Law firms are constantly evaluating and managing risk but best practice can remain elusive, debated delegates at the annual Risk and Compliance Conference.

Does your firm rack up risk by employing fee-earners who work in isolation, ‘bark’ at colleagues and disregard senior managers?

For that matter, do you have ‘loose cannon’ who think the compliance rules don’t apply to them and just go their own way? How much credence can you give a speaker who freely admits he receives more complaints each year than the combined total of the 200 delegates sitting before him? Is managing risk even worth attempting, as one solicitor puts it, because ‘we are never going to get rid of the “doctor Shipman” solicitor or adviser who fools the system’?

And while we are asking tough questions, is your firm ready for the fourth anti-money laundering (AML) directive? Does it have key performance indicators (KPIs)? Is your cyber security up to scratch? And are you fed up to the back teeth with COLPs, COFAs, OFR, CDD, SDD and PEPs?

These were the questions considered by delegates at the Risk and Compliance annual conference at the Law Society. Solutions were proposed, too. In the keynote address, Francis Dingwall, a partner at Liverpool firm Legal Risk, said best practice is to identify all risks, then evaluate and manage them. ‘Ask yourself how likely is the risk to occur, what will be its impact and what counter-measures you should put in place,’ he urged. ‘And also, is the cost of the counter-measures proportionate to the risk and to the profit that the firm will make by taking that risk?’

He conceded that best practice can be elusive. Law firms tend to overestimate the risks that ‘loom largest’ and underestimate those that pose the real threat, he argued. Research by an insurance company, for instance, reveals that just one in eight claims against law firms arises from lack of legal knowledge, whereas one in three claims is sparked by seemingly small mistakes in ‘legal housekeeping’. ‘And yet law firms concentrate their resources on developing legal expertise rather than improving administrative processes,’ he said.

However, identifying the real risk is often difficult. Dingwall gave the example of a proposed family holiday on a tropical island where a bather was recently attacked by a shark. ‘The risks of shark attack loom largest in the family’s minds,’ he said, ‘because such attacks are dramatic and scary. But a little research reveals that nobody on the island has died from a shark attack in more than 200 years. It is the tiny flies that sting and itch that are most likely to wreck your holiday. Who even bothers to identify such a seemingly trivial risk?’

He went on to urge solicitors, when starting a matter, to ask: ‘What will it cost if I get this wrong?’ He added: ‘Perhaps you should even put the cost, including the claimant’s and defence’s costs, on to the inside front cover of the file. That should concentrate the mind.’

Brian Rogers (pictured), regulation and compliance services director at Riliance Software, was  next. He is uncompromising about staff who work in isolation or are loose cannon. ‘Don’t be frightened to take action,’ he advised. ‘If people won’t do what is required, deal with them and, if necessary, show them the door.’ He quoted management guru Peter Drucker: ‘Effective leadership is not about making speeches or being liked; leadership is defined by results, not attributes.’

Rogers urged delegates to make ‘an effective compliance strategy and culture… an integral part of [their] firms’ day-to-day operations’.

‘Avoid a blame culture,’ he continued. ‘If someone gets it wrong, maybe the training was at fault. Don’t be afraid of testing your culture. Client feedback, even if critical, is valuable – it teaches you what works and what doesn’t. File audits provide good intelligence and often reveal business development opportunities. Ad hoc checks are also good for business. There was one firm that introduced a rule that all invoices over £1,000 had to be signed off by management. A spot check showed some fee-earners billing £995 rather than answer to management.’

He concludes: ‘A compliance budget in your books sits well with the SRA – it shows you are serious.’

Rogers’ presentation was followed by a ‘regulation and redress’ panel discussion. Chief legal ombudsman Adam Sampson told more than 200 delegates that he receives ‘more complaints about me than the rest of you put together’. This is because, Sampson explained, many complainants are ‘from the eccentric end of the community, and tell me you are part of a “foul criminal conspiracy”. When I fail to take harsh action against you, they then complain about me’.

He had already received three death threats before taking up the first complaint in his role of LeO back in 2009, he recalled. ‘One complainant claims to have been made physically sick by my judgment. I believe him – he kindly sent me a video of him vomiting.’

Sampson claimed that the net benefit for the profession of dealing well with complaints is £80m over five years. ‘Some complainants will never give up if you do nothing,’ he said. ‘But by dealing with the complaint promptly and professionally, you save time and money.

