This website uses cookies

This website uses cookies to ensure you get the best experience. By using our website, you agree to our Privacy Policy

Sign Up for our Free Newsletter
Solictors Journal logoSolictors Journal logo
Manju , Manglani

Editor, Managing Partner

Risky delusions: Why UK law firms' PII premiums are rising

Feature
Share:
Risky delusions: Why UK law firms' PII premiums are rising

By

Many UK law firms will be paying higher professional liability premiums because of complacency over risk management, reports Manju Manglani

A large number of UK law firms are being complacent about risk management and this will be reflected in their professional indemnity insurance (PII) premiums at the next renewal, a snapshot Managing Partner survey has found.

Forty-three per cent of respondents said their firm has not done anything to improve its risk rating since the last renewal season. Consequently, nearly half (49 per cent) said they expect their premiums to rise at the next renewal, while two fifths said they expect there to be no change.

A similar amount (39 per cent) said their premiums had increased at the previous renewal, while 41 per cent said there had been no change. One fifth said their premiums had decreased. Only a tenth of respondents said they expect their firm's PII premiums to decrease at the next renewal.

Confidence levels for the next renewal season are high: 55 per cent said they are very confident, while a further 41 per cent said they are somewhat confident. Only five per cent said they are not confident at all.

Eighty-two per cent of respondents said their firm takes a proactive approach to risk management. But, when asked if operational risk, strategic risk and/or regulatory compliance are given highest priority, only 39 per cent said 'none is treated as higher priority' in their firm. Thirty-one per cent said they are focusing on operational risk management, while a further 22 per cent prioritise compliance.

When asked if they thought their firm should focus more on managing operational, strategic and/or compliance risks in future, just a third said 'none should be treated as higher priority'. Operational risk management ranked highest at 35 per cent, while strategic risk management accounted for 21 per cent and compliance 11 per cent.

Engagement with risk

Lack of internal engagement with risk management seems to be an ongoing issue which may be affecting law firms' PII premiums.

"We need greater buy-in from senior lawyers, who need to lead by example more of the time," said an operational risk director at a national firm. "There is a lot of work to do to educate lawyers on wastage caused by poor client communication/file management (e.g. write-offs, poor billing practices, taking on the right clients and poor procurement practices)."

Agreed a COLP at a national firm: "Lawyers need greater awareness of risks and the impact on the business of poor risk management."

Law firm culture is key to ensuring fee earners take risk management seriously. Eighty-three per cent of respondents agreed that firm culture is very important to improving risk management, while a further 15 per cent said it is somewhat important.

"Having the right culture and the right 'tone at the top' means that employees at all levels will buy in to the risk management process," commented a general counsel at a national firm. "Managers/senior managers setting the right tone will encourage further cultural change."

Nearly three quarters (73 per cent) said they think their firm has a strong risk culture and 64 per cent said their firm has a clearly-articulated risk appetite statement. But, identical to last year's survey findings,1 71 per cent of respondents also said that partners need to take more responsibility for risk management.

"Law firms need to recognise the value of risk management in improving business processes, driving efficiency and, ultimately, profitability," said the general counsel of a national firm.

Agreed the operational risk director at a national firm: "Law firms need a better understanding of the benefits of good risk management, improved clarity of purpose and an embedding of the processes that make risk management effective at board level. Risk management also needs to be embraced by both lawyer teams and support departments as part of the way in which they manage their areas of responsibility."

Added the COLP at an international law firm: "They will need to appreciate that a professional approach to risk management is essential if they are to be successful."

Commented the managing partner of a regional firm: "It is a cultural change to consider not only what the client needs but also to analyse which risks each case presents to the firm."

Said the managing partner of another regional firm: "Risk needs to be at the forefront of all strategic planning, all the time, and permeate everything the firm does. Lawyers are naturally risk averse - it will be interesting to see if appetite for risk changes as more external investors come into the legal market. A change in attitude might be necessary to keep up with competition from non-traditional providers."

A compliance officer at a regional law firm noted that efforts are being made to instil a risk culture, "but there will always be resistance from some individuals".

Measuring behaviours

One way to ensure lawyer engagement with the firm's approach to risk is to build it into their performance management metrics; most respondents favour this approach.

Seventy-seven per cent said they believe all lawyers should be measured and rewarded on how well they manage risks to the firm, up from 71 per cent in last year's survey. However, 64 per cent said their firm's lawyers are not currently measured and rewarded on that basis, up from 61 per cent in 2014.

"Remuneration policies, structures and arrangements should recognise and reward effective risk management as well as commercial/financial success," said a general counsel at a national law firm.

Agreed an operational risk director at a national firm: "There should be an element in any bonus scheme that rewards or penalises performance in this area."

Commented a compliance officer at a regional firm: "I prefer a 'carrot' rather than 'stick' approach. However, we do look for trends with individuals and focus on areas for improvement with them, where identified."

Some respondents did not agree that lawyers should be rewarded for managing risk.

