The SRA are under massive pressure on several fronts at present and where multiple large firm collapses are concerned the push back is that if the law firms didn’t have client money holdings in the first place none of that would have happened. Never mind that they were asleep at the wheel on Axiom Ince and others. What happens next will in part be driven by increasing calls for the board to step down. Their situation is weakened.
Law firms see sense in modern tech similar to that which the proposed TPA’s (Third Party Administrator) that the SRA want to interject to handle client money will use. Anything which alleviates pressures of time and resource is welcome, but many feel that some of it is too cumbersome because getting large volumes of properties away on a Friday is complicated enough as it is, without interjecting another layer in the process.
Insurers of law firms (who ultimately pay for client money losses) also like modern tech which improves the risk of client money theft, and they understand the significance. None will automatically give a reduction in premiums (despite what the SRA say) because they underwrite according to historic data and work on a claims made basis. Those Insurers want maximum premium, and operate according to what they can get – they wont give away large reductions if they can help it.
The SRA state that PII premiums will “drop like a stone” if firms don’t have to manage client money – they wont for two reasons. Firstly, law firm Insurers charge premiums based on retrospective risk – IE claims come in from previous years activity, so anything new which improves risk, will require time to impact upon the claims profiles of the profession over several future years.
Secondly, because of the nature of the commercial market and the way in which law firms, brokers and Insurers haggle over pricing, the Insurers will not simply roll over and grant huge discounts in premiums. The principle reason for this is the scale of claims coming through from previous years where the Insurers have historically not made significant profit. As a result, if their premiums fall dramatically, even though future years claims may possibly follow suit, they would need to maintain premium levels for some years to manage through the historic IBNR (incurred but not reported) matters, which will flow for several years at higher levels until new arrangements take effect.
The TPA aggregator risk – we know that Insurers don’t like concentrations of risk in one place, because it exposes them to the potential for large losses. The SRA plan for three or so TPA agreements for client money will create that risk. If those providers are currently Insured, there is potential doubt about how they could be covered in the future with such huge expansions of money flow. The current market leader in cyber protection does not want to Insure entities such as TPA client money managers.
The recent cyber attack on CTS is a good example of that aggregator risk – a concentration of clients in one place where an event took out their entire law firm client bank and eventually bankrupted the business.
The concept of TPA agreements takes a fragmented risk scenario (IE a lot of individual law firms) and groups it together in a few major concentrations which assume that the TPA will be better at protecting their clients money – that is not a given. Increasingly sophisticated methods are being used to challenge new technology and the aggregation of client accounts risks the effect of those methods having a much bigger impact.
A more integrated approach is to put modern tech into effect with individual law firms, accompanied by some “tramlines” which require a minimum standard of AML and money management, plus general governance in order for the system to work – IE it is a solution backed by an enforced culture change for some, but business as usual for others, to ensure that both front end and back end work together to effect security.
Some law firms are ambiguous about the possible change, but we find that most do not want it.
Written by Jon Cook