A decade of taming risk

There are many risks facing law firms and many systems which claim to assist in the management of risks. However, most systems are weakest in the management of the highest and most universal risk: the management of each individual instruction of legal work from clients. There is a spectrum of risk management failure which at its most extreme is a large professional indemnity (PI) claim – and the almost certain loss of that client. But just as important on that spectrum is the badly executed and managed case which leads to cost overruns, late delivery, fee disputes, complaints, and above all a damaged professional reputation.

There is a view among many lawyers that PI claims are inevitable in a long career – it’s just an unlucky chance if it is you this time. That is incorrect. After undertaking nearly 40,000 matter level risk assessments over a ten-year period and putting them into a ‘risk map’, we have seen clear clusters of regular high-risk and danger matters. There are also types of behaviour that – if allowed to happen – will make claims nigh on inevitable.

Any risk management system which either rejects higher-risk cases or is so cumbersome to use that clever lawyers will find ways to negate the process is almost as bad as no risk management system at all. This article shows how a very simple system has been effective in managing not only PI risk but also the many other regulatory and reputational risks around client work.

The evidence

The system we devised takes two to three minutes for the fee earner to use and has gained the highest level of immediate fee earner compliance. It is now undertaken 100 per cent of the time.

The impact of the system was immediate, long lasting, and dramatic in reducing the number of reported professional liability incidents and, more importantly, PI claims. That led to a dramatic reduction in our annual professional indemnity insurance (PII) premium costs. We have saved Bates Wells & Braithwaite £6m since 2006 and over £1m in 2016 alone, when PII premiums were reduced by a further 35 per cent.

Figure 1 shows what we would have paid had we kept our 2006 premium rating and compares that with our actual payments. Figure 2 shows our PII payouts total after the risk management system was introduced in 2006. And Figure 3 shows the impact this has had on PI claims needing cash reserves or payouts.

I hope the demonstrated benefits of the matter level risk management system make it worth you reading the rest of this article, because it has universal application to any professional services firm, in any jurisdiction, and has developed into a bottom-up management information system of unique power.

The eureka moment

The risk management system was conceived in a ‘eureka’ moment in 2006 when our PII premiums were very high and getting higher. The first PII renewal after my arrival as chief operating officer was difficult and expensive. That spurred me to read the solicitors’ reports prepared for the PII underwriters on every claim the firm had suffered for 15 years. The reports are detailed – about ten pages each – and are factual and unbiased.

After reading all 15 years’ worth of reports, I realised that the risk factors established in my mind prior to reading the reports had not changed after I had finished them. As COO, I was able to realise my ideas by working with our talented head of IT to produce a system based on that stable and universal group of risk factors.

The benefits of this approach were many. First and foremost, the in-built developmental capabilities offered by the technology meant the risk management solution was easy and quick to develop. Because we were expanding the functionality of an existing, already-deployed technology, we didn’t incur any additional software costs or even have to purchase additional user licences.

The simple risk screen – originally ten, now 20 multiple-choice questions – isolates the 5 per cent of those matters that need real management focus. Just as importantly, it identifies the 95 per cent of matters that are routine and low risk which can be dealt with by a light regulatory and management regime.

A proportionate grading system escalates a matter up the risk management system. At first this was purely driven by a single risk score – no action, one partner signature, two partner signatures, email notification prompting a discussion on how risk was going to be managed with the risk manager, and inclusion in the management board risk report.

Later a significant number of single answers would produce a specific and targeted response – for example, we ask for an estimate of the total potential liability of a matter and offer a range with the final option being ‘over £75m’, which is our current PII cover limit. That option is regularly triggered and brings an immediate case close down.

Expanding the scope

In the past 18 months, we have further expanded the scope of the matter level risk assessment to cover personal sensitive data, market sensitive data, newsworthy data, conflict, own interest conflict, fees over £100k, and PI liability over £10m. All of these are extremely complex areas of risk that are traditionally hard to manage. Once a matter is identified as a high risk in each category, a complex set of targeted actions are automatically generated.

Take reputational risk: we proactively prevent any potential brand damage that may come from taking on new clients or matters. The risk management system does not take the decision, but it does isolate the 1 per cent of matters and clients which must be reviewed by our reputational risk group before fee earners are allowed to proceed.

Second eureka moment

I later had a second eureka moment – a realisation that the matter level risk assessment was in effect creating a unique ‘barcode’ for every matter our partners and fee earners handled.

Individual scores are permanently attached to a matter and become the equivalent of a product barcode. Once there, it can be referred to for an infinite number of management, risk, and reporting purposes. Each PI, money laundering, data, conflict, and reputational risk assessment weighs (or ignores) each number of the barcode in a different way, to create its own risk result and consequent risk actions.

The list of danger matters in each category of risk becomes our firm’s core risk register – and excellent evidence of risk management for the Solicitors Regulation Authority.

Firm impact

We have come a long way since adopting strategic risk management; it is now a default discipline at BWB. It has transformed our culture – unlike previously, as in most traditional law firms, individual partners no longer have the authority to override firm policies. More importantly, partners don’t want to supersede policies any more – the system provides evidence and irrefutable information based on business rationale analysis.

Taken together, the system forces risk management into the day-to-day culture of partners, risk managers, and the management board. After any incident we review whether the risk assessment questions correctly identified the risk and whether the questions needed adapting. No changes were made for the first five years. However, in the last five years we have slowly adapted the questions and weighting for PI risk and added new questions relating to other regulatory risk factors. A decade of experience has led to a reduction in the weighting given to the pure size of a transaction and an increase in the questions and weighting given to fee earners operating, intentionally or otherwise, outside their areas of competence.

At the beginning of this article, I said that the PI claim was one end of a spectrum. A lawyer who operates outside their area of competence will also lead to the badly executed and managed case further along on that spectrum.

Many of the changes introduced following incident reviews were aimed at identifying different circumstances which tempt lawyers to act outside their comfort zone. But these changes have also had the added benefit of allowing us to address the risks discussed here more effectively. In fact, we are now better placed than ever to manage both the challenges we expect to occur and the various unknown obstacles which will doubtless arise unexpectedly over the coming years.

Peter Bennett FCCA is the partnership executive officer at Bates Wells Braithwaite

@BWBllp www.bwbllp.com