Risk is a part of practically everything law firms do, not only in relation to advising clients, but in everything else including IT systems, people, finance, regulatory and competitive risks and the risk to reputation.
Yet despite partners supposedly being worried about having unlimited liability for all these risks (we have to wait and see whether LLPs will really make a difference), how many law firms have any kind of risk management strategy in place, let alone a comprehensive strategy covering all the elements already mentioned?
The answer, most likely, is very few, and those firms which do have such a strategy are likely to be the largest and most organised firms. Those firms have looked over the precipice – they have seen the dangers and have the leadership and resources to do something about it.
Even when looking narrowly at just the risks involved in advising clients, it is clear that many firms do not have any comprehensive risk management programmes, and as their claims records show, they very often fly by the seat of their pants. They are not doing themselves or the reputation of the profession any good at all. The nonsense is that they could, if they applied some thought and discipline, do something about it.
The reasons for having effective risk management in place are unassailable:
Professional indemnity premiums are likely to be one of the largest costs to any firm, after manpower and premises.
Whether insurers will be prepared to reduce premiums if a firm has a sensible, well-thought-out programme in place remains to be seen (although in the longer term, this should work through into a better claims record), but without it, firms will have very little defence against premiums being increased. And don't become complacent by current levels of premium since the Solicitors' Indemnity Fund (SIF) was replaced, because all the signs are that the market is going to harden.
Leaving aside the cost of insurance, it must be sensible, in a profession currently organised with unlimited liability, to take effective steps to eliminate or reduce those risks that could wipe out all the partners in a firm, rather than just relying on insurance cover and complaining about the lack of limited liability while looking to LLPs as a panacea for all ills. Prevention is better than cure.
An effective risk programme should not only cut down the risk of mistakes and other problems, but if managed well, it should crucially help a firm to build quality into its work, which in turn will help to build its reputation.
An interesting and beneficial byproduct can also come out of a risk programme. When a firm looks hard at its business and how it carries on every part of that business, it often becomes obvious that things can be done in a better, more efficient, and indeed cheaper, way.
For example, in many property departments, transactions could be re-engineered so as to be dealt with more efficiently and more cheaply, thereby not only reducing risk but also providing the client with a better, more value for money service, while at the same time making a higher margin for the firm. If you take risk seriously, it is no good trying to tackle it in an ad hoc, piecemeal manner.
And even if you do put in place a programme to manage your risks, those measures will have to be lived by everyone in the firm – just giving the partners and other fee-earners a manual to gather dust will be a waste of effort and money.
In reality, risk management needs to be driven from the top, by a management team that is prepared and able to take a broad strategic view of the firm and, by virtue of its members' leadership qualities, is able to get things done.
Too often, developments in law firms are
taken forwards in a series of unplanned and uncoordinated measures because nobody in the firm has ownership of all the projects running at any one time.
An example very relevant to risk management is knowledge management. Firms are currently investing large amounts in knowledge management systems to help them advise better and more efficiently. How many law firms regard knowledge management as one of the anchor points of an effective risk management programme and are developing them together in an integrated manner?
Risk management and knowledge management need to be taken forward hand in hand in a totally integrated fashion.
But as firms that are presently struggling to put in place knowledge management systems will know only too well, the interface between people and systems is a difficult area. To capture knowledge depends very much on the willingness of people to align themselves with the firm's objectives, but knowledge means for many people an ability to retain power, and so they keep it to themselves. Dealing with these types of problems requires people skills that many firms simply do not have, but the longer they fail to deal with the issues the greater
the risk to their businesses in not being able to satisfactorily manage their knowledge.
Training should also be a totally integrated part of any risk programme. Firms spend large amounts on training, but how much of that training is really helping to improve the firm's business and the quality of its advice?
Probably very little, and one culprit is the system of continuing professional development (CPD) points which we have – Law Society please take note. Training should not be for the sake of training (or gaining CPD points) but only to benefit the business.
The right kind of training can reduce risk in a number of areas, not just in relation to negligent advice. Other risks, such as those related to money laundering or fraud by clients, are equally, if not even more, important to be able to recognise and deal with, otherwise they can have a disastrous effect on a firm. Despite all the warnings, many firms still do not take money laundering risks seriously. Training, awareness and compliance procedures are vital to help minimise the risks, yet how many firms have no training for their staff, are still unaware of what to look out for and make no pretence to operate compliance procedures?
Peter Scott is a director at Horwath Consulting
|IMPLEMENTING A RISK STRATEGY|
Quality management is crucial – insurers particularly tend to judge well-run firms by the extent and quality of their management.
Examine the way you do everything in your firm against what ought to be best practice. If you feel daunted by the size of this task, then start with a pilot in one group or department and then roll it out firmwide.
Firms with multiple offices, particularly if they are overseas in countries where it is difficult to do business, should take special care – when the cat's away, the mice will play. Special effort, discipline, tight controls and reporting procedures, as a number of unfortunate experiences have shown, are necessary in order to help minimise the risks inherent in practising law in faraway places, or even if the offices are in this country. Underestimate the extent and seriousness of those risks at your peril.
Do not rush headlong into areas of practice that you do not know. So when it comes to e-business, for example, remember that it could be a very risky business for you unless you know what you are doing.
You may think you know the competency of your homegrown lawyers, but do you know how competent your newly-acquired lawyers are, who may have come in as laterals or by way of a bolt-on or merger? How many firms ask potential recruits about their personal injury (PI) claims record?
Encourage a culture of 'no blame' so that clients will tell you about their problems sooner rather than later, instead of a culture of fear, which can lead to non-disclosure and, potentially, problems with your insurers. A client may have made a mistake, but perhaps if the firm had better operational risk management in place, the mistake could have been avoided. Risk is everyone's problem.
Take a walk around your office and see how many desks are piled high with paper – in that pile of documents is a negligence action just waiting to happen. Lost documents are one of the largest heads of claim against PI policies. Enforce a clean desk policy.
Check out your clients to see whether they and their businesses are the types of clients and work which you can afford to take on.
Make sure you have terms and conditions that will help you not only to manage your client relationships better, but will at the end of the day also protect you.
Limit or cap your liability in relation to certain kinds of work. How many lawyers in firms are aware of the extent of and limitations on their firm's PI cover, or, for example, the conditions imposed by insurers on firms in connection with US-related advice? In-house training on these matters is vital.
In this buoyant market, are you putting your people under too much pressure, so that they make mistakes? Review your manpower needs and resource your work sensibly rather than increasing the risks to business and health by burning out your people.
Make sure that everything you do supports your objective of managing the risks in your firm by aligning the different strands in your business into an integrated whole. Your systems and people need to interface efficiently and well so as to support, for example, your knowledge management, your financial controls and the quality of document production. It is no use having money laundering compliance procedures stating that evidence of client identity is required before a file is opened if the partners are in the habit of telling the accounts department to ignore that direction and open a file.
None of this will happen unless someone makes it happen. That is both your responsibility and the challenge you face.