This website uses cookies

This website uses cookies to ensure you get the best experience. By using our website, you agree to our Privacy Policy

Sign Up for our Free Newsletter
Solictors Journal logoSolictors Journal logo
Jean-Yves Gilg

Editor, Solicitors Journal

Fault lines: How a risk audit can help with securing PII

Feature
Share:
Fault lines: How a risk audit can help with securing PII

By

Frank Maher, a partner at Legal Risk, explores how risk audits ?can help with obtaining professional indemnity cover

Frank Maher, a partner at Legal Risk, explores how risk audits '¨can help with obtaining professional indemnity cover

Won’t a risk audit spoil your chances of obtaining professional indemnity insurance? Wouldn’t it be better not to know? We have a good claims record, so what’s the point? These are typical questions that law firms have asked over the years. But the world has moved on.

When, in 2000, the profession in England and Wales moved to obtaining insurance on the open market, a key perception was that it would drive the bad firms out of business. What has happened has been subtly different.

It may have driven some bad firms out of business but, in many cases, the firms that have felt the pain have been small firms that happen to have had a couple of large claims, a series of claims (e.g. The Accident Group, or mortgage lenders), or have suffered from a rogue partner who has gone off the rails undetected until the scale of the problem has become large in relation to the size of the firm.

The size of the claim proportionate to the size of firm is very significant. Many large firms have also had rogue partner issues but have been relatively unscathed in obtaining insurance cover. A number of City firm expenses cases have hit the headlines but, in reality, there are many more.

Expenses claims are not the only issue. There have been many trails of disaster left by partners and (often unsupervised) employees causing large commercial or residential property claims, probate and trusts, or cheating third-party insurers over matters such as after-the-event insurance and medical fees.

A safe bet

The difference between large and small firms is not in the detail of the claims, but that a large firm is far more likely to obtain insurance, for three reasons.

First, because of the amount of premium that a large firm may attract and be able to afford going forward, this is substantially higher. Given time, it may offset the insurer’s losses or, if there is no prospect of that, the firm may be able to obtain cover elsewhere with an insurer attracted by the potential for a high premium.

Second, the larger firm will be able to afford a higher self-insured excess. This is important because, if the firm does not pay it, under the compulsory minimum terms and conditions (MT&C) imposed by the Solicitors Regulation Authority (SRA) the insurer has to pay and seek reimbursement from the firm. Also, there is scope to make the excess large enough to cover any potential rogue-related claims that have not been discovered at the date of renewal.

Third, insurers do not like firms closing because, under '¨the MT&C, they will have to provide six years’ run-off cover. There is a premium to pay, which typically will vary between '¨two to four times the last full premium paid, but insurers have '¨to provide cover even if the firm does not pay. They also face the practical problem that files and staff will be dissipated, making it hard to defend claims.

Difficulties faced

Many small firms have failed to renew cover after a rogue-related incident, or have limped along under the crippling burden of vastly increased premiums, only to fold a year '¨or two later.

Very large firms have faced real difficulties too. One of '¨the largest firms in a jurisdiction had a series of massive claims arising from the global financial crisis; numerous insurers declined cover. Ultimately it obtained cover, but the premium for the primary layer of cover was approximately 20 per cent of turnover and the self-insured excess was in seven figures.

At the other end of the spectrum, a well-established four-partner firm had Lexcel accreditation. Whenever the Lexcel auditor came, the senior partner explained that he had no '¨client files because he was managing the practice. Nobody '¨else knew that was what he was saying.

In fact, he acted on multiple transactions that gave rise to claims for alleged fraud. The claimants were investors in schemes which the senior partner had set up with a client. The schemes were unauthorised collective investment schemes and involved commission of offences under the Financial Services and Markets Act 2000 (not an uncommon problem).

The investments were in property, bought with the '¨benefit of mortgage fraud. There were breaches of conflicts rules, solicitors’ accounts rules, money laundering regulations, and various warnings from the Law Society and SRA on mortgage fraud.

The firm did manage to secure cover, but with a massive hike in premium and an enormous self-insured excess, quite apart from the host of legal, accountancy and tax issues '¨it faced.

Benefits of a risk audit

So, what role does a risk audit play for law firms?

1. Regulatory compliance

For firms in England and Wales, managing risk is now compulsory – a regulatory requirement through the '¨provisions of chapter 7 of the SRA Code of Conduct 2011. Regulators generally take the view that, if it is not documented, it didn’t happen.

