Risk management has always been important to law firms, not only to comply with the complex regulatory landscape but for the sake of brand and reputation. However, at Totum we have recently noticed an increase in the number of senior risk roles firms are asking us to help with. Of these, there are some noticeable trends:

  1. They are often new roles reflecting a firm’s decision to invest more in risk.
  2. Roles are typically heading up risk and compliance teams, aimed at centralising and building the size of the risk function – often across international offices.
  3. Heads of risk are decision makers, working closely with the management board and often sitting on the exec committee.
  4. Firms are seeking dedicated risk professionals, moving the function away from individual partners who may previously have looked after elements of risk.
  5. The roles are highly strategic, including giving expert advice to the partnership on all matters of risk related to effectively safeguarding reputation and facilitating business growth.
  6. Successful candidates will typically be expected to build an effective risk management culture, including delivering training across the firm. Not only will they need to be able to lead a team, but also act as a trusted adviser on risk for people at all levels of the firm.

Why now?

According to Aon’s Global Risk Management Survey 2015, the top five risks causing the most concern to businesses in all parts of the world are as follows:

  1. Damage to reputation/brand
  2. Economic slowdown/slow recovery
  3. Regulatory/legislative changes
  4. Increasing competition
  5. Failure to attract and retain top talent

This tallies with the conversations we have been having with law firms at Totum. Law firms know they are vulnerable to the same threats facing any other business today. More than that too, they must share the concerns of their clients – if only to prove to clients that their sensitive information is safe in their hands. The recent massive data breach at Mossack Fonseca only highlights how vulnerable the legal profession might be.

The perceived threats are growing too. PWC’s 2015 Annual Law Firms Survey found that 62% of law firms reported a security incident last year, up from 45% in 2014. Other findings suggest that internal auditing in law is weak compared to other sectors, and only 32% of firms are ‘very confident’ in their IT disaster recovery capabilities.

Even more telling, perhaps, is the fact that only 49% of senior management in law have participated in training that could help deal with such a crisis. With a lack of leadership direction, no wonder firms are thinking that investment in a more centralised risk function, with board level leadership is now critical.

Global frontiers


More than this too, we are finding that law firms are only more aware of their potential vulnerability as they grow internationally. Risk functions may have operated fairly adequately at local levels, but future business resilience may depend on bringing in a leader who can align strategy and processes across numerous global offices.

We expect to see more senior risk roles in future months. With risk and reputation so closely aligned, such roles are highly strategic, decision-making positions, with significant, often global responsibility. As many of them are new roles in fast-growing functions, they also offer ambitious candidates a real chance to implement powerful and lasting change, involving interaction with people across the firm and impacting on every function.

Risk management lies at the heart of successful business today – risk leaders who reflect that reality are only going to be more in demand in law.

Click here if you would like to know more about these roles as either a potential candidate or law firm interested in the effective development of risk teams and leaders.






Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.