Legal Risk (y) Business? Some Practical Tips

 Law Firm Risk Mangement - Beyond ComplianceThere are an awful lot of lawyers out there who don’t understand Legal Risk Management. Unfortunately, especially for those involved in running law firms (which includes anyone classed as an owner/manager so therefore all partners), this is worrying considering mandatory principle 8 which states “You must run your business or carry out your role in the business effectively and in accordance with proper governance and sound financial and risk management principles”.

However, it’s not really the lawyers fault given that unless you’ve undertaken specific training, this is not something we were taught in our years of study. The SRA have published an awful lot of very informative and helpful information around their own Risk Management Strategy but this is only useful for those who have the luxury of time to read through the volumes of information.

The reality though is that lawyers DO understand risk as we instinctively consider it for clients all the time. It’s much harder to be objective though when it comes to your own business and having a process to do this helps.

According to the SRA, a risk is considered to be the combination of impact (the potential harm that could be caused) and probability (the likelihood of a particular risk occurring). This is closely aligned to the definition provided by the Institute of Risk Management.

So effectively it’s looking at anything which can impact your ability to deliver a good risk free service to your clients including the continuance of your business. That may involve things which are internal to your firm such as processes or training or things outside the firm such as changing legislation or other external factors such as cybercrime.

Risks differ from firm to firm but there are many which are consistent and a great way to start to develop your own risk management strategy is to consider that drafted by the SRA. They have a very robust strategy, developed over time which is now starting to show fruit. The problem so far has been getting the resources to follow this up. Following an intensive recruitment and training process, they have 200 supervisors in place. Given the intensive nature of their work on risk, the SRA will have expectations that firms have carried out work around risk in a similar way since the introduction of OFR – now 4 years ago!

As a starting point for your Risk Management Strategy, we recommend the following steps:

Review the SRA’s Risk Index which has 28 firm and 10 market risks identified by the SRA as having the potential to affect their regulatory risks.

  • Consider these risks as applying to your firm taking into account the impact and probability and allocating a score to each (of say 1-5)
  • Then multiply the impact and probability to calculate the overall risk score
  • This will give you an idea of where your biggest risks lie and help you to focus on finding ways to mitigate them.
  • This will give you the beginning of a ‘Risk Register’.

If you’d like to learn more tools to help you develop your own robust Risk Management Strategy which will stand up to scrutiny from the SRA, then please feel free to contact us on 0121 270 8008 or email

Leave a Reply