Operational risks cover mainly the following:
People
People are essential in any business entity. In a law practice, people comprise not only lawyers but also each and every employee who works at the practice.
Every employee must be competent, efficient, and professional in the tasks that he or she is engaged to perform. Staff must be supervised, be honest and ethical as the business of law is also a regulated profession.
Succession planning is also essential for business continuity, in the event key personnel of the practice leave or have to be replaced.
Processes
Many hands are involved in a client matter, including support staff, legal secretaries and even the client himself or herself.
Processes ensure efficient and professional delivery of legal services.
Work flow systems (case management) enable every stage of a client matter and any money received to be tracked from the time a client file is opened until the matter is closed.
Risks of human errors/omissions and complaints for non-compliance with professional practice and ethical rules made under the Legal Profession Act are also addressed.
Case management need not be complex. There is affordable generic software designed for case management for law practices of every size.
Finally, processes include business development strategies and insurance risks review by a practice. This makes good business sense.
Systems
Systems relate mainly to technology both hardware and software. Technology is used to store data and documents. Client matter related data and documents must be protected in view of obligations relating to client confidentiality and protection of personal data.
Technology is used in legal practice for filing requirements, as required by the Courts, government agencies and statutory boards, as well as for the deposit and withdrawal of conveyancing money.
Technology risks in a practice are varied. They can range from poor or weak password management to clicking on unknown e-mail attachments. They can also arise from using obsolete technology or outsourcing IT to a third party with poor management. Cyber-attacks and data breaches through the lack of security technology are a significant risk and well-publicised.
External events
Unexpected events external to a law practice can have a significant impact on the practice, such as a disease outbreak (e.g. the 2003 SARS outbreak in Singapore), cyber-attacks or the loss of key suppliers or vendors of the practice.
2. Who should address operational risks?
Operational risks are addressed by the proprietor, partners or directors of the practice, staff (whether HR, accounting, IT, paralegal or other support) and the other lawyers in the practice.
Where applicable, certain types of operational risks can also be addressed by the appropriate external vendors engaged by the practice.
3. How to address operational risks
Operational risks are identified and addressed by knowing what risks your practice faces, and anticipating and managing them with:
The good news is that strategies, policies and documentation can be found in the Law Society’s Practice Management Guide (2017 edition) (the ‘Guide’). The Guide contains written templates of precedent checklists, strategies and policies to address operational risks such as business continuity, business development, and HR management covering recruitment policies, induction, training and appraisal.
The Guide also has comprehensive templates for client file management processes including checklists for file opening, on-going file management and file closing. A comprehensive compliance checklist for anti-money laundering and countering of terrorism financing is also published in the Guide.
4. What’s next?
Start to identify what the operational risks of your practice are.
Ask how severe and frequent the risks that you have identified in the following areas occur:
Begin to implement your plans and processes to address the operational risks that you have identified. As you do, begin to ensure operational risk management becomes an important part of your practice.
Help and support are available to practices and lawyers under the Law Society’s risk management training programmes and resources.
As a business, law practices have to manage their finances properly.
As a profession, lawyers are duty bound to protect their clients’ money. The Legal Profession (Solicitors’ Accounts) Rules (‘SAR’) sets out a framework of rules for this purpose. The Conveyancing and Law of Property (Conveyancing) Rules sets out a separate framework to safeguard conveyancing money.
Finally, as law practices receive, hold and pay out moneys, there are obligations to meet in law and under practice rules to combat money laundering and terrorist financing activities.
Financial risks for a law practice therefore commonly arise from:
2. Who are involved in addressing financial risks?
Certainly the leadership of a law practice, ie, the proprietor, partners or directors is in the frontline to address financial risks.
Lawyers who hold or receive office money and client money, have professional and compliance responsibilities.
Financial and accounting staff engaged by the practice for their knowledge and skills (such as accountants, financial managers and accounting support staff) play a critical role in managing financial risks. Last but not least, all staff ought to be aware as to who and how they are required to report on financial matters of the practice.
