Clients are expressing much more concern about the way the largest UK law firms are managing risk than before – and than the firms’ own lawyers, a survey has found.
The 2011 UK law firm risk management survey – which spoke to risk professionals at 26 of the UK’s top 100 firms – reported that while just 21% of lawyers perceived risk management to be a “key priority”, 47% of clients thought it was.
While clients saw risk management as a way to differentiate themselves from their peers, lawyers considered it as “a necessary but inconvenient pursuit”.
The survey, produced by the risk managers’ forum Risk Roundtable, with the backing of risk management software company IntApp, said an overwhelming 90% of those questioned said clients were “mandating more stringent measures” in relation to such things as data security, conflicts and compliance measures.
The finding mirrors a similar US survey published at the end of last year.
The overall picture presented by the survey is that leading UK law firms are taking risk management seriously, although they have different approaches.
Two-thirds of firms vest responsibility for managing risk in a committee or multiple individuals and the rest in a single head of risk and/or compliance. The finding suggest the practice of many firms is at odds with the Solicitors Regulation Authority’s newly adopted regulatory handbook, which from October will insist on firms designating compliance officers to be responsible for legal practice, and finance and administration.
The survey found just half of firms have a dedicated risk management budget, the other half drawing funds from the budgets of departments such as human resources, administration, finance, IT and operations. Three-quarters of firms have a risks register, or some sort of written catalogue of firm risk issues, most often managed manually using spreadsheets.
Responding to regulatory requirements, especially rule changes, was the top risk management priority, the survey said, followed some way behind by building a risk culture. It was also the area firms expected to invest in most heavily, with client matter/inception close behind.
Most firms have measures in place to ensure good communication on risk issues, the survey found. Two-thirds had formal processes to communicate policies and track acknowledgements, with the remainder saying they generally took ad hoc steps to reach the same result. More than 80% of firms had a formal internal audit process to evaluate compliance policies, often involving random file audits.
Despite appearing not entirely to share their clients’ risk management priorities, there was evidence that large firms have invested heavily in protecting confidentiality. Almost 90% have some sort of technology-enforced restriction and nearly three-quarters have ongoing training programmes to ensure lawyers are up to speed on confidentiality rules and regulations.