A Layered Approach To Managing Risk

The above is evidence that fraud and cybercrime in Conveyancing is a major issue

This is my first Blog so let's see how this goes.

Let’s start with a couple of facts.
1) Conveyancing is the highest risk area of law.
2) Cybercrime reports to the SRA have again risen over the last year.
3) The amount of client money reported as stolen also increased over the last year.

The above is evidence that fraud and cybercrime in Conveyancing is a major issue, some would say it's every partners worst nightmare? Or is it? If you are the type of firm who have robust procedures in place, then it probably is. You've put together a layered approach and yet your still a victim, then yep that's your worst nightmare. What more can you do?

But what about those that don't treat risk seriously, those that think it will never happen to us because it never has and those that think one layer of protection is enough?

Firstly let me explain what I mean by layers. I've mentioned it a few times already. Layers is about depth to your processes, so if one layer breaks or fails the others come in to play and provides protection. I was speaking to a firm this morning about Lawyer Checker and our Account & Entity Screen search. They had one layer to protect their clients monies and that layer was arguably a weak one. Why are layers important? There is no silver bullet, fraud and cybercrime won't go away not even in a digital landscape. Look at Australia and this fraud involved with the new Pexa system. They are further down the road than us in terms of digitisation yet still the risk remains.

My MD Chris often uses the analogy about locking your door and an alarm. Cyber criminals are sophisticated. Would you lock your door and not set your alarm or would you do both? Security is about belt and braces and you never know which organisation may have pertinent information in your decision to send hundreds of thousands of pounds to an account that may or may not belong to the other side.

The title of the blog mentions the Golden Triangle, this is not the cybercrime equivalent of Bermuda but a well known axis that is used to provide balance in processes across a number of industries. I think its pertinent to how conveyancers should approach their layered approach to fraud and cybercrime. The Golden Triangle incorporates people, processes and technology. If you look at historic cases of fraud in Conveyancing such as Nationwide v Davisons, then you could pinpoint large gaps in the golden triangle. The great thing about this axis is that it can be appropriate to firms of all sizes. Let’s look at a large regional firm for example. They are likely to invest in technology, have robust processes and you'd hope have well trained people. If you are a large regional firm and you're reading this have a think about how your golden triangle looks? Are any of the 3 areas weak?

What about a typical High Street firm? You can still apply the golden triangle. It's easier to train staff, the investment in the technology should be more cost effective and your processes should be less complex to implement. What I see is a lot of firms who put all their eggs in one basket, so they heavily train the staff but have no process or technology to fall back on if an individual makes a mistake. Mistakes do happen, people are human, they will make them. This element is often forgotten when looking at a layered approach.

Let's look at the other end of the scale at large volume conveyancers. They invest in technology and their processes but do they invest the same in their people? Is the balance right?

To summarise, managing risk is tough. People have different approaches and opinions and law firms have complex infrastructures, it can often be tough to change a process or attitudes. The risk won't go away though as cyber criminals and fraudsters are becoming more sophisticated. At Lawyer Checker we care about protecting our clients and we want to protect new clients too. ~
If you would like a chat with me about how we can do that I would love to talk to you.
Email: tom.lyes@lawyerchecker.co.uk