Despite renewed focus on outcomes-focused regulation, IT security and conflicts remain the key threats keeping risk teams awake at night.
This section of the report analyses the likely impact of various risk scenarios on law firms and the likelihood of those situations occurring. Typically those situations that potentially have the most serious impact on a firm’s business are the least likely to occur, and vice versa. ‘Legal Risk Profile’ tables show the mean scores for impact and potential as separate indices.
While the introduction of outcomes-focused regulation (OFR) has caused some measure of confusion since it emerged on risk teams’ agendas more than two years ago, firms appear to have had plenty of time to adjust to the Solicitors Regulation Authority (SRA)’s principles-based approach. This year’s results showed risk departments still only expect OFR to have a low impact on business, with a mean score of 2.3 out of 5 – the same as last year.
LEGAL RISK PROFILE 1: What impact would these situations have on your firm?
| Situation Impact | (mean score out of 5) |
|---|---|
| Liabilities exceeding resources, including insurance (eg professional negligence claim in excess of policy limits) | 4.0 |
| Disaster/business continuity failure | 3.7 |
| IT security breach/data management accident or breach | 3.6 |
| Serious legal or commercial conflicts of interest | 3.5 |
| Unwittingly becoming involved with client fraud | 3.4 |
| Credit or other financial problems | 3.4 |
| Reputational damage to the firm (eg from media, ex-employee, disaffected client) | 3.2 |
| Inability to attract new partners/staff | 3.0 |
| Loss of key partners/staff | 2.8 |
| Failure to meet strategic plans | 2.8 |
| Loss of firm’s biggest client | 2.6 |
| Bankruptcy/acquisition of significant clients | 2.5 |
| Competition – including from alternative business structures | 2.5 |
| Poor performance of key lateral hire(s) | 2.4 |
| SRA’s outcomes-focused regulations | 2.3 |
| Employment claims from former partners/staff | 2.0 |
| Alternative business structures | 2.0 |
| Currency fluctuations | 1.7 |
Source: Marsh/Legal Business RM survey
However, 40% of respondents say OFR has caused more confusion over risk management at their firms this year. While OFR confusion peaked in 2011 when 68% of those surveyed said there were problems, this fell to 29% in 2012. It is clear that it is climbing back up the agenda once more. The most likely reason for this is that many of the risk managers Legal Business spoke to said that under OFR, the obligation of the compliance officer for legal practice (COLP) to report non-material breaches of the SRA’s Code of Conduct is causing some concern. While the reporting of serious breaches immediately is understood, the recording and reporting of non-material infractions on an annual basis does not sit well culturally with some firms and others are concerned about the administrative burden this reporting presents (see part III, ‘Finding the balance’).
‘Information security should be on every firm’s
risk agenda and is something the legal profession
as a whole needs to make sure it’s
giving sufficient attention to.’
Simon Callander, Olswang
But overall, risk specialists at City firms believe OFR does not really involve a great deal of change for them but does create grey areas for smaller firms that are yet to define their processes. Jo Riddick, COLP at Macfarlanes, says its risk department began thinking about OFR a few years ago and identified key pressure points back then. As a result, the firm bolstered its conflict systems and controls to ensure its risk management processes matched the new regulations. She says ultimately fee-earners, in a firm which already had centralised risk management, are unaffected by the switch to a principles-based regulatory framework.
‘I induct all our new joiner fee-earners and I always ask them “what is OFR?”. I very regularly find they don’t know, indicating that engagement with OFR, outside management and risk departments, may be a bit behind the SRA’s expectations,’ says Riddick. It’s clear that while risk teams have been working furiously behind the scenes to ensure that the transition to OFR has been as smooth as possible, there are other perennial situations that will have a more serious impact on the risk profile of firms.
Risk perennials
Two risk scenarios in particular remain the most serious. While the risks that are most likely to occur tend to generate moderate impact, IT security or data security breaches and serious conflicts of interest are the most dangerous to firms, having the highest aggregate scores (6.4/10) of impact and potential out of any scenarios in the ‘Legal Risk Profile’ tables.