‘There is lots of negative feedback on the comparison websites, whereas satisfied customers generally remain silent. The whingers damage us, so it is best to leave them with nothing to whinge about.’ He then made this claim: ‘If a complainant is dealt with well, statistically he is likely to become a loyal client.’

Immigration services commissioner Suzanne McCarthy endorsed Sampson’s view that if you take a complaint seriously and deal with it, then you can build a good relationship with a client. However, she stressed that her area of practice has its own difficulties. ‘My clients are often scared to complain in case the Home Office whisks them off to the airport,’ she said. ‘They often have inadequate English, too, or simply don’t know how to pursue a complaint though our system.’

McCarthy reminded the conference that she has the power to bring criminal charges, restrict licences or strike off solicitors who have done wrong. ‘But we are never going to get rid of the “doctor Shipman” solicitors, or advisers who set out to fool the system and its regulators,’ she said. ‘But we are trying hard to control a sector that includes major law and accountancy firms down to individual advisers.’

SRA risk director Andrew Garbutt made the point that a firm’s financial instability is a ‘real driver for other negative behaviour, such as lack of integrity and client harm’. He had that morning signed off the SRA’s newest publication, Risk Outlook 2014, and gave the conference a ‘sneak preview’ of what it says about the risks that are expected to impact on clients.

The misuse of client money is the number one risk. ‘We receive around 150 complaints a month,’ he said, ‘with around a third resulting in intervention.’ Failures in AML compliance is another big issue, Garbutt continued, with 3,500 reports made to the National Crime Agency last year, often because a client account had been used to launder money. ‘Bogus firms are a growing threat,’ he said. ‘There was a 60% increase in 2012-13 and we have had 235 alerts so far this year.’

Other risks of which to be aware include failing to provide an adequate standard of service for vulnerable clients and not keeping client data confidential in the face of cyber attacks, the use of cloud technology and ‘phishing’ emails.

A delegate from the floor asked what to do when the conditions for panel membership are ‘so onerous you risk failing to comply’. Sampson reminded delegates: ‘Your duty as a solicitor is to your client, not to keeping a funder happy. You need to reconcile your professional obligations to your client with the need to run a good business.’

During a breakout session on financial stability for alternative business structures, Tony Guise of City firm Guise Solicitors, gave advice to compliance officers for legal practice (COLPs) and for finance and administration (COFAs). ‘You must know your firm and fee-earners inside out,’ he said. ‘It is all about being informed as to exactly what goes on in the firm. Otherwise, how will you be able to report any non-compliance to the SRA?’

He added: ‘As COLPs and COFAs, you are the champions of risk management and compliance. Don’t be afraid to organise in-house training or question fee-earners. You can’t be expected to know everything and the cost of non-compliance can close a firm down.’

The conference drew to a close with a panel discussion on the ‘hot topics for the year ahead’. For Tim Hill, the Law Society’s technology policy adviser, cyber security will be the major issue. ‘Small and medium-sized firms have seen the cost of dealing with the worst security breaches almost double from between £35,000 and £65,000 in 2013 to between £65,000 and £115,000 in 2014,’ said Hill. ‘It can cost large firms up to £1.15m.’

Hill urged firms to visit the Law Society’s cyber security hub, read guidance from the SRA and from GCHQ, and connect with the websites of Cyber Street, the government’s new Cyber Essentials Scheme and the Cyber Security Information Sharing Partnership.

The Risk and Compliance Annual Conference 2014: Maximising Stability, Minimising Risk was held at the Law Society on 18 June. For more information about the Society’s Risk and Compliance Service, click here.

AML top tips: Preparing for the Fourth Money Laundering Directive

• Customer due diligence – are the documents checked properly?

• Risk assessment – is it undertaken and recorded for the firm and clients?

• Ongoing monitoring – are your staff complacent?

• Training – is it relevant and effective?

• Read the Law Society’s AML updates


• Identifying/dealing with domestic politically exposed persons

• Practical implications of beneficial owner registers

• Updating policies and procedures

Alison Matthews, Alison Matthews Consulting


Top tips for growth

• Prepare a realistic cashflow forecast

• Increase cashflow by reviewing costs, chasing debtors and billing promptly

• KPIs – concentrate on one aspect of your practice you want to improve

• Business development –network, use social media, write articles

• Compliance – assess risks and put policies in place

• Increase capital reserves – and it becomes easier to borrow

• Increase workload by finding your niche

• Employ new fee-earners who bring their own leads

• Merge with other firms to exploit synergies

Prashant Joshi, Law Society, lead consultant – finance and accounting