Key Risk Checklist: Policies for law firms

2 December, 2014
Download PDF

This document contains a list of policies (and some procedures) firms have told us they use. Not all firms have all of these policies. In some instances several of these policies could be amalgamated into one. For some of the policies we have commented on the risk management issues that should be considered when drafting the policy.

Policies for law firms

Core duties and professional obligations

☐  Confidentiality

When writing a policy on confidentiality firms should have regard to rules 9 and 31 of the Legal Profession Uniform Law Australian Solicitors’ Conduct Rules 2015 (the rules) which sets out the primary duties of Victorian practitioners to maintain the confidentiality of their clients’ affairs. Rules 4 and 7.2 also contains provisions governing the conduct of practitioners with respect to clients’ confidential information.

☐  Professional duties and maintaining professional integrity

☐  Undertakings

This is an important area as people within the firm often do not understand what can constitute an undertaking and the serious consequences of giving an undertaking. Consider covering the following points.

  • Who is authorised to give undertakings and whether there is any approval needed.
  • Only things within the actual control of the firm/practitioner should be the subject of the undertaking.
  • Practical guidance on what can constitute an undertaking.
  • Undertakings should be given in writing.
  • A copy of all undertakings should be kept on a central register.

You might like to also see the LIV Ethics Guidelines on Undertakings

Conflicts and business intake

☐  Client selection and matter intake

Client selection is an important risk management tool. Best practice in risk management suggests the client selection function be centralised or at least require approval from practice group heads rather than leave the decision to individual partners. This policy should cover who is entitled to make the client and matter selection and the criteria for doing so.

This policy may also include details on the firm’s requirements relating to acting for family and friends or acting on overseas/interstate matters. In some firms these are separate policies.

When acting for family and friends there are a number of issues to consider including the following.

  • Whether the firm will act for family and friends of partners or employees.
  • If so, what type of matters and who should do the work. When considering this issue firms should refer to clause 5 of LPLC’s policy in relation to acting for related parties and In Check issue 63.
  • Whether there is any pricing discount and how it works.

When acting on overseas/interstate matters there are a number of issues to consider including the following.

  • Whether the firm will act in overseas or interstate jurisdictions.
  • If so, what precautions should be put in place?
  • Will the firm instruct agents in the other jurisdiction or will the firm act as agent for a principal in the other jurisdiction?
  • Who will supervise the work?

☐  Verification of identity

The policy should cover:

  • When client identification will occur.  It ideally should occur for all new clients.  For existing clients there should be some thought given to whether identity checks should occur. For example, if the client has not retained the firm for more than five years. The policy should be clear about when the checks need to occur.  This could be, when the client comes in for the first meeting or before the file is opened or within a certain time after the file is opened
  • How the client will be identified. There are several verification of identity processes that can be considered including the100 point check used by many banks and the verification of identity standard set out in the Model Participation Rules which form part of the national electronic conveyancing regime.  Prudent practice would suggest the need for a face to face meeting and production at the meeting of at least a current Australian drivers licence or passport.  If the client has neither of these the policy should set out what secondary documents will be acceptable.
    If the client is unable to attend the office due to distance what the policy should state what needs to be done?  This could include obtaining a certified copy of the client’s driver’s licence or requiring the client to attend another firm of solicitors or identity checking service who could act as your agent to identify the client.
  • How the identification information will be stored.  Ideally a copy of the identification documents should be kept.  If you do so, you need to specify how the copies will be securely kept.

☐  Conflicts policy

This policy should take into account rule 11 of the rules.  It should specify the firm’s position on:

  • acting for more than one party in a transaction

(This may require details of various circumstances and may cover issues such as when the parties appear to have the same interests, when the parties are on opposite sides of a transaction such as a sale of property or businesses. From a risk management perspective it is safest to not act for multiple parties in a matter unless is it is abundantly clear the parties have identical interests.)

  • acting against former clients
  • who is the final arbitrator of a conflict issue in the firm and when that person should be consulted.

