A Modern Law Firm’s Approach to Risk Management
We understand and appreciate that it is near impossible to eliminate all risks from your business completely.
What can we do with these risks? Well, you can look to transfer some risks through the placement of an appropriate insurance policy; this will have clear and tangible costs associated with them. As an alternative, or preferably, in addition, you can look to proactively mitigate the risks associated with your chosen specialisms through your internal processes and procedures.
Risk management should be an integral part of any successful business; as such, it is absolutely fundamental to a modern-day law firm. With the right procedures in place, it allows the business to focus on being more streamlined, efficient, and more profitable. Effective risk management is more than processes and procedures.
It should be a cultural thing, embraced by all within the practice with the primary objective of helping your practice provide excellent and compliant customer service, resulting in you not only retaining those clients but potentially getting a great review from them and being referred new clients too!
If you were to reimagine your law firm or to commence a new practice, it is always important to stick with the basics when initially identifying and evaluating your risk management process. Here are some important considerations:
- Who is ultimately going to be responsible for risk management within the firm?
- What form will risk management take on an ongoing basis?
- Does the firm have a clear policy on what work it will and will not do?
- In terms of instructions accepted how are these defined? And Once accepted, how are these handled in particular those classified as high-risk matters?
- Will you engage with any external consultants in respect of any aspect of your risk and compliance?
- What investment have and will you be making to your IT resources and technology infrastructure?
- Will you look to seek to improve your client’s experience after providing a service?
- Will you continuously assess these results to implement improvements if necessary?
Whatever you do, it is incredibly important to align your practice’s risk management policies with your future plans; risk management and compliance should not be an afterthought.
With intended growth plans and long-term aspirations, whether this is new geographic locations, new practice areas, or complexity, the additional risk needs to be appropriately considered. A plan then needs to be put in place for your specific approach to risk management to evolve accordingly.
Reviewing your plan
It is important to regularly review your risk management processes and procedures, ensuring that they remain fit for purpose. While this is not an exhaustive list, you should ensure:
- You are compliant and following the very latest rules set out by the regulator.
- You adopt and maintain a robust client onboarding process with a focus on:
- Knowing your client (KYC) and Anti-Money Laundering (AML)
- Ensuring that matters are appropriately risk assessed at the outset
- The scope of your retainer and engagement letters are clearly defined
- Supervision is key regardless of the seniority of the fee earner. This includes partners’, as their work needs to be checked too
- Heightened supervision and governance should be in place for both higher value and more complex matters
Working environments have been evolving, and while many people are being forced or certainly encouraged to have their associates work remotely, an increasing number of practices were allowing more flexibility in the working environment, well before the pandemic.
This creates an increased ‘risk’ to the business with what is often perceived as less oversight or supervision.
Our experience shows that being in the same building does not necessarily result in greater governance or oversight in place, and with the right IT infrastructure and perhaps some modifications to procedures, effective supervision and governance can be put in place, even with a fragmented workforce.
Naturally, a downside of a fragmented workforce is the learning by osmosis can be lost, something that no frequency of team video calls can replace. Frequency of team engagement is important and equally, so is addressing the training needs of your associates; remember this includes the partners too.
Other risks practices face include ‘Friday afternoon frauds’, which have been widely reported in the legal press along with similar crimes. Law firms are a prime target for criminals, which stands to reason considering the substantial amounts of money that flow through office accounts daily along with the volume of sensitive information that they may hold at any one time.
Continued education and training are important, as are constant reminders to minimise complacency creeping in. These criminals are not going to stop. They have proven to be incredibly patient and innovative, and they will adapt their approach as the size of the prize is too big.
These criminals will be acutely aware of pressure points in workload, with perhaps clients and agents in respect of property transactions adding to this. In order to help minimise these risks, monitoring a fee earners’ caseload, along with introducing an extra pair of eyes on all transactions, may be prudent measures to implement.
Failure could result in a costly claim being experience, which could have ramifications on future professional indemnity insurance premiums for many years to come. The topic of risk management plays a pivotal role in multiple facets that make up a modern law firm, including but not limited to; compliance and the regulatory regime, unique makeup and structure of the practice, each practice area undertaken, data protection, and I.T infrastructure.
We have touched on a few common areas and points to help you assess your business. If you would like to discuss the above further, please do not hesitate to contact a member of the Lockton team or myself.
Author: Brian Boehmer, Lockton