DLA Piper: A calculated risk - Julia Graham (CRO) and Paul Edwards (CFO)

In early 2011, DLA Piper became the world's biggest law firm with more than 4,000 lawyers in 76 offices in 30 countries. For such a globally distributed organisation risk management and insurance provision pose many challenges, not only in terms of divergent regulations in different jurisdictions, but also from a cost perspective.

To ensure that the right insurance and risk mitigation strategies are in place, and that they are cost-effective, the organisation places great emphasis on the relationship between chief risk officer (CRO) Julia Graham and the firm's top management, including CFO Paul Edwards.

Graham, immediate past president of Airmic and currently VP of FERMA, is in charge of the firm's handling of legal and regulatory risk, operational risk - including HSE and business continuity - and client intake issues such as conflicts of interest and money-laundering countermeasures. Her brief also covers compliance, the purchase of insurance and claims management for all classes of cover. Her previous experience in the financial services industry gives her a unique insight into how different things are in a professional services firm.

"Our business model drives many things, including the relationship between CRO and CFO," says Graham. "It is not like financial services, where often the CRO is the CFO and the role focuses on the market, credit and liquidity risk. In a law firm the agenda is different. Both Paul and I are on the risk committee, which includes the chairman, managing directors and some senior partners, but my focus is on insurance.

"Paul looks at financial management and control, so he wants to see that I spend our money wisely. My role is to agree the insurance programme with the partners who run the business, while part of the CFO's brief is to address challenges like tax and transfer pricing as part of the global insurance programme. He needs to know that it is compliant and appropriate for the territories in which we work."

Edwards, who is responsible for all financial matters outside the US, is part of the firm's international board and its management executive. An ACA, he qualified with Arthur Andersen and has since worked in the finance teams of leading law firms.
"The key thing is the very existence of a CRO, as we need a specialist to advise us when we make commercial decisions," he remarks. "We absolutely need insurance, but it adds red tape and can constrain the business.

"Julia runs the risk committee and it is her job to show all the risks and exposures the firm faces. Usually, the CFO and CRO may have a natural conflict, the former driving growth and the latter controlling risk, but that tension can be very important in creating solutions," he adds.

Graham agrees but says that she is not always pushing in the opposite direction to Edwards. "Risk management is not just about prevention; it is about converting opportunity," she explains. "It is partly about comforting non-executive directors so that they are less risk-averse. Risk has negative connotations, so the challenge is to play the upside."

"The management team doesn't see the CRO role as a negative thing," stresses Edwards. "We must have a more enlightened view. Professional indemnity, which is a very specific area of expertise for Julia, is very important. Sure, the CFO might get frustrated by the many regulations around the world, but Julia must guide us through that to help the board understand them."

Global policy, local cover

DLA Piper operates a global insurance programme to ensure consistency and economies of scale, but the most important driver is central control. The core team of centralised expertise under Graham makes managing compliance simpler.

"Compliance can be a challenge, especially in emerging markets, where local tax and regulatory regimes differ," comments Graham. "You have to navigate a very complex landscape in which markets are at very different levels of maturity, and regimes are changing all the time. There is no blueprint for an insurance programme. You can't just get an off-the-shelf solution from a broker."

The core team handles many kinds of insurance, but the most significant is cover for malpractice; broadly speaking, this is the equivalent of D&O insurance.

"Malpractice insurance is the biggest professional risk for us," confirms Graham. "D&O insurance covers management liability for the actions of external directors and the management of the firm, but professional indemnity, or malpractice, is our largest kind of cover by far and takes priority over D&O."

Important work by the likes of FERMA and Airmic is bringing the industry together to improve the options from brokers and make choices less disparate, but there is still much to do.

"The complexity of a global insurance programme means that as CRO I have to be very inquisitive and constantly vigilant," says Graham. "My team must stay informed and educated, which helps relationships with brokers. We develop a partnership with them and work closely together to design programmes. For instance, we may need local cover to get a business running in a particular market, as well as the umbrella of the global programme. It is a complex structure, which is why we need a dedicated professional to manage it."

Topical risks

To control this complexity, DLA Piper has a risk register which is constantly updated to track topical risks. These comprise: the economic environment; the rising tide of tougher regulation; security of information; the fight for top talent; perennial risks; and the risk of catastrophes, whether they be natural disasters or the social unrest seen in markets like Egypt.

"We have to look at very specific types of risk and mitigate any risk that might affect the way we deliver on our strategy," says Graham. "We are specific about risks so that people can embed them in how they manage the business. Governance and risk compliance are managed very closely together."

"I want a CRO who brings up and addresses issues by working with the CFO and senior management," says Edwards. "We want to know if we have suitable plans for disaster recovery to react to things like outbreaks of swine flu or the earthquakes that Japan had this year. We need Julia to put a good system in place that is cost-effective."

Events constantly inform the firm's risk profile. The ongoing problems at News Corporation emphasise issues like reputational risk, and also raise questions about the workability of D&O cover when management schisms pit directors - and their insurers - against each other.

In short, a big professional services firm needs not only a risk specialist like Graham, but a coherent, global, enterprise-wide strategy for risk management to ensure compliance and cost-effective cover.

Company profile: DLA Piper

DLA Piper was created in 2005 by the merger of DLA, Piper Rudnick and Gray Cary.

The company employs 4,200 lawyers in nearly 76 offices in Asia-Pacific, Europe, the Middle East and the US.

With a direct presence in 30 countries, DLA Piper's clients include more than half of the Fortune 250 and nearly half of the FTSE 350 or their subsidiaries.

The company offers services in multiple business sectors including banking; healthcare, insurance and reinsurance, and technology.

DLA Piper adopts an enterprise approach to risk delivered by an integrated, international risk management and compliance team.

In 2011 DLA Piper became the world's largest law firm.