3. How to address financial risks?
Financial risks are mainly addressed by:
Examples of common financial policies and systems are:
Examples of common financial internal controls are:
Examples of common financial records are:
Help is again available from the Law Society to address this risk. The Law Society’s Practice Management Guide 2017 (the ‘Practice Management Guide’) at Chapter 8 sets out the financial and internal control policies, systems, and processes for a law practice.
The Law Society’s Guide to Solicitors’ Accounts 2016 and the Practice Management Guide both explain how to comply with the SAR.
Continuing training programmes run annually by the Law Society on practice management and the SAR help lawyers and staff know and understand financial management.
The Practice Management Guide at chapter 9 sets out a comprehensive written compliance checklist and policy documentation that you can adopt to ensure that your practice is in compliance with the laws and practice rules to counter money laundering and terrorist financing.
The Ministry of Law’s ‘Safeguarding Conveyancing Money Guidebook for Lawyers’ explains the relevant rules and documentary processes law practices are to comply with when handling conveyancing money.
4. What’s next?
Begin to build in your practice a culture of financial management. As owners of a practice, make time to read and know the main financial records of your practice.
Create awareness amongst staff of the basic financial policies and internal controls of the practice. Highlight and explain the reporting lines in your practice as regards financial matters.
Finally, prioritise understanding amongst relevant employees of the rules in place to safeguard client money and conveyancing money, as well as those to prevent the practice from being used to launder criminal proceeds or move funds that support terrorist financing.
To identify quality risks, one must understand what the roles and responsibilities of lawyers and law practices are, as professionals and legal service providers.
Lawyers are Officers of the Court and members of an honorable profession.
As Officers of the Court, they must uphold the laws of Singapore and have a paramount duty to ensure the efficient and proper administration of justice and to uphold the standing and integrity of the Singapore legal system and profession. Lawyers as members of an honourable profession must be honest and avoid any compromise of their integrity and independence.
Lawyers are in a fiduciary relationship with their clients, which means that they have a duty to:
The Legal Profession (Professional Conduct) Rules 2015 (the ‘Rules’) set out the rules that govern the ethics and professional responsibility of legal practitioners practising in Singapore.
Quality in a law practice is measured from the viewpoint of professional service delivery. Lawyers or law practices that: (a) grossly delay client matters; (b) act in breach of their duty of confidentiality; or (c) overcharge or act in conflict of interests, may face civil claims from their clients and/or regulatory action when a complaint is made to the Law Society.
Law practices which can be targeted to launder proceeds of crime, must also comply with the laws and professional rules to combat money laundering (Anti Money Laundering (‘AML’)) and terrorist financing (Countering Terrorist Financing (‘CTF’)).
2. Who are Involved in Addressing Quality Risks?
Lawyers who own and manage a practice have a critical role to lead and oversee their practice’s commitment to client service and professional values.
Their leadership sets the example for executives, paralegals and support staff in turn to honour and commit to professionalism in their work.
“A legal practitioner in the management of a law practice must make a reasonable effort to provide a working environment which prioritises competence, professionalism and ethical consciousness on the part of every individual working in the law practice” (see Rule 35(1)(a) of the Rules).
Every lawyer plays a role in addressing quality risks by his commitment to the guiding general ethical principles for practitioners described in Rule 4 of the Rules.
3. How to Address Quality Risks?
Quality risks are addressed by:
The Guide contains a comprehensive standard letter of engagement and compliance checklist template forms for client due diligence.
4. What’s Next?
Start to build a culture where work policies, systems, processes and procedures bring everyone in the practice together instead of the law practice merely comprising lawyers and employees who operate separately.
Build a practice philosophy, mission and values.
Be a training and skills development focused practice.
Recognise and reward competence, professionalism and ethical consciousness.
Lawyers own and run a business.
Lawyers are also professionals held to high standards of ethical and professional behaviour towards their clients, third parties, fellow professionals and as Officers of the Court.