LEGAL RISK PROFILE 2: What is the potential for these situations occurring at your firm?
| Situation Potential | (mean score out of 5) |
|---|---|
| Serious legal or commercial conflicts of interest | 2.9 |
| Competition – including from alternative business structures | 2.9 |
| IT security breach/data management accident or breach | 2.8 |
| Poor performance of key lateral hire(s) | 2.6 |
| SRA’s outcomes-focused regulations | 2.6 |
| Alternative business structures | 2.4 |
| Loss of key partners/staff | 2.4 |
| Bankruptcy/acquisition of significant clients | 2.4 |
| Loss of firm’s biggest client | 2.3 |
| Failure to meet strategic plans | 2.2 |
| Reputational damage to the firm (eg from media, ex-employee, disaffected client) | 2.1 |
| Employment claims from former partners/staff | 2.1 |
| Unwittingly becoming involved with client fraud | 1.9 |
| Disaster/business continuity failure | 1.9 |
| Inability to attract new partners/staff | 1.8 |
| Currency fluctuations | 1.8 |
| Credit or other financial problems | 1.4 |
| Liabilities exceeding resources, including insurance (eg professional negligence claim in excess of policy limits) | 1.4 |
Source: Marsh/Legal Business RM survey
Angela Robertson, general counsel (GC) at Eversheds, is not surprised that data protection and conflicts scored high again this year and says the growth reflects how client-driven these situations are. There is an ever-increasing emphasis on how firms audit and maintain their IT security and how they obtain and retain confidential information.
‘Law firms have been publicly quoted as being at a higher potential risk – they have weaker infrastructures than the organisations they hold the sensitive data of,’ says Julia Graham, chief risk officer at DLA Piper.
Emma Dowden, director of operations and best practice at Burges Salmon, agrees that clients continue to push IT security to the top of firm’s risk profiles. ‘I’m not surprised to see IT risks at the top. One of the reasons is client pressure – we all respond to client concerns as part of delivering excellent client service and as IT risk is one of their main concerns then firms need to show they are on top of this issue,’ she says. ‘The threat is ever-increasing because people are more mobile now. Aside from portable devices and the risks associated with social media, more and more firms are connecting to clients through their IT and you have to be aware of the risk issues associated with that.’
Simon Callander, GC and partnership secretary as well as COLP at Olswang, says: ‘Generally information security should be on every firm’s risk agenda and I think it’s something the legal profession as a whole needs to make sure it’s giving sufficient attention to.’
He points out that information security issues tend to involve people, which make them more dangerous. For example, a staff member downloading something they should not onto insecure environments, as opposed to using the correct IT tools. Good training and practical policies that are simple and easy to follow would significantly reduce this risk, he adds.
Sandra Neilson-Moore, European practice leader for law firms’ professional indemnity at Marsh, says: ‘This is something on everyone’s mind, because the consequences could be so immense and no-one is quite sure that there is any real way to completely protect themselves.’
She adds that someone at a large firm recently told her the smaller problems around IT security breaches or network failures are something they can deal with without needing to insure against it, for example, whereas for a very large issue of this type, it is probably impossible to get enough insurance to protect against the financial and reputational consequences.
While IT issues are on everyone’s lips, the spectre of conflicts continues to be a major concern. As Neilson-Moore suspects, this boils down to the increasing consolidation and competition among firms.
The majority of risk specialists interviewed felt that commercial conflicts of interest were the key problem, as opposed to legal conflicts. Even small amounts of work garnered for large organisations, such as the banks, can create significant conflict issues for other parts of the firm.
Graham says: ‘Firms are increasingly conscious of the shadows that large organisations can throw when a firm performs a small percentage of its legal work.’
The risk team at Macfarlanes takes its legal or commercial conflicts of interest very seriously, but according to Riddick, this concern is not new.
‘City firms deal with large enterprises, so legal and commercial conflicts and confidentiality issues crop up from time to time,’ she says. ‘I don’t think that’s something that has particularly increased but is definitely one to factor in. Any conflict involves reputational risk and that is a big one, as it goes to the firm’s bottom line and there may be recovery issues. The impact here is potentially large.’
All connected
As we enter a fifth year of globally sluggish growth, it is clear that there is a direct link between increased competition and conflicts being high on firms’ risk agendas and the main causes of professional negligence claims against firms. The pressure is on firms to compete for work, meaning mistakes will happen.