The report can form the basis for the firm’s compliance '¨plan and risk register, which are all but essential for compliance with the SRA’s code of conduct and authorisation rules.

It should also help the compliance officer for legal practice (COLP) and compliance officer for finance and administration (COFA) with their responsibilities for establishing systems.

In addition, it should include some benchmarking data to enable the firm to understand how it compares with its peer group and what other comparable firms are doing to manage similar issues.

It should also help with checking the firm’s compliance with other regulatory requirements, such as anti-money laundering, sanctions and the Bribery Act 2010. Many firms see anti-money laundering compliance as a client engagement issue and fall down in relation to ongoing monitoring.

2. Insurer requirements

Insurers expect firms to manage risks. If you are not doing it, why would they wish to insure you? Insurance should be there to cover the unexpected, not the inevitable.

The number of risk management-related questions in insurers’ proposal documents seems to have increased exponentially over the years.

The larger firms prepare ever more professional-looking proposals, seeing their relationship with insurers as a truly commercial relationship – a partnership, much like their relationship with their largest clients.

3. Claims record

A good claims record to date may indicate that you have good risk management, or it may just mean that you haven’t (yet) been caught. Many firms with bad recent experience, such as a large claim or a major incident arising from a rogue partner, have not had problems with obtaining cover.

Insurers of law firms in the USA, Europe and the UK are reporting an increase in claims severity: a lower frequency of claims, but more large ones.

4. Independent report

Insurers may wish to obtain an independent report on their own behalf. When they provide insurance to a firm, because the MT&C require cover for “each and every claim”, the potential exposure is unlimited.

So, they need to understand not only how the practice is run, but whether in fact the notifications received so far are complete – or are there more, yet to be discovered because no one has thought (or dared) to look properly?

Risk management

One firm had obtained cover from the same insurer for many years and then experienced a rogue partner problem involving mortgage fraud claims. The insurer wanted reassurance that the problem was a one-off and not endemic, so wanted an independent review of the firm’s risk management procedures.

The firm recognised that obtaining a report carried a risk that the insurer would not renew, but equally that it may have few other places to turn. Happily, the firm survived to tell '¨the tale.

A key issue in this type of situation is establishing that '¨the notification already made to the insurer is in fact complete. Sometimes in rogue partner/employee situations, the firm will wish to obtain legal advice on the making of a notification to '¨its insurer so that it can try to obtain cover from a new insurer. This will also provide some comfort to the new insurer that '¨any matters arising from the rogue activity have been notified '¨to the previous insurer and will not impact on the new insurer.

Firms need to understand what they are embarking on when they obtain a report. It may be subject to legal professional privilege if it is obtained from practising solicitors, but will not be otherwise.

For a recent case on the point, see Walter Lilly & Co '¨v Mackay & DMW Developments [2012] EWHC 649 (TCC), in which it was held that advice given by claims consultants was not covered by legal professional or legal advice '¨privilege, even though the advice might be provided by solicitors or barristers engaged by the claims consultants.

It is of course possible that the report will unearth something detrimental and wholly unexpected, but, if it is serious, it was probably likely to come into the open at some point. Discovering it in advance at least offers the opportunity to manage it and be in control of the situation.

If it is not serious, from an insurer’s perspective, it is probably more of a positive to see that the firm is actively seeking to manage its risks and devoting some resources to it. Insurers know that it is barely conceivable that a firm will be fault-free and will presume that the only reason for it knowing of no problems will be that it has not bothered looking.

Ideally, the report will include a file audit where possible. There is no substitute for it, as files are the only real evidence of the firm’s work product. Many City firms tend to protest that the exercise would not be worthwhile, but that is far from true. There are often breaches and issues which firms would be relieved to have found out themselves, rather than risk the SRA discovering them first.

While the SRA has stated that it will no longer be '¨carrying out its old-style practice standards unit visits, which included a review of firms’ systems and client files, it is still inspecting firms.

These are conducted, for example, under the guise of themed visits or, in one case, where a suggestion of a rule breach was made against a firm that had applied to set up '¨an alternative business structure.

A compliance tool

A risk audit should be seen both as a compliance tool and '¨as something positive in managing the firm’s relationship '¨with its insurer.

In practice, it is unheard of for a firm to obtain a risk report and not obtain insurance cover. Rather, when working in conjunction with their insurance broker, many firms have obtained cover when they had previously abandoned hope '¨of doing so. '¨

frank.maher@legalrisk.co.uk