Gestion de crise dans les cabinets d’avocats

26 février 2026

Canada

Conformité
Criminalité en col blanc
Litiges

Pourquoi la crise relève de la direction du cabinet

La confiance est l’actif le plus précieux d’un cabinet d’avocats.

Il faut des années pour bâtir une réputation et quelques minutes pour la fragiliser. En période de crise, cette réalité s’impose : les clients appellent, les équipes s’interrogent, les journalistes enquêtent, les recruteurs observent.

Ce qui commence comme un manquement individuel, une controverse liée à un client ou une faiblesse interne se transforme rapidement en défi sur le plan de la communication. La réaction de la direction, l’identité du porte-parole et la cohérence du message déterminent le jugement porté sur le cabinet.

La gestion de crise dans un cabinet d’avocats n’est pas d’abord un problème juridique. C’est un enjeu de leadership exprimé par la communication.

Une complexité accrue pour les cabinets modernes

L’exercice du droit est aujourd’hui plus exposé qu’il ne l’était il y a encore dix ans. Les cabinets opèrent dans plusieurs juridictions et conseillent une clientèle sophistiquée. Les attentes en matière de transparence et de responsabilité varient selon les pays. Ce qui paraît prudent dans une juridiction peut sembler évasif dans une autre.

Lorsqu’un incident survient, les réactions dépassent rapidement le cadre local. Clients, régulateurs, collaborateurs et médias peuvent réagir simultanément, parfois sur des marchés différents. Des réponses divergentes entre bureaux ou champs de pratique accentuent la confusion et alimentent la vulnérabilité.

Le silence est rarement une solution. Ne pas expliquer, c’est perdre la maîtrise du narratif.

Les origines des crises dans les cabinets d’avocats

La plupart des crises trouvent leur origine dans trois sphères :

Le comportement individuel
Les risques liés aux clients
Les dysfonctionnements systémiques internes

Les manquements individuels sont généralement les plus visibles.

Les affaires médiatisées impliquant des associés seniors suivent souvent un schéma similaire. Un incident est d’abord considéré comme isolé. La direction hésite en évaluant les risques relationnels et réputationnels. En quelques semaines, la question dépasse le cadre initial. L’attention se déplace du comportement en cause vers la réaction du cabinet et l’enjeu devient rapidement un test à l’égard du leadership.

L’hésitation modifie le récit. Le cabinet ne traite plus un comportement : il justifie sa décision de ne pas agir.

La technologie a créé une nouvelle zone d’exposition. Plusieurs cabinets ont fait l’objet d’un examen attentif après que de fausses citations ont été générées par l’intelligence artificielle. En interne, l’explication était connue : un collaborateur junior avait utilisé un outil ; la supervision avait été présumée plutôt que vérifiée. En externe, la perception d’un défaut de contrôle domine.

Le défi n’est pas tant d’expliquer l’origine de l’erreur que de combler le déficit de confiance. Les juridictions et clients attendent des garanties de supervision, non des explications techniques.

Les crises liées aux clients sont souvent les plus difficiles à gérer publiquement.

Les cabinets peuvent penser que la lettre de mandat crée une distance entre le client et le cabinet. Lorsque le client devient controversé, cette distance s’efface : la couverture médiatique fait rarement la distinction entre conseil juridique et approbation. Dès que le nom du cabinet figure dans le même titre, il devient partie intégrante du récit.

La stratégie de communication doit tenir compte du fait que clients, régulateurs, collaborateurs et journalistes analyseront la situation selon des perspectives différentes. Un message unique ne satisfait généralement pas tous ces publics.

Les enjeux systémiques et culturels présentent un risque distinct.

Les écarts de rémunération, les critères de promotion peu clairs, la tolérance de comportements inappropriés ou des dispositifs de signalement insuffisants s’installent souvent progressivement. Lorsque des avocats quittent le cabinet et témoignent publiquement de leur expérience, les sujets internes deviennent des récits externes, façonnant l’identité publique du cabinet.

Ce qu’un cabinet peut affirmer de manière crédible en période de crise dépend de la constance de ses pratiques antérieures. La réputation délimite le champ des réponses crédibles.

Les défaillances fréquentes en communication de crise

Les avocats sont formés à la prudence et à la précision. C’est généralement une force. En situation de crise, cela peut devenir une faiblesse. Les déclarations sont techniquement exactes, mais incomplètes.

Le schéma est récurrent. Un communiqué soigneusement rédigé est publié. Journalistes et clients se concentrent sur ce qui n’est pas dit. Des questions complémentaires surgissent. Une nouvelle clarification est diffusée. Chaque clarification prolonge l’exposition médiatique et ce qui semblait une approche prudente peut être interprété comme de l’improvisation vue de l’extérieur.

