mainly the alignment of the company and of its executives with what is provided can only have the effect of increasing the trust of customers and collaborators towards it.

    Given that we all want to work with trusted partners, the (regional) benefits of the company are more than obvious: customers see that they are dealing with a serious business partner rather than a “little store”.

     

    Creating The Conditions To Prevent an “Internal” Cyber Attack

    Over the past few years, we have been facing business-secrets violations by (dissatisfied or not, active or retiring) company’s executives in the context of their long-term or opportunistic planning. Our case law has dealt with some individual cases, until now, where executives either wanted (simply) to harm their employer’s company or their personal enrichment or their transfer to a competitor-along with the business secrets of their previous employer.

    The protection of the company by its (malicious) executives, although not automatic or self-evident, is, to a very large extent, feasible, with significant leverage in the existing institutional framework and the Constitution. (http://koumentakislaw.gr/en/blog/articles/enterprises-and-confidentiality/)

    So, what happens when cyberattack comes “from the inside”, that is when the offender is an executive of the company? Is protection and deterrence possible? Is it possible (in the non-desired case) to detect the origin and identify the offenders so as to make an (internal) example of them and for (future) deterrence?

    The Legal Advisor is the one who must create the framework and the background of business secrets. It is precisely in this same context (in close co-operation with the IT section) that he must create the conditions to prevent an “internal cyberattack”, which could seriously damage the interests of the company he represents. He is the first to “raise” the alarm but also the one who should urge the company to establish appropriate policies and procedures for the safe use of the company’s networks, electronic communications, the control of access to the company’s systems and records by its executives.

    By Way Of Epilogue

    The resources available are always limited. The need for their rational management is more than obvious and (also) in relation to the maximum possible protection from Cyber Risk.

    If there is no rapid and thorough identification of the needs and potential risks for the particular company, it is likely that the company’s resources be “spent” in a way that will not be the optimal one.

    Your Legal Advisor can lead you to a more rational and efficient use of available resources and also take the responsibility for coordinating all stakeholders.

    Even if you do not choose to assign to him the specific projects, please just search for his assistance. You can be sure that the result will be infinitely better.

    Lambros Timotheou
    Partner

    [/vc_column_text][/vc_column][/vc_row]

  • The Proper Legal Advisor

    The Proper Legal Advisor

    [vc_row][vc_column][vc_column_text] Legal Advisor, Attorney, Counsel. How many times have we all been wondering about who is the appropriate? Is it a question of remuneration (: cheap / expensive), promoted by the media (: unknown / famous), studies and experience, age or gender? And me, I’m neither from the Boston Legals nor member of the team of Suits. No such luck nor experiences! I managed to write a simple decalogue, which does not even refer to the level of fees … Who is the appropriate legal advisor and lawyer? Is it yours?

    1. Trust, Integrity, Prestige

    A constituent element of the client – lawyer relationship is trust. If we do not trust the (potential) lawyer, legal advisor, or if he does not trust you, I shall be dogmatic: We DOT not start a cooperation. But in the case that we have started the cooperation and we already see that mutual trust has been lost, we stop it DIRECTLY! We seek for another lawyer. A lawyer we can trust.

    But in order to trust our lawyer, he must have inspired us and still, unfailingly and continuously, inspire us with his integrity, credibility, seriousness and prestige. If, hopefully, he did not succeed with us, how will he succeed in court, clients and colleagues while defending our interests?

    2. Strategy And Details

    It is usually easy for any lawyer to deal with our affairs. But is that all we need? We must not forget that our legal advisor must develop a strategy for handling each case (small or large). And it is certain he will do well if he can be two steps ahead of others – not just one. But this strategy should be dynamic. At all times, and depending on the developments, its correctness should be assessed and, when necessary, revised. Caution! We are not only interested in the “forest”, we are also interested in the “trees”. No single case was won by strategy alone. It is necessary to look into the details that our counterparts and contractors have not identified. Our Attorney is the right person to deal with them-better not you!

