Another year, another challenge

As we enter a new CPD year, this is perhaps a good time for firms to pause and reflect on their policies and practices over the last year from the perspective of risk management.

Did your firm face any complaints or claims? Were there any near misses? Are you happy with your processes? Has your firm been exposed to any new risks you weren’t aware of previously? Did you introduce any new policies or procedures? Have they helped? How did you satisfy your risk management CPD over the last year? Did you undertake training? How might you improve things for next year?

The start of the new CPD year is a good prompt for firms to be considering these questions alongside their future risk profile and their risk management needs. It’s also important that individual solicitors look at their own risk management CPD needs.

CPD requirements

Firms will be now be aware that solicitors have to undertake a minimum of one hour of risk management CPD every year. That compulsory one hour is part of the existing 20 hours of CPD required each year and it is monitored as part of the annual CPD review conducted by the Society. This requirement was introduced in 2018 as part of the ongoing efforts to improve the profession’s risk profile. Risk management is defined as a process of identifying, assessing and prioritising risks, which results in some form of action to control and manage those risks. This means there are a number of ways in which the CPD requirement can be met. It can include, for example, training on anti-money laundering, complaints handling and complaints avoidance, contingency planning, cybersecurity, prioritisation, time management, workflow and processes, and terms of business.

But risk management is more than just satisfying your CPD requirements. It is essential for law firms to have risk management as an integral part of their practice. We would always suggest that solicitor practices take some time to identify, assess and allocate risks associated with their work to ensure they meet client expectations and reduce the risk of complaints and claims. This is valid for all firms, regardless of their size.

A tailored approach

The one thing that firms sometimes overlook is that risk management has to be appropriate and relevant for the individual practice. This, of course, also means that they should ensure their policies and procedures are tailored to the exact needs of the practice. No one would expect a sole practitioner who does exclusively criminal court work to have the same controls as a large corporate practice, carrying out commercial transactions. Firms must have the right type of controls for them, and those controls should be appropriate to the size and complexity of the company and the nature of their work and their clients. But hitting that right level is often easier said than done.

Firms will already have carried out risk assessments in accordance with their anti-money laundering requirements. This means that firms should already have a sound understanding of the general overview of their practice, their typical transactions and their client base. This will give some indication of inherent risk areas. If a firm is regularly involved in transactions which are undertaken at short notice, within short timescales, then there might be a set of risks associated with those types of transactions – for example, the potential for fraud.

Obviously, in relation to learning requirements, solicitors will most likely want to take a sector-specific approach to risk management. For example, litigation solicitors might want to learn from claims arising from missed deadlines and prescriptive periods, whereas conveyancing solicitors might want to look at claims arising out of boundary and access issues. We would be delighted to engage with solicitors on particular topics and we would encourage firms to get in touch in this regard.

At a management level, firms should examine their record of complaints or claims to see whether there is any pattern that suggests a need to tighten up controls in particular areas. Examples of this could include managing critical dates, client vetting and engagement or reporting to clients. It is also sensible to list all the situations where mistakes (no matter how small) have been made, where corrective action has had to be taken and where “near misses” have occurred, and then consider the underlying causes of each of the matters. Remember, this might not just be gaps in skills or training, but could also be down to interruptions, pressure of work, stress or other factors.

There is not the scope in this article to outline a full methodology for firms to identify areas of weakness or risk and the preventative systems that might be appropriate. However, it is important that practices consider their own specific requirements and we would encourage firms to contact the Master Policy team at Lockton if they would like assistance in assessing their requirements.

Most claims arise out of poor processes and procedures

When determining your risk management CPD needs for the year ahead, the focus should be mainly on process rather than law. It is worth remembering that, over the last 10 years, fewer than 10% of claims submitted under the Master Policy were as a result of mistakes in the law. Over 90% of claims were as a result of other issues, such as missed deadlines, poor or missing letters of engagement, lack of reliable file notes, failures to register title etc.

Whilst solicitors are obviously required to keep up to date with their areas of practice, including changes in law, from a risk management perspective improved housekeeping and risk control procedures are key to avoiding some of the more simple errors that frequently give rise to claims. Taking steps to improve risk management processes and procedures will almost undoubtedly avoid or mitigate claims.

The cost of claims

The reality is that poor risk management and lax controls can cost a law firm far more than the introduction of new systems and controls, both in money and ultimately time. The consequences are many and can include:

• direct financial costs;
• fractured client relationships;
• reputational damage;
• potential complaint/disciplinary consequences;
• lost management and fee earning time;
• anxiety/emotional impact.

Defending claims

As well as avoiding claims, risk management processes also make claims easier to defend.
With further constitutional change on the horizon, there is the possibility of another financial slump. As a profession whose risk profile is significantly impacted by economic conditions, it is important to be able to ride out any subsequent recession without creating calamitous claims. Yes, inevitably claims will rise in recessionary periods, but the defence of such claims will need to be robust if the profession is going to continue to enjoy the support of insurers.

Risk management activities

Risk management is still too often seen as an unpleasant necessity, something of a bureaucratic add-on that can distract from the real business of the day. Lockton is determined to help ensure that risk management is understood and implemented as a simple, yet effective way to avoid and mitigate claims and enhance the business overall.

Over the next 12 months Lockton will be looking to engage with solicitors to support their risk management activities. We will, of course, continue to generate relevant risk management content in addition to any targeted material produced in conjunction with the Law Society of Scotland.

There is always more that can be done to improve risk management performance. But with finite time and resources and many other matters to be dealt with, we all have to prioritise those areas that are in most need of attention. We would like to hear from you – what are your risk management priorities going to be over the next 12 months and how can we help?