Les messages contradictoires aggravent la situation. Différents associés s’adressent à des publics distincts. Les bureaux répondent de manière autonome. Le désalignement entre juridique et communication affaiblit la crédibilité.

En matière de réputation, les perceptions se forment rapidement. Une fois la confiance entamée, la restaurer est difficile.

Les caractéristiques d’une communication de crise efficace

Une communication de crise efficace est structurée et coordonnée. Elle repose d’abord sur une compréhension claire de ce qui est établi et de ce qui peut être communiqué. Reconnaître rapidement les faits, sans spéculation, renforce la crédibilité. L’exagération crée un risque. L’évitement suscite la suspicion.

Les décisions donnent de la force aux messages. Des évolutions de politiques internes, des mesures prises par la direction ou la nomination d’un enquêteur indépendant ont plus d’impact qu’un langage soigneusement calibré.

La structure est essentielle : un porte-parole unique ; des orientations internes claires ; un alignement entre la direction, les conseils juridiques et les conseils en communication. Sans cet alignement, même des décisions pertinentes peuvent paraître incertaines.

Surtout, l’institution doit primer. Les stratégies perçues comme visant à protéger une personne au détriment du cabinet échouent généralement. Le risque est particulièrement élevé lorsque des figures dirigeantes sont impliquées. Les allégations visant des associés seniors font l’objet d’un examen renforcé et permettent de vérifier si les standards de la firme sont appliqués de manière cohérente ou uniquement lorsqu’ils servent les intérêts du cabinet.

En externe, l’accent doit porter sur les processus et les mécanismes de contrôle plutôt que sur des éléments factuels contestés. En interne, la communication doit limiter les spéculations tout en respectant la confidentialité. L’objectif est de démontrer que les standards du cabinet s’appliquent de manière constante.

À défaut, le doute s’installe.

La crise: un test de communication

Toute crise devient, en définitive, un test de communication.

La nature du problème initial compte. Mais la manière dont la direction réagit et l’alignement entre le message et les actions prises sont déterminants.

Les cabinets qui répondent avec clarté, équité et coordination ont davantage de chances de préserver la confiance, même dans des situations graves. Ceux qui réagissent lentement ou de manière inégale prolongent la controverse et aggravent l’atteinte à leur réputation.

La communication de crise ne relève pas de la mise en scène. Elle vise à protéger la crédibilité sous pression, le cœur même de l’activité d’un cabinet.

Since Brazil’s General Data Protection Law (LGPD) came into force in 2020, the country has taken steady steps to solidify its data protection framework. The Brazilian National Data Protection Authority (ANPD) has become an increasingly active regulator, issuing guidelines that clarify key roles and responsibilities under the LGPD.

One of the most recent and significant developments is ANPD Resolution No. 18, which defines the scope, duties, and governance expectations for Data Protection Officers (DPOs) in Brazil. While the DPO role was already part of the LGPD, this resolution sharpens the regulatory focus and introduces new formalities and responsibilities—especially relevant for multinational companies operating in Brazil.

Here’s what foreign businesses and their counsel need to know—and do—to remain in compliance:

DPO Appointment Must Be Formal and Documented

The DPO must be formally appointed by the data controller through a written, dated, and signed document. This document must outline the DPO’s activities and duties, and must be readily available to the ANPD upon request. This is not a formality to overlook: an undocumented DPO designation could lead to enforcement risks.

Backup Required: Designate a Substitute DPO

While small data controllers are often exempt from appointing a DPO, the Resolution requires that they still establish a reliable communication channel for data subjects—ensuring the exercise of data protection rights. This applies even to subsidiaries or low-volume processors.

Disclose DPO Identity Publicly

Companies must publish the DPO’s name and contact details prominently on their website. For corporate DPOs, the name of the legal entity and the responsible individual must be disclosed. This is a public-facing requirement—easily verifiable by the ANPD or data subjects.

Controllers Must Empower the DPO

Brazilian law now places affirmative obligations on data controllers to provide the DPO with adequate resources and autonomy. This includes access to senior leadership and freedom from interference, especially in decision-making related to data protection.

Identity and contact information

The data controller must publicly disclose, in a prominent and easily accessible location on their website, the DPO’s identity and contact details. At a minimum, this should include (i) full name, for individuals; or the business name/title of the entity + full name of the responsible person, for legal entities; and (iii) information on communication means enabling the exercise of data subject rights and receiving communications from the ANPD.

Key DPO Responsibilities

Responding to data subject complaints
Interfacing with the ANPD
Advising on incident response, data mapping, DPIAs, and internal policies
Promoting internal awareness and training
Ensuring risk mitigation strategies are in place

These obligations are not merely symbolic—they may require dedicated local support and a carefully structured compliance program.

