Research challenges the burden of regulation
A cultural shift in attitude towards risk management may prove to be the most important driver of future law firm growth, according to research with independent law firms.
While the debate around the burden of regulatory compliance has been fuelled in recent weeks with the publication of the SRA’s three-year strategy, the research among mid-sized firms suggests that strategic risk management is bringing a return on investment and opening the door to greater competitiveness and client choice, as well as satisfying regulatory requirements.
The findings have been published by LawNet, the collaborative, non-profit network for independent law firms, following research involving over 3000 legal, management and support staff across its member community.
And while junior fee earners and admin staff were more likely to think regulatory repercussions were the most serious outcome of poor risk management, mid to senior fee earners and managers were more focused on how it may affect financial management and reputational issues. Better client service, reduced PII claims and reputation protection were the top three benefits of stronger risk management, with 50% saying it was delivering effective business management benefits, and a further 30% saying it had become a vital business tool.
Residential conveyancing is perceived as being the highest risk work across all staff, followed by commercial property, accurately reflecting SRA statistics which show that around half of all claims, and some £770 million of indemnity payments between 2004-14, result from a failure in conveyancing work.
Fraud and cybercrime is the biggest threat for the future, for some 40% of staff, closely followed by client data protection and securing IT systems. Almost 50% were aware of an attempted fraud attack on their firm in the last 12 months, with most attacks being email phishing.
Commenting on the results, Deborah O’Riordan of insurers QBE, said: “This research highlights one of the most important aspects of managing a law firm today. Unless practices are engaging in some form of risk management programme, whether that’s an external standard such as Lexcel or ISO9001 or through advisory or compliance support services, they are missing a vital component. As an insurer, we want to see a real commitment to a culture of risk management – it’s an important consideration during the underwriting process, alongside fee-income, work-types, size of practice and claims history. It’s important also, that firms demonstrate a drive to improve.”
The research was undertaken by LawNet as part of an audit of the network’s risk management and compliance support, which firms receive as part of the bespoke ISO9001 standard that is compulsory for membership. The resulting feedback will be used to guide future training and development for members, and LawNet chief executive Chris Marston said: “Complaints about over-regulation, and the resulting burden on firms, are part of the day to day, but our membership enables us to speak on behalf of a sizeable constituency of larger SME firms, and the evidence is that increasingly they are turning regulation into a business driver, rather than viewing it as a constraint.
“If enabling greater client choice is a driver for regulation, the benefits of achieving a cultural shift in this way adds real credibility to the argument for equipping clients to choose.”
The research findings are included within a sector learning publication, which includes case studies setting out how firms are achieving the necessary cultural shift.
According to the research, the most time-consuming aspect of risk management is file management, closely followed by performance management, of both self and others, with this area seeing the most increase in time required over the past two years.
Asking staff at all levels if they were aware of the firm’s policy for dealing with bank accounts and client payments, administrative and secretarial staff were most likely to be unsure. And while over 60% of firms were using penetration testing on a regular basis for their IT systems, fewer than 20% were regularly using social penetration testing of people and processes.
Chris Marston added: “Fraud is top of the radar for most firms, and rightly so, looking at the figures. But firms need to look at the bigger picture if we are going to tackle this across the sector. Embedding the right culture, so every member of staff is clued up and signed up, is how we’ll achieve this, while bringing real business benefits through better customer service and increased competitiveness.”
The White Paper outlining the research can be accessed here.