Back to top

Practical guide to legal risks

14 May 12

Key messages to emerge from the recent Legal Risks Conference, which provided practical guidance on managing critical risk issues in the current climate

by Calum MacLean

Awareness of risks is essential to effective risk management. The opening presentation of the conference provided delegates with an overview of the claims experience of the profession, and identified trends and emerging risk issues. The key messages were reinforced by reference to the Society’s risk management targets – to raise awareness amongst the profession of:

  • frauds and scams
  • the causes of lender claims
  • information security risks.

The latest complete insurance year’s claims statistics are published in our 2012 annual report, which will be available on the Marsh Scottish Solicitors website shortly (

The conference focused on both practical interactive workshop sessions, and on providing practical tools to assist practices address the risk issues discussed.

Lender claims

Lender claims continue to be an area of concern for the Society’s Insurance Committee. This is down to the higher number of borrower defaults, mortgage fraud by borrowers, and the risk that lenders will seek to blame solicitors.

Derek Allan, of Master Policy panel solicitors Brechin Tindal Oatts, provided practical advice regarding requests from lenders for files, in the light of the opinion obtained by the Society (Journal, April 2012, 33, and the Society’s website). The clear message was that not all the file will normally belong to the lender – so check what parts you should be sending before complying with such requests.

In the workshop session which followed the presentations from Jacqui Donald of RSA and Derek Allan, delegates were invited to consider how best to evidence compliance with the CML reporting requirements, itself now an Accounts Rules requirement. Having a copy of the Society’s CML Handbook Reporting Checklist on file – completed, signed and dated by the fee earner – was considered to be an effective risk control by many delegates. The checklist can be downloaded from the risk management page of the Marsh solicitors website.

Effective anti-money laundering

Morna Grandison provided delegates with a 10-point action plan against fraud. She also explained how the Interventions Team’s AML risk template could assist practices evaluate the risk profile of a particular client or transaction, and identify transactions which should be reported to SOCA. The 10-point action plan is available on the Marsh website, and the AML risk template is included in the conference papers pack, available from Update.

For more information regarding fraud risks, read Morna Grandison’s article at Journal, April 2012, 38, the Marsh article at Journal, March 2011, 42, or check the Society’s web pages for the latest fraud alerts.

Information security

There is no doubt that information security – or to be more specific the loss of or misuse of confidential data ­– is a hot topic currently. John Craske’s presentation went behind many of the recent headlines to examine the risk issues for solicitors. His “information security action planner” sets out key benchmarking criteria relevant to all firms, whether in the initial stages of developing an information security strategy and looking for the basic level of systems and procedures, or already having fairly sophisticated information security protocols in place and seeking to identify gaps in, or improvements that might be made to, existing procedures.

This action planner also gives the lie to the idea that information security is simply an IT issue. It addresses issues such as personal behaviour, office security, and management of suppliers, as well as the security of computer equipment and email protocols. A copy of the action planner can be downloaded from the Marsh Solicitors website.

The potential for significant reputational damage and Data Protection Act fines (up to £500,000) means that, regardless of any other regulatory implications, it makes good business sense to ensure that your information security procedures and processes are up to date, effective and implemented.

The latest e-learning module from Marsh, Information Security Risks, uses interactive material and case studies to highlight relevant risk issues for solicitors. Successful completion of the module qualifies for 0.5 units’ verifiable CPD.

Risk registers

Creating some form of risk register for your practice should not be an academic exercise. At its most straightforward, it is a considered list of a practice’s top priority risks – evaluated according to the likelihood and potential impact of each risk.

Delegates were asked, in one of the workshop sessions, to produce a simple risk register of information security risks. Those who elected to attend the session on business continuity saw the practical application of a risk register to the development of an effective business continuity plan. In the last couple of years alone, law firms in the UK have had their operations impacted by riots, volcanic ash, floods, snow, fires, and loss of IT systems. Spending a little time now to build in resilience to your systems and procedures will pay dividends if disaster does strike. For more information on business continuity planning, log on to the Marsh website to download the conference materials and to read recent Journal articles from Marsh on the subject.

Articles and future events

The conference also featured workshops on the subjects of limiting liability (led by Derek Allan) and social media risks (presented by Tim Musson of Computer Law Training). Extracts from their materials are also available on the Marsh website. These risk issues have been addressed in articles at Journal, October 2011, 35; November 2011, 34; and February 2012, 38.

Risk Management Roadshows, providing practical case study discussion of the issues addressed in the Legal Risks Conference, are planned for Inverness, Aberdeen and Dumfries in September. Check for details.

Online resources

To access many of the materials mentioned in this article, log on to If you do not know your user name or password for the Marsh website, or want to sign up for the Managing Risk e-bulletin from Marsh, please contact Calum MacLean (

Risk alert

Marsh have become aware that fraudsters are selling tickets for hospitality events in the name of Scottish businesses – including law firms. The risk of reputational damage is heightened due to upcoming high profile events such as the Olympics.

Look out for further guidance on fraud risks on the Marsh website:

Calum MacLean and Marsh

Calum MacLean is a former solicitor in private practice who works in the FinPro (Financial and Professional Risks) National Practice at Marsh, the leading risk and insurance services firm. To contact Calum, email:

The information contained in this article provides only a general overview of subjects covered, is not intended to be taken as advice regarding any individual situation and should not be relied upon as such. Insureds should consult their insurance and legal advisers regarding specific coverage issues.

Marsh Ltd is authorised and regulated by the Financial Services Authority for insurance mediation activities only.

Have your say