Risk management and IT: a practical guide

In a culture of increasing risk management and regulatory compliance, it is curious that many firms fail to identify their single biggest risk area – their clients.

From the moment that they make their first contact, clients should be a key focus of risk management strategies and fee earners a key player in the game. They, after all, are the ones having the contact, progressing the work and fulfilling the obligation; they are the ones who can get it right or wrong.

But even in the smaller firm, it is not feasible or desirable to be micro-managing each fee earner to ensure they are conducting themselves professionally, competently and in line with corporate standards. They need to be working within a framework in much the same way as the accounts staff operate within the Solicitors Regulation Authority (SRA) Accounts Rules and in the same way that technology and systemised solutions have transformed back office conformance, so they can be leveraged across fee earning departments as a central plank in the risk management strategy.

It doesn’t necessarily follow that we’re talking about big ticket IT projects here. There are some very practical, low cost options that firms can take while for those who are perhaps questioning the Return On Investment on earlier IT purchases, there is a chance to re-examine what has been put in place and to use it in different or additional ways.

Access for all

It is hard to follow procedure when it is not defined, published or kept up to date, so a written policy is the first requirement. However, rather than have a static ‘Office Manual’ either printed or sent out as an electronic document, why not publish it to an intranet? This would allow anyone with network access to view the latest procedures and precedents at any time rather than being forced to refer to a potentially outdated copy stored on their PC. If creating or updating a comprehensive manual is beyond internal resources, then why not consider outsourcing its development and maintenance to a third party risk specialist, who can supply it in your choice of web formats?

Acceptable risk

Whether to accept a client’s instructions can no longer be down to gut feel or personal preference. Business protection lies in business process – set the rules and make it easy for a) staff to follow them and b) management to know that they have followed them. Some simple IT basics can help immeasurably.

At the first enquiry it should be established whether the case is the type of work that the firm can handle. The current ‘Office Manual’, instantly accessible via the intranet, should clearly list the types of work that cannot be taken on and, if in doubt, a quick search of the risk policy should determine whether the retainer is within the acceptable risk profile.

The client should supply evidence verifying their identity in accordance with the Law Society money laundering guidelines. For a one off transaction this could be stored on the client file, but for clients instructing you on a regular basis it would make sense for the evidence to be stored centrally so that other fee earners can refer to it subsequently. This could be done in a paper filing system, or preferably scanned and placed either in a simple directory-based electronic filing system or practice management system, allowing for swift search and retrieval.

In transactional work, where reasonably large amounts of money are to be supplied by the client, some due diligence will need to be carried out on the source of any funds. The extent of that investigation will depend on the size of the funds and the nature of the transaction, but evidence of the detective work undertaken should be retained on the file in case of future official enquiries.

Just because the work is of a type that the firm can handle, it does not follow that every retainer should be accepted. The firm must be able to make a cash profit on the majority of work it does, and be confident that bills will be paid. A quick search on the accounts system will determine whether this client owes the firm money, and it would be sensible to refuse instructions where there are credit issues.

The words ‘cash profit’ are used advisedly. It may look very impressive for a fee earner to be building up huge reserves of Work in Progress (WIP), but if the client fails to pay they will have just been a busy fool. Most practice management systems allow for an estimate of fees and disbursements to be attached to a client matter, and for flags to be triggered when those limits are approached. Such tools should be used to prompt interim billing ensuring that as little profit as possible is locked up in WIP. The credit control system should be rigorously used to ensure that even less is locked up in debtors.

Conflict of interests

The Solicitors’ Code of Conduct is very thorough in its guidance on conflicts of interest. It can be very embarrassing and expensive for a firm to start working for a client, receive confidential information, and then discover that it is acting for a conflicting client and have to send them both to another firm. Most practice management systems come with a conflict checker that will ensure that the retainer is safe to accept. If in doubt send a quick email to everyone in the firm just to double check that no conflicts exist.

Don’t forget to check any ‘Own Interest’ registers in case the owners of the firm are also involved in other ventures that might conflict, such as investment property portfolios, or family trust companies.

Monitoring progress

Client risk profiles, identification checks, credit checks, conflict checks, client care letters, these are just the preliminaries – soon we’re into the heart of the matter. But for fee earners to be confident that they have done everything required of them, and for their managers to be able to check and audit their performance, it’s vital that they work with a checklist that combines milestones and workflow. They need to know what to do, the order in which to do it, when it is to be done by and to be able to record their progress for others to monitor.

Moving forward with case management

Workflow and precedent control of matters is essential to the management of operational risk on client files. It is virtually impossible to ensure compliance with the regulations without some form of systematic control of the way that client files are opened, progressed, clients updated, and then files closed. For those firms looking to compete effectively with ‘Alternative Business Structures’ a case management system should be towards the top of the IT hit list.

The regulations and guidance are changing so frequently that a central precedent for client care letters and terms of business is the only way to ensure that each fee earner is using the latest approved version. Case management will allow those documents to be automatically tailored for the particular department, fee earner, and client. It will also allow for most of the variables to be automatically merged into the document, speeding up production. Key dates – with automatic reminders – should be placed into the case plan.

The six month cost update could also be the point for the system to produce an automatic reminder to check that the risk profile of the case is no greater than when it was opened, and for evidence to be recorded of your continuous monitoring of the money laundering risk.

Blank letter and document templates can hold the ‘house style’ to prevent any risk to the brand and image of the business. A case closing and archiving template will ensure that nothing is missed when closing the file down.

Overall progress across multiple cases or across departments can be easily seen and measured; configurable thresholds and automatic alerts ensure that any risk of non-compliance with targets or non-conformance to standards is flagged up sufficiently for remedial action or escalation.

No case to answer

For those firms unwilling or unable to invest in case management software, there are alternatives – but they require far more manual intervention, individual discipline and responsibility and a fair degree of good fortune.

Precedents need to be stored centrally so that fee earners always use the latest versions. Completed documents should be stored in a logical file structure by date, perhaps in the format: C:/Client Docs/Client number/Matter number/Document by date and description. This sort of system necessitates 100% accuracy and uniformity if it is to work efficiently: if someone else has to pick the file up, the last thing they want is not to be able to lay immediate hands on the file contents.

The calendar system must be programmed for repeat reminders and updates for each client, and key dates will need to be entered manually. Attendance notes must be prepared for every action as evidence that the process was undertaken; case closing letter precedents should be used together with a closing risk assessment; and some sort of manual checklist should be kept running and up to date in the background. It’s far from ideal but it is a pragmatic alternative in lieu of full-blown case technology.


IT and systems can take a lot of the hard work out of risk management and compliance. Some simple but fundamental IT initiatives can get the ball rolling while case management can help firms make a quantum leap forward in terms of the ease, speed and completeness of managing risk.

If your business has already invested in technology it makes sense to make maximum use of it. If your front-line staff, your fee earners and secretaries, can be given the tools and shown how much easier it is to work with them, in a systematised way, they will soon be won over. More than that, they will be perfectly equipped to address the primary risk for any law firm: clients.

If you require any further information or advice about your risk and compliance issues, don’t hesitate to contact me.

Today's Conveyancer