A Layered Approach To Managing Risk
Let’s start with a couple of facts. 1) Conveyancing is the highest risk area of law. 2) Cyber crime reports to the SRA have again risen over the last year. 3) The amount of client money reported as stolen also increased over the last year.
The above is evidence that fraud and cyber crime in Conveyancing is a major issue, some would say it’s every partners worst nightmare? Or is it? If you are the type of firm who have robust procedures in place, then it probably is. You’ve put together a layered approach and yet your still a victim, what more can you do?
But what about those that don’t treat risk seriously, those that think it will never happen to us because it never has and those that think one layer of protection is enough?
Firstly, let me explain what I mean by layers. I’ve mentioned it a few times already. Layers is about depth to your processes, so if one layer breaks or fails the others come in to play and provides protection. A law firm I was speaking to recently had one layer to protect their clients’ monies and that layer was arguably a weak one. Why are layers important? There is no silver bullet, fraud and cyber crime won’t go away, not even in a digital landscape. Look at Australia and this fraud involved with the new Pexa system. They are further down the road than us in terms of digitisation, yet still the risk remains.
The famous analogy regarding locking your door and setting an alarm becomes crucial here. Cyber criminals are sophisticated. Would you lock your door and not set your alarm or would you do both? Security is about belt and braces and you never know which organisation may have pertinent information in your decision to send hundreds of thousands of pounds to an account that may or may not belong to the other side.
The title of the blog mentions the Golden Triangle, this is not the cyber crime equivalent of Bermuda but a well known axis that is used to provide balance in processes across a number of industries. I think it’s pertinent to how conveyancers should approach their layered approach to fraud and cyber crime. The Golden Triangle incorporates people, processes and technology. If you look at historic cases of fraud in Conveyancing such as Nationwide v Davisons, then you could pinpoint large gaps in the golden triangle. The great thing about this axis is that it can be appropriate to firms of all sizes. Let’s look at a large regional firm for example. They are likely to invest in technology, have robust processes and you’d hope have well trained people. If you are a large regional firm and you’re reading this, have a think about how your golden triangle looks? Are any of the 3 areas weak?
What about a typical High Street firm? You can still apply the golden triangle. It’s easier to train staff, the investment in the technology should be more cost effective and your processes should be less complex to implement. What I see is a lot of firms who put all their eggs in one basket, so they heavily train the staff but have no process or technology to fall back on if an individual makes a mistake. Mistakes do happen, people are human, they will make them. This element is often forgotten when looking at a layered approach.
Let’s look at the other end of the scale at large volume conveyancers. They invest in technology and their processes but do they invest the same in their people? Is the balance right?
To summarise, managing risk is tough. People have different approaches and opinions and law firms have complex infrastructures, it can often be tough to change a process or attitudes. The risk won’t go away though as cyber criminals and fraudsters are becoming more sophisticated. It is time to ensure you have robust processes in place to ensure you have very few weaknesses in your Golden Triangle.