Risk: Blame game

The main danger when offering a disaggregated legal service is the quality of work of the third party supplier. But there are steps that can be taken to mitigate the risks

In the context of the fragmented delivery of legal services, what does disaggregation mean to you and what do you see as the biggest associated risks?

Chris Andrews
Chris Andrews

Chris Andrews, director of risk management, Simmons & Simmons: I see disaggregation as having three different meanings. First, it can be looking to see whether the right legal resources are being used in the right way for the various parts of the service. Just as it is neither expected nor efficient for photocopying to be carried out by a partner, that same analysis can be applied to other aspects of an engagement. At its simplest, it disaggreation is every task being carried out by the most appropriate person. 

But there are risks inherent in achieving this. If work is parcelled out within a team, knowledge might be picked up by one person but, if they are not involved in another task, they may not appreciate its relevance to that other task, and so not share it with the rest of the team. Thus relevant knowledge could become lost. 

There is also the danger that a task or activity that is seen to be suitable for a junior lawyer may have hidden complexities that the junior lawyer does not have the experience to appreciate, so a problem may remain hidden.  However, the alternative is for senior lawyers to do everything, which is not appropriate either. It is therefore important to ensure lawyers have the support of their colleagues and know they can and should discuss matters with more senior colleagues if there is any uncertainty. That monitoring and support element remains key.

Second, there is the situation where a large firm agrees to take on overall responsibility for a whole range of legal matters but with the express recognition that less complex matters are sub-contracted, typically to a smaller firm with a lower cost base – the so-called Mexican wave approach. 

Third, disaggregation could refer to elements of an overall client engagement that a firm does not have the skills to provide and so will subcontract the work to a third party but still have overall responsibility to the client. This could be the use of local lawyers in jurisdictions where firms do not have offices or the use of specialist resources such as managing the automation and tagging of documents for analysis and disclosure in litigation. 

The biggest risk in these last two situations comes from the fact that clients will look to their firm if something goes wrong, but the error may arise within the third party and not due to any error of the law firm. Choosing the right third parties and ensuring they have appropriate insurance cover are important, although it is not always possible to ensure full back-to-back protection, for example if law firms in a particular country do not carry professional indemnity (PI)insurance. Also, while it may not be feasible for the main law firm to review the quality of advice provided by a foreign firm, the same cannot be said where it is a Mexican wave situation, where the advice would be on English law matters.

William Robins, operations director, Keystone: As well as questions of quality and service and the attendant risk that, by disaggregating, client expectations in these two key respects are missed, there are two further major risks to consider: cost and compliance.

Cost is, perhaps, the most easily addressed. There is always a cost in disaggregating, managing the parts, and re-aggregating. There is a further cost in building the systems and processes that allow for work to be done at a lower cost and by less-skilled people. Systems need to be highly task-specific so this lends itself only to high-volume, repetitive work. 

Compliance risk is harder to deal with. With work being done by more junior staff, third parties and in different locations, how does a centrally based compliance officer have oversight of the entire matter and how can they trust the actions of those junior staff?

Craig Perry, general counsel, CMS Cameron McKenna: Clients increasingly require legal services to be provided as cost efficiently as possible. This can mean they expect services to be provided by different suppliers in different locations – whether that is from London, UK or international service centres, LPO providers, consultants or sub-contractors. Clients still expect the service to be high quality and one of the biggest risks is that the firm that takes the lead co-ordinating role ends up taking responsibility for all of the services being delivered.

Sarah Goulbourne, co-founder, Gunnercooke: Technology has enabled the disaggregation of the traditional way of delivering legal services as the services provided to clients can now be transmitted in different ways. This opened an opportunity for forward-thinking, innovative firms to thrive in the increasingly competitive legal market. One of the associated risks for fragmented delivery of service is ensuring it does not lead to fragmented quality of service.

However, through scoping and pricing work without using hourly time recording as a basis for the price the client can get peace of mind that there will be no discussions around the re-negotiation of fees at the end of a piece of work. The service should always be maintained by a senior lawyer, who can work with them in the best possible way for their business – be it at their office, at the firm’s offices, via an online meeting zone, or whatever they prefer.

In fact, the bigger risk is that law firms fail to keep up with technological advances and continue to use a business model based on charging for time recorded, which often has no bearing to the value of that work to the client. 

Has the appetite for services such as LPO increased or decreased, and how have the risk issues associated with LPO changed?

