This website uses cookies

This website uses cookies to ensure you get the best experience. By using our website, you agree to our Privacy Policy

Sign Up for our Free Newsletter
Solictors Journal logoSolictors Journal logo
Blink Payment
Blink Payment
Jean-Yves Gilg

Editor, Solicitors Journal

Law firm partners: Stop absolving yourselves of responsibility for risk management

News
Share:
Law firm partners: Stop absolving yourselves of responsibility for risk management

By

By Louise Fleming, Partner, Aretai Consulting

Calling all leaders of UK law firms with corporate or commercial clients. Did you read the risk management survey results in the July/August edition of Managing Partner? Were you shocked? Have you taken action?

Three things worried me about the survey responses. There is an apparent lack of:

  1. ownership by partners of risk management;

  2. clarity about the role of the risk management function; and

  3. insight into the major risks facedby the firm.

1. Ownership of risk

Seventy-one per cent of respondents admitted that partners need to take more responsibility for risk management. Fact: if you are partner in a law firm, risk management is a fundamental part of your job. You need to own and manage risk on behalf of the firm (client acceptance, pricing, etc) and you need to own and manage risk on behalf of your clients by acting 'in their best interests' and providing 'a proper standard of service' (SRA Principles 4 and 5).

The survey unveiled some interesting debate about whether partners should be rewarded for managing risk. Regardless of whether carrot or stick is used, partners and all fee earners need to take full responsibility for risk. When asked who has primary responsibility for risk management, the majority of votes went to either the COLP
or managing partner.

But, taking the regulatory angle, the SRA could not be clearer on this point: "All individuals in the firm have a role to play in complying with the requirements of the Handbook. Ultimately compliance is the responsibility of the firm and its managers."

So, risk is the responsibility of the board and management, not one or two individuals. I suggest all COLPs and managing partners take urgent action to clarify this. Of course, compliance is only a component of risk management and a broader perspective is given by the three lines of defence model
(as discussed below).

2. Clarity over roles

There appears to be a lack of clarity regarding whether risk management should be 'centralised'. The argument in favour of centralisation (backed by 65 per cent of respondents) is that it may be one way to improve the overall management of business risks.

I agree that creating a professional risk function as a centre of excellence should improve the overall management of business risks. Your corporate and commercial clients are likely to have a risk function that works with management to identify, assess, manage and monitor all risks to the businesses objectives. But, we need to be clear here. The risk function does not own the risk - its role is to support business leaders and managers in managing risk.

A wise general counsel in a national law firm referenced the three lines of defence model. This model is widely accepted practice across corporate and commercial businesses. Management (for which read 'partners') are in the first line of defence, meaning they own and manage risk. The risk management and compliance functions are components of the second line of defence; internal audit are the third.

To reiterate, having a risk management function (as distinct from compliance) is market best practice, but this is not a means of absolving partners of responsibility for risk.

3. Risk awareness

When asked to vote on the biggest risks currently affecting their firm, respondents ranked these as:

  1. clients demanding greater value work at lower cost;

  2. cybercrime;

  3. poor billing and collection practices; and

  4. data security.

I agree that pricing risk is a high likelihood risk as firms increasingly offer fixed or capped prices. If this is not well managed, it could have a high impact on firm performance.

Cybercrime and data security are no-brainers on the risk radar. But, I am surprised that poor billing and collection practices made it up there. Really? This is not a new market phenomenon that must be understood and managed; it is part of the basic end-to-end process of providing professional services. Always has been.

For me, the top list misses some of the more strategic risks which firms face. These include mergers (both finding the right partner and realising value from the integration), lateral hires, international expansion and the introduction of alternative delivery models. It is the risks linked to your firm's strategy that are likely to have the highest impact and pose the biggest
threats to your firm's reputation.

Despite my misgivings, encouragingly, 88 per cent of respondents said they think their firm is effective in managing risks on an enterprise-wide basis and 85 per cent said they believe their firm's systems and processes are effective in managing its risks. Addressing the partnership's ownership of risk must be next on the agenda.

Louise Fleming has 20 years' experience working with professional and financial services firms in business and risk management (www.aretai.net)

Blink Payment