Risk Management: A Professional Conduct Perspective

The Law Society of Northern Ireland reinforces that it is the responsibility for everyone within the legal sector to continue to reflect and build on what measures can be implemented to manage risk.

Our role does not sit purely within the realms of regulatory compliance but also to ensure members are supported to be aware of the risks and to take proactive steps to manage and mitigate those risks.

These measures are taken to ensure the success and protection of firms into the future and to protect clients using their legal services.

The work of the Professional Conduct Department is broad, but it provides a valuable insight into the risks facing solicitors and their clients, the mitigations which are effective and the consequences of ineffective risk assessment and mitigation.

In this context it is timely to be able to share with readers some of the Professional Conduct Department’s work in support of solicitors in the following risk-related areas.

Client Complaints

Implementation of the Legal Complaints and Regulation Act (Northern Ireland) 2016 brings new client complaints arrangements and the Solicitors Complaints Committee came into operation from 1 September 2025.

In preparation for this the Society has this year:

• Provided continuing Professional Development (CPD) training for its members on the implementation of the Act, the new client complaints arrangements and the role of the Solicitor Complaints Committee.

• Provided further information on the new client complaints arrangements and the Solicitors Complaints Committee which is located in the Members Dashboard of the Society’s website.

• Consulted with members on proposed procedural rules for the Solicitors Complaints Committee.

• Issued guidance and resources on in-house complaints for members when dealing with complaints,

• Provided in-house complaints procedure and complaints register templates.

• Delivered a bespoke CPD training series on client complaints across practice areas.

More information is available for readers in the article provided by the Law Society’s Solicitor Complaints Manager on page 18.

Cybercrime

Scammers continue to actively target solicitors and their clients with increasingly sophisticated attacks on money transfers. Scammers target email correspondence between solicitors and their clients in relation to the transfer of money by intercepting, misdirecting and defrauding the client into making payments into the scammers’ bank accounts.

The Society has so far this year had cause to issue six dedicated Scam Alerts following reports to it by members. The need for solicitors to remain vigilant when dealing with transactions and to remember to follow the Call, Check and Confirm advice and resources published by the Law Society to support members remains paramount.

The Society continues to make extensive Cyber Crime Resources available to its members. During the year the Society has:

• Promoted the Government backed Cyber Essentials scheme, providing members with access to free Cyber Essentials accreditation via NI Cyber Security Centre.

• Held dedicated Cyber Awareness CPD events focused on the increasing threat of cyber-attacks on the legal sector

• Run three in-person cyber training events, including real-time phishing attack simulations. These have been held at locations outside of Belfast to support rural practices who remain vulnerable.

• Partnered with Gallaghers/Coalition to provide free network monitoring and cyber support to members.

We continue to emphasise the need for firms to invest time and resources to understand risk from Cyberattacks, the importance of proper systems, security, processes, training, policies and vigilance. We highlight again the vulnerability of free email addresses and the need for robust passwords.

More information is available for readers in the article by the Society’s Professional Conduct Manager on page 9.

Money Laundering

Solicitors continue to take their place at the forefront of advising and assisting members of the public in the provision of legal services. Whether it is purchasing a first home, establishing a new company, resolving a contractual dispute or seeking advice on an accident at work, a solicitor remains the trusted point of contact. However, with the trusted position, comes the fact that solicitors themselves need to remain vigilant to the risks their services provide.

The recently published fourth UK National Risk Assessment of Money Laundering and Terrorist Financing (the NRA), continues to assess legal professionals at high risk of money laundering, with conveyancing, trust or company services and misuse and exploitation of client accounts again assessed as the highest risk services.

The NRA acknowledges that the majority of legal firms invest in ensuring their services are not used for criminal purposes and that, across the UK, in 2023/24 only 16% of firms reviewed were deemed non-compliant with their obligations under the Money Laundering Regulations 20171. However, it states that

‘….where legal professionals are complacent, take a ‘tick box’ approach to compliance, or lack sector specific knowledge and/or training on the money laundering threat, the risk of the services provided being exploited increases’.

The NRA is an essential tool in ongoing efforts to tackle money laundering and terrorist financing, providing a clear and comprehensive assessment of the current and emerging threats. It sets out how criminals try to move illicit funds through the UK and the risk this poses.

For the regulated sector, including solicitor firms, it provides essential insight into how their services may be exploited for illicit purposes, and guidance on how these threats can be identified and mitigated.

More information is available for readers in the article by the Law Society’s Head of AML Policy on page 10.

Also available in this edition is information and guidance on mitigating money laundering risk through effective use of digital identification services to apply client due diligence measures.

Professional Conduct

It is a common misconception that only clients can file professional conduct complaints against solicitors. In fact, anyone impacted by a solicitor’s actions, such as third parties or other professionals, can report concerns to the Society.

The Society is continually monitoring complaints to identify key themes and trends arising. In turn, this highlights areas to practitioners that they should be aware of within their practice.

This year we have noted the following top three areas of complaint as follows:

1. Undertakings

I give you my word…

Undertakings are an integral part of the legal process. A breach of an undertaking is a matter of professional conduct and non-performance would constitute a breach of the Society’s regulations. Complaints concerning Undertakings weighs heavily on matters considered by the Professional Conduct Committee and frequently stem from a failure to respond promptly or at all. Such lapses undermine professional obligations and the legal process. Proactive engagement and prioritising timely communication is essential to mitigate the risks of escalation to the Society.

Practical tips

• Consider if an Undertaking should be given! Question, is it in the best interest of the client? Is it more suitable as a contractual condition? Is it within my control or would I have to rely on a third party?

• Undertakings should form part of the firm’s risk management policies and procedures including the use of an Undertakings Register.

• Build awareness through staff training and regular checks and balances.

• Consider a designated solicitor who will review and authorise non-standard Undertakings.

• Compliance with Undertakings should be diarised as a key date.

2. Conflicts of Interest

To act or not to act, that is the question…

Conflicts of interest can arise when a solicitor’s duties to one client compromise their obligation to another or their own interests. Such conflicts can lead to complaints. Solicitors must identify, disclose, and manage conflicts promptly to uphold client trust and to mitigate the risk of a complaint to the Society.

Practical Steps – how to manage the risk

• Consider if you can act in all the clients’ best interests.

• Is there any reason why you can’t act in each of the clients’ best interests? You should also consider any ‘own’ interests.

• If I do this for client A, will it be detrimental to client B?

• Would my advice be any different if I only acted for one of these clients?

• Conflicts of interest should form part of the firm’s risk management policies and procedures.

• Who is the point of contact in the practice to escalate consideration of a potential conflict of interest.

• Complete your conflicts checks at the outset, using case management system or accounts system. Ensure you don’t breach confidentiality when completing the conflict checks.

• Keep the conflict checks under review, it is an ongoing duty.

• Keep a conflict register.

• Create awareness through regular training and file reviews.

• Ensure conflict letters are provided to clients at an early stage and are kept under review.

3. Vulnerable Persons

Does the client have capacity?

Complaints made often involve concerns about handling cases with clients who lack mental capacity or are vulnerable. These issues typically arise from failures to assess capacity, communicate effectively, or act in the client’s best interest. Solicitors must exercise heightened diligence to protect vulnerable clients, ensuring compliance to mitigate the risk of a complaint.

Practical tips

• Consider red flags and make reasonable enquiries with the client, their family, any care home and/or medical professionals

• Identify who the client is and assure yourself that the correct legal authority is in place before you agree to accept instructions from a third party acting on your client’s behalf

• Keep a record of steps and enquiries made.

The Society will be building on these themes and rolling out bespoke training on specific areas for the membership.

Monitoring and Inspection

The Society adopts a risk-based approach to its supervision. This enables the Society to allocate resources to areas with higher risk and to use its resources more effectively, while considering the likelihood of unwanted outcomes.

Simply put, our Risk Based Approach means:

• Reviewing firms and the legal services they provide. Including:

- the nature and complexity of services provided by firms

- the types of services provided (nature of transactions)

- size

- business model

- corporate governance arrangements

- client profiles

- geographic location

- countries of operation

• Identifying and assessing Inherent Risk around those services

• Considering the Risk Mitigation measures firms have in place as part of the inspection process including:

- the quality of the firm’s Risk Assessment (policy) –

- their internal oversight functions, how these work

- the adequacy of staff training

• Conducting our own Risk Assessment, informed by:

i. Our Sector Specific Knowledge;

ii. Knowledge and Experience of solicitors and firms- compliance;

iii. External and Internal Information; this can include the use of historic firm data we hold in relation to Solicitors’ Disciplinary Tribunal (SDT) referral outcomes, Inter-professional (or other) Complaints and Statutory Annual Accountants Reports etc.

The Society also seeks to support members by:

• Applying effective, proportionate and dissuasive enforcement measures

• Issuing warning letters to drive improvement

• Issuing Guidance and regulatory notices

• Publishing its AML/CTF Sector Risk Assessment and Supervisor’s Annual Report

– AML (Regulation 46A Report)

• Contributing to the HM Treasury approved, Legal Sector Affinity Group AML Guidance for the Legal Sector and making same available to members

• Providing targeted CPD training events, with recordings remaining available to members

• Producing targeted resources to assist members with their compliance.

Regarding trends, in the last reporting period (6 April 2024 to 5 April 2025), the top types of non-compliance by solicitor firms with their obligations under the Money Laundering Regulations that the Law Society encountered were:

1. Inadequate Source of Funds/Source of Wealth checks/procedures

2. Inadequate Customer Due Diligence procedures

3. Inadequate (or no) Firm Wide Risk Assessment

4. Inadequate record keeping

The Professional Conduct Department will assist firms who are unsure of any aspect associated with compliance or queries that may arise and may be contacted at regulation@lawsoc-ni.org

Other Risk Areas for Solicitors

In addition to the above noted risk areas for solicitors, the Society has in its Compulsory Risk Management CPD, this year under the theme of Managing Risk in Legal Practice –considered other priority risk areas of:

• Those legal practice areas subject to most claims

• File management

• Supervision within firms of work being completed for clients

• Wellbeing and workplace culture

• Technology risks, with emerging technologies, such as generative AI posing both opportunities and threats to the legal sector.

The need for such risks to be managed effectively is vital given the potential for reputational harm, financial loss and regulatory action when they are not.

For example, the risk-based approach is embedded in UK legislation and AML best practice. 97% of solicitor firms in Northern Ireland have reported providing services in scope of the Money Laundering Regulations. As such these firms are required under the said statutory Regulations, to identify and assess the risks of money laundering and terrorist financing to which their businesses are subject and to target their resources to put in place controls to mitigate and manage those risks which are highest.

To support firms in their risk assessments, the Society’s AML Hub has recently undertaken Firm Wide Risk Assessment (FWRA) project work. This has included a review and categorisation of a sample of FWRAs obtained from firms of across all types, sizes and risk categories.

Findings from the Review have informed the development of FWRA resources for solicitor firms including a template FWRA, which will be issued later this term. The Society is committed to assisting firms meet compliance as demonstrated via this project.

The effective management of risk should be top of everyone’s agenda. It serves to:

• Protect the public

• Drive high professional and ethical standards.

• Protect the reputation of the profession; and

• Maintain confidence in the Society as the statutory regulator and professional body supervisor.

Laura McCullough Head of Professional Conduct, Law Society of Northern Ireland