Onboarding a new law firm to your panel is one of the most business-critical decisions insurers can make. Get it right, and you have a reliable, profitable partner. Get it wrong, and you may have imported significant financial and reputational risk into your own business.
A common issue, though, is that pre-panel checks become so routine that they are treated as an administrative hurdle to be overcome as quickly as possible – often relying on self-reported data from potential panel firms and a cursory overview of financials. This creates blind spots that can introduce significant risk.
Common blind spots: where risks creep in
Surface-level policy reviews
A prospective panel firm sends over a beautifully formatted Lexcel-accredited compliance manual that ticks all your boxes. But how do you know the policies and processes are actually implemented day to day? Thorough due diligence should include asking for proof of key policies in action, for example, on current or recent files.
Ignoring the supervisory chain
Many due diligence failures originate with firms where the partners are highly experienced, but the bulk of the work will be carried out by juniors. The blind spot here is failing to investigate how the two groups link up. Does the firm have clearly defined supervision, file review, and escalation processes, or are junior staff left to "get on with it" with partners checking in on an ad hoc basis?
Treating all claims as equal
Headline statistics like "three claims in five years" give you an idea of risk, but it's hard to quantify without knowing the root causes behind the claims. Was it one rogue employee who has since left the business (which would represent a contained risk), or was it a systemic failure in the firm's conflict-checking process that still exists today (an active risk)? Understanding the chain of events leading up to any claim is key to accurately assessing the risk to your business should you appoint the firm.
Overlooking the human factor
The firm self-certifies that it uses encrypted email and data transfer software. But if you haven't assessed their practical data-handling, can you be sure everyone is using the company platforms? Common blind spots here include staff using personal devices or email accounts for company communications, or uploading sensitive data to a commercial AI chatbot to help draft a document. It's another potential example of a policy-practice gap that can have serious consequences.
A 360-degree view: the evidence-led approach
Closing due diligence blind spots requires a comprehensive, evidence-led model for evaluating potential panel firms – essentially a "go and see" approach. This might not literally mean an in-person audit, but it does mean looking deeper than self-certification and internal assurances from the firm itself.
The following suggestions are not exhaustive, but illustrate how you can increase the depth of your due diligence reviews across key areas.
Operational integrity
Rather than only reviewing policy and process documents, take a closer look at what's happening in day-to-day practice. Ask for a random, anonymised sample of 5-10 live and closed files for a specific work type, and then assess how well the firm is following its own stated procedures.
Questions to consider when reviewing:
- Are client instructions confirmed in writing?
- Is the advice given clear and documented?
- Does the file tell a logical story from start to finish?
Governance and supervision
To get a better understanding of the overall attitude to risk within the firm, request minutes from recent risk/compliance committee meetings, and interview one or more team leaders.
Questions to consider when reviewing:
- Is risk a genuine agenda item, or a rubber-stamping exercise?
- Can the team leader clearly articulate how they review their team's work and when they escalate issues?
- Are complaints treated as valuable learning opportunities, with clear actions taken?
Financial & commercial controls
Look beyond the firm's credit score. Review their full PII proposal form and complaints register, and request a root cause analysis of any claims exceeding a certain threshold.
Questions to consider when reviewing:
- How has their premium changed over time?
- What story does their insurer's feedback tell?
- Did the firm learn and implement changes after a claim, or do they blame external factors?
Don't gamble on panel appointments
Conducting in-depth due diligence takes time, and for busy insurers, funders and investors, that can mean drawing focus from mission-critical work. But it's a process where you can't afford to take shortcuts either.
That's where Complex Risk comes in. We provide expert, third-party assurance of your current or potential panel firms – carrying out initial due diligence on your behalf, providing ongoing oversight and periodic audits, and supervising remedial actions when standards aren't met, including targeted training for firms' teams where it's needed.
If your pre-panel due diligence process isn't giving you the clarity you need – and you don't want to gamble on your next appointment, speak to Complex Risk today. We'll put together a tailored support package that gives you a clearer picture of your law firms' compliance standards and performance – today, and over the long term.
FAQs
How can we compare firms fairly when they work in different areas?
The best way to compare firms across different practice areas is with a standardised scorecard that covers common themes, such as file quality, supervision, incident handling, and data security. That gives a solid initial benchmark, and you can then add practice-specific criteria to differentiate firms in the same category.
How can we spot "looks good on paper" risks early?
Look out for mismatches that don't make sense. For example, do they have polished process documents but messy file comments? Or detailed tech policies, but little evidence of the relevant tools being used? Focus on the implementation rather than the documentation, and you'll have a clearer picture of the real risk profile.
How does Complex Risk support pre-panel checks?
We review your target firms' regulatory, financial, operational, and conduct risks, and provide expert analysis of their governance and compliance policies and processes. You get practical findings, not just documents, to inform appointment decisions.
What does Complex Risk deliver after the review?
You'll receive a concise due diligence report with ratings, examples, and priority actions, plus optional follow-ups to confirm fixes. We can also monitor your panel firms on an ongoing basis so you can be confident that standards stay consistent post-appointment. Speak to one of our team for details of our tailored monitoring packages.
.svg)