June 11, 2022

Risk Management AD

Risk is thrust to the front and centre of business operations by the risk management failures that result in breaches of professional duties when executing the mandate by clients. Law firms should identify the significance of risk management. Persistent and targeted attacks, along with changing insurance coverage and pricing, mean that risk strategies relating to cyber at law firms are also changing (Marsh: What do law firms say their key risks are in 2021?www.marsh.com, accessed 28-05-2022)). In times of economic crises, firms should consider cutbacks in all non-profit-making roles. Enterprise risk management (ERM) for law firms, rather than a focus on the traditional, siloed approach to professional indemnity, cyber, and workforce risks should become the norm.

‘Structural tension and institutional pressures on partners shape the day-to-day judgments of lawyers in corporate boardrooms, courtrooms, and law firm suites'(University of Miami Law School “Big Law and Risk Management: Case Studies of Litigation, Deals, and Diversity” Antony – V. Alfieri (2011) (https://repository.law.miami.edu, accessed 28-05-2022)). Together, they mould risk-averse and risk-taking behaviour in the lawyering process and in law firm management. Uncertainty of employment/business security and external economic instability increases the pressure for people to act unethically (Law Society of Alberta ‘Trust account risk management’ (April 30, 2020) (www.lawsociety.ab.ca, accessed 09-06-2022)). Fraud risk assessment, management and response continue to be a high priority for the safety of trust funds. Firms can take the following proactive measures to prevent fraud:

  • Monitor inactive accounts or client ledger accounts with high balances for unusual entries and transfers;
  • Make sure that monthly bank reconciliations are being done;
  • Separate duties or tasks so that the person who receives a payment should be different from the person who records the transaction in the system or performs the reconciliation/verification of the transaction;
  • Follow the money by performing audits to ensure the transactions make sense; and
  • Pay attention to documents and the supporting paperwork.

The following mitigation measures may be considered:

(i) Engage in ongoing professional development and training to help maintain high-performance capabilities. This is more than simply keeping up with changing laws. It should also include practice and risk management initiatives.

(ii) When hiring new practitioners, be diligent in the interview process, and perform thorough reference and background checks to help avoid a bad fit.

(iii) Establish procedures and protocols for the protection of client and firm confidential information when a practitioner leaves the firm. A thoughtful exit interview can help you understand why a practitioner is leaving and alert you to potential internal problems.

Risk drivers associated with the attorney-client relationship are;

(a)  Preliminary consultations not resulting in a formal attorney-client relationship.    

The attorney may unintentionally accept responsibility during preliminary consultations, e.g. a practitioner told a client that he did not think she had a claim for medical malpractice, but he would check with another. He never got back in touch with the client or billed the client for the consultation. The client did not consult with another attorney until a year later, by which time the claim had prescribed. The practitioner would be found to have negligently rendered advice regarding the client’s potential claim;

(b)  Confusion over the scope of the engagement 

– as a result of poor communication, the practitioner may fail to pursue a matter that the client, but not the practitioner believed  the practitioner was going to pursue;

(c)  Pro bono work.

No fee is necessary, however, to create an attorney-client  relationship  and a practitioner who renders pro bono service will be held to the same standard of reasonable care;

(d)  Language that the client reasonably interprets as guaranteeing a result rather than only promising to diligently and competently attempt to obtain a result.

 Ordinarily, a practitioner’s contractual obligation to a client will be considered an implied promise of diligence and competence. In some instances, however, a  practitioner’s words may be reasonably interpreted as guaranteeing a result; for example, “Don’t worry, we’ll get your car back.” If so, the practitioner may be held liable for breach of an express promise.

(e)  Foreseeable consequences to non-clients.

Practitioners may create an attorney-client relationship with third-party beneficiaries. An example of this third-party relationship involves the intended beneficiaries of a will, who may sue a practitioner that fails to prepare a will in accordance with the testator’s wishes because the testator clearly intended to benefit them;

(f)  Business relations with clients. Practitioners are fiduciaries and cannot enjoy arms-length business relationships with clients. If a client alleges that a practitioner gained an unfair advantage in a business arrangement, there is a presumption that the practitioner’s gain resulted from undue influence;

(g)  Failure to withdraw or otherwise disengage.

