Did you hear the one about the law firm with the risk management policy? It made its clients wear hard hats when they went on a golf day. Charles Rymer says that law firms should beef up their approach to this increasingly important area....

Historically, law firms looked at risk management from a financial perspective, namely their own. The true meaning of risk management penetrates every aspect of the business, focusing on how to reduce your client's exposure to risk and the level of risk we pose to the client.

A classic example is the development of the firm's fraud department. Marketing people would refer to this department as niche, but it was born out of risk management principles. By investigating the problem of fraud and collating information on areas such as how to spot a fraud case, we can feed back information on areas of risk. The information we now have is available on a database, which has the power to pinpoint hot spots of fraud to particular streets and times of the year.

The next stage of the process is to assimilate this information into a useful model that can be applied by the client to his business systems to stop the problem at source. We apply this information and knowledge via training courses to our insurance clients' case handlers.

Finally, to close the risk management loop, the system must be

monitored for effectiveness and has to be under constant review. Changes to the law and patterns of fraud will have a corrosive effect on the risk management process and so we start again at stage one.

In isolation, the above model serves as a template for developing risk management practices. It has to incorporate the two main areas of risk that will affect the client – changes to the Civil Procedure Rules (CPR) and the effect of the Human Rights Act on insurance policy and legal interpretation. Information technology has an important part to play in integrating a risk management system across the firm.

Currently, Silverbeck Rymer has a number of databases. We need to combine these into one. The next logical step is direct access for clients to our files and this needs to be incorporated into the overall design. Looking to the future is part of the risk management philosophy.

Real changes
Law firms are extensions of the insurance companies' services to their customers. The move to instant access of information on case status means we must be able to provide this service. As a by-product, management information will become instantaneous as well. Quicker access to information when needed means better decision making and, therefore, less risk.

Immediate information on the CPR, turned into real changes in the way we handle a file, is already part of the current risk management strategy. Internally, two senior solicitors advise on amendments, followed by updates on the computer network.

The message is communicated around the firm via email and hard copy. A training programme is developed and rolled out to all fee earners and clients. The auditing manager is responsible for monitoring the process and testing for the adoption of the changes during the departmental audit. Recommendations from the audit are then incorporated back into the risk management process.

The same process applies to the Human Rights Act. Currently we are at the stage of monitoring human rights arguments and feeding this information through to our clients. The main areas of concern at the moment are surveillance and a fair trial with regard to the CPR. When the legal position is established, we will be ready with tactical advice for the client.

In order to effectively advise on risk and provide solutions in areas such as human rights, in depth knowledge of the clients' business is essential. In addition to knowing the insurance business, risk management must address particular insurers' concerns and characteristics. Views on refusal of indemnity differ between clients. Consequently, advice and risk management procedures vary accordingly. Some claims managers prefer certain fee earners to work on a case, while others welcome a team approach. Even this basic difference needs to be taken into account for the responsibility of a file during a fee earner's absence or holiday.

Measuring the effectiveness of the risk management process is the litmus test. The level of complaints is the ultimate result. Complaints should not be viewed as negative. They can help improve the service as part of the risk management process.

A culture of no blame needs to be created so that complaints are aired rather than buried away. A complaint against us is a complaint against the insurance company. Proper risk management can help to achieve a year on year decrease.

Performance figures such as time to settle, or money saved on claimant costs need to be used as part of the risk management process, rather than as a selling tool to insurers. The place for performance figures is in the risk management report. As part of our plan for the future, the auditing manager will be responsible for producing a risk management annual report that sits alongside the annual financial report.

External reporting as part of a new openness is the way forward. If you are setting up risk management procedures and systems you have got to have the confidence and transparency to reveal warts and all.

Silverbeck Rymer is on the first step of building a risk management process that fits the model. It will take a considerable investment in information technology and management resource including a change of culture across the firm.

  • Charles Rymer is a partner at Silverbeck Rymer.