When it comes to regulatory matters, law practices and the legal profession have to meet duties and responsibilities set out by external regulators such as:
Additional regulatory duties and responsibilities are imposed by internal regulators, namely bodies that are tasked specifically to only oversee the legal profession namely:
LSRA has the power, on account of non-compliance or in the public interest, to suspend or revoke a law practice’s licence, order the practice to pay a penalty not exceeding $100,000 or administer a warning.
Finally, LSRA registers all foreign qualified lawyers who practise Singapore or foreign law in Singapore.
Regulatory risks arise from either non-compliance or poor compliance with the laws, regulations and rules that govern the operation of a law practice or the professional conduct of lawyers or both.
The consequences of non-compliance with regulatory obligations for a practice and/or a lawyer include criminal sanctions and financial penalties.
2. Who are Involved in Addressing Regulatory Risks?
Lawyers who own and manage a practice, whether as proprietors, equity partners or directors, have responsibility for regulatory oversight. As owners of the practice they must run their practice both as a legal business and as a professional practice.
Each lawyer receives relevant practice training and must meet and keep up to date with the professional obligations set out in the legal profession’s rules and regulations.
Staff who are delegated duties impacted by regulatory compliance, such as business development, management, financial, accounting and paralegal staff, must be trained to understand what is expected of them whilst they perform their functions.
3. How to Address Regulatory:
Relevant information, knowledge and guides (such as the Society’s Practice Management Guide) are available from public websites of both the external and internal regulators.
Regular talks and training are offered by regulators. Both lawyers and their staff can attend certain training seminars organised by the Society.
4. What’s Next?
With changing expectations of consumers of legal services, developments in technology and new and emerging risks, law practices can expect a continuous increase in regulations made by both external and internal regulators.
Change is constant; don’t let it be a cause of concern but instead see it as an opportunity to improve your practice.
Build in your practice a culture of open and clear communication that enables lawyers and staff to know, understand, question and clarify how they are expected to meet compliance and regulatory standards.
Reputation is defined as having a place of esteem, respect or being recognised or held to regard by others.
Reputation is based on how others perceive us and this also true for law firms.
A law practice’s reputation impacts:
This category of risk is often cited as an overarching or all-embracing risk as it arises from other risks, namely, operational, financial, quality and regulatory risks as set out in the other parts of the risk management framework.
In particular, sources of reputational risks include the following:
2. Who are Involved in Addressing Reputational Risks?
Reputational risks can occur at all levels of a law practice. Everyone who works in a law practice has a role to play in maintaining and protecting its reputation:
3. How to Address Reputational Risks?
There are several ways to address reputational risks, for example:
4. What’s Next?
Reputational risk is inherent when running a law practice.
Use the following checklist and ask – is your practice:
Examine areas in your practice that can expose your practice to reputational damage. Work on the area(s) that you see the highest risk to your reputation and address what you need to do before you move on to the next area.