Risk management is "what we would refer to as a core competency," commented a managing partner at a regional law firm. "If you do not have an appropriate attitude to risk then you are not fit to practise. It is a bit like asking whether you should be measured and rewarded for turning up on time."

When asked which risks to the firm lawyers are currently incentivised to manage, billing (71 per cent) ranks highest. Regular communication with clients and fee collection take joint second place, with 58 per cent of the votes. Close behind are conflicts of interests (56 per cent) and client due diligence (54 per cent). Ranking equally with 50 per cent of votes are case/matter management, supervision of team members and money laundering.

Fee management risks (46 per cent) are considered more important than ethical breaches (29 per cent), client risks (28 per cent) and payment terms and variations (23 per cent). Ranking even lower down are bribery and corruption (19 per cent), project management (15 per cent) and ethical screens (13 per cent). The sales pipeline ranks last in the list of risks which lawyers are incentivised to manage, at 8 per cent, even though it would ensure longer-term revenues.

Aligning needs

Many firms are failing to align the risks which lawyers are incentivised to manage with the actual risks facing the business.

When asked to vote on the biggest risks currently affecting their firm, respondents ranked 'clients demanding greater-value work at lower cost' highest, at 38 per cent. This correlates with the top risk which lawyers are incentivised to manage: billing.

However, many firms are at increasing risk of data security breaches and cyber attacks. Respondents ranked cybercrime (33 per cent) second in the list of business risks and data security (25 per cent) fourth. However, just 17 per cent said their firm currently incentivises lawyers to manage data security.

One important way to improve firmwide data security is through technology, but even this is not being leveraged to full effect. Just over half of respondents (56 per cent) said they have systems in place to monitor and manage data security risks. Only a quarter (26 per cent) of firms plan to invest in data security systems in the coming year.

The Solicitors Regulation Authority (SRA) issued a warning on 1 June 2015 that it had been receiving increasing reports of firms being subject to cybercrime.

"Law firm client accounts are being targeted and solicitors and their clients are suffering disruption and potential loss. It is essential that firms understand the risks and take precautions to avoid falling victim to these attacks," said Paul Philip, chief executive of the SRA.

"This is an issue that is not going away. This is obvious not just from the reports we are receiving direct from law firms and members of the public, but also in our discussions with local law societies."

Respondents said the third-biggest risk affecting law firms today is poor billing and collection practices (30 per cent). This appears to be something firms are dealing with, as 79 per cent have financial management systems in place. Of course, gaining lawyer engagement with those systems is an entirely different challenge (see 'Technology solutions' below).

Other high-ranking risks facing law firms today are: recruiting top legal talent (25 per cent); financial stability (23 per cent); money laundering (23 per cent); fee management (22 per cent); rising PII premiums (20 per cent); reputational damage (20 per cent); and client due diligence (19 per cent).

Centralising risk

As noted earlier, lack of ownership of risks is a key challenge facing many law firms. Centralisation of risk management may be one way to improve the overall management of business risks; nearly two thirds (65 per cent) believe this should occur.

However, doing so may result in partners viewing risk management as no longer within their day-to-day remit. In May 2015, delegates at Managing Partner's Senior Risk and Compliance Forum suggested that centralisation could lead to new risks for law firms.2

"There is a risk of taking too much away from fee earners. Risk is everyone's responsibility - take too much away and it becomes an administrative function that they don't have to deal with," commented a compliance manager from the floor. "Say 'we're here to help, but it's your responsibility' Don't centralise risk ownership."

This view was echoed by respondents to our latest survey. Commented a managing partner at a regional law firm: "Too much centralisation may cause others to abdicate responsibility".

For others, centralisation is a positive way to manage risks on a firmwide basis.

"The risk department should be a centralised function which is independent from the main business and acts as a 'second line of defence' (the first line of defence should be the business itself)," said a general counsel at a national law firm.

"The centralised risk department can carry out risk reviews/audits and report to business managers, who should then be responsible for implementing recommendations and introducing new controls where required."

He continued: "In general, risk management should be decentralised. All managers should be responsible for managing risk (first line of defence) in their own areas."

Agreed a director of knowledge management at a regional law firm: "There should be a centralised group responsible for making sure that risk is being dealt with, albeit that tasks and projects might be delegated out from that group."

Respondents said primary responsibility for risk management is currently allocated to the compliance officer for legal practice (37 per cent) or managing partner (31 per cent). The head of risk, head of compliance and partners also have responsibility, at 22 per cent each. Coming up further behind are the compliance officer for finance and administration (18 per cent), the money laundering reporting officer (16 per cent) and the executive management committee (16 per cent).

Technology solutions

There are many technological platforms that can be used to reduce the administrative burden of risk management. However, persuading lawyers to use new systems is the biggest challenge facing IT teams today, according to our March 2015 technology survey.3

Fear of the unknown, coupled with insufficient time to learn new systems, are often big causes of lawyer resistance.4 However, these issues will need to be addressed if firms are to keep up with their competitors in the coming years.

"Technology will be a big driver of change, reducing timescales and increasing the pressure on staff members," an MLRO at a regional firm said in response to our risk/PII survey. "It is the need to keep up with the developments of technology and to be one step ahead that will continue to change the legal landscape and the risks we face as a profession."

Two thirds of respondents said they have technological systems in place to monitor and manage risks, while 21 per cent said 'we're working on it'.

"We have had a big push on investing in technology, with a transfer to electronic files (worksite) and improvement to our data security. The next step is to improve our disaster recovery processes," said a compliance officer at a regional firm.

However, not all believe the risk management systems which their firms have in place are effective.

"Our answer is somewhere between yes and no, and we're not working on it," said a director of knowledge management at a regional firm. "We have systems which can assist with risk management but we do not always use them to greatest effect."

Around two thirds have case management (67 per cent), practice management (65 per cent) and/or disaster recovery (65 per cent) systems in place. In addition, many have invested in software for anti-money laundering (63 per cent), conflicts management (61 per cent), email management (60 per cent), network security (58 per cent) and archiving and compliance (56 per cent).

Interestingly, 88 per cent of respondents said they think their firm is effective in managing risks on an enterprise-wide basis. Similarly, 85 per cent said they believe their firm's systems and processes are effective in managing its risks. However, only 11 per cent have an enterprise risk management (ERM) system in place and just two per cent plan to invest in it in the coming year.

Asked if their firm plans to invest in new systems to monitor and manage risks in the coming year, 36 per cent said they would be investing, 37 per cent said they would not be investing and 27 per cent said they were looking into it.

Respondents said the systems which will be highest priority for investment are: case management (50 per cent); matter management (41 per cent) and financial management (35 per cent). Practice management systems will be invested in by a quarter, while around a fifth will invest in client relationship management, document management, conflicts management and anti-money laundering software.

Value of PII

Professional liability insurance is a vital way to protect law firms in uncertain times. However, many see PII as a necessary evil rather than a valuable tool.

PII is considered a necessary evil by 41 per cent of respondents, while a further 29 per cent said they view it as a valuable tool. A quarter view PII as both a necessary evil and a valuable tool.

"We need to have PII and it is a valuable part of the solicitor brand for clients' peace of mind. However, the cost is a massive proportion of our overheads and the renewal procedure requires a significant amount of time and effort," commented a managing partner at a regional law firm.

Added a managing partner at a national firm: "The amount of cover required far exceeds any potential claim because of the type of work done by the firm."

For some, PII is a useful way to focus internal efforts on risk management.

"It forces practices to focus on risk and the cost of mistakes," said the head of compliance at a local firm.

Commented a compliance officer at a regional firm: "It is necessary both for client protection and for the firm's own benefit."

Agreed a risk and compliance manager at an international law firm: "It is a valuable tool as a significant cost to the firm which should be reduced or maintained at a low level by active risk management."

Although the UK's mandatory PII renewal date was abolished on 1 October 2013, the majority of respondents (72 per cent) said their firms have not changed the commencement date or length of their cover. A tenth have changed the commencement date, while a similar amount have changed the length of their cover. Only seven per cent have changed both.

The majority said they will renew their cover in autumn 2015, with October being the preferred month. Nearly all respondents (98 per cent) said their firm had no difficulty obtaining cover last year.

The overwhelming majority of respondents (98 per cent) said their firm uses a broker to obtain its primary layer of cover. The most popular brokers are Lockton (24 per cent), Marsh (21 per cent), Aon Risk Solutions (17 per cent) and Willis (14 per cent). While 70 per cent are planning to continue with the same broker at next renewal, 30 per cent are considering changing brokers.

Nearly two thirds plan to retain the provider of their primary layer of cover at the next renewal. However, 36 per cent said they are considering changing providers.

Respondents said their top criteria in making a PII purchasing decision is cost, at 83 per cent. This is followed by the provider's financial stability (59 per cent), claims handling ability (56 per cent), excess levels (44 per cent) and responsiveness (44 per cent).

Survey respondents

Managing Partner's snapshot survey on risk management and PII was conducted between 27 April and 1 June 2015. Ninety-nine per cent of respondents said they are based in the UK. Thirty-two per cent are at regional law firms, 28 per cent are at local firms, 21 per cent are at national firms and 19 per cent are at international law firms.

Sixty-nine per cent of the 81 respondents said they are actively involved in developing their firm's risk strategy and 52 per cent said they are a member of their firm's senior management committee.

Manju Manglani is editor of Managing Partner (www.managingpartner.com)


References

  1. See 'Tone at the top: How partners should manage risks in law firms', Manju Manglani, Managing Partner, Vol. 16 Issue 10, July/August 2014

  2. See 'Centralising compliance can lead to new risks', Manju Manglani, Managing Partner, Vol. 17 Issue 9, June 2015

  3. See 'Legal innovators: Technology trends for law firms in 2015', Manju Manglani, Managing Partner, Vol. 17 Issue 6, March 2015

  4. See 'Why lawyers refuse to use new technology', Manju Manglani, Managing Partner, Vol. 17 Issue 6, March 2015