Risk Outlook 2013/2014
Autumn 2013 update
This update provides a brief picture of our experiences of managing some of the risks identified in the July Outlook, and highlights some of the emerging evidence to support our assessments across all the risks in the Outlook.
Read below Download (PDF 10 pages, 609K)
In July 2013 we published our first SRA Risk Outlook. The Outlook was our assessment of the most significant risks we expected to have to manage over the coming twelve-month period.
In the Outlook we committed not just to an annual publication, but also to publication of more frequent risk assessments throughout the year. Four months on, this update provides a brief picture of our experiences of managing some of the risks identified in the Outlook, and highlights some of the emerging evidence to support our assessments across all the risks in the Outlook.
Alongside this update, we are also publishing more detailed risk assessments of financial difficulties, cloud computing as a form of outsourcing services and group contagion, a new risk in the legal services market. These more detailed assessments can be accessed through this update, and are the first in a series of publications that will provide a more detailed review of the risks in our Risk Index, which we published in December 2012.
We see management of the risks in the legal services market as an activity that is carried out in partnership between the SRA and the firms we regulate. We will be transparent about the risks we have identified and our approach to controlling them, and will provide firms with the information they need to support their own risk management activities.
Our risk assessments will help firms to become risk aware, and will draw on our practical experiences of regulating firms not only to provide examples of the behaviours and actions that can cause these risks to occur, but also to help firms to navigate through them successfully.
Director of Risk
The following risks are categorised as "current":
- financial difficulty,
- dishonest misuse of client money or assets,
- lack of a diverse and representative profession,
- failure to co-operate or comply with notification and information requirements.
The risk of financial difficulty remains high in firms across the legal services market. This is true of firms of all types and sizes.
To allow us to take a more risk-based approach, we asked 2,000 firms to provide us with information about their financial health. These firms were from a cross-section of the legal services market, but were selected on the basis of particular characteristics.
Of these firms, around five percent provided information that indicated a high risk that financial difficulty may exist.
As the firms we collected data from were selected on the basis of particular characteristics, it is not possible to directly extrapolate findings on levels of financial difficulty and make an accurate estimates of prevalence across the whole legal services market.
We have already started to work with the firms that present a high risk, and will make further contact with other firms who provided information that indicated a lower, but still concerning, level of risk. In our experience, early engagement and constructive actions taken by firms usually lead to more positive outcomes, including a reduced likelihood of intervention.
We have also carried out a review of a sample of firms that we have engaged with on the basis of financial difficulty. The results of this highlighted characteristics that are frequently observed amongst these firms:
- a naive approach to financial management,
- ineffective financial directors or equivalent,
- failure to share information on financial management between all partners and managers,
- refusal or inability to accept the existence of serious financial and management problems, and
- often, one individual can make a significant negative impact, for example an over-dominant senior partner or chief executive.
Where firms demonstrated the opposite of these characteristics, the risk of financial difficulty was usually well-managed, benefiting both clients and the firm itself.
Engagement with firms has highlighted many issues about the financial management of firms. In some cases, the behaviour we have seen has simply demonstrated poor management skills. However, we have also seen conduct which has demonstrated dishonesty or a lack of integrity. We have found firms that have recklessly traded themselves into insolvency or taken steps to disguise their true financial position to clients, stakeholders and their regulator. Where enforcement action is necessary, it will be proportionate to the conduct of those involved.
There has been some recent positive news regarding the prospects for growth in the wider UK economy. In September, the International Monetary Fund revised its forecast for economic growth upwards in the UK1. Despite this, we anticipate the risk of financial difficulty in law firms will be ongoing. This is partly a result of the fundamental weaknesses we have identified in the financial management of many firms we regulate.
Dishonest misuse of client money or assets
This risk is linked to financial difficulty, as this is a key factor that can create an environment where client money or assets are more likely to be misused. This link is borne out by recent increases in reports of misuse of client money. Before the Outlook was published we had already started to see an increase in this risk. Since then we have dealt with even more cases, with July, August and September 2013 seeing large volumes of reports of this risk. Over 140 reports were made in each of these months, and against the backdrop of increased financial difficulty in firms. These trends give us concern that risks to client money and assets are increasing.
Lack of diverse and representative profession
The Outlook recognised that this is a challenging issue for firms as barriers to a diverse and representative profession involve far more than just recruitment and human resources (HR) practices at firms. For example, access to higher education will also be a key factor, as will the geographic location of any specific firm.
We also recognised that new entrants to careers in legal services are made up of a diverse profile of people. Furthermore, our review of equality and diversity practice at firms highlighted several examples of good practice which could be replicated by others.
Despite this, there is evidence of trends that are contrary to a diverse and representative profession, which the regulatory objectives of the Legal Services Act 2007 require the SRA to encourage. These features include: a pay gap between BME solicitors and their White British counterparts, a low proportion of woman at partner level and a lack of representation from less affluent socio-economic groups.
We are in our second year of collecting data on the diversity of those working in firms we regulate. We will continue to collect and publish this data to help us track change and improve understanding of this risk.
