Everything you need to know about risk assessment
And how automation helps you manage it
Authorities in every jurisdiction require law firms to assess risk and carry out due diligence before they take on new clients. The requirements are complex and vary according to area of practice and location.
Furthermore, it is not uncommon for current or former clients to file claims against their legal representatives for overlooking a risk.
Law firms operating in every area of law and in every country need adequate know your customer (KYC) systems and checks when dealing with new clients. Not only does this help them avoid taking actions that could materially affect their survival or profitability, it enables them to onboard clients on a foundation of security and certainty.
Risk = probability x impact
This article explores the different risks law firms need to assess before onboarding new clients, and sets out why automated due diligence software can transform risk assessment from a drain on resources into a beneficial tool.
Types of risk
We have categorised risks as regulatory, reputational and values-led. Some risks fall into more than one category. It is highly likely that if a client has an associated regulatory or values-led risk, they will affect a law firm’s reputation.
We explore risks in greater depth in our report: How can you protect your reputation?
These are risks that arise from non-compliance with regulatory obligations.
1. Financial risks
The US, the UK, and the EU enforce strict rules to prevent money laundering and terrorism financing being advertently or inadvertently enabled. The consequences of breaching anti money laundering (AML) regulations are severe.
Regulators on both sides of the Atlantic are today equipped with greater funding and investigatory powers than ever before, while public opinion is laser-focused on global corruption and its facilitators.
For example, this September the US Treasury’s Financial Crimes Enforcement Network (FinCEN) made it compulsory for many corporations, limited liability companies, and other entities created or registered to do business in the US to file information about people who own or control companies. In the UK, the beneficial ownership registry and unexplained wealth orders now require suspected criminals or corrupt officials to explain how they came to own assets disproportionate to their income.
2. Conflicts of interest
Conflicts of interest are a major issue for law firms because as well as creating compromising situations, they can also lead to bribery and corruption charges.
Large multinational organisations with connections to extensive networks of customers and business partners pose a particular risk.
Ethical behaviour is strictly codified for law firms. Serious breaches can lead to fines or bans under the UK Bribery Act, the US Foreign Corrupt Practices Act, and anti-bribery laws within EU member states.
Law firms increasingly need to consider whether they should work with a client, rather than if they can work with them. A potential client that passes regulatory checks can still be a values-led risk that will lead to employees, clients and the public turning against your firm.
Values-led risks include:
1. Inclusion on sanctions lists
The sanctions imposed by Western governments against individuals linked to the Kremlin following Russia’s invasion of Ukraine did not apply to law firms. However, many law firms decided to stop working with Russian-linked individuals and organisations due to the risks of being seen to facilitate them.
2. Tax avoidance
The global investigative journalism that led to the 2021 Pandora Papers and the 2016 Panama Papers sparked massive global outrage over money laundering and tax avoidance.
Increasingly, organisations need to provide the data that backs up their environmental and sustainability claims. Clients’ hollow statements today represent a very material risk.
In a survey conducted by Deloitte, 87% of executives rated reputational risk as either ‘more important’ or ‘much more important’ than other strategic risks because of the potential consequences of reputation damage. That’s not surprising. In a 2019 survey, 81% of respondents said they made their purchases based on trust and reputation.
It is far easier for a credible organisation to experience a downfall than it is for a discredited one to rebuild its reputation.
1. Direct risks
Direct risks relate to the internally governed practices and actions of the potential client. While they typically originate from executive level decisions, they can also result from mistakes that reflect poorly on overall higher management.
Examples of direct risks include:
- Defective, unsafe, or non-compliant products
- Unsatisfactory working conditions, employee neglect or abuse, and failure to address inequality
- Senior management-level affiliations with, and/or support for, political extremism or criminal networks
- Purposeful mistreatment of customers or clients
- Controversial posts or ‘likes’ by the organisation’s official social media
- Internal disputes or legal cases that become public
2. Indirect risks
Indirect risks come from actions made by close associates of the potential client. That includes its employees at all levels, as well as owners and directors. Some forms of indirect risk are exposed through purposeful dissent or malpractice, such as in the case of sabotage, while others are accidental.
