Comment: Law firms reminded of outsourcing responsibilities
by Maxine Park
Law firms of all shapes and sizes continue to seek greater efficiencies and improved productivity, with many recognising the benefits of outsourcing some aspects of their business processes. However, the Law Society recently released a Practice Note to highlight the potential risks of outsourcing, reminding law firms of their responsibilities.
The Law Society introduces the Practice Note by stating it should not be regarded as legal advice, but more as their view of good practice when firms choose to outsource services. However, it makes it clear that when outsourcing aspects of their business processes, solicitors must still satisfy Outcome 4.1 of the SRA Code of Conduct 2011 and ‘keep the affairs of clients confidential unless disclosure is required or permitted by law or the client consents’.
The important word above is ‘affairs’ which might mean not only should a client’s data be kept confidential, but perhaps also which firms are undertaking work for the client on behalf of the law firm involved. Is there a risk of outsource service providers with little experience of the legal sector unwittingly making the ‘affairs’ of a client known, without necessarily compromising confidential information?
This dual risk of keeping client affairs confidential, along with their data, means ensuring service providers trusted with outsourced activities sign adequate confidentiality agreements. Law firms must also satisfy themselves that the service provider operates in a way that ensures their law firm clients comply with the SRA guidelines on confidentiality and disclosure.
Although a natural choice in the drive for greater efficiency, outsourcing is not something to be undertaken lightly. If problems occur and blame is to be apportioned, whatever the culpability of the service provider, it is the solicitors that remain ultimately responsible for the work they outsource.
Some law firms are slow to adopt the full range of outsourced services available, thanks in no small part to the perceived risks, possibly confirmed for some by the need for the Law Society to issue this Practice Note. They are however missing out on the opportunities to increase efficiency and improve productivity that have already been grasped by the most successful firms.
Once the decision has been made to outsource some or all of the firm’s business processes, choosing the right service providers is the key to a trouble-free future. The selection process is often a long, tedious and complicated one and there is always the danger some individuals or firms will be tempted to speed up the process, take short cuts and leave themselves open to greater risk.
When assessing individual service providers, their location perhaps now has more bearing on the final choice, with those based entirely in the UK enabling law firms to satisfy the need for the SRA to be able to enter the premises of service providers when required. A requirement that’s more difficult to meet when firms choose service providers based overseas.
Whilst the Practice Note reminds firms they should only outsource once they have satisfied themselves that the service provider understands its responsibilities in respect of keeping confidential information secure, with appropriate steps in place. Of course, this raises the question, how do firms make that judgment?
The first indication that a service provider understands its responsibilities is whether they have achieved the internationally acclaimed standard for information security management, ISO 27001:2013. To achieve and maintain certification, the service provider must set security objectives, monitor its performance against them and address any risks as they become apparent, whilst recognising every opportunity to improve standards.
The intention of this more proactive approach is to encourage businesses to identify problems and develop solutions within the context of their own activities and the needs of their clients, rather than rigidly following a set of general and security standards.
The Practice Note also suggests firms should consider auditing and checking the outsourcing provider’s confidentiality processes, although this might be deemed unnecessary where providers have achieved and maintained ISO certification.
The Law Society also insists that firms inform their clients which aspects of their business processes are being outsourced, so the client can make a judgement about any potential risks. Choosing service providers committed to confidentiality, with the relevant certificates in place shows the law firms understands its responsibilities. It also allows them to reveal the identity of the outsourcing service provider if the client wants to know, confident the client will find nothing untoward if it undertakes its own checks.
Given the limited number of service providers with the relevant certification fulfilling the required outsourcing activities, conflicts of interest are a potential risk for law firms, particularly if all the work is undertaken by a small team in one office. When considering transcription, typing and secretarial services, a workforce spread across the UK, working from home rather than a single location reduces the risk considerably, particularly where ‘local interest’ stories are concerned.
The Practice Note also seeks to make law firms consider whether the work they are outsourcing is being done to a standard similar to that achieved if it was undertaken in-house – how firms assess quality is also an important consideration.
The quality of service delivered by outsourcing partners is more likely to match that of in-house resources if firms choose service providers employing individuals with experience of delivering the same or similar services. If this experience is within the same sectors then so much the better, whether it’s legal secretaries, IT teams or library and research services.
The need to meet the requirements of the SRA Code of Conduct 2011 has led many law firms to choose co-sourcing arrangements with service providers, allowing access to the firm’s system remotely, so data never leaves the firm and is always under their direct control.
In our experience, this modern approach to secretarial support guarantees all the quality of office-based legal secretaries with none of the down-time, to help increase productivity and efficiency, which must surely be in the interests of both law firms and their clients.
Outsourcing allows professional service firms to deliver a better, more efficient service to clients, whilst keeping costs under control and increasing profitability. But to avoid the obvious pitfalls, firms must undertake the necessary due diligence, review the service constantly and have regular contact with the service provider to ensure they understand their responsibilities and maintain quality and confidentiality.
* Maxine Park is a former partner of a law firm and co-founder of the transcription service DictateNow. She has also lectured on law tolegal executives, HR personnel and journalism students.