Why Lexcel 6?
If your firm isn't currently accredited to the Law Society Lexcel standard, and you're wondering why you should achieve it, then this article is for you...
While there may be lot of different reasons for achieving the standard, first and foremost is the old favourite, "Compliance." The latest version of Lexcel is the closest version to date to the SRA Handbook 2011 and its requirements, the majority of which are designed not to expose a solicitors firm to any element of risk.
So for example, let's take "strategic planning," which was previously known as business planning. The Lexcel standard now requires firms to prioritise their strategic objectives, and risk assess them to decide which have the greatest risk to the firm's longer term strategic goals, and that whatever the risk there is a plan to mitigate, remove or transfer it so that it becomes manageable to the firm.
Another new requirement of Lexcel 6 is that of a "Compliance Plan." Compliance plans were not explicitly mentioned in the SRA Handbook, however they were referenced as good practice to help firms identify gaps in their compliance against the handbook and put plans in place to close the gaps. Once again, the emphasis here is the removal of risk to the firm, either by mitigating, removing or transferring it. Year on year, the plan should be reviewed against any emerging risks to ensure that the firm maintains its risk profile at an acceptable level.
Lexcel 6 also has a much greater emphasis on Information Security and Management, with Section 3.1 based on the requirements of the government's Cyber-essentials Scheme. Unfortunately, this is a risk not being given proper credence by a large proportion of legal firms, and according to the SRA's Risk Outlook 2015/2016, "many law firms believe themselves to be too small or obscure to warrant the attention of professional hackers." Unfortunately, that simply isn't true, as firms of all sizes are being targeted by ever more sophisticated criminal attacks.
The Risk Outlook goes on to say; "A survey showed that law firms spend less on average than other sectors on internal audits (of Information Security Systems), and that their audit functions typically extend only to traditional financial and operational controls rather than information security.
The same survey found that 45 percent of law firms had suffered an information security incident in the preceding 12 months, and that 5 percent were dealing with staff security issues on a weekly basis. 61 percent of those who had incidents had experienced multiple cases of infection by malware, and a third had faced serious repeated attempts to break into their systems."
And while those law firms may be "closing doors" on each cyberattack as they occur, there is some criminal or another out there who is dreaming up the next one....
So, without going into more detail on the standard, there were three very clear risks that the Lexcel standard is designed to deal with, and help law firms to keep combatting against via the continual annual auditing against the standard.
So if your firm hasn't got Lexcel Version 6, then what are you waiting for?