William Robins
William Robins

WR: Figures vary, but the LPO market is estimated at £1bn per annum. In a global legal services market of $400bn per annum this is clearly not yet a material factor. There is no question that LPO is therefore unrepresented and its share will grow and annual growth rates of 30 per cent to 50 per cent have been quoted by different commentators. As the appetite for LPO grows and the sector matures, the quality of the LPO offerings will improve, which in turn will drive take-up. This accelerating trend shows no sign of abating.

The drive for LPO is strong with large corporate clients, with general counsel suffering from increasing workloads and reducing budgets.

LPO has not caught on, however, in the small to medium enterprise market, where clients require a more personal service and often require more bespoke business-based advice and a client/solicitor relationship. Firms need to understand themselves and their client bases – LPO is not a panacea but a tool for strategic use.

CP: The clients’ appetite has increased and we are seeing some of them contract direct with LPO providers and cut out law firms as the middlemen for some of their lower value, repetitive work. In pitches clients are demanding to see examples of how we have multi-sourced work to achieve efficiencies for them, which is a relatively new trend. Many firms have opened their own service centres in near-sourcing locations and this enables them to offer the service in-house without using external LPO providers. The firm will take total responsibility for the service being delivered and retains complete control of the supervision and quality of the work. 

CA: The economic downturn led firms to focus internally and ensure their own staff were utilised rather than looking to outsource legal work to third parties. However, there has been an ongoing appetite to look for opportunities where additional work can be retained by the main firm, even if some of the overall work is shared with other firms. 

I suspect that, as firms come out of the leaner times, there may be a renewed focus on LPO-type activities – either onshore or offshore. Some of the risks that always existed are now receiving greater attention, including the interest of clients in ensuring that any third parties that a law firm may use has effective IT and information security arrangements to protect confidential client information and adequate processes to ensure the security of personal data. 

SG: We have seen the appetite for LPO services increasing as the LPOs develop and respond to what lawyers need. General counsel recognise that certain types of work are better handled using a process – the process may be carried out by a firm’s own internal processing department or by a firm engaging with a third-party LPO. The risks are that the relationship between the firm and the LPO is not managed carefully enough – robust service level agreements (SLAs) are crucial, as is the firm’s ability to audit how data is held from a security and confidentiality point of view. 

What are the key steps from a compliance point of view that a firm needs to ensure are in place when disaggregating work streams?  

Craig Perry
Craig Perry

CP: There are a number of issues that have to be considered, from maintaining client confidentiality and data protection to ensuring that conflicts of interest are avoided and there is adequate supervision. There need to be robust quality control processes and checklists in place to ensure the provider is delivering the right product. By being involved in the disaggregation of client work a firm also needs to ensure that it remains independent and is not involved in helping to deliver unauthorised legal practice.

CA: The issues are less compliance driven and more focused on risk management. There needs to be: a serious investment in project management to ensure the overall objectives are being achieved and the jigsaw puzzle created by the division of still provides the complete picture the client has engaged the firm to provide; processes to manage the flow of information between different parts of an engagement team; and clear processes for support and supervision. Ultimately a partner has responsibility for delivering the service or deliverables and they need to have confidence that there are appropriate processes in place to ensure the necessary quality in every part of that. 

In relation to the use of third parties, if a client is seeking to rely on their law firm to front the relationship then the key issues are ensuring the quality of the entity, providing clear instructions, having clear SLAs and obtaining comfort as to their financial position (including the availability of adequate PI cover) in the event that something goes wrong. 

SG: UK law firms operate in an outcomes-focused, risk based regulatory regime. When using an LPO, an assessment needs to be undertaken of the probability of a compliance issue arising and the impact of that issue on
the project. For example, the size of the job, the length of time to deliver it and the nature of the task are all relevant factors to consider. A brief summary of the steps to be put in place is: identification of where the main risks lie in the piece of work being carried out by the LPO; assessment of those risks – sharing knowledge through the project; evaluation of the effectiveness of the team by monitoring; and controls, for example two partners working on a project.

Under the SRA’s code of conduct, firms have a responsibility to protect client money and assets. Protecting confidential client information is one of the most essential requirements of any law firm. Criminals may wish to obtain confidential client information using computer programmes referred to as ‘malware’. It was recently announced that Windows XP will no longer be supported by Microsoft, so there is a risk to the IT security of remaining users. This is an example of where a firm using an LPO would need to ensure the security of both their own and the LPO’s systems, so that client data remains secure at all times.

WR: Before entering a disaggregation process the entire life of the matter needs to be mapped and codified. Each task needs to be understood and the most cost-effective way of performing that task needs to be found. A process then needs to be built, using technology, that pushes the matter through the workflow, with each member of the team playing their part and being able to see enough of the wider picture to understand the task at hand but not so much that too much time is wasted in reading in and handing over. 

