By Christopher Young, Head of Risk and Business Development Practices, Pinnacle
This article first appeared in Forefront IV 2020
Let’s talk risk and compliance.
My observation would be that firms are doing a pretty good job of undertaking the risk assessments as they take on matters. The conflicts and anti-money laundering (AML) assessments are getting ever more robust, and while the AML evidence gathering can be tedious and time-consuming, it is being completed. Risk and compliance teams do, of course, have a powerful tool—the releasing of the matter number. That’s a hold over fee earners right there—withholding a matter number until they have done all that they need to. The problem though is that while this works at matter inception, it doesn’t help us with ongoing risk management.
And that’s why we’re seeing a clear trend: an increasing number of firms looking to understand and manage the risk through the life cycle of the matter. It has always been an obligation to identify changes. It has been explicit in AML and conflicts. So, what we’re really talking about is the difference between risk assessment and risk management. Risk assessment is a point in time action, and risk management is the identifying of risks and understanding the impact of changes in the parameters as things evolve or more information is discovered.
We know that risk and compliance teams are stretched for resources, so most flag things that they see as high risk at the outset, add them to a list, and monitor the items on the list. The challenge with this is that being added to the list for monitoring relies on the quality of the data that is input initially, and we know that matters change as lawyers are executing them.
Firms are looking around for new technologies and processes to dynamically review inflight matters. Consider, for example, the ability to silently initiate an “add party to matter” process based on the contents of legal documents as they are being drafted. The lawyer does the lawyerly thing; drafting their document in Word, adding parties as they need to. On saving the document, it is assessed to determine whether all of the parties in the document are already linked to the matter. If there has been an addition, an “add party to matter” request is automatically and silently created. A new conflict search is run and only highlighted to risk if there are new hits generated. This sort of capability is coming on stream now.
There’s pressure too on improving risk reporting such as the ease of compilation, quality of presentation, or option to drill down directly into the data. In addition, there’s pressure to move away from the simple surfacing of information toward being able to do something positive with it. This “actionable insight” can be embedded simple instruction forms and action buttons into reports.
Developing a risk reporting content pack has been interesting. It has reminded us that our work intersects with many different processes and that the managers of those processes can require very different insights. For example, there are those who simply want to know how many tasks they have performed, those looking to identify training needs, those that are running legal departments, and those ultimately looking to minimize the risks the firm is running and how those risks are changing over time. All business intelligence needs to be persona-based.
Not only does it need to be persona-based, but it needs to be actionable. Embedding small forms and buttons into business intelligence tools stops the user from having to go to another system to do whatever the dashboard is highlighting such as initiating a bill, performing a risk check, or adding a calendar entry. It truly allows you to turn reporting from FYI to FYA (for your action). It has the opportunity to fundamentally accelerate the speed at which firms gain and act on insights.
There are truly exciting developments going on in the technology arena: things are becoming cheaper and quicker to deliver. Risk teams need to capitalize on these. Having captured considerable savings in office space usage, travel, and other costs, is now the moment to start focusing on automating the identification of the risks within firms? If it allows a firm to proactively reduce the inherent risks of running their advisory business, then what are we waiting for?