Making the best of current market conditions means more than just enjoying the low premiums but also building up defences against electronic crime, writes Jean-Yves Gilg
30 June 2017
‘It was a bit grubby ten years ago; it’s a much nicer market now,’ says Solicitors Journal regular contributor Russell Conway. The senior partner at West London practice Oliver Fisher has been responsible for the firm’s professional indemnity insurance for two decades. His good claims record has ensured that he’s never had any trouble getting a renewal, he says, and his premium has even gone down significantly this year. Well-managed small firms, he adds, are the perfect clients for insurers these days.
After the uncertainty surrounding the closure of the assigned risks pool in 2013, the troublesome years where unrated insurers came and went with the same suddenness, and the long slow landing that followed the 2008 crisis, the professional indemnity market for solicitors has eased up. Very small firms can still face difficulty in securing affordable cover but for most in the mid-tier segment, there has never been a better time.
‘We have a soft market at the moment,’ says Frank Maher, a partner at Legal Risk, a law firm specialising in advising other law firms on risk management. ‘There are no unrated insurers left and almost everybody can get cover at a reasonable price.’
The sector, according to Maher, paid around £225m in premiums last year. ‘That’s a lot less than what we paid 17 years ago. The only serious risk at the moment is if Brexit torpedoes the economy. Recessions trigger claims. That’s when law firms could suffer.’
Old risk in new bottles
The main determinants, however, haven’t changed. What still matters most to insurers is how much conveyancing a firm does and its claims record in recent years. These two factors continue to dictate whether insurers will be quoting and how much.
With large amounts of cash sitting on client accounts, conveyancers have been a favourite target for criminals. These days, property fraud has moved online and become more sophisticated, with gangs hacking into firms’ email accounts and hijacking clients’ identities to divert funds into their own accounts.
The scam, known as Friday afternoon fraud because it usually occurs on the day when conveyancing transactions traditionally complete, is now the most common cybercrime, according to the Solicitors Regulation Authority. Friday afternoon fraud accounted for three-quarters of all cybercrime reported to the regulator last year, resulting in £7m in client losses, the SRA says. Law Society research also suggests that one-quarter of firms are now targeted by cybercriminals, with money being stolen in nearly one in ten cases.
More and more firms are installing specific software. Conway had a spoof filter installed on the firm’s server to detect fraudulent emails. ‘I don’t know how firms manage without a spoof filter; we get two a day, of people trying to get into our conveyancers’ emails,’ he says.
In insurance terms, the market is yet to fully catch up. Most policies already cover third parties – clients and others that may be affected by the fraud – but it is unclear whether there is enough demand for first-party extensions. That would cover the law firms themselves for risks such as loss of data resulting from a cyber attacks. Conway’s firm is one of the few to have taken such a bolt-on cyber policy.
‘Lawyers are obvious targets for ransomware because they hold large amounts of data and cash, but the biggest risks are already covered,’ says Richard Brown, a broker at Miller Insurance, which specialises in small and medium-size law firms. ‘From a solicitor’s point of view, the question is how quickly can the firm respond to hacking, do they have disaster policies in place that will allow them to reconstruct the data. The main exposure is third-party losses, but there is emerging interest in first-party losses, which is a big issue, and that’s developing.’
The rise in cyber fraud has not changed the main question solicitors should ask themselves if they want to remain attractive to insurers: what systems do we need to have in place to minimise risk and what do we do when something happens?
Not so shiny badges
It used to be that being Lexcel-accredited was evidence enough that a firm took a strong approach to risk management. But the badge is losing some of its shine and the quality standard no longer necessarily translates into lower premiums.
‘Quite a few of the firms that went rogue had Lexcel,’ remarks Maher, who believes the new approach to risk is being driven by a new attitude where there is clear ownership of risk management issues within firms. ‘Most firms now have someone responsible for risk. If you look back 15 years, nobody knew what risk management was about; but plenty more could be done still.’
Conway’s firm has Lexcel and is accredited under the Conveyancing Quality Scheme – a de facto requirement for firms who want to be on lenders’ panels. Lexcel is a big exercise, Conway says, but it is useful.
Danielle Peters, a partner at Hertfordshire-based Crane and Staples responsible for the firm’s PII, agrees. ‘Lexcel is enormously valuable; it makes you address your procedures more seriously,’ she says. ‘We want to offer the best service to our clients and it makes us put the right additional pressure on ourselves to ensure that we do.’
Peters indirectly points to the real value of Lexcel, which is not the badge for its own sake but the mindset it requires and instils. For Brown, ‘it’s a good indication of a firm’s attitude to risk as long as it’s embedded in everyday practice. But Lexcel takes time to have an impact – five or six years’.
‘A firm could have all the kite marks under the sun, it’s unlikely they would be given any kind of discount if they have a bad claims record, ’ concurs Charles Hawtin, a broker at Chancery PII, a joint venture between Miller and the Law Society.
So much so that a growing number of firms appear to be dropping out of Lexcel. Guy Adams, managing partner at West Country practice Pardoes, spoke to his insurer about it and was told it had no effect on the premium. Since then, Pardoes has not continued with the scheme but ‘importantly’, Adams says ‘the process has been engrained in the business’.
Things might be different, Adams suggests, if the firm weren’t also accredited under CQS and didn’t have the Solicitors Quality Mark, a requirement for firms with a legal aid contract. But with these two quality badges on its virtual lapel, the firm has been able to dispense with Lexcel.
Behind the marks and badges, what should matter to firms – and what certainly matters to insurers – is the robustness of the systems they have in place. And when fraud is the biggest risk, the watchword is ‘know your client’.
With the SRA repeatedly warning about Friday afternoon scams, the message is beginning to get through. ‘We now ask how firms verify clients’ bank details; do they take them in writing or in person,’ says Hawtin. As brokers, neither Miller nor Chancery PII provide consultancy services but they work with third parties to help firms tighten their processes, and Miller are developing risk management guidance.
Meanwhile, among law firms, Pardoes is one example of how this cautious approach is being embraced around the sector. ‘We don’t take client bank details by email, and if there is a change in these details, the first thing we do is call the client on the number we have on file to check,’ says Adams. ‘It’s more cumbersome but it’s a price worth paying.
‘If there is a circumstance to report, we tell the insurers, even if we don’t believe it will lead to a claim, and we tell them what we’re doing about it,’ Adams adds. ‘It shows them we are risk averse and that we are managing risk.’
Pardoes has also set up a risk committee involving representatives of all departments. ‘We look at the processes, we try to identify the risks and how we should respond,’ says Adams. It’s a similar response over at Crane and Staples, where Peters says the firm doesn’t accept bank details by email either, and where the office manager sends out regular emails during the week reminding recipients about risk.
How low can they go?
Like a weed that resists all attempts at eradication, fraud is perpetually being reinvented by imaginative criminals. Lenders claims which weighted heavily on the sector until a few years ago appear to have mostly run their course. In the digital age, fraud has moved online and it’s only a matter of time before the volume of cyberfraud starts having an impact on premiums.
In the meantime, good firms will make the best of current market conditions. This means not just enjoying the low premiums but building up defences against electronic crime.
And insurers? From their perspective, a consistent drop in claims resulting in low premiums over a long period wouldn’t be good news. Some will likely get out of the market, reducing the level of competition further. Already, low premium levels make it near impossible for new entrants to come in – challengers would typically quote 15 to 20 per cent lower than established providers. If that continues, we could soon be looking at the start of a new cycle.
This story was first published on Solicitors Journal on 30 June 2017 and is reproduced by kind permission