Trends in law firm risk management

Sep 11, 2023

Talking to clients over recent months there has been a debate around the risks that they face and you may have picked up from our Porto Planning Blog that it is something that we have recently reflected on internally as well.

Managing risk is a key professional obligation of all solicitors and law firm partners in particular. Here is our summary of the current risks.

The Economy

The economic downturn we are experiencing here in the UK is undoubtedly a risk; it is a risk to our clients if we act for commercial clients and it is a risk to our own businesses.

We know for example that house prices are falling which will impact on those law firms that engage in conveyancing (fortunately not us), but it will also impact in terms of cost of living and the increases to law firms’ cost bases as a result of rising inflation and the cost of living challenge. Consumer client facing law firms will therefore need to be aware of the trends and to adapt to them as well.

Our view is that law firms should be conducting a review of their expenditure in a more granular way in order to limit the economic downturn. Similarly firms should be reminding fee earners of the need to deliver work to clients and to maximise their recovery of fees. Maximising the recovery of fees does not mean necessarily charging more but it does mean making sure you evaluate the job and if you are undertaking it on a fixed fee that you work to the parameters of that fixed fee in order to work efficiently. The emphasis should be on efficient working practices rather than time spent.

The cyber risk

Law firms deal in data and we routinely have access to the sensitive and potentially valuable data of our clients.

For many years we have seen the risk of phishing attacks on law firms with a particular emphasis on email interception of bank details. You should routinely be checking bank details before sending funds to a new bank account using a dual source of data (telephone and email for example and not just one of these).

With the post pandemic more flexible working environment it is probably time, if you have not done so in the last 6 months, to undertake a review of the current cyber risks your firm faces.

Mental health and the wellbeing of fee earners

Fee earners who are stressed, anxious, overworked and distracted can and do make mistakes. When looking at our current workload of cases where either we have supported firms in making reports to their insurers or where firms are engaging with the SRA, the theme undoubtedly is those who have been struggling to cope have made mistakes that they would not ordinarily make. In hindsight they know this. The sensible ones are open and transparent and do not try and cover it up.

Remember therefore to check on the mental health and wellbeing of your team and to make sure that you have got effective supervision of people at all levels to ensure that people are achieving a worklife balance and importantly can talk to their supervisors so focussing on the supervisor relationship with supervisees and making sure that that is strong, open and transparent is key.

The SRA’s new wellbeing rules are likely to spike in challenges in this area over the next three years. Another of our blogs cover this aspect.

Internal fraud

Each year we advise a firm that is stunned by somebody doing something dishonest internally, whether that is due to gambling, drugs, the influence of a third party or pressures from a new relationship. The SRA expect you to vet your staff on a regular basis, although they are vague on what that looks like in practice.

You should certainly be looking at validating qualifications and undertaking a review of the internal risks from gatekeepers, whether they be controlling access to information or access to funds. Take a review of your controls, including at partner level and decide whether or not they are adequate and most importantly document that you have done this. In the event of a problem, both your insurer and the SRA will be reassured that you have at least checked before it went wrong.

If you spot a problem report it in the right way to the SRA and your insurer, if in doubt let us know and we will happily help.

SRA breaches

The entire SRA system was rewritten in 2019 and we still note that despite the rules being simpler and easier to follow there is a lack of practical awareness of how the SRA rules apply. You should certainly be undertaking regular training in the SRA obligations and we would say like AML training it should be a regular feature but also it should be raised during the course of team meetings internally and case studies of when issues around ethics and the SRA Principles have cropped up should be taken.

For a number of firms we operate an ethics helpline whereby their Managing Partner or COLP can come to us if they have got a dilemma whether that be on a conflict of interest or some aspect of the SRA principles or the two codes of conduct.

Think about how you can raise awareness of what is expected from the SRA and more importantly how you would show that you had done this in the event of a problem in the future.


These are things which reflect our workload but also reflect discussions we have had with other advisers in the field over recent months. The fact that they match would indicate though a pretty good starting point to review your internal risks.

If you need help and support with risk management, supervision training or training on the SRA rules remember that we can deliver this in person or by Zoom/Teams so that you can either emphasise the need to upskill in person or evidence the training that has been given by recording the webinar version.

Any queries get in touch


Trends in law firm risk management