Examples of indirect risks include:
- The social media conduct of those working for the business or organisation
- Crimes committed by employees or those affiliated with the business or organisation
- Employee affiliations to political extremism
- Tangential risks
Tangential risks are further removed from the internal actions of the potential client, but are no less important. They relate to the actions of its customers, suppliers, clients, donors, investors, and partners.
As the public becomes increasingly intolerant of bad behaviour — including associations with bad behaviour — tangential risks have become just as crucial to prevent as direct and indirect risks.
Examples of tangential risks include:
- Affiliations with third-parties that do not align with the business or organisation’s ethics and values
- Relationships with suppliers or customers that undermine the core values of the business or organisation
- Partners or third parties’ misconduct or illegal activity
How to manage and minimise risks as your onboard new clients
Every law firm has its own degree of risk tolerance. However, that tolerance cannot exist without a deep and confident understanding of the risks clients bring with them.
Knowing as much as possible about potential clients helps assess whether they are a good fit, and enables law firms to prepare to answer to criticism that arises from agreeing to work with a risky client.
However, the vast volumes of information now available on the internet make it all but impossible for client intake teams to find and assess every risk without automated support. Manual research teams, even when equipped with database and search tools, simply cannot match the power and speed of AI.
The problems with client intake software
The traditional background checking process:
Step 1: PEPs and sanctions look-up tools provide yes/no answers about known risky clients. However, these tools are not updated in real time. They do not highlight people who are about to be sanctioned, or close associates of those who have been sanctioned. Analysts need to run additional, manual PEP and sanction checks.
Step 2: Analysts must go through and analyse the results to screen out false positives by applying other contextual information known about the subject. This costs time and money, but is work that cannot be rushed.
This can lead to:
- Long delays in onboarding clients
- Excessive resources spent on research in-house or with expensive risk consultancies
- Important information about risky clients being missed
- A backlog of potentials clients that need analysing for risks, leading to burnout
Xapien solves the challenges of assessing risks during client onboarding
Automated due diligence removes many of the menial tasks associated client intake teams must carry out. Information is translated from over 130 languages so that no detail is missed, and regulatory, reputational and values-led risks are highlighted.
By taking on manual searches and data processing, it makes all the small decisions so that humans can make the big ones.
The result is a faster, more efficient due diligence process that does not replace human efforts, but enables them to use their skills and energy where they are most needed, maximising productivity.
When Xapien’s automated background research software is used for client intake, speed increases and manual inaccuracies are removed. The reports are delivered within 20 minutes, not two weeks. Partners can start working for clients, and billing them, within 30 minutes.
Client intake teams and partners gain a deep understanding of potential clients’ reputations, backgrounds and objectives. Not only does this give them a greater understanding of potential clients, but it helps them go on to build better relationships with those clients.
Xapien enables client intake teams to:
- Bring to light obscure and otherwise unsearchable data, such as quotes in the media, obscure websites, contact details, and public social media posts
- Cut time wasted looking for data that simply isn’t there. Xapien gives teams confidence that all the rabbit holes have been fully explored
- Present executive level, auditable reports that include adverse media, networks and connections and background information – within 20 minutes.
- All potential risks are unearthed and ready to be assessed
- Positive relationships with prospective clients
- Onboard as many new clients as possible and meet targets
Launching due diligence searches with Xapien requires only the most basic technological skills. It is as easy as inputting the name of your subject, adding some context, and hitting go. The platform then searches through all online data, using powerful AI algorithms to identify the information that is relevant to you and your subject.
The results are displayed in a single, shareable report alongside their original sources. Xapien automatically identifies assets, associates, wealth, business roles, descriptions, quotes and affiliations whilst providing avenues for further exploration.
The platform meets the needs of both business intake and compliance teams, by surfacing all relevant information in one report. Law firms can be certain they have mitigated all compliance risks and proceed to take on new business quickly.
Subscribe to our guides…
Search engines are great but they are only the starting point. Finding, reading and condensing the full picture is slow, hard, and painstaking work. Xapien can help.