Dennis Fung, Kenneth Goh, Abhishek Amal Sanyal


With threats, including cyber-attacks and data breaches, on the rise, law firms have become increasingly aware of the strategic benefit of internal risk management. Risk management leaders share with ALB on what their firms’ priorities are when tackling potential pitfalls.


How important is the internal risk management function in your firm? What are the big-picture risks currently top of mind of your internal risk managers?


DENNIS FUNG, chief operating officer and chief financial officer, Simmons & Simmons (Asia): In the complex legal landscape we navigate a multitude of risks daily across our Asia offices.

  • Conflict of interest: Transparency is key, with our policy mandating the prompt disclosure of any personal conflicts of interest, ensuring decisions prioritise clients.
  • Confidentiality: Client confidentiality is paramount. Our strict guidelines protect sensitive information, disclosed only when mandated by law.
  • Whistleblowing: A culture of openness prevails, with our whistleblowing policy empowering prompt reporting of unlawful conduct without fear of reprisal, fortifying our firm's integrity.
  • Anti-money laundering: Unwavering commitment to anti-money laundering regulations assures clients of diligent transaction handling.
  • Sanctions: Stringent compliance with sanctions safeguards our reputation and clients' interests.
  • Anti-bribery and corruption: We secure business through legitimate means, adhering to anti-bribery and corruption laws worldwide.
  • Anti-facilitation of tax evasion: Our zero-tolerance stance shields against tax evasion, ensuring unwavering honesty and integrity.
  • Mandatory disclosure: Proactive reporting of relