'Don’t let online boasts damage your reputation'
Law firms boasting online about their quality standards could be increasing their reputational risks if they cannot substantiate such claims. Tracy Vegro, executive director of strategy and innovation at the Solicitors Regulation Authority, said practitioners should beware making grand promises which are beyond their capabilities.
Firms are required to publish costs and service information on their websites, and are increasingly embracing greater transparency about the quality standards that consumers can expect. But there are concerns about solicitors overstating how much they can do and what areas they specialise in.
Speaking at the Law Society’s annual Risk and Compliance Conference (18-19 March), Vegro said: ‘If you are putting material on a website and talking about quality, and your firm is not living up to that quality, that is a risk you are taking.’
She said there had been issues in recent weeks of firms being the subject of negative reviews online and urged bosses to think carefully about their digital strategy.
The SRA says compliance with rules in place since the end of 2018 is starting to show signs of improvement. Policy manger Jackie Griffiths told the conference that 68% of firms say they are publishing the required information on price and service, compared with 18% who reported they were doing this when asked two years ago. Griffiths stressed that sweeps of firm websites showed that the proportion of firms at least trying to meet requirements – albeit not succeeding fully – is much higher than 68%.
Surveys have also shown that more than a third of firms do not know what information they should be providing, and the SRA is considering what extra support is available.
The importance of comparison sites also appears to be growing. Griffiths added: ‘Consumers are still heavily reliant on personal recommendations [to find a lawyer] but there are signs of change and indicators that the pandemic is accelerating that.’
On wider risk issues, Vegro said it had been a ‘really worrying time’ for risk and compliance teams handling the threat of cybercrime during the pandemic. She revealed that attempted scams of law firms had trebled during lockdown.
AML compliance is 'not a tick-box process'
Anti-money laundering (AML) compliance is a ‘messy and complicated area’, Amasis Saba, chair of the Law Society’s money laundering taskforce, told the conference. He added: ‘But nonetheless, the government has said it will not relax its efforts to identify and penalise those firms that are not on top of it.’
Colette Best, the SRA’s director of AML, endorsed Saba’s comment about the area’s complexity. ‘The biggest challenge,’ she said, ‘is the pace of change. There were new regulations in 2017 and then again in 2019. And now a 212-page newly revised and updated guidance was published in January 2021. It’s difficult to keep up.’
Best, who along with Saba was addressing the Law Society’s annual risk and compliance conference, moved on to report the findings of the SRA’s recently completed AML visits to 74 law firms. ‘Some 64% [around 47] of these firms required follow-up visits,’ she stated, ‘and another nine were referred for investigation.’
Best sought to reassure delegates: ‘Firms are given six weeks’ notice of our visits and feedback from them is that the visits are useful and not too painful. We are not trying to catch you out, but are ensuring measures are in place to protect the firm and yourself.’
Saba turned his attention to what every firm must have in place: written risk assessments. ‘You must show what you, the firm, have actually done. It is not a generic, tick-box process. Consultants can be useful, but you need to own what you have done.’
Risk assessments should be both firm-wide and related to specific matters, he continued. Everyone should be involved, including fee-earners and anyone else who has access to the files. ‘We should also all be asking ourselves whether there are factors that make any particular transaction more complex than usual or different. Does what the client tells you make sense? What precisely did the client do to earn all this money?
‘Source of funds and wealth causes more angst and queries than any other area of AML.’
Best stressed: ‘The regulations are not clear on this. It is good practice, but not foolproof, to give clients a source of funds form to complete. Our visits frequently find great policies on paper that are not being pursued in the files. The solution is obvious. Let changes be embedded, then check they are working.’
'Price transparency is here to stay,' firms told
Price transparency, whereby firms are required to post details on their websites of how much they charge for certain services, has proved controversial. The Competition and Markets Authority (CMA), among others, maintains that such transparency makes it easier for consumers to make informed choices. But many solicitors argue that legal services are too complex to be reduced to a menu of prices.
SRA policy manager Jackie Griffiths, however, told this month’s annual risk and compliance conference that transparency should be extended still further. ‘Consumers do not just want transparency around price. They want transparency around a range of information, including technical quality, so they can shop around before choosing which law firm to instruct.’
Griffiths sought to dispel lawyers’ distrust of price transparency. ‘Just 10% of consumers said that, after reviewing prices on law firm websites, they concluded that instructing a solicitor was not an affordable option.’ Or to put it another way, 90% of consumers decided that they could afford to pay for legal advice.
She urged solicitors to try a digital comparison tool which, according to the CMA, ‘saves time and effort for people by making searching around and comparing [products and services] easier… and also encourages suppliers to compete harder to provide lower prices and better choices.’
SIFA (Solicitors for Independent Financial Advice) Professional managing director Dave Seager told the conference that ‘transparency is here to stay… and benefits solicitors by giving them the opportunity to differentiate themselves from the competition’. He cautioned: ‘The decision will be made on value and not on price, so detailing everything involved in the likely cost is critical because it showcases your firm’s experience and expertise.’
Seager’s other tips include: ‘Use plain English and not legal jargon, so your clients know you’ll be able to communicate meaningfully with them. Don’t underestimate the power of social media to bring people to your website. Proudly display the professional achievements – the accreditations and awards – of your firm and colleagues. Publish testimonials from clients and fellow professionals, but keep them fresh; old ones can have the effect of making it seem that progress has passed you by.’
The presentation concluded with a question from the floor. ‘Why is it only solicitors who have to tell potential clients how to complain and how much they are going to charge?’ Seager replied: ‘It is good practice. Price is only one factor and I wish other professionals would be equally transparent.’
Pentagon attack – how to guard against hacking
If you are concerned about your firm’s vulnerability to hacking, then spare a thought for the Pentagon, the US’s defense department headquarters. It was attacked via a cybersecurity company, Solar Winds, that it had paid to protect it. Solicitor and Digital Law managing director Peter Wright commented: ‘Some nuclear weapons were compromised. But we are still here, we survived.’ David Fleming, chief technical officer at Mitigo Cybersecurity, was equally phlegmatic: ‘When considering your cybersecurity, always assume that criminals can get inside. Plan your defences with that in mind.’
The Pentagon, with the resources to invest in state-of-the art cybersecurity, is not the only high-profile victim. US law firm Jones Day, which numbers former president Donald Trump among its clients, also had data compromised. ‘The vulnerability in this instance was that older systems were buried in modern updates,’ explained Wright, ‘which highlights the dangers of hanging on to legacy technology.’
Newcastle and other universities fell victim to cyber-attacks when Blackbaud, an alumni and donors database service, suffered data breaches. Norway’s parliament, despite expensive and sophisticated safeguards, was hacked too. And so the roll call of victims goes on.
What can you do to minimise the risk to your firm? Fleming urged you to test your defence systems with ‘simulated attacks’ launched by yourself against yourself. ‘Fraudsters typically try to tempt you with offers that, upon reflection, are too good to be true. They also try to make you panic and act recklessly out of fear of being prosecuted or missing out on an opportunity. Teach colleagues to recognise such scams or simply to pick up the phone and check that the email they’ve just received is genuinely from an established client or somebody else they think they can trust.’
Working from home has its own hazards. ‘Even automated vacuum cleaners can be hacked,’ said Wright, ‘as can smart fridges, lights and speakers. On top of this, of course, a colleague’s personal laptop probably won’t offer the same level of protection as the office’s system of firewalls and alerts. Best practice would be to get an expert to go to colleagues’ homes and verify the protective measures in place.’
Wright concluded with a cautionary tale. ‘Even technical specialists can fall for scams,’ he said. ‘One such expert received a promise, purportedly from billionaire Elon Musk, to double the value of his bitcoins. The more he sent, the more profit he would make. The expert duly lost $400,000.’