Everything you need to know about risk assessment

And how automation helps you manage it

Authorities in every jurisdiction require law firms to assess risk and carry out due diligence before they take on new clients. The requirements are complex and vary according to area of practice and location.

Furthermore, it is not uncommon for current or former clients to file claims against their legal representatives for overlooking a risk.

Law firms operating in every area of law and in every country need adequate know your customer (KYC) systems and checks when dealing with new clients. Not only does this help them avoid taking actions that could materially affect their survival or profitability, it enables them to onboard clients on a foundation of security and certainty.

Risk = probability x impact

This article explores the different risks law firms need to assess before onboarding new clients, and sets out why automated due diligence software can transform risk assessment from a drain on resources into a beneficial tool.

1. Financial risks

The US, the UK, and the EU enforce strict rules to prevent money laundering and terrorism financing being advertently or inadvertently enabled. The consequences of breaching anti money laundering (AML) regulations are severe.

Regulators on both sides of the Atlantic are today equipped with greater funding and investigatory powers than ever before, while public opinion is laser-focused on global corruption and its facilitators.

For example, this September the US Treasury’s Financial Crimes Enforcement Network (FinCEN) made it compulsory for many corporations, limited liability companies, and other entities created or registered to do business in the US to file information about people who own or control companies. In the UK, the beneficial ownership registry and unexplained wealth orders now require suspected criminals or corrupt officials to explain how they came to own assets disproportionate to their income.

2. Conflicts of interest

Conflicts of interest are a major issue for law firms because as well as creating compromising situations, they can also lead to bribery and corruption charges.

Large multinational organisations with connections to extensive networks of customers and business partners pose a particular risk.
Ethical behaviour is strictly codified for law firms. Serious breaches can lead to fines or bans under the UK Bribery Act, the US Foreign Corrupt Practices Act, and anti-bribery laws within EU member states.

Values-led risks

Law firms increasingly need to consider whether they should work with a client, rather than if they can work with them. A potential client that passes regulatory checks can still be a values-led risk that will lead to employees, clients and the public turning against your firm.
Values-led risks include:

1. Inclusion on sanctions lists

The sanctions imposed by Western governments against individuals linked to the Kremlin following Russia’s invasion of Ukraine did not apply to law firms. However, many law firms decided to stop working with Russian-linked individuals and organisations due to the risks of being seen to facilitate them.

2. Tax avoidance

The global investigative journalism that led to the 2021 Pandora Papers and the 2016 Panama Papers sparked massive global outrage over money laundering and tax avoidance.

Examples of direct risks include:

• Defective, unsafe, or non-compliant products
• Unsatisfactory working conditions, employee neglect or abuse, and failure to address inequality
• Senior management-level affiliations with, and/or support for, political extremism or criminal networks
• Purposeful mistreatment of customers or clients
• Controversial posts or ‘likes’ by the organisation’s official social media
• Internal disputes or legal cases that become public

2. Indirect risks

Indirect risks come from actions made by close associates of the potential client. That includes its employees at all levels, as well as owners and directors. Some forms of indirect risk are exposed through purposeful dissent or malpractice, such as in the case of sabotage, while others are accidental.

Examples of indirect risks include:

• The social media conduct of those working for the business or organisation
• Crimes committed by employees or those affiliated with the business or organisation
• Employee affiliations to political extremism
• Tangential risks

Tangential risks are further removed from the internal actions of the potential client, but are no less important. They relate to the actions of its customers, suppliers, clients, donors, investors, and partners.

As the public becomes increasingly intolerant of bad behaviour — including associations with bad behaviour — tangential risks have become just as crucial to prevent as direct and indirect risks.

Examples of tangential risks include:

• Affiliations with third-parties that do not align with the business or organisation’s ethics and values
• Relationships with suppliers or customers that undermine the core values of the business or organisation
• Partners or third parties’ misconduct or illegal activity

How to manage and minimise risks as your onboard new clients

Every law firm has its own degree of risk tolerance. However, that tolerance cannot exist without a deep and confident understanding of the risks clients bring with them.

Knowing as much as possible about potential clients helps assess whether they are a good fit, and enables law firms to prepare to answer to criticism that arises from agreeing to work with a risky client.

However, the vast volumes of information now available on the internet make it all but impossible for client intake teams to find and assess every risk without automated support. Manual research teams, even when equipped with database and search tools, simply cannot match the power and speed of AI.

Xapien enables client intake teams to:

• Bring to light obscure and otherwise unsearchable data, such as quotes in the media, obscure websites, contact details, and public social media posts
• Cut time wasted looking for data that simply isn’t there. Xapien gives teams confidence that all the rabbit holes have been fully explored
• Present executive level, auditable reports that include adverse media, networks and connections and background information – within 20 minutes.

The results:

• All potential risks are unearthed and ready to be assessed
• Positive relationships with prospective clients
• Onboard as many new clients as possible and meet targets

Launching due diligence searches with Xapien requires only the most basic technological skills. It is as easy as inputting the name of your subject, adding some context, and hitting go. The platform then searches through all online data, using powerful AI algorithms to identify the information that is relevant to you and your subject.
The results are displayed in a single, shareable report alongside their original sources. Xapien automatically identifies assets, associates, wealth, business roles, descriptions, quotes and affiliations whilst providing avenues for further exploration.

The platform meets the needs of both business intake and compliance teams, by surfacing all relevant information in one report. Law firms can be certain they have mitigated all compliance risks and proceed to take on new business quickly.