Practitioners who finish working on a  case without notifying the client or fail to clearly define the scope of the representation runs the risk that the client will think the representation is continuing. In a child custody case, the client may assume that the practitioner will be available if disputes over enforcement later arise. Disengagement letters are strongly recommended in all cases in which disputes may arise. Such letters will protect the practitioner against liability and prevent a former client from asserting a present-client relationship if the practitioner attempts to represent someone against the former client;

(h) Active, skills-based mistakes

– drafting errors, based on a misunderstanding of the law or fact are the most likely skills-based mistakes;

(i)   Slips, and errors (unconscious failures)

– Procedural errors and failing to complete key steps in a process are the most likely simple oversights; or

(j)   Violations (where ethical or compliance requirements were ignored) require special attention

– acting outside areas of expertise (where the firm does not prohibit this) is the most likely ethical issue violation.

‘Legal practice can be such a malpractice risk carrier ‘(William H. Fortune: Risk Management for Lawyers (https://uknowledge.uky.edu, accessed 29 – 05 – 2022)). Legal practitioners should recognize that every client is a potential adversary and manage the risk by practicing defensive law. This risk management does not mean that practitioners should put their own interests ahead of their client’s interests. The client and practitioner both benefit from defensive lawyering because the heart of the concept is accountability. Practitioners who run conflict checks, use engagement and non-engagement letters, keep their clients informed, are diligent with respect to law and fact, and refer matters beyond their competence to specialists serve both themselves and their clients well.

Even experienced, smart practitioners can make mistakes that can lead to one or more of the attorney-client relationship risks (The Hartford “Lawyer Risks: Risk Management Failures in Law firms’ (www.thehartford.com, accessed 28-05-2022). It can happen from overwork or acting outside an area of expertise, or failure to delegate to more appropriate lawyers in the firm. Practitioners who wear multiple hats, such as acting as a director, trustee, executor, or who otherwise might have a direct or indirect personal interest in a matter may be more susceptible to creating conflicts. Attorneys who decide to leave your firm present important risks: foremost among them is the loss of their expertise and any clients who might leave with them, and the confidential client and firm information they may have and how that will be protected.

A practitioner is under a duty to represent the client with undivided loyalty, to preserve the client’s confidences, and to disclose any material matters bearing upon the representation of these obligations (William H. Fortune (op cit)). Breaches of these fiduciary obligations are usually not deliberate and may result from a lack of understanding of the duties imposed on attorneys by the Code of Professional Conduct and the law of fiduciaries. A practitioner is held to a standard of reasonable diligence and competence. The standard of care is generally composed of two elements – care and skill. The first has to do with care and diligence which the attorney must exercise. The second is concerned with the minimum degree of skill and knowledge that the attorney must display. The practitioner’s act, or failure to act, is judged by the degree of its departure from the quality of professional conduct customarily provided by members of the legal profession.

Professional liability policies generally do not cover liability for intentional misconduct. Bad practice can lead to a pecuniary liability. Anthony E. Davis, Legal Ethics and Risk Management: Complementary Visions of Lawyer Regulation, 21 GEO. J. LEGAL Ermcs 95, 96 (2008) argues that risk management beneficially educates lawyers in ethics, enhances their decision-making, and elevates their individual behaviour through institutional culture and oversight. The individual and institutional exercise of risk governance norms and practices, as well as the risk-calibrated managerialism, is increasingly becoming a necessity among law firms.  The rise of risk-calibrated managerialism among law firms is marked by their tendency to fragment legal work into specialist and technical areas (Marsh (op cit)). A technical rule calibration to minimize risk-taking behaviour harmful to the practitioner or law firm prosperity and the integration of institutional risk management systems and the broader ethical traditions of the profession in everyday practice is apposite.


Please note that our blog posts are informal commentaries on developments in the law at the time of publication and not legal advice.

About the author 

Sipho Nkosi

Sipho Nkosi is an experienced Legal Professional with a demonstrated history of working in the legal services industry. A strong legal professional with a B Proc degree focused in Law from the University of Natal (Howard College), with a keen interest in corporate governance and a profound insight into Compliance Risk Management. Skilled in litigation and procedural law, and an affiliate member of the Compliance Institute Southern Africa.

Leave a Reply
{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}