SME firms under fraud attack but see business benefits in risk management


Marston: Firms need to look at the bigger picture

Almost half the staff at SME law firms say their firms have been attacked by fraudsters within the past 12 months, a survey has found.

At the same time, the research into how firms are responding to risk management and compliance found evidence more generally that firms are “turning regulation into a business driver, rather than viewing it as a constraint”.

The report by national law firm network LawNet – based on a poll of 585 staff at 71 member firms across the country – said fraud and cybercrime continued to be the “hottest” risk management topics for law firms.

Some 48% of employees said their firm had suffered a fraud attack in the last 12 months (successful or not), 23% said their firm had not suffered an attack and 29% said they did not know.

Four in ten firms ranked cybercrime and fraud as the biggest threat for 2017, followed by data protection, maintaining robust IT systems and information security.

The survey found that junior and administrative staff were more likely to think of effective risk management in terms of reducing “regulatory repercussions”, while senior lawyers tended to focus on the benefits for the firm’s financial management and reputation.

“Interestingly, most of the staff taking part in our research said they could see that risk management was a vital business tool.

“However, our research also showed that junior and admin staff were more likely to see compliance as the most important aspect of risk management.

“It’s an attitude that persists across the sector, with fear of the SRA and the need to satisfy regulatory requirements often dominating attitudes, with less attention paid to reputational and financial risks.”

Better client service was the most popular choice as a benefit flowing from better risk management, followed by reduced indemnity insurance claims and protection of the firm’s reputation.

The report said: “Effective risk management is about more than simply ‘ticking the box’ for compliance or quality management purposes. It’s about creating the right blend of culture, process and customer service, all wrapped up in a risk management strategy.

“As well as reducing claims, and hence your PII premiums, such a strategy should deliver far-reaching and tangible benefits that pay out all year round, by helping you to choose clients who will keep cash flowing, filtering out inefficient suppliers, and attracting and retaining excellent employees.

“There should be a direct impact on your bottom line, and strong processes will help to keep both your insurers and bankers happy, as well as tackling fraud.”

The survey found that over 95% of respondents understood their firm’s policies in the key areas of banking and client payments, and managing files and equipment away from the office.

Administrative and secretarial staff were the most likely to respond that they did not know the firm’s policy for dealing with the former.

Over 90% of staff were aware and understood their firm’s policy regarding the use of social media.

Chris Marston, chief executive of LawNet, added: “Fraud is top of the radar for most firms, and rightly so, looking at the figures. But firms need to look at the bigger picture if we are going to tackle this across the sector.

“Embedding the right culture, so every member of staff is clued up and signed up, is how we’ll achieve this, while bringing real business benefits through better customer service and increased competitiveness.

“Complaints about over-regulation, and the resulting burden on firms, are part of the day-to-day, but our membership enables us to speak on behalf of a sizeable constituency of larger SME firms, and the evidence is that increasingly they are turning regulation into a business driver, rather than viewing it as a constraint.”




    Readers Comments

  • Chris Setford, Setfords Solicitors says:

    Cybercrime and fraud is definitely the biggest threat for 2017, but it’s also a massive opportunity. SME firms that have rigorous internal processes, and wider expertise in the full spectrum of cyber law can turn threat to success. The impact of Brexit, GDPR and a new global political landscape means clients are crying out for specialist legal expertise in cyber law, risk management and data protection. They are also looking for lawyers who understand the broader issues of reputational risk. We’ve recognised this gap and have attracted a prominent Cyber Lawyer to our commercial team, Dean Armstrong QC. We couldn’t offer advice if our own house wasn’t in order. We have invested in robust systems and training to make sure there is clear understanding and appreciation across our team so all colleagues understand there are not just legal ramifications of non-compliance, but that a firm can rise and fall on the strength of its security.


Leave a Comment

By clicking Submit you consent to Legal Futures storing your personal data and confirm you have read our Privacy Policy and section 5 of our Terms & Conditions which deals with user-generated content. All comments will be moderated before posting.

Required fields are marked *
Email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog


Five key issues to consider when adopting an AI-based legal tech

As generative AI starts to play a bigger role in our working lives, there are some key issues that your law firm needs to consider when adopting an AI-based legal tech.


Bulk litigation – not always working in consumers interests

For consumers to get the benefit, bulk litigation needs to be done well, and we are increasingly concerned that there are significant problems in some areas of this market.


ABSs, cost and audits – fixing regulation after Axiom Ince

A feature of law firm collapses and frauds has sometimes been the over-concentration of power in outdated and overburdened systems of control.


Loading animation