Senior individuals need to plan the process and ensure that technology makes high-risk areas visible to those with compliance oversight. More compliance focus is applied to the areas of perceived higher risk.

The concern, though, is to what extent all risks can be anticipated. Risks come in all shapes and sizes and inevitably occur throughout the matter. When they occur in an area perceived as low risk, this risk will typically be ‘off radar’ and could be missed, or if picked up, then left to junior staff to deal with.

When legal services are disaggregated, who takes responsibility when things go wrong?

WR: The client and the SRA are as one in this regard – the law firm being instructed is responsible for all work undertaken. Chapter 7 of the SRA code requires that law firms “may not abrogate responsibility for compliance with regulatory requirements”. With the advent of outcomes-focused regulation, the SRA has deliberately given law firms more flexibility and outsourcing is permitted; indeed, some would say that arguably, given the greater flexibility, outsourcing is encouraged. Law firms can deliver the services in the way they think best, providing they give the client the right outcome. But therein lies the challenge. The law firm will be held accountable after the event for the actions of the LPO provider.

Change may be at hand, though. Much LPO work is not regulated and there is no legal reason for law firms to be involved in some LPO work. The question is, where law firms are involved, perhaps in a managerial capacity only, will the service have to be delivered to a higher standard?

CA: Clients will undoubtedly look initially to their first point of contact, usually the partner at their relationship law firm. Clearly, if the error was within the work actually carried out by the firm, it will be no excuse for the partner to say that the error occurred in part of the work that the client had asked or agreed would be carried out by a junior resource, for example. If the error was within a third party sub-contracted by the firm to provide advice or carry out work, then again the client may look to the firm as the party it had the overall engagement with, although there may be greater understanding if it can be shown that the firm had done everything it could and was not in any way actually responsible for the error. 

If it is a Mexican Wave situation, it is important to agree what level of responsibility the main firm will be taking for the work performed by the smaller firm – clearly the overall economics will be affected if a review role is to be undertaken, and if that is not what the client wants, then the consequent lack of responsibility for the main firm should be recognised. 

CP: The lead co-ordinating firm will always be at risk. It is important the appropriate contractual structure and protections are in place between the relevant entities and that these are not ignored or unexpectedly altered by the conduct of the parties. A lead firm should ensure that all the suppliers it is working with are competent and have sufficient insurance.

Sarah Goulbourne
Sarah Goulbourne

SG: Firms can implement a framework that they expect all their lawyers to follow, with regard to quality and standard of service to clients, but there is usually an expectation that the lawyer with the overall responsibility for delivering the service to the client has to accept overall responsibility for how it is delivered. 

What tolerance to risk are you seeing among clients and in your experience what are the acceptable boundaries for things going wrong?

CP: Clients are never happy when things go wrong but are much more likely to find fault if costs are higher than expected. Some clients may be willing to accept some lowering of standards if they are directly involved in the decision to involve a specific supplier but the tolerance for mistakes remains low.

SG: Clients are used to managing legal risk as part of the overall governance requirements of their own businesses. Legal risk management is controlled through regular risk reviews, audits and contract amnesties for business managers. Overall, the requirement for a system and process is a pre-requisite. Clients are prepared to have a discussion about sharing risk between an in-house legal team and their external lawyers.

However, the key to avoiding things going wrong is communication. Strong communication between the lawyer and the client is fundamental to ensuring that things simply cannot career wildly off-course. We talk a lot in our business about ‘trusted advisers’. What we mean by this is a lawyer who does not just offer the technical definitions on risk, but one that can also offer their own professional opinion on the risk, can partner the client on navigating their way through this risk, and who can design and implement strategies for the management of future risk. 

WR: Legal services should be provided only by seasoned experts. Most clients take a zero-tolerance approach and demand quality throughout the process – near enough is not good enough and I very much doubt that professional indemnity (PI) insurers would be pleased to see the contrary view being taken.

That said, with largescale matters and sophisticated purchasers of legal services, the industry is starting to adopt an SLA approach and clients are balancing the cost of the service against the quality. As a matter of contract they should be free to do so, but this is at odds with the regulatory approach of the SRA and other regulators. 

CA: Within the context of disaggregation of services, clients are understandably looking to avoid any potential risk and continue to expect a quality service from the firm they engage. While there is a relentless drive for more efficiency, clients do not see that as being at the expense of quality. The only possible area where clients might be more understanding is where the practicalities giving rise to an error fell outside the control of the main law firm.