Failure to cooperate or comply with notification and information requirements
Good quality and timely information is crucial to a risk-based regulator. It means that we can spend less resource on firms that manage their risks effectively, and dedicate our attention on those that do not. This benefits the public, consumers and well-run law firms.
We experienced a significant lack of cooperation when we required firms to nominate compliance officers. Subsequently over 1,000 files were opened and when this process is complete we expect that over 100 disciplinary sanctions will have been taken.
A far more positive experience was found when we carried out the data collection exercise to allow us to manage the risk of financial difficulty. Although there is a small group of firms where we will need to take further action, levels of cooperation were much improved from the compliance officer exercise. We require firms to cooperate with future information requirements, including the current equality and diversity data collection project (for which the deadline is 31st January 2014) and on reporting failure to obtain professional indemnity insurance.
The following risks are categorised as "emerging":
- lack of adequate succession planning or exit planning,
- poor standard of service and legal advice, particularly where this involves more vulnerable consumers,
- inadequate systems and controls over the transfer of money.
Lack of adequate succession or exit planning
We expect that firms will have a viable exit plan or succession strategy in place. This is particularly important when we are engaging with firms in financial difficulty. An exit strategy is vital because it means that if the firm is no longer able to continue trading it is able to wind down in a way that does not put the interests of clients at risk. An intervention is very likely to take place where an effective and achievable exit strategy is not in place and we believe that clients are being put at risk.
Succession and exit plans need to be developed by firms at risk of not securing Professional Indemnity Insurance (PII). Firms in this situation will enter an Extended Policy Period (EPP), provided by their last insurer, which provides an additional three months' (90 days) coverage. This is made up of a 30-day extended indemnity period (EIP) and a 60-day cessation period (CP). During the CP the firm can only deal with existing instructions. If the firm does not have a new PII policy at the end of this period it must close.
Poor standard of service or advice – particularly where this involves vulnerable consumers
Research by the Legal Services Consumer Panel into legal services consumers with learning disabilities has highlighted issues around the difficulty of getting specialist advice in a sector undergoing significant changes2. This report adds to the weight of evidence that standards, service and advice do not always live up to the reasonable expectations of vulnerable clients when they have a legal need.
The consumer advice sector is going through reform, with the Citizens Advice Bureau taking on responsibilities that were previously shared between a number of other bodies3. This is combined with changes to Legal Aid, meaning that many third sector organisations and consumers may find it more difficult to understand where to go for advice. We intend to carry out more research on these issues to help us better target our regulation to support the interests of these individuals.
Inadequate systems and controls over the transfer of money
The Financial Action Task Force (FATF) recently highlighted the risk of criminals targeting legal service providers to facilitate money laundering or terrorist funding4. Law firms are targeted as they are required to complete certain types of transaction and possess skills that are valuable to organised criminals. FATF highlights that even law-abiding professionals are vulnerable to involvement. Its report highlights the following measures that should be taken to control this risk:
- being alert to red flags indicating that the client is seeking to involve them in criminal activity,
- choosing to abide by the law, their ethical obligations and applicable professional rules,
- discerning legitimate client wishes from transactions and structures intended to conceal or promote criminal activity or thwart law enforcement.
The following risks are categorised as "potential":
- improper or abusive litigation,
- lack of due diligence over outsourcing arrangements,
- group contagion,
- lack of transparency in complex business structures.
Improper or abusive litigation
The Outlook highlighted this as a risk that has the potential to crystallise quickly and affect a large number of people. We have seen no new instances of this risk, but we are vigilant to its potential as law firms pursue new opportunities.
One potential example stems from a ruling in October 2012 by the European Court of Justice that delays to passenger flights caused by factors including a lack of flight crew or technical problems merited compensation. We have seen law firms setting up specialist teams to take on these cases. If managed responsibly this will provide members of the public a useful option to secure access to justice. However, firms operating in this market must ensure they are clear about the nature of the service they are offering and avoid the lack of clarity and transparency seen previously in some firms managing payment protection insurance claims.
Lack of due diligence over outsourcing arrangements
Many law firms choose to outsource some of their processes and practices. One example of this is use of cloud computing, which involves outsourcing data processing to an external provider. Cloud computing can control the risk of breach of confidentiality by eliminating the need for USB sticks or for confidential files on laptops. However, it can also increase the risk if communications with the provider are not secure or if the provider does not protect the data. Firms using cloud computing must be aware of the requirements of the Code of Conduct and the Data Protection Act. The link below provides more detail of good and poor behaviours in the management of cloud computing.
This is the risk that liabilities, losses or events affecting one part of a group of firms affect a regulated legal firm within that group, resulting in a negative impact on consumers or the public interest. The impact on the legal firm may range from reputational damage to financial failure. This risk is particularly an issue in conglomerate businesses structures, but is relevant to any firm in a group structure or marketing collective.
As more firms adopt group structures, the potential for this risk is increasing. The link below sets out more on this risk and the relevant controls.
Lack of transparency in complex business structures
In the Risk Outlook 2013 we clarified that we do not wish to inhibit law firms from making use of different types of business structure. We only see this as a risk where excessive use of complexity is used to reduce transparency between the firm and its clients and regulator.