Our own co-founder, Maxine Park has explained the responsibilities and risks for law firms, following the Law Society’s practice note on outsourcing, to the readers of Practical Law (PLC) for Companies magazine.

PLC Magazine is the leading monthly magazine for business lawyers advising companies active in the UK and offers a uniquely practical approach to the analysis of legal developments in a business context – always a great read.

Maxine’s article reminds law firms of their responsibilities when choosing to outsource business processes and offers advice on ways to reduce risk, with the choice of UK-based service providers, chief amongst these.

For subscribers of the magazine, you will find Maxine’s article in the November issue. For those of you who are not subscribers, we would recommend clicking this link and seeing what you’re missing out on.

This is what Maxine had to say:

Law Society reminds law firms of outsourcing responsibilities

The outsourcing of many non-core business processes remains important for law firms of every size, from the small high-street practice to the multi-jurisdictional giant, who share a common ambition for greater efficiency and improved productivity.

Although aware of the advantages offered by this approach, the Law Society recently released a Practice Note to remind law firms of their responsibilities and to highlight the risks posed by outsourcing.

The Law Society is keen to point out that the Practice Note represents their view of good practice when firms choose to outsource services and does not constitute legal advice. However, it makes it clear that outsourcing business processes, does not exclude solicitors from satisfying Outcome 4.1 of the SRA Code of Conduct 2011, which requires them to; ‘keep the affairs of clients confidential unless disclosure is required or permitted by law or the client consents’.

The key word here is ‘affairs’. This implies that not only should the client’s data be kept confidential, but also which businesses have been retained by the law firm to undertake work on the client’s behalf. There is a risk, however small, of an outsource service provider making the ‘affairs’ of a client known, without necessarily compromising confidential information, particularly if they have little experience of the legal sector.

The first step in keeping the affairs and data of a client confidential, is ensuring service providers undertaking outsourced activities sign comprehensive confidentiality agreements. This might include not disclosing the law firm’s name, or that of their client, in the service providers marketing material, including press releases or case studies.

It is important law firms also satisfy themselves that the service provider operates in a way that ensures they can comply with the SRA guidelines on confidentiality and disclosure.

Outsourcing offers many benefits for law firms seeking greater efficiency, but it should still not be undertaken lightly. If things go wrong, whatever the part played by the service provider, ultimately it is the law firm that remains responsible; they outsourced the work and the buck stops with them.

Although growing in popularity, some law firms have been slow to adopt the full range of outsourced services available. This is possibly in response to the perceived risks, most of which are likely to have been confirmed by the issuing of this Practice Note.

But is missing out on opportunities to increase efficiency and improve productivity, already seized by the most successful firms, really good for the future of the law firm and its clients?

Of course the risks associated with outsourcing can be largely mitigated by choosing the right service providers. The selection process is important, but with the potential for this to be a long and involved process, some law firms or individuals within them, might be tempted to cut corners and increase the risk.

The location of service providers perhaps now matters more when firms are making their selection, with those based entirely in the UK making it easier for law firms to satisfy the need for the SRA to be able to enter the premises of service providers when required – tricky when the service provider is on the other side of the world.

The Practice Note reminds firms that before outsourcing services they must satisfy themselves the service provider understands and accepts its responsibilities for keeping information confidential. The Practice Note however, does not suggest on what basis firms should make this judgment. The selection criteria may come under scrutiny and a defined policy will help mitigate any criticism of the choices made.

A good place to start when selecting an outsourcing or co-sourcing partner is the internationally recognised standard for information security management, ISO 27001:2013. This certification identifies a business that sets security objectives, monitors its performance against them and address any risks discovered, whilst taking every opportunity to improve standards.

This more proactive approach encourages businesses to identify problems and develop solutions relevant to their own activities and the needs of their clients, rather than pursuing a set of rigid security standards.

The Practice Note also suggests law firms might consider auditing and checking the service provider's confidentiality and security processes for themselves – largely unnecessary for those with ISO 27001:2013 certification.

The Law Society also wants law firms to tell their clients when aspects of their business processes are being outsourced, to allow the client to decide if this introduces any potential risks. Choosing service providers committed to confidentiality, with the relevant certificates in place, will make it easier for a law firm to demonstrate it understands its responsibilities. It will also have nothing to fear when revealing the identity of the service provider, confident the client’s own checks will reveal nothing of concern.

One of the more popular outsourcing activities for law firms is transcription of dictation, copy typing and secretarial services. There are a limited number of service providers with the relevant certification offering the various outsourced processes and this raises the question of conflicts of interest for law firms, particularly if work is undertaken by a small team in one location.

There is a greater risk of conflicts of interest when using local suppliers, particularly where ‘local interest’ stories are concerned and firms should consider service providers with a workforce spread across the UK, working from home rather than a single location.

The Law Society also wants law firms to consider whether they are outsourcing work that could be done just as efficiently in-house and whether it is being done to a standard similar to that achieved if it was undertaken by the law firm itself. Just how firms assess quality is also an important consideration.

Outsourcing partners are more likely to match or exceed the quality of work performed in-house if law firms work with service providers that employ people with experience of delivering the same or similar services. If they have experience of working in the same sectors, quality is less of an issue, whether it’s legal secretaries, IT teams or costing services.

The need to comply with the SRA Code of Conduct 2011 has led many law firms to consider co-sourcing rather than outsourcing arrangements with service providers, allowing remote access to the firm’s system, to ensure data never leaves the firm and remains under their control.

This modern and increasingly popular approach to secretarial support guarantees the quality of office-based legal secretaries, but without with drawbacks. This helps increase productivity and efficiency, which is advantageous for both law firms and their clients.

Outsourcing is here to stay. It allows businesses to deliver a better, more efficient service to their clients, whilst keeping costs under control and increasing productivity. However, tHowehere are obvious pitfalls and law firms must undertake the necessary due diligence when selecting outsourcing partners.

There is no room for complacency. Firms must review the service they receive constantly, maintaining regular contact with service providers to ensure they understand their responsibilities and work hard to maintain quality and confidentiality.