☐  Engagement letters


  • requiring standard engagement letters be used in every matter even when not required to provide cost disclosure
  • authorisation from an appropriate person (risk partner/manager or practice group head) must be obtained to deviate from the standard engagement letter
  • the letters must adequately scope what the firm will do, what the firm will not do and what the client will do.

☐  Tenders and pitches

Consider requiring all tenders and pitches be reviewed by the risk management partner or manager to ensure the firm’s response complies with its policies and does not expose the firm to any unacceptable risks.

☐  Pro bono work and charitable donations

This policy should have:

  • specific guidelines on who the firm will act for
  • what matters the firm will accept
  • who will do the work
  • how the billable time will be treated.

(Credit should be given to the operator doing the work otherwise there is a risk the work will be left to last and or not done well.)

☐  Prohibited services/advice

This policy should clearly articulate in which areas of practice the firm it will not accept instruction so all members of staff understand and are not tempted to dabble.

Matter/client management

☐  Briefing counsel

This policy should give guidance on the form of briefs to counsel, the form of instructions and what to include in instructions such as the issues to be considered and time by which the work needs to be completed. It could include what approvals are needed to brief counsel, guidance on selection of counsel, liability for fees and requirements for costs updates.

☐  Costs – explaining to clients

This policy should cover:

  • how costs are initially discussed with the client
  • what information needs to be obtained before an estimate can be given to the client
  • how the estimate is presented to the client
  • whether money is required up front and how that is communicated to the client
  • how often the client is billed or given an accounting of the costs (if not billed until the end)
  • the detail provided in the bill
  • when the client should be told the costs are approaching the estimate.

☐  Credit control

☐  Decline engagement/non-engagement letters

This policy would cover when these letters should be sent and the form and content of the letter. It is important to recognise when a lay person may think your firm is looking after them and ensure that misunderstanding is rectified.

☐  Diary and deadline tracking

This policy should cover how deadlines are to be tracking in the firm. It should include a requirement that at least two people have access to any deadline tracking.

☐  Engagement termination

This policy should describe when the firm will terminate a retainer with a client. It should consider the requirements in rule 13 of the rules, in particular, the requirement that the termination by a firm be for ‘just cause and on reasonable notice’. It should include:

  • if the client has unpaid bills of specific duration
  • if the client is un-contactable for a specified period of time or where time is of the essence
  • if the client refuses to accept the firms advice or instructs the firm to do something unethical.
  1. Fee disputes/approval to sue for fees

LPLC sees many instances where a firm sues for their costs and receives a counterclaim alleging negligence. This policy should require any fee dispute to be referred to the risk partner or risk manager for review of the file to determine if pursuing the costs in court is likely to result in a claim in negligence.

☐  File closing

Many claims have occurred because of a failure to properly check the file before it was closed, to check the trust account records for the file or to archive the file for the correct time frame. To avoid these mistakes have a file closing procedure in place.  For more information see our blog of 18 July 2014 and our LIJ article May 2011.

☐  File management and resourcing

☐  File transfers (external) and requests to release files and other confidential information

There are many issues to consider when requests are made to transfer files to the ex-client’s new firm or when documents are subpoenaed. For issues to address see our LIJ article June 2009 and LIJ article January/February 2011.

☐  File transfers (internal)

Internal file transfers create risk if they are not handled well. Claims have occurred when the practitioner handling the file was on leave or just returned from leave or there had been a change in the operator on the file. The procedure for internal transfers, whether permanent or temporary, should be well documented and include:

  • a written file memorandum with a short summary of the matter, the issues needing immediate or next attention and any important dates
  • a written file memorandum outlining what had occurred in the person’s absence and any new dates of importance when a file is handed back to a practitioner returning from leave.

Preferably both memoranda should be accompanied with a discussion.

For more information see our LIJ article January/February 2011.

☐  Information barriers

While many firms do not use information barriers at all some firms use information barriers to protect clients’ sensitive and confidential information, particularly in the government policy area or mergers and acquisitions transactions.   The barriers are also used where the firm is acting for or has acted for another party in the matter.

