The Hidden Costs of Inadequate Risk Management in Law Firms

What keeps a lawyer up at night? The answer will depend on where they sit in their role in a law firm. As a solicitor and AML compliance specialist, I get it.

Senior partners might focus on cashflow and reputation. Newly qualifieds might be struggling with imposter syndrome. Practice managers may be spinning their plates with software integration and IT headaches, whereas compliance officers will have their own plethora of worries.

From my experience, it depends on whether you’re specifically a COFA, COLP, or MLRO (of course many small high street firms have one person covering all the compliance and risk management pathways in a firm whilst fee earning).

Does your firm focus on conveyancing and private client work? You’ve got a whole host of challenges just by default. Are you involved in litigation and dispute resolution? Then you’ve got the “sham litigation” scenarios abounding. Onboarding overseas’ clients from possible “risk” territories? You’ve got some serious CDD work there. Have a senior partner that also holds the role of the compliance officer and looks after client accounts? Let’s not even go there…

It’s great that I’m seeing so many more firms come to me and my team asking for support in compliance training, more onboarding with our Teal Tracker software and generally being more proactive with their firm’s visibility in understanding and staying compliant, but there are so many that are still focused on the pounding billable hour and 100% client focused, rather than 85% on client work and 15% training and compliance. 

The concept of “sustainable effort” is the idea of working at 85% capacity, as we can maintain the perfect equilibrium of high performance and well-being, i.e. if you are working at 100% then this leads to burnout, which of course leads to risk. McKinsey’s Burnout Tool is handy HERE.

It’s too easy to use AML templates and not tailor them to your firm, your clientele, and of course your employees and colleagues. I designed our AML software, TEAL TRACKER, with you in mind….if you’re reading this, then why not have a look at our software HERE.

We can all rely on those basic templates, ask new employees to read the policy online, run a tick box exercise, but what happens when it’s too late? When risk has crashed through your door.

Ultimately, overseeing risk management in your law firm is about finding a balance that works for you and your employees, whilst seriously considering factors like workload, regulator fines, insider (and outsider) threats, and workplace culture. 

As the CEO of Teal Compliance and Chair of the Law Society’s Money Laundering Task Force, I can only continue to support my peers in the legal profession and impart my insights and expertise.

Sometimes if you look at scenarios and work backwards it helps to identify the stages of how to feel secure in your firm’s compliance processes and controls. Know the saying “I never thought it would happen to me?”. My advice is to assume it will be you and deter the baddies whilst appeasing the regulators.

Some of the “hidden costs”, i.e. consequences of inadequate risk management include:

• Regulatory penalties: Firms that fail to comply with AML regulations can face significant fines and penalties. All you need to do is look at the SRA’s website or a search in Legal Futures to hear the latest. The law firm Ashfords LLP had a largely unblemished regulatory and disciplinary history and so it is regretful that they were then fined more than £100,000 for failing to comply with AML regulations 
• Reputational damage: A firm’s “brand” reputation can be devastatingly damaged if it has been involved in money laundering or other illegal activities, whether or not the crime was due to naivety or planned.  We are in a digital age where social media and Google reviews can be detrimental, leading to a loss of clients, difficulty attracting new business, and a decline in overall firm value – you want succession and have worked so hard but then you’re fined, possibly struck off and another firm sweeps in at a price that’s hard to swallow.
• Client money losses: The responsibility for client account monies falls on the law firm and its managers, including the Compliance Officer for Finance and Administration (COFA) and the Compliance Officer for Legal Practice (COLP). If client monies are stolen or laundered, and the SRA finds out, the firm and its responsible individuals can face serious consequences, including disciplinary action and potential referral to the Solicitors Disciplinary Tribunal (SDT).  If the loss of client money is due to dishonesty or negligence by your firm, then you and your firm would be responsible for reimbursing the client. Consequences are hidden from this obvious painful financial strain, but brand reputation, personal life stresses and recruitment are key players.
• Cybersecurity threats: Inadequate risk management can leave firms really open and vulnerable to dreaded cyber-attacks and data breaches. These can cause significant financial losses, including the cost of remediation, legal fees, and potential fines. 
• Internal fraud: This is a painful one because it forces us to look at insider threats.  Common types of internal fraud include administering the accounts of individual clients where a single person has sole authority, and unofficial “borrowing” from client account or billing fraud. Billing fraud is where fee earners might inflate time spent and/or fees charged to meet or exceed targets. In the latter scenario it goes back to the pressures put on lawyers and therefore workplace culture might need more looking into.
• Increased scrutiny: Time in a law firm is hard to come by, especially if there aren’t enough fee earners to cover the amount of work. It’s back to the balance of 85% output. If your firm has a history of compliance issues that aren’t rectified or evidenced to be doing more to manage risk, that firm faces increased scrutiny from the regulators. That is time-consuming in itself, as well costly. Your firm might be incurring higher costs to bring your practice into a healthy compliance model after failing to manage all risks adequately. 
• Difficulty obtaining insurance: If you have poor compliance records then it stands to reason that you might find it more difficult to obtain professional indemnity insurance or cyber insurance, or may face higher premiums. Insurers prefer continued transparency and openness. They better serve you when you come to them quickly with a possible breach. If they see you are in communication with them with anything seemingly risky, they’ll be able to help you navigate the process better.
• Recruitment and Talent: Ask anyone in law and they’ll tell you that recruiting is a headache but then keeping great people in your firm is a migraine. A poor risk management culture leads to employee dissatisfaction, burnout, and ultimately, loss of your talented peers and colleagues. You don’t want to see your colleagues heading off to a competitor who offers continued training that’s engaging, and focuses on the 85% model at work do you?
• Operational Inefficiencies: Practice managers have many plates to spin, therefore if part of their role is to ensure the operational running of your firm lacks effective risk management the plates begin to drop. Billing errors, CMS glitches, delayed disbursements, increased administrative workloads, and no controls to track and measure for compliance policies and processes.
• Clients: We are all consumers of law in some way or another, yes, even us solicitors, i.e. we are all human. We observe, we listen, we trust, we lose trust…. clients may lose trust in a firm that fails to manage risks effectively. Remember social media, and insider gossip? It happens, people talk. If there’s a local newspaper with a budding journalist reading to crawl the disciplinary pages or court documents for their “business section”, and you’re in a firm of high street residential conveyancers, before you know it, the reputation is damaged, leading to loss of business and an impact on your firm’s market value. Whether you might be thinking of succession or investment, poor risk management has many hidden costs that include your future.