Tone at the top: How partners should manage risks in law firms
Partners are failing to take responsibility for risk management in law firms, a Managing Partner survey has found. Manju Manglani reports.
Partners need to take greater responsibility for risk management to better protect their firms. That’s the overwhelming view of respondents to Managing Partner’s inaugural risk management survey.
“Too many partners see risk management as something which is a responsibility of others,” commented the general counsel at one international law firm.
Added the risk director at a local UK firm: “All partners have a part to play in supporting the risk director with the implementation and continual development of the risk management programme.”
A key issue is failure by partners to prioritise firmwide risk management over client work. “They are getting better at managing client risk but not so much at protecting the firm (clients come first),” commented the risk director at another international firm.
Seventy-one per cent of respondents said that partners need to take greater responsibility for risk management in their firms. A similar amount (73 per cent) said all lawyers should be measured and rewarded on how well they manage risks to the firm.
However, for 61 per cent, their lawyers are not currently measured and rewarded on this basis. Commented the managing partner of one regional practice: “It is measured but does not attract reward.”
Among the respondents that are working on introducing this, various approaches are taken. “We currently deduct profit costs from those lawyers who have notifications or complaints because they are the ones who just want to bill well but do not see the downside,” said the risk director at a local firm.
The biggest risks that lawyers are currently incentivised
to manage are: billing (76 per cent); client due diligence
(55 per cent); fee collection (50 per cent); client communications
(47 per cent); and case/matter management (47 per cent).
Also prioritised are team supervision (45 per cent);
fee management (42 per cent); and conflicts of interests
(42 per cent).
Only a third (34 per cent) incentivise anti-money laundering practices, while ethical breaches are rewarded in 29 per cent.
The lowest-ranking risks for firms, according to how respondents’ lawyers are currently rewarded, are pipeline management (8 per cent); project management (11 per cent)
and ethical screens (16 per cent).
Less than a quarter of firms (24 per cent) incentivise data security, despite the fact that respondents rank it as their firms’ second-biggest risk (33 per cent).
Lawyer incentives are delivered “by way of bonus scheme,” according to a COLP at a regional UK firm. “Although we make clear we value all aspects of risk management and staff are conscientious; we don’t reward them for this.”
Interestingly, when asked which risks lawyers should be incentivised to manage, a different picture emerged.
Billing still ranked first (73 per cent), followed by client due diligence (68 per cent), case/matter management (64 per cent) and team supervision (64 per cent).
The following three risks to manage were then given equal weighting of 57 per cent by respondents: client communications, fee management and fee collection.
Money laundering (48 per cent), data security (48 per cent) and conflicts of interests (45 per cent) appeared much higher
in the rankings of desired metrics for lawyers.
However, project management (32 per cent), ethical screens (32 per cent) and pipeline management (28 per cent) still
ranked last in the list of risks that lawyers should be incentivised to manage.
“The other categories are important but should be done anyway,” commented the risk director at an international law firm. He added that the list of risks provided “could help in a balanced scorecard to nudge less risky behaviour”.
However, not all respondents agreed that reward mechanisms are an effective means of managing risks to the firm.
“I am not sure that incentivising lawyers is the best way to manage risks to either the clients of the firm,” commented the practice manager of an international law firm.
Added a partner at a regional practice: “It is only possible to manage risks with a comprehensive mix of individual and collective responsibility.”
The managing partner at a regional UK firm argued that none of the suggested areas should be incentivised in lawyers as “risk management and compliance is a fundamental part of the job”.
Risk management “should be and is part of all fee earners’ responsibility without further incentives,” concurred a COLP
at a local law firm.
Commented the head of legal at a £1bn+ national organisation: “I think private practice lawyers should manage
all of the above risks”.
When asked if their firms are effective in managing risks
on an enterprise-wide basis, half of respondents answered “somewhat”. Two fifths (41 per cent) said “yes” and less than
a tenth (9 per cent) said “no”.
“This depends on whether the enterprise is in the UK or
all international offices – if the latter, risk management does
vary,” commented a risk director at an international law firm.
Risk focus
With many law firms slowly recovering from the global financial crisis, a forward-facing business strategy which incorporates both operational and strategic risk management can make the difference between long-term success and failure.
The vast majority (82 per cent) of respondents said their
firms currently prioritise operational risk management over strategic risk management, although three fifths said that their firms should focus more on the latter in future.
Some respondents suggested that they are taking a more holistic approach to risk management.
“I want to tick both as for our firm the distinction between
the two is illusory,” commented the general counsel at an international law firm. “I think the focus should be on both operational and strategic risk, with no time spent on trying
to differentiate between ‘strategic’ and ‘operational’. Our approach is to identify the risk, assess its seriousness and potential impact and prioritise accordingly.”
“It is a close call between the two, especially given an ever-changing legal market,” commented a partner at a regional practice. “How the job is done has to be the slight leader, as
that is the day-to-day lifeblood. Strategic risk management is
an umbrella above that.”
Respondents also highlighted other ways that their firms should focus more on improving risk management in future.
“The ERM five-pillar model is a useful way to check that areas are either being covered or we agree that they won’t be. I would prefer to spend time on this than faffing about on ‘because
we have to’ stuff,” commented a risk director at an international law firm.
A COLP at a regional practice suggested that firms should be “ensuring we protect as well as possible against the risk of cyber attack and also planning for future survival in light of competition/new developments/constraints of today’s legal world”.
Business risks
Law firms are facing a range of risks today, ranging from financial to compliance, from talent and client management to technology and project management. However, the biggest risk highlighted by respondents is clients demanding greater-value work at lower cost (55 per cent), followed by data security (33 per cent). Respondents were also concerned about clients moving more work in-house or their firms being removed from client panels
(20 per cent).
Growing the firm’s long-term talent base was also highlighted as a big risk and ranked joint third, with respondents concerned about recruiting top legal talent (31 per cent) and inadequate succession and exit planning (31 per cent). Also of concern is rising salaries and compensation in the sector, the departure of top legal talent to competitors and the poaching of top clients by competitors (20 per cent).
Financial risk management took up most of the next block of votes, with respondents raising concerns over poor billing and collection practices (29 per cent), financial stability (27 per cent), fee management (27 per cent), rising premiums for professional indemnity insurance (24 per cent) and management of
alternative fee arrangements (24 per cent).
Interestingly, the management and leadership of law
firms was also voted as a risk concern, at 18 per cent.
Structural issues
Looking next at the business structures currently in use by respondents’ law firms, less than a third (29 per cent) felt their firm’s structure is “very effective” in managing the risks to its members/owners, while just under a tenth admitted that it is “not really effective”. The majority (63 per cent) felt that it is “somewhat effective”.
However, a similar amount (61 per cent) said their firm has no plans to change its business structure in the next one to three years. “We regularly review whether it will be worth changing it. We have not had sufficient reason to do so yet,” commented the COLP at a regional firm.
A quarter said they are considering changing their business structure, while 13 per cent said they are planning to do so. Among the latter, the vast majority (63 per cent) said they would adopt a limited company model, while a further 38 per cent said they would switch to a limited liability partnership.
The majority of respondents are almost evenly split between having a limited liability partnership (45 per cent) and general partnership (43 per cent); just over a tenth (13 per cent) currently use a limited company vehicle.
Risky culture
Many law firm leaders now recognise that their firms’ culture ultimately determines how well their stated priorities and values are implemented at the ground level. Asked to choose the level of importance a law firm’s culture is to risk management, the vast majority of respondents (88 per cent) said it is “very important”, while a further 10 per cent said it is “somewhat important”.
Commented the risk director at an international law firm: “People listen to risk but copy the partners. The words and
music don’t always match!”
“If you have one partner who does not buy into the risk management programme it is extremely damaging,” echoed
a risk director at a local firm.
However, when asked to self-assess if their firm’s culture currently encourages risk management, only half (53 per cent) said that it does; a third (35 per cent) said they were working
on it.
Benchmarking practices
One method to improve risk and quality management is to
obtain kitemarks or accreditations, which involve auditing the firm’s systems and processes for compliance with recognised standards of best practice. Just over half (52 per cent) noted that these are “somewhat important” in improving risk management, while opinion was split as to whether they are “not really important” (26 per cent) or “very important” (22 per cent).
“They provide a clear structure and guidelines and an
outward recognition of better management,” commented
the COLP at a regional practice.
The key, it seems, is getting people on board with risk management, rather than focusing on earning the kitemark.
“They are useful tools, but risk management is driven by culture and robust compliance with internal procedures,” added the managing partner at a regional firm.
Respondents did however note that accreditations are useful in instigating change in law firms that are resistant to changing their risk management processes.
“Having worked in firms with ISO standards, and those without, the big difference is the ‘permission’ that the standards give to audit and press for change,” commented the risk director at an international law firm. “Internal audit is a much more useful tool than is realised and is unlikely to happen unless you have to do it.”
Among the quality kitemarks already achieved, the majority of respondents have Lexcel (46 per cent), followed by the Conveyancing Quality Scheme (32 per cent). A further 18 per cent have ISO 9001, while 4 per cent have ISO 31000.
Some firms are also in the process of obtaining Lexcel (27 per cent), ISO 27001 (27 per cent) and the Conveyancing Quality Scheme (36 per cent), along with ISO 9001 (18 per cent) and ISO 31000 (18 per cent).
Risk training
With the compliance landscape constantly evolving and the types of risks that firms are exposed to increasing exponentially, regular training and updates are vital to ensure that all lawyers are up to speed on the latest developments and the appropriate actions to take.
Two thirds of respondents said their firm currently provides regular training on compliance and/or risk management, while a further 16 per cent said they are working on it. Disturbingly, nearly a fifth (18 per cent) said they do not provide regular training in this area.
When asked if their firm plans to invest in new training on compliance and/or risk management, more than half (52 per cent) said they do, while just under a fifth (19 per cent) said they are considering it. However, nearly a third
(29 per cent) said they do not plan to invest in new training of this type.
Looking at the methods of learning and development that are considered most effective for improving firmwide compliance and/or risk management, in-house specialist training ranked highest (59 per cent) among respondents, followed by training and supervision by partners (53 per cent). Other resources that are favoured are webinars (37 per cent), seminars (35 per cent), written resources (24 per cent) and digital learning platforms (20 per cent).
“We prefer the training to be tailored to suit our firm/work type,” commented a risk director at a local law firm.
Firmwide improvement
Managing Partner’s survey asked respondents to consider a range of options that could be utilised to improve risk management in law firms. These include greater partner responsibility, lawyer incentives, risk focus, business structure, firm culture, quality accreditations, training and technology.
They were then asked to provide comments on what else firms could do to improve risk management. A range of responses
were received.
“All fee earners embracing risk management so that we can develop. You can only proceed at the pace of the slowest person,” commented the risk director at a local UK firm.
“Leadership by the right people. A little and often approach to communication. Making it easier to ‘get it right’ than to do your own thing. A file audit properly done is the single most effective thing,” said a risk director at an international firm.
“Greater ownership by frontline staff. Not seeing risk management as an obstruction to work,” suggested a compliance director at a regional firm.
“Allocating greater responsibility for risk management in their practice area to supervisors. Investing in administrative support for compliance and risk functions,” added a compliance partner
at a local firm.
Greater time and attention for ensuring appropriate management of risks and compliance was highlighted by several respondents as key to improve firmwide risk management. “Time to do the job thoroughly”, “more attention to the problem”, “devoting more time to it” and “more awareness of structures
that can be implemented” were some of the responses received in this category.
Other respondents highlighted the need for better and more targeted training “to ensure all staff members understand risk and the implications of not assessing this,” as the COFA at a national firm put it.
“Attitudes to risk management vary enormously, often originating with training that is very variable. Training needs to be right and positive at the start,” added the managing partner of a regional practice.
Long-term strategy
Looking to the future, the key to improving risk management in the next three to five years seems to lie in law firms’ attitude towards it. Several respondents suggested that partners and staff need to accept that the risk function is a vital driver of business growth rather than a necessary evil.
“Bring the risk team into the heart of the business,” said
a risk director at an international law firm. “Some reporting lines are springing up in big firms that don’t get access right. Risk is partly operational and part of business support, but is also partly strategic/consultancy to the business. Firms miss out if they don’t encourage the latter.”
Agreed a compliance director at a regional firm: “Risk management will need to be more inculcated in practice and
seen as a key part of the firm’s operations.”
“Accept that it is a cost to the business which does have payoffs,” added the managing partner of a regional firm.
Better staff management is also needed to ensure firms are better at managing their risks in future. “If we are at the start of
a sustained upturn in business, then all of the risks of overtrading come back on the table (e.g. poor supervision, failure to take the time needed to check work and increased staff turnover),” commented the general counsel at an international law firm.
PII renewal
On 1 October 2013, the single renewal date for professional indemnity insurance (PII) ended for UK law firms, enabling greater freedom and discretion in adjusting the commencement date and length of cover. However, only 21 per cent of respondents said they have taken advantage of this option and changed their PII renewal date.
When asked when they planned to renew their firm’s PII,
52 per cent indicated that they would do so in October 2014, while 16 per cent said September 2014 and 6 per cent said August 2014. A further six per cent indicated that March 2015 would be their renewal date.
“Due to the debacle of last year I am tied in until September of this year,” commented a COLP at a national firm.
The majority of respondents have benefited from no change to their premiums (25 per cent) or decreased premiums (33 per cent) at the last renewal. However, 42 per cent of respondents said they experienced increased premiums, suggesting an increase in their risk profile.
At the next renewal, nearly two-thirds expect there to be either no change to their premiums (43 per cent) or a decrease in their level (19 per cent). Consequently, the majority are either “very confident” (58 per cent) or “somewhat confident” (39 per cent) going into the next renewal season. Ninety-one per cent said
they had no difficulty in obtaining cover last year, but only half said their firms had done anything to improve their risk rating since the last renewal period.
Perhaps it is unsurprising, then, that the majority of respondents (67 per cent) do not intend to change the provider of their firm’s primary level of cover at the next renewal – although 27 per cent admit that they are considering it.
Eight-four per cent of respondents said they prefer to use a broker to obtain their primary level of cover, but only 78 per cent plan to do so at next renewal. The most popular among these are Marsh (26 per cent), Aon Risk Solutions (16 per cent), Lockton (16 per cent), Howden (11 per cent) and Willis (11 per cent).
The top three criteria highlighted by respondents in making
a PII purchasing decision are cost (85 per cent), financial stability of the provider (73 per cent) and excess (45 per cent). Also ranked as important are reputation (27 per cent), responsiveness (24 per cent) and availability (18 per cent).
The lowest priorities are speed of claims payment
(3 per cent), along with international coverage, recommendation and personality (9 per cent).
In May 2014, the Solicitors Regulation Authority decided
not to introduce a minimum financial rating requirement for PI insurers in the UK. This elicited mixed views from respondents.
A risk director at a local firm describes this move as ‘very odd’. “I think it is inconsistent with the need for firms to demonstrate that they are financially stable”.
It is a “recipe for ensuring that somewhere in the future
there will be costs for someone (probably solicitors) to pick
up,” commented a managing partner at a regional firm.
A compliance director at a regional firm describes it as
‘a mistake’. “This will simply mean that weak firms that were
close to collapse will struggle on and end up collapsing later
with more damage to clients.”
Commented a COLP at a national firm: “For a regulatory body to make a stand which could potentially have seen over thousands of businesses close down is incomprehensible.
What should happen is that the Law Society should consider
one whole policy which every practice must pay into and this would take out the debacle which occurs at present.”
Of course, not everyone disagrees with the regulator’s decision. “The only sensible decision they have made”, “a realistic one given the need for all firms to obtain cover” and “a good move” were some of the responses received in favour of it.
However, concern was also expressed as to the wider implications. “Hard to say. It opens the market and therefore improves competition and hence price, but potentially opens
up new risks in PI insurer failure and consequential impacts
over time,” said a partner at a regional firm.
Survey respondents
The survey received 68 responses, of which 79 per cent are actively involved in developing their firm’s strategy; some focus exclusively on their firms’ risk management and compliance strategy. The majority are either formally (57 per cent) or
informally (19 per cent) members of their firms’ senior management committee.
The greatest proportion of responses came from the UK
(84 per cent), with the remainder coming from across the
world. A fifth of respondents are at international firms, while
15 per cent are at national firms, 29 per cent are at regional
firms and 35 per cent are at local firms.
Technological tools for risk management
Technology has come in leaps and bounds in recent years and there are now a range of resources available to monitor and manage risks in law firms. Consequently, the vast majority of respondents either have dedicated risk management technological systems in place (58 per cent) or are working on introducing them (25 per cent).
The most popular systems are those built for financial management (69 per cent), conflicts management (64 per cent) and anti-money laundering (64 per cent). Also popular are tools for case management (60 per cent), archiving and compliance (60 per cent), practice management (56 per cent) and client due diligence (56 per cent). Disaster recovery systems also rank highly (51 per cent), as do data security (49 per cent) and network security (49 per cent).
Interestingly, systems that enable project management (13 per cent), business intelligence (11 per cent) and enterprise risk management (9 per cent) are the least used in respondents’ law firms.
Less than half (46 per cent) said their firm’s systems and processes are effective in managing risks, while a further 41 per cent said they are “somewhat” effective.
Over half of respondents are either planning to invest (26 per cent) in new systems to monitor and manage risks in the coming year or are looking into it (33 per cent). Among these, the systems that will attract the biggest investment are case management (49 per cent), client relationship management (34 per cent) and practice management (31 per cent).
Manju Manglani is editor of Managing Partner
(www.managingpartner.com)