Where a firm is prepared to use information barriers, the policy should consider how the barriers are going to be implemented, documented, overseen and reviewed. Examples include restricted access on document management systems, training, delegation protocols and maintaining lists of team members working on the matter. In some cases firms may consider physical separation as well as electronic separation of the team.

☐  Instructing other advisers (e.g. foreign counsel, accountants)

Some of the guidance may be similar to that given in the policy for instructing local counsel. Issues include:

  • approval of appointment and the relevant terms
  • suitability of the adviser
  • instructing the adviser
  • liability for fees
  • updating costs information
  • privilege
  • confidentiality
  • warranties as to advice
  • verification of advice and
  • termination of the retainer.

☐  Investing client money

☐  Litigation support

☐  Opinions and advice relied on by third parties

The firm needs to initially decide whether it will provide opinions and advice relied on by third parties.

This policy should cover:

  • who can approve and sign the opinion or advice
  • what form the opinion or advice are must take
  • the assumptions and qualifications included in the opinion or advice.

☐  Solicitor’s certificates

Providing solicitor’s certificates, particularly in the context of borrowers and guarantors, is a high risk area for claims.  There are a number of issues this policy should include.

  • Who can provide the solicitor’s certificates – preferably only one or a few senior people in the firm.
  • In what circumstances they will be provided – preferably only for existing clients for whom you are doing related work.
  • Whether you can act for more than one client and who makes that decision. You should never act for the borrower and security provider if they are different people.
  • Where the client is unknown to you, proof of identity must be obtained in compliance with an identification procedure and copies kept of documents provided.
  • Details about the form of certificate that can be signed, for example only the LIV/ABA form of solicitor’s certificate.
  • A detailed file note of the discussion be kept including what advice was given and the client’s response.
  • A letter of advice be sent.

For further information on this area see LPLC’s Practice Risk Guide – Managing Mortgage Risk.

☐  Supervision

Supervision is a critical risk management tool as well as vital for client service, employee satisfaction and profitability. Failing to supervise properly is a cause of many claims.  There is no one size fits all for supervision but the key is it must be proactive. A supervision policy could include:

  • criteria for what correspondence needs to be signed by partners
  • how email correspondence should be managed
  • that supervising practitioners are required to meet regularly with their delegates to discuss the status of all files handled by the delegate.

For more information on supervision see the SuperVision presenter’s workbook in our password protected Risk Management Training Recourses section of our website and search ‘supervision’ in the search function of our website.

☐  Time recording, charges and billing procedures

☐  Trust account and return of client monies

Practice/firm management and staff

☐  Audit requests from clients

    Policies would normally deal with who is authorised to approve/respond to such requests and provide guidance on the information that should be provided to the client (which may depend on the type of enquiry) and the form of response.

☐  Certified copies of documents

    The key point of the policy should be that the original document must be sighted before someone certifies that a photocopy is a true copy of that original. The policy may also deal with the wording to be used and who may give the certification (e.g. qualified legal practitioners).

☐  Company secretarial services

☐  Departing personnel

☐  Directorships and other outside interests

This policy should address what type of directorships partners and employees are allowed to accept. It should specifically address whether the firm permits directorships of current clients and on what conditions.

☐  Discrimination, harassment, bullying

☐  File reviews/audits

☐  Information/file security (including third party confidential information)

☐  IT systems (including email)

☐  Leave and absences from the office

☐  Membership of professional organisations

☐  Occupational health and safety

☐  Precedents

☐  Privacy

☐  Publications, public presentations and media communications

☐  Records management

☐  Registered office/place for serving documents

☐  Safe custody of documents

☐  Service standards

☐  Social media

☐  Trading in securities

☐  Travel

☐  Work from home/remote

☐  Well-being

Claims and complaints

☐  Claims and complaints

This policy should specify:

  • who is responsible for managing claims and complaints in the firm – preferably just one person
  • that all circumstances which may give rise to a claim or complaint be notified to the relevant person as soon as anyone becomes aware of them
  • how claims and complaints are reported to the partnership.

It may also cover an internal complaints procedure including:

  • how clients can make an internal complaint about someone in the firm
  • how that complaint will be investigated
  • the time frame in which the complaint will be dealt.