No Strict Liability, But Conflict of Interest Rules Apply

DPOs are not personally liable for the controller’s actions. However, conflicts of interest must be proactively managed. A DPO cannot simultaneously hold a role involving strategic decisions about the processing of personal data—unless directly related to their duties.

Multinational organizations must take care when appointing global or regional DPOs with overlapping roles to avoid compliance pitfalls.

Failure to Comply Can Trigger Enforcement

If conflicts are not disclosed, or DPOs are inadequately appointed, the ANPD may apply sanctions. Controllers must document their decision-making, implement conflict-mitigation measures, or appoint alternative professionals when needed.

Final Thoughts: Legal Risk or Strategic Advantage?

With Resolution No. 18, Brazil aligns more closely with global data protection regimes, but with its own unique requirements. For foreign companies, the message is clear: the DPO role in Brazil is a regulatory obligation—not just a best practice.

Properly structuring this role offers not only legal certainty, but also the opportunity to demonstrate accountability and build trust with Brazilian consumers and regulators alike.

For international counsel, this is a strategic area where legal guidance is not just helpful—it’s essential.

Summary

The Loi visant principalement à améliorer la transparence des entreprises came into force in Québec on March 31, 2023, imposing new obligations on businesses in the province. The law requires businesses to disclose information about their ultimate beneficial owners (UBOs) to the Registraire des entreprises. UBOs are individuals who possess voting rights, fair market value of shares, or de facto control over the business. Certain entities are exempt from disclosing their UBOs. The information disclosed will be accessible to the public, except for the date of birth and, in some cases, the home address.

On March 31, 2023, the Loi visant principalement à améliorer la transparence des entreprises (Act mainly to improve the transparency of enterprises) came into force in Québec, imposing new obligations for businesses in the province.

The new law modifies the Loi sur la publicité légale des entreprises (Act respecting the legal publicity of entreprises) and seeks to increase corporate transparency, namely by requiring businesses to provide to the Registraire des entreprises (the “REQ”) information about their bénéficiaires ultimes, i.e. ultimate beneficial owners (“UBO”).

An UBO is, namely, any individual who:

possesses at least 25% of voting rights;
possesses at least 25% of the fair market value of all shares; or
has enough influence to exercise de facto control of the business.

All UBOs of a business must be disclosed, although some entities such as non-profit organizations, legal persons established in public interest, public corporations, financial institutions and trust companies are not required to disclose their UBOs. For every UBO, the following information is required to be communicated to the REQ:

names and aliases;
home address (and optionally, business address);
date of birth;
type of control exercised or percentage of shares, interests, or units held;
date at which he/she became an UBO and date at which he/she ceased to be one.

Most of this information will be accessible to the public, with the exceptions of the date of birth and, in cases where a business address is provided, the home address. The names and home addresses of minors are also hidden from public access.

By providing access to shareholder information, the Province of Québec was already the only Canadian corporate jurisdiction that required public disclosure of the names and domiciles of the three principal shareholders. The province again takes the lead by forcing disclosure of corporations’ UBOs. For now, in the rest of Canada, the identity of UBOs for privately held companies is not a matter of public record.

Entities doing business in Québec should ensure to conduct a proper examination of their organizational structure, so as to correctly and fully disclose the information required by the new transparency rules. Any failure to do so can lead to immediate revocation of the business’ registration under the REQ, as well as to fines ranging from CAD 1,000 to CAD 40,000.

The new rules only require the businesses themselves to take the necessary measures to confirm the identities of their UBOs. Professional advisers do not have any due diligence obligations in this regard.

The purpose of this post is to provide information about (i) the need of Brazilian companies for providing the Country-by-Country Reporting pursuant to the OECD Rules, Action 13 of the Base Erosion and Profit Shifting Actions (“BEPS Actions”) and (ii) the need to disclose the name of the final beneficial owner of entities with equity participation in Brazilian companies, or owners of assets in Brazil.

Country-by-Country Reporting Regulation

Normative Instruction RFB No. 1681 (“IN 1681/2016”) established the rules for the Brazilian companies to be compliant with the Country-by-Country Reporting Regulation (“CbCR”). The CbCR shall be presented annually considering the financial results of the previous fiscal year, as part of the fiscal declaration (ECF, which includes the information related to the corporate tax income return). Such declaration should be filled in accordingly with the list of mandatory information determined by IN 1681/2016 and pursuant to RFB Normative Instruction No. 1,422, of December 19, 2013.

The CbCR is the result of the BEPS Project (Base Erosion and Profit Shifting) of the OECD’s initiative, contained in Action 13 of the BEPS Actions, aiming the enhancement of transparency while taking into consideration compliance costs.

Multinational groups are obliged to deliver the CbCR if consolidated revenues for the fiscal year preceding the tax year of the declaration are equal to or greater than BRL 2.26 billion (or 750 million Euros, or if the local currency of the final controller of the group is equivalent to the mentioned amounts, as of January 31, 2015).