LEGAL RISK PROFILE 3: what is the potential of these professional negligence situations occurring at your firm?
| Professional negligence situation | Potential (mean score out of 5) |
|---|---|
| Errors made by staff/lawyers on routine bread and butter transactions | 2.9 |
| Errors made by staff/lawyers on complex, high-value transactions | 2.7 |
| Increased claims as a result of pressure on fees and the need for ‘instant’ advice | 2.5 |
| Lawyers advising outside area of expertise | 2.4 |
| Inadvertently advising third parties | 2.2 |
| Infringement of regulations | 2.0 |
| Insurance claims emanating from foreign offices | 1.8 |
| Errors made by confusion caused by SRA’s outcomes-focused regulatory approach | 1.7 |
Source: Marsh/Legal Business RM survey
Sarah Clover, joint head of Clyde & Co’s professional and financial disputes team, who regularly represents law firms in defending professional negligence claims, says a number of factors have come together to create a perfect storm for claims against law firms. ‘You have increased competition in the legal market with clients putting more pressure on firms,’ she says. ‘Firms are trying to be as cost-effective as possible to maximise profits, meaning that there could be less supervision and increased likelihood of mistakes occurring.’
This year, ‘lack of communication’ has been relegated from the leading cause of malpractice claims (down from 70% of respondents citing it to 47%), replaced by ‘pressure of work and deadlines’ and ‘lack of supervision’, both at 57%. Work pressure was the leading reason behind claims in our survey two years ago. The cause is clear to Neilson-Moore. ‘One word: “competition”,’ she says. ‘The pressure of competition is almost certainly behind these results. Less work, more people vying for it.’
Claims lodged against solicitors in Chancery Courts 2001-11
While insufficient communication is still a concern for many risk departments, one of the fastest growing causes of claims this year is ‘lack of supervision’ (up from 42% to 57%). Meanwhile, ‘failure to manage client expectation’ has dropped from 56% of respondents giving it as the main reason behind claims to just 37%. Again, there is a correlation between the results – law firms cannot afford to make mistakes in their engagement with clients and risk teams have been very hot on coaching their fee-earners in perfecting their letters of engagement. At the same time, the pressure of meeting those demands can mean that there is less time for senior lawyers to supervise the inexperienced on routine matters.
As a result, it is unsurprising that our survey shows that potential errors are more likely to occur in plain vanilla transactions (2.9/5), rather than complex deals (2.7/5) – which was the key cause of negligence actions last year. Robertson says the results highlight a lack of process when managing workload and more firms need to put systems in place that monitor progress and assist in meeting deadlines. She also says this could be because many firms are still adapting to the fact that there are fewer complex transactions. Riddick, however, says City firms don’t typically do vanilla transactions, and those firms that do should already have these processes in place. She says increased pressure and lack of communication both cause malpractice claims. She adds risks cannot necessarily be prioritised based on previous malpractice claim history, as the causes can be fairly random.
‘A firm may have had a client who is particularly aggressive or has faced a very specific set of circumstances. Therefore, priorities don’t change every year, depending on what happened the year before,’ she says.
Has the SRA’s move to outcomes-focused regulation created more confusion over risk management?
Source: Marsh/Legal Business RM Survey
Annual data released by RPC detailing the number of professional negligence claims lodged against solicitors in the Chancery courts (see graph, above) shows the number of claims dropped to 125 in 2011 from 144 in 2010. These findings come after claims peaked in 2009 with 210 claims made against solicitors in comparison to 80 claims made the year before.
Paul Castellani, insurance and reinsurance partner at RPC, says the number of claims has decreased since 2009 primarily because many firms settled before proceedings began. However, he thinks 2013 will see a new wave of claims being made.
‘This year marks six years after 2007, when property lending was at its absolute highest and the majority of claims made in this division were related to the mistakes lawyers made on property transactions,’ says Castellani. ‘Claimants have a six-year timeframe to make claims, so any outstanding claims from 2007 will be made this year.’
The outlook is for more claims against firms to come through the pipeline. To paraphrase Warren Buffett, the tide has well and truly gone out and now we can see which firms are swimming naked. LB
jaishree.kalia@legalease.co.uk
Legal Business would like to thank Marsh for its sponsorship of this survey.