A new research report by law firm Ashurst and its consultancy business, Ashurst Risk Advisory, found that 88% of in-house lawyers are concerned that their companies will experience financial crime of some kind in the next 12 months, and 67% of them have concerns over their company's ability to keep up with how financial crime is evolving.
The disconnect between the perceived weight of the risk and the levels of controls in place to prevent them, reflects the level of exposure to risk companies are facing.
The level of personal accountability that is now characteristic of leadership roles, means that greater pressure is being placed on in-house legal teams and C-suite executives. Disjointed approaches to risk means the personal accountability of individual leaders are often handled in isolation, making it increasingly difficult for in-house legal teams to keep up with risks and to offer integrated solutions. The pressures have been intensified by the increasingly tough regulation of the financial services and other sectors, lingering uncertainty post-pandemic and post-Brexit, and challenges of the uncertain economic environment.
The findings show that now more than ever, the C-suite need to understand the risks their in-house lawyers are managing and to collaborate more effectively to tackle these ever-evolving issues head on.
Nisha Sanghani, Partner in Ashurst Risk Advisory, comments:
"The research findings highlight the pressing need for c-suite executives to engage with their in-house legal team. Truly effective risk management depends directly on the legal, operational, and risk personnel coming together now to face these ever growing and evolving issues head on, manage current risks, as well as pre-empting and preparing for future ones. The rapidly evolving regulatory and technological landscapes makes this an urgent priority which in-house legal teams and executives cannot each face alone."
Waiting for an Attack to Happen
The research found that most in-house lawyers are expecting novel and developing risks, such as cyber-crime, but are not always able to prevent them and plan how their organisation will respond. The Ashurst Risk Advisory team view this as the most pertinent issue.
57% of respondents said they were only just able to keep up with their workload, with nearly one third of this group admitting they were falling behind. Lawyers working long hours is hardly a new discovery, but when analysing and planning a corporate response to risks as serious as cyber-crime and regulatory changes this becomes a pressing issue. Companies must bring together their legal teams with their operational teams to face issues head on.
Financial Crime Expected Within Next 12 Months
Money laundering, cybercrime, and fraud are top areas of concern, with 88% of in-house lawyers concerned about financial crime. With new legislation, the Economic Crime Bill and Financial Services and Markets Bill, currently in Parliament the regulatory environment surrounding financial crime is an area of concern for in-house lawyers. 42% are concerned about the FCA, 40% about HMRC, and 38% about the Financial Reporting Council.
Financial crime costs the British economy an estimated £137 billion, and this is naturally a key priority for CEOs, with 73% thinking their company's risk of financial crime could be better assessed. This poses a major challenge for companies looking to maintain the City's position as a financial services centre post-Brexit.
Matthew Russell, Partner in Ashurst Risk Advisory, comments:
"Amendments that have been proposed to the Economic Crime Bill are about making it easier for the authorities to hold senior officers accountable for failures in an organisation's financial crime arrangements. Unfortunately the research suggests that the foundations required for effective, proportionate and defensible systems and controls, such as the underlying financial crime enterprise-wide risk assessment, may not be meeting expectations and, as such, would be leaving both the organisation and its executives exposed if the proposed changes to the Bill go through."
The challenge with Data
The trend of digitalisation, the reliance on automation, and the accelerated capture and use of increasing amounts of personal information are all top concerns with 44% of respondents agreeing that their company needs to take a proactive approach to data risk management.
Over a third (37%) of in-house lawyers state that their company needs to invest in new data technologies and data security systems to help manage this risk.
With data a key risk on multiple levels, and with an evolving regulatory landscape in relation to privacy and data protection, it is a vital contender for the boardroom to consider when managing risk.
Matt Worsfold, Partner in Ashurst Risk Advisory, comments:
"Data is fundamental to how many organisations operate, and this heightens the inherent levels of data risk that they now face. It is increasingly important that GC's and risk professionals are adequately assessing and managing the risk of data loss, data mis-use and failures of critical systems and processes caused by ineffective data management. This is particularly significant in the context of mounting cyber-crime activity and changing data protection regulations. The impending post-Brexit reform to GDPR has been quoted as an effort to simplify the regulations, however in reality this is likely to cause more complexity and increase the cost of compliance, particularly for organisations operating in both the UK and Europe."
Risk Without Regulation
Crypto currencies and other alternative assets are here to stay, having grown in popularity over the last decade. The UK's regulatory regime has so far not kept up. Involvement in crypto assets is widespread and 54% of those surveyed said that their company was involved in crypto, either directly or via clients.
Nearly three quarters (73%) believe that financial crime relating to crypto currency is evolving and becoming more sophisticated, which two thirds of those surveyed believe require more safeguarding regulation. Rapidly evolving areas of regulation like crypto highlight the need for companies to include their in-house legal team in horizon scanning.
This is reinforced by the UK government who voted to include crypto assets as bone fide regulated financial instruments within the Financial Services Markets Bill. A step in the right direction towards progression whilst creating a level playing field to encourage competition and ensure consumer safeguarding and protection.
Does Low Concern Mean Low Risk?
The research found ESG issues as a surprisingly underrated risk among in-house lawyers, with just 17% thinking that governance and accountability was something their company should be concerned about over the next 12 months. This result is surprising given the associated reputational risks with getting your approach to ESG wrong. If a company is seen to be neglecting its ESG commitments, it risks being left vulnerable to serious client distrust and criticism. However, with 38% concerned about upper management taking responsibility for ESG issues, it is a lingering issue where cross-functional responsibility for delivery makes it more of a challenge. This suggests an urgent need for greater collaboration across corporate leadership functions to ensure in-house lawyers can more effectively identify and help to manage risks in this area.
