The SRA has issued its now annual report on risk in the solicitors’ profession, SRA Risk Outlook 2014/15: The key risks to the regulatory objectives. The report contains a league table of risks:
- Misuse of money or assets
- Money laundering: inadequate systems and controls
- Bogus firms
- Lack of a diverse and representative profession
- Failure to provide a proper standard of service (especially quality to vulnerable clients)
- Breach of confidentiality: information security and cybercrime
- Lack of independence
Alongside bogus firms in breach of confidentiality, lack of independence are “new entries” into the professions risk outlook. It is the latter which caught my eye. It suggests a renewed interest in regulating the professional obligations to uphold the rule of law and the proper administration of justice and to behave independently.
The SRA reports that, “we have seen cases where pressure from influential clients has compromised firms’ prioritisation of the public interest.” The report goes into greater detail:
Lack of independence
Promotion of a client’s interests, or a desire to maximise commercial return, should not override wider obligations to the public interest and the proper administration of justice We acknowledge that the professional principles can, and do, come into conflict with each other However, when professional principles come into conflict, the one that best serves the public interest, in the particular circumstances, prevails There is an increasing trend towards corporate buyers of legal services, such as financial institutions and large multinational businesses, having sophisticated in-house legal departments This can change the balance of power between the client and their legal advisor Those we regulate must ensure they prioritise their obligations to act in the public interest, in accordance with their duties to court, and must resist client pressure which may adversely compromise their professional independence
Failure to act with integrity or ethics: improper or abusive litigation
Improper or abusive litigation is the misuse of legal proceedings (or the threat to bring proceedings) for unethical gains, either for the law firm, its clients or both. This is done by exploiting a client or third party’s lack of knowledge of the law or the lack of resources available to them. We have seen several cases where the justice system has been manipulated so that a firm can increase its financial return. This type of litigation is contrary to a solicitor’s duty to act in the public interest and has a significant negative effect on the public’s perception of the profession
The report argues that:
This risk is widespread, but is most relevant to firms engaged in corporate or city-based legal work. It may also be significant when a firm is reliant on a single or limited number of clients. Maintaining independence is also relevant to in-house solicitors, who may come under pressure from their employers.
It warns that, “sophisticated in-house legal departments,” exert greater scrutiny of, and pressure on, external law firms. “This can lead to law firms being presented with ‘take it or leave it’ contracts or prescriptive or onerous terms of engagement.”
Pressures law firms must manage include:
- pressure to breach ethical or professional obligations – for example, to use a firm client account to provide a personal banking facility, or to mislead the court, or to breach duties of confidentiality to other clients
- control over which clients the firm can and cannot act for – this could erode access to justice, particularly if the firm is one of few specialists in the area
- being clear about who constitutes ‘the client’ – for example, when acting for a corporate client this may mean distinguishing between the interests of the client’s shareholders, its management and the individual who commissioned the legal advice These interests are not always aligned
The proposal appears to be to mainly pursue this through supervision relationships (the report is silent on enforcement in relation to the cases it has seen):
Through our supervision of firms we will explore how these risk are managed by law firms and aim to understand better the challenges firms face. We will share best practice on how firms manage these issues and balance their ethical responsibilities with commercial success
On abusive litigation the report emphasises:
- firms being criticised by judges for aggressive correspondence in corporate litigation or accused of unethical conduct towards witnesses or their statements
- judges highlighting serious concerns that ‘frivolous’ litigation was being brought forward by lawyers
- he High Court warning that immigration solicitors face referral to the SRA if they make ‘abusive’ judicial review applications which fail to follow proper procedure
- a number of cases where judges have dramatically reduced excessive costs claimed in litigation by over 90%
The SRA does not name names but it is not difficult to think of examples of the kinds of thing they might mean. I have expressed concerns or raised questions about cases involving Standard Chartered Bank, the Times, Clifford Chance, News International/NOTW, Harbottle and Lewis, Farrers, Allen & Overy, Stewart Law and Jeffrey Green Russell. Some of these cases have been investigated. Some may yet. Evidence given in the recent trial of News of the World employees suggests further concerns may yet be revealed.
On the cybercrime front of the following alarming case study is offered:
Large law firm loses data to hackers
A solicitor at a large law firm received an email which looked like a message from the firm’s answering machine service He opened it, and this activated software to install a program called CryptoLocker
Once CryptoLocker had downloaded, it encrypted all the client and office files held by the firm, and a message came through that if the firm wanted the files decrypted, they would have to pay a £1000 ransom within 40 hours If they did not pay the ransom by the stated deadline, the encryption would become permanent and the firm would never be able to retrieve their files.
The firm’s IT department tried unsuccessfully for 2 days to break the encryption At this point, the firm tried to pay the ransom. However, the deadline had expired and so the files could not be recovered. The firm had to explain what had happened to all their clients A number of clients’ cases were severely affected, with court deadlines being missed
This could have been prevented relatively easily CryptoLocker does not spread across networks, and the only files it can encrypt are those that the user who opens the email can access Therefore, the only reason it affected all of the firm’s files was because the member of staff who opened the email had access to them all. In addition, the firm did not have remote backup of any of their files. If they had done, they would have been able to access the files from the backup and the attack would have failed
The report is silent on the identity of the firm. I do not know if it is emerged elsewhere. One can understand the SRA’s reticence, but also note in passing the broader regulatory emphasis on disclosing quality and ethics relevant material to clients (such as consumer complaints). Whether the SRA should disclose the name of the firm or not, I imagine this sort of information is being sought by sophisticated clients as part of their due diligence and taking firms on. I certainly hope so. What will happen where such breaches occur in firms serving less sophisticated clients? Will the SRA act? Would that be fair if they have allowed City firms anonymity?
There is perhaps less an emphasis in the report on changes in the market which are now seen as drivers of risks in and of themselves. Some hints of the extent of market change are indicated by the following statistical nuggets from the report:
- the market share of the top ten conveyancing firms increased from five percent in 2010 to ten percent in 2012 17
- in 2006 sole practitioners made up 41 percent of the profession; in 2013 this had reduced to 29 percent
- there were 60 percent more law firm mergers in 2012 than in 2008