| Law Society’s Practice Management Guide 2017, Chapter 9, pp. 91-94 | |
| • | Awareness: Know what are the core categories of risks for every law practice. |
| • | Identification: Identify where your law practice is at risk with a risk assessment checklist. |
| • | Management: Learn how to manage and control identified risks with policies and processes that mitigate/prevent such risks from coming into fruition. |
| • | Review: Build monitoring and review process to effectively manage or mitigate the identified risks and track new or emerging risks. |
| No | Area | Resource(s) | Training Programme(s) |
| (1) | Business development – new business acceptance (client reputation issues) & terms of engagement | Law Society’s Practice Management Guide 2017, Chapter 11, pp. 119-121 | TBC |
| (2) | Employment HR/employment – recruitment, training, mentoring, people management, staff departure | Law Society’s Practice Management Guide 2017, Chapter 3, pp. 17-39
‘Looking for Help or Asking for Trouble? Ethical and Risk Issues with Lateral Hiring’, Singapore Law Gazette (September 2018) |
TBC |
| (3) | Delegation & supervision of employees | Law Society’s Practice Management Guide 2017, Chapter 2, pp. 13-16 | TBC |
| (4) | Deadlines | Professional Indemnity Law Letter (January – March 2016) | TBC |
| (5) | Business continuity – succession planning | ‘Thinking About Talent Management in Law Firms’, Singapore Law Gazette (June 2017) | TBC |
| (6) | Technology – IT security, cybersecurity, data backup, incident response, recovery | Law Society’s Practice Management Guide 2017, Chapter 5, pp. 55-69
‘Don’t Take the Bait’, Singapore Law Gazette (February 2017) ‘Social Engineering – A Perennial Challenge’, Singapore Law Gazette (June 2017) |
TBC |
| (7) | Data protection – data includes both personal data, and confidential client information. Personal data subject to Personal Data Protection Act; and EU General Data Protection Regulation (wef 25 May 2018) if applicable | Law Society’s Practice Management Guide 2017, Chapter 5, pp. 60-61, 67
‘Why You May Need a Privacy Policy’, Singapore Law Gazette (June 2017) |
TBC |
| (8) | Outsourcing Risk – Selection of appropriate service provider (e.g. cloud service provider), Confidentiality, Data Protection | Law Society’s Practice Management Guide 2017, Chapter 7, pp. 74-5 and Chapter 14, pp. 145-46 | TBC |
| No | Area | Resource(s) | Training Programme(s) |
| (1) | Financial and Internal controls | Law Society’s Practice Management Guide 2017, Chapter 8, pp. 76-90 |
* To register for the e-learning programme/s, please click here. |
| (2) | Client Money | Law Society’s Guide to Solicitors’ Accounts 2016 | |
| (3) | CVY Money | Law Society’s Guide to Solicitors’ Accounts 2016 | |
| (4) | AML and counter terrorism financing | Law Society’s Practice Management Guide 2017, Chapter 9, pp. 93-94 |
| No | Area | Resource(s) | Training Programme(s) |
| (1) | Professional Negligence Risk | Professional Indemnity Law Letter (April-June 2018) |
* To register for the e-learning programme/s, please click here. |
| (2) | Ethics & Professional Conduct | Alvin Chen & Helena Whalen-Bridge, Understanding Lawyers’ Ethics in Singapore (LexisNexis, 2016)
Jeffrey Pinsler SC, Legal Profession (Professional Conduct) Rules 2015: A Commentary (Academy Publishing, 2016) |
|
| (3) | Conflict of interests | Law Society’s Practice Management Guide 2017, Chapter 11, pp. 119-120 | |
| (4) | Client care standards | Law Society’s Practice Management Guide 2017, Chapter 10, pp. 113-18 | |
| (5) | Client confidentiality | “Let’s Keep It Confidential”, Singapore Law Gazette (March 2017) | |
| (6) | Professional fees | “Nipping Client Issues in the Bud Through Incorporating Mediation Clauses in Letters of Engagement”, Singapore Law Gazette (June 2015) | |
| (7) | Understanding AML and counter terrorism financing laws, practice rules and PD | Law Society’s Practice Management Guide 2017, Chapter 9, p. 112
For more information, please refer to the Law Society’s AML/CFT Resource List attached. |
|
| (8) | Checklist for AML compliance | Law Society’s Practice Management Guide 2017, Chapter 9, pp. 95-111 |
| No | Area | Resource(s) | Training Programme(s) |
| (1) | Compliance with laws that affect the operation of a law practice: ACRA, PDPC, IRAS, CPF | Tax and CPF Compliance |
* For more information regarding this programme, do check out the CPD Portal. |
‘Reputation – Your Firm’s Most Prized Asset’, Singapore Law Gazette (January 2018)
| No | Area | Resource(s) | Training Programme(s) |
| (1) | Consequence of Damage to reputation – action taken by regulators for negative media / social media attention | Defining Your Social Media Policy, Singapore Law Gazette (July 2017) | TBC |