    3. Knowledge And Experience

    No one would like to (and should not) choose an “illiterate” lawyer or someone (who thinks he) “knows everything”. An appropriate legal advisor is not only he who has the appropriate scientific knowledge and expertise, but also, he who has the courage to accept the limits of his abilities. And for the rest to refer (or he himself to address) to the experts. And if, hopefully, our lawyer, focusing on our pocket or to impress us, makes us believe that “he knows everything and that he can do anything” you should introduce him to me. Because I still believe that there is NO such a lawyer.

    4. Consistency, Judgement And Perception

    What is more attractive than the spiritual consistency and the satisfactory, at least, judgment and perception? Does anyone imagine a lawyer who not only is he not able to perceive those that happen but is also unable to decode them and use them in his client’s benefit? Does anyone imagine a lawyer without analytical and, at the same time, synthetic thinking? And more over: Does anyone imagine a lawyer whose speech (spoken or written) is not understood or attractive? We must not forget that every lawyer has listeners, judges or co-contractors before him. And if he cannot bring the interest of the listener or reader to what he himself supports or, worse, be understood in the formulation of his thoughts, he probably should not be our legal advisor.

    5. Negotiating capacity, Persuasion And Passion

    And if I take for granted the judgment and perception of the lawyer we have chosen, I should also take for granted his negotiating capacity in the defense of our affairs and interests. It is precisely in this capacity that our legal advisor must be able to convince the people he is dealing with on our behalf.

    But it is a prerequisite that he himself has been convinced. And more over: to defend us and our interests with passion. For if he is not convinced himself, and is confined to the simple, lukewarm, quote or reading of our argument, we must also assume that even the people he has before him will not be convinced.

    6. Qualitative And Quantitative Performance. Speed Of Response And Availability

    We cannot expect from our lawyer anything less than the best. The best in quality, the most in quantity and at the right (fastest) time. And that because, think of a lawyer who does his job extremely good thus without respect (or commitment) to procedural deadlines or to the client’s business needs. A lawyer that has been just today able to start working on the job he was assigned with a month ago. And to complete it, “God will provide” …

    And just to meet our needs, experience has shown that it is not possible for a lawyer to invoke or use a timetable, to divide the days into working and unparalleled, or to systematic lack, for whatever reason, availability and inability to communicate. Availability is required when and wherever needed!

    7. Efficiency

    We have all met competent people who, however, are unable to focus on the outcome and often to succeed getting one. And it is true that each interested person, by nature, always wants to win (whether he says it or not). However, it is important that our attorney focuses on the best result and does not leave “incomplete” his or her relative effort either by indolence or by indifference or for any other reason. It is important that our lawyer does not leave the case file aside before completing whatever is necessary and possible.

    8. Calmness And Sobriety

    When someone reaches the point of seeking the advice or assistance of his lawyer, it means that a matter of importance is of concern to him. Sometimes these issues prove to be complex and highly complicated. And some others, are reaching the point of crushing, with their consequences, those concerned. And here is the need for an appropriate legal advisor: not to share (client’s) panic attack (but eventually), to decode the data and put them in their true dimension, to propose the appropriate strategy, but also to implement it, to select and oversee the individual solutions.

    Crisis management (whether it refers to smaller or larger or / and really big crises) is, beyond any doubt, an almost daily necessity to which our legal advisor must successfully respond.

    9. Self-Confidence And Ability to Collaborate.

    We all know what a lack of self-confidence means. And if we refer to children, we can reasonably look forward to strengthening it over time. But if we meet the lack of confidence in our doctor or lawyer, can we have hope? It may be the case if, in order to strengthen it, he will appeal to willing and better than its own colleagues. But if such are not available or are already tired of him? If he tries to “cling” to our own thought and opinion to choose or strengthen his own? He’s probably not the appropriate lawyer.

