Our Risk department (a global team with more than 50 in-house lawyers and advisers) supports partners and senior managers to ensure that the firm complies with the rules of the marketplace, applicable laws and professional rules. The team also manages the firm's exposure to claims and complaints in the conduct of our legal practice.
National managing and local risk partners share responsibility for managing risks in the legal practice of each local office.
Business Services directors share responsibility for managing business risks not directly related to the conduct of the firm’s legal practice. These include managing business continuity plans, IT security and wider operational risks, including dealing with suppliers.
The firm’s risk management processes in London are aligned with the SRA’s Solicitors' Code of Conduct.
As part of these risk management processes, we carry out risk reviews. These are in-depth examinations of how we meet our risk responsibilities at a local office and practice level. The reviews include, among other things:
- health, safety and security issues for our people
- business continuity planning to keep our business running during or after a crisis
- quality control and responsible marketing in the delivery of our services
- new business acceptance and terms of engagement – whom we will work for and on what terms
- legislative and regulatory compliance
- preserving our reputation as a market leader
As part of the risk review process, our Risk team meets with practice and business heads across the firm to identify and discuss how key risks are being managed. The action points arising from these reviews are incorporated into the relevant business plans.
Some of our biggest risks concern association with the “wrong” clients or third parties, including those who have a controversial reputation or become involved in market scandals or are associated with bribery and corruption. The Linklaters Seven Questions and new business approval processes have been developed to control and mitigate these risks. As part of these processes, we have developed ‘Guidance on High Risk Business’ for certain categories of business warranting special jurisdictional or sectoral focus because they give rise to acceptance of a higher degree of risk than is normal. The Guidance serves as a filter for such business which, prior to approval, is then subjected to further background checks and consultation with the risk team as well as partners with specialist knowledge, experience or expertise in dealing with business in the relevant category. Our client confidentiality obligations mean that we can not disclose why we decide not to accept work in any particular case.
The Risk Register
Risks identified through our risk review process are added to the firm’s risk register, where they are assigned to one of six categories (such as Client Based Reputational Risk or Litigation and Service Level Risk) and described in terms of cause and potential effect on the firm. A risk owner and co-ordinator are also appointed for each risk to review and develop action plans to mitigate management of that risk and track progress. The risk register is included in quarterly reports to the firm’s Executive Committee and any particular areas of high risk or significant changes are highlighted as necessary.
We take our legal and regulatory obligations in relation to information security and data protection very seriously. We have established procedures and provide regular training in relation to confidentiality and the use of information barriers. We have recently put in place a new system of automated information barriers and a firm-wide set of binding corporate rules to ensure consistent and greater protection of personal data throughout our offices.
Security and Safety team
Our Security and Safety team works in conjunction with our international premises team and assists in numerous projects around the world by reviewing the political, security, crime and environmental risks of each region, country and city in which our people are working. Other issues that we are aware of and monitor include:
- maintaining a safe and secure work environment, which includes a travel risk service for all our travellers, taking into account security and medical issues.
- the successful recovery of the business in the event of a major disruption
- disruption to staff's travel arrangements due to flooding or high temperatures
- uncomfortable working conditions
- increased energy bills due to more cooling required in the summer months
- legislation requiring tax on carbon emissions
- the maintenance of staff health and wellbeing through proactive assessment and monitoring programmes.
We assess our safety, security and business continuity risks formally once a year and, if any external risks have increased, we carry out further assessments. This research, along with our annual business impact analysis, helps us develop and plan our overall risk strategy and manage our resources. We also look closely at our threats and risks using our Terminate, Reduce, Assess, Pass-on (TRAP) business risk management methodology. To ensure that there is continued awareness within the firm, three security and safety awareness weeks are held annually.