Posted by Jon Cook of Legal Futures Associate Quality PI
As professional indemnity insurance (PII) brokers, we are often seen as a means of squeezing costs at a certain time of year, when insurance premiums are due for payment. However, our real raison d’être is to deal with complex and life-changing matters which threaten the existence of a law firm or its members’ future standard of living.
Client money losses have been an issue for decades, and they affect insurers’ approaches to setting premium rates. They surface more during recession where they provide opportunists with a means to cash in on property fraud in a stressed market.
As practitioners, we know from experience that these losses are still mounting, but with insurer statistics no longer widely circulated, we don’t know how bad the situation is. Individual firms will not want to publicise their predicament.
We also know that the cause of losses is becoming more sophisticated. Some years ago, ‘Friday afternoon frauds’ were a major source of loss (law firms telephone lines were hacked and the felon posed as their bank’s employee to entice a junior cashier to send money by wire). Now, the more prominent issue is a hack between the firm and its client or recipient.
Many firms take the view that, if there is a client money loss, their insurer will take care of things for them – after all, there is a section in the minimum terms of insurance that specifically indemnifies a firm and “overrides” any requirement for a professional duty of care or negligence to be present.
There is a big ‘however’ in all of this, exemplified in two areas. The first is in the Friday afternoon fraud instance, where some years ago a single insurer had a significant number of these losses and reserved its rights on some.
What that meant was that the individual responsible for the firm’s protection had to pitch up at their partners/board meetings and tell their colleagues that a financial cloud would hang over the firm for many months to come – uncomfortable to say the least.
The second is that a major client money loss is difficult to keep under the radar, is stressful to deal with and often consumes vast amounts of partner/director time at the expense of the business.
The effect is that through either loss of reputation or taking their eye off the ball, and despite our efforts to put all of the money back, firms that suffer these losses limp on for a short time but often do not survive.
The Solicitors Regulation Authority is looking at a compulsory requirement for law firms to take separate PII and cyber policies for a reason.
If this happens, PII premiums will not reduce – PII is a commercial marketplace and insurers have made little or no profit over many years. There is ongoing concern amongst insurers for the scope of supervisory risks of remote working but also the cultural aspects of some firms – governance and oversight issues still prevail.
One particular insurer provides a discount for firms who undergo a cyber audit; however, for the firms that cannot comply with the audit, premiums and excesses are increased significantly.
Most law firms have made good money during the spring and summer of 2021, and thankfully are in a much better financial situation. We are now, however, undoubtedly seeing the results of the uptick in conveyancing activity through increases in claims.
Where errors were previously one of the smallest sources of claims, now they are emerging as a major factor from that period as transactions were pushed through. Those errors include issues around client money, identity and transferring funds.
And what are the implications of that ubiquitous phrase, legal tech? As people who advise on risk and protection for law firms, we know that remote identity verification is undeniably a big factor. It is not only that it verifies the identity of the client, but will also, in most circumstances, vouch for their source of finance via the open banking system.
More important still is blockchain – and in this instance we refer to the ability to send client money from A to B securely without the risk of it being intercepted, as opposed to non-fungible tokens or Bitcoin. The technology is here now, it should be adopted by front-running law firms quickly and moreover it will be a sector game changer.
Firms that do not adopt legal tech are at risk, not just from losses, but from their ability to maintain speed and security of transactions against their peers.
Is there a solution to any or all of the risks surrounding client money loss? The reality is that no one solution exists. But through a combination of modern management and discipline, the adoption of good legal tech and establishing formal procedures, the risks of something going wrong, or an issue affecting the health of a firm arising, are minimised.
Business life has few certainties, but the fewer uncertainties it has means that a firm’s focus can be on more profitable development of its client activities.
How about no firm being able to invoice against client funds without the express approval of each invoice by two partners, who then would be personally liable for any mis-invoicing (aka theft)?