The Brazilian subsidiary is (or may be considered) a substitute of the final controller and, as such, bound to fulfill the CbCR in the following cases:

it is the final controller of the multinational group is not obliged to deliver the CbCR in its jurisdiction of residence;
the jurisdiction where the ultimate controller is located has signed an international agreement with Brazil, however, still not ratified by the competent authorities before the deadline for delivering the CbCR; or
there has been a systemic failure of the jurisdiction of residence of the final controller of the multinational group that has been notified by the Brazilian Federal Revenue Office to the resident entity for tax purposes in Brazil.

In case the Brazilian subsidiary is exempt from submitting the CbCR, it will still need to provide the identification and the jurisdiction of residence for tax purposes of its parent company.

The deadline for providing the information will be the date for completing the ECF, to expire on 30 July 2018 for the fiscal year 2017. Failure to comply will expose the Brazilian subsidiary to the payment of a penalty of BRL 1,500.00 (USD 410 or EUR 340) per month. Submission of an incomplete CbCR may subject the Brazilian subsidiary a fine of 3% over the value omitted, inaccurate or incomplete.

Need to disclose beneficial ownership and how to do it

Brazilian companies are obliged to provide information on the person authorized to represent them, on the respective chain of equity interest, until the individuals characterized as final beneficial owner.

This information shall be provided when a Non-Brazilian entity present its application to obtain the Federal Corporate Taxpayers’ Registry (“CNPJ”). If the Non-Brazilian entity already has a CNPJ, it must update the CNPJ with the beneficial owner information by 31 December 2018.

Obtaining a CNPJ is mandatory for Non-Brazilian entities that have equity participation in Brazilian companies or other assets – financial investments, real estate, airplanes, ships, among others in Brazil.

This obligation is in force by means of the Brazilian Federal Revenue Office Normative Instruction No. 1634 (« IN 1634/2016« ). IN 1634/2016 contains a list of information to be provided and documents to be delivered for that purpose.

On October 25, 2017, the procedure became mandatory also for Brazilian entities after publication of the ADE COCAD (Executive Declaratory Act – Registration Management General Coordination) No. 9/2017.

Fail to comply with the procedure can result in suspension of the CNPJ. This suspension could result in inability to execute bank transactions, financial investments and obtaining loans and, ultimately, prevent the remittance of dividends to other countries or even the receipt of funds by means of a loan or capital injection from the respective parent companies abroad.

Such information is not protected under fiscal secrecy, but the public employees shall not disclose this information pursuant to functional obligation of not disclosing information unless if summoned by court order.

The requirement for presenting the information on the beneficial owner is already familiar for investors in Brazil. The Brazilian financial institutions are responsible for obtaining information of their client up until the beneficial owner, pursuant to Circular Letter No. 3.461/2009 of the Brazilian Central Bank. The information provided to financial institutions are subject to bank secrecy.

These Brazilian financial institutions are severe on the provision and updating on the foreign parent companies. It is usual for companies with foreign shareholders to receive notices and warnings of possible blocking or closing the accounts if the required documents are not presented in full.

The author of this article is Paulo Yamaguchi

Larry Markowitz

Domaines d'intervention

Entreprise
Fonds d'investissement privés
Start-up

Contact Larry

Autres articles qui pourraient vous intéresser
Autres articles de Larry

Spain | Franchising, Theory Of Risk and Guarantees By Franchisee

Distribution
Litiges

Espagne

Vietnam on the EU Tax Blacklist: A Guide for EU Buyers

Entreprise
Distribution

Vietnam

Brazil’s New Digital Child Protection Law: Practical Implications for Foreign Tech Companies

Confidentialité - Protection des Données

Brésil

L’obligation d’information précontractuelle dans les contrats de franchise et de distribution

Distribution
Franchise

France

How to Joint Venture in Saudi Arabia

Contrats
Entreprise

Arabie saoudite

Corporate Sustainability in Practice – How Contracts Shape Responsibility

Contrats
Distribution

Finland

Rising Oil Prices and International Contracts: How to Manage Hardship in Global Supply Chains

Contrats
Distribution

Italie

African Continental Free Trade-Agreement - Legalmondo

Why the African Continental Free Trade Agreement has not yet turned into Reality — and What That Means for Egypt

Distribution
Investissements étrangers

Égypte

Buying a House in Spain: Mortgage Contingency Clauses and Legal Checks

Immobilier
Impôts

Espagne

La communication dans les fusions-acquisitions transfrontalières – Pourquoi la réussite d’une transaction ne se limite pas aux documents

Contrats
Entreprise

Canada

Écrire à Larry

Brazil | DPO Requirements – What foreign companies must do to stay compliant

13 avril 2025

Brésil

Conformité
Confidentialité - Protection des Données