While the debate around the burden of regulatory compliance has been fuelled in recent weeks with the publication of the SRA's three-year strategy, the research among mid-sized firms suggests that strategic risk management is bringing a return on investment and opening the door to greater competitiveness and client choice.

The findings have been published by LawNet, the collaborative, non-profit network for independent law firms, following research involving over 3000 legal, management and support staff across its member community.

While junior fee earners and admin staff were more likely to think regulatory repurcussions were the most serious outcome of poor risk management, mid to senior fee earners and managers were more focused on how it may affect financial management and reputational issues. Better client service, reduced Pll claims and reputation protection were the top three benefits of stronger risk management, with 50% saying it was delivering effective business management benefits, and a further 30% saying it has become a vital business tool.

Residential conveyancing is perceived as being the highest risk work across all staff, followed by commercial property, accurately reflecting SRA statistics which show that around half of all claims, and some £770 million of indemnity payments between 2004-14, result from a failure in conveyancing work.

Fraud and cybercrime is the biggest threat for the future, for some 40% of staff, closely followed by client data protection and securing IT systems. Almost 50% were aware of an attempted fraud attack on their firm in the last 12 months, with most attacks being email phishing.

The research was undertaken by LawNet as part of an audit of the network's risk management and compliance support, which firms received as part of the bespoke lSO9001 standard that is compulsory for membership. The resulting feedback will be used to guide future training and development for members.

According to research, the most time-consuming aspect of risk management is file management, closely followed by performance management, of both self and others, with this area seeing the most increase in time required over the past two years.

Asking staff at all levels if they were aware of the firm's policy for dealing with bank accounts and client payments, administrative and secretarial staff were most likely to be unsure. Whilst over 60% of firms were using penetration testing on a regular basis for their IT systems, fewer than 20% were regularly using social penetration testing of people and processes.

Says Gary Cook, Partner and Head of Legal Sector at Booth Ainsworth, "In talking to law firms, I encourage them to consider not only existing threats such as cybercrime but also emerging threats such as Brexit and Data Protection. The risks that law firms face is constantly changing and it is a key theme for the future."

LawNet's publication Lessons for law firms: How the right risk culture delivers returns, covering the research and learning is available as a White Paper for download or in print; click here.