    It also does not seem for our legal counsel to be the right person if he lacks team spirit and of the ability to co-operate with the useful and necessary persons, to recognize their assistance and contribution and the fact that he relies (to any extent) on those. If our lawyer needs a confirmation of his skills by concealing the necessity of collaborations and of his associates, we should probably start to doubt both his abilities and him.

    And something more: Our legal advisor should have leadership skills, he must be able to set up a team and manage it for the best result but also to “take upon himself” our case. But, in particular: to be in a position to remove the burden that our case, personally, and fair, creates.

    10. Does He “Lay Down A Part Of His Life” For Your Cases?

    And if we identified the appropriate lawyer who has “everything in the world” -and more and even more, there is one last question: Do we feel that our lawyer deals with our affairs, simply as a good professional or that, in addition, he lays down a part of his life for them? If the second ALSO happens I think we should not leave him.

    He is the one who will do what is humanly possible for us and for our interests, the one who will “turn night into day” and who will “upset everything” for us. It is he who is honestly happy with our joy and who does not “give up” in our dead ends. He is the one who will continue to fight until victory or up to the end. He is the one who deserves to be OUR LAWYER!!!

    So, is your lawyer the proper lawyer, legal advisor and counsel? I guess you have, already, concluded…

    [/vc_column_text][/vc_column][/vc_row]

  • New Era For Koumentakis And Associates Law Firm

    New Era For Koumentakis And Associates Law Firm

    [vc_row][vc_column][vc_column_text]

    Goodbye Mitropoleos St.: Growth Romped To Victory!

    *Niki(s) in Greek means Victory

    New offices and New Era for Koumentakis & Associates Law Firm, that moved to Nikis Avenue & Morgentau St., in a strategic location in the heart of Thessaloniki (and, semiologically, beside the main symbol of the city: the White Tower).

    New Era

    The source of inspiration for the new offices was the firm’s extrovert strategy to serve its Growth, to “house” new possibilities and new prospects for the firm, its Clients and Associates and to increase the already high level of the services it offers to its Clients and Associates.

    Beyond Legal Services

    Mr. Stavros Koumentakis characteristically said, “After 20 years of presence in our previous, owned offices, it is time to leave behind the past, to turn over a new leaf looking to the future with optimism and to prepare ourselves for the transition to the new era. From a smaller scheme of four associates, we have gradually grown into a boutique law firm of twelve, to date, associates.

    We are already able to offer comprehensive and reliable legal services across a wide range of areas and expertise within the overall support of companies, key shareholders, senior management – and beyond”.

    Easy Cases Are For Others

    Mr. Stavros Koumentakis also noted, “Despite the unfavorable (national and international) economic environment, we are constantly moving towards investing in our growth and in the growth of our clients. We have no doubt that we are facing challenges. But we respond dynamically: “Easy cases are for others”. [/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_text_separator title=”Corporate Video” border_width=”3″][vc_video link=”https://youtu.be/ipGtyvwcqhU” align=”center”][/vc_column][/vc_row][vc_row][vc_column][vc_text_separator title=”Gallery” border_width=”3″][/vc_column][/vc_row][vc_row][vc_column][vc_images_carousel images=”35167,35168,35169,35170,35171,35172,35174,35175″ img_size=”” speed=”6000″ slides_per_view=”4″ hide_pagination_control=”yes”][/vc_column][/vc_row]

  • AXELOS: Important Agreement with PEOPLECERT

    AXELOS: Important Agreement with PEOPLECERT

    [vc_row][vc_column][vc_column_text] Koumentakis & Associates Law Firm, the Legal Advisor of PEOPLECERT Group, welcomes the new big success of the Group, which announced the signing of an exclusive, multi-year agreement with AXELOS Global Best Practice to provide testing and certification services around the world.

     

    AXELOS GLOBAL BEST PRACTICE

    Starting from January 2018, PEOPLECERT will be the only exam provider, certifying over 500.000 professionals annually in more than 160 countries. This move will be welcomed by more than 1.300 training organizations, as well as by companies and aspiring professionals, who will benefit significantly from a more modern, consistent and quality-driven experience in all areas.

     

    PEOPLECERT

    PEOPLECERT is a global leader in the assessment and certification of professional skills, partnering with multi-national organisations and government bodies to develop and deliver market leading exams worldwide.

    With a high-quality assessment technology,the company conducts exams in 160 countries and in 25 languages and enables professionals to enhance their careers.

     

    Read more in peoplecert.org and axelos.com [/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_text_separator title=”Gallery”][/vc_column][/vc_row][vc_row][vc_column][vc_images_carousel images=”34719,34717,34716″ img_size=”full” slides_per_view=”3″ autoplay=”yes” wrap=”yes”][/vc_column][/vc_row]

  • Legal Support Of The Greek – Chinese Association

    Legal Support Of The Greek – Chinese Association

    [vc_row][vc_column][vc_column_text] Koumentakis & Associates Law Firm was appointed as the Legal Advisor of the Greek – Chinese Association For The Promotion Of Investments And Partnerships (EKEPES).

    In a recent event held in Thessaloniki, Mr. Dimitris Samaras, President of EKEPES, announced the establishment of the Association with the aim of developing partnerships in many areas, mainly in tourism, culture, education, trade, agri-food sector and infrastructure. As Mr. Samaras noted, “whereas Chinese interest has so far been centered on so-called classic trade, it is now expanding both in tourist investment and infrastructure, such as in airports and ports, as well as in industry and commerce, tourism and infrastructure”.

     

    EKEPES Role

    EKEPES is expected to play a strong role in the “marriage” of Greek-Chinese efforts and, in this direction, organizes, among other, meetings in Thessaloniki and throughout Northern Greece, while it plans meetings in Athens with the competent ministers and with financial institutions.

    Additionally to the efforts made in strengthening the Greek-Chinese business, cultural, tourist and educational ties are, it is expected that the decision of the TIF-Helexpo for Chine to be the Honored Country at the TIF in 2017 applies. In this context, the Association intends to bring many Chinese businessmen as exhibitors to the General Exhibition of September, filling yet another stand apart from China’s (as the honored country) established stand.

     

    Brilliant Prospects

    The Chinese entrepreneur and Vice-President of the Greek-Chinese Association for the Promotion of Investments and Partnerships, Mrs. Betty Xu, appeared optimistic about the future of bilateral relations. As a lover of Greece, she believes that the bilateral relations of the next decade will produce much more fruitful results, while the five-year experience of her own company in Greece has been revealed. “Greek-Chinese cooperation is growing rapidly in a number of areas, demonstrating a brilliant prospect” the young entrepreneur said, emphasizing that “there are many Chinese people who want to invest in Greece”.

     

    It is to be noted that distinguished politicians and entrepreneurs from the sectors of tourism, industry, agribusiness, energy, transport and commerce have already demonstrated their support for the Greek-Chinese Association. Among other things, the chairman of the Exporters’ Association of Northern Greece, Mr. Kyriakos Loufakis stressed that both the geographical position and the favorable times can offer significant benefits to Thessaloniki and Northern Greece. Alexandros Thanos, representative of the Deputy Minister of Internal Affairs and Administrative Reconstruction, Maria Kollia-Tsaroucha, vice-governor of Tourism and Culture of Central Macedonia, and the Deputy Minister of Tourism and International Relations, Spyros Pegas, expressed their support for the new project. [/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_text_separator title=”Gallery” border_width=”3″][/vc_column][/vc_row][vc_row][vc_column][vc_images_carousel images=”34669,34668,34667,34666″ img_size=”full” slides_per_view=”3″ autoplay=”yes” hide_pagination_control=”yes” wrap=”yes”][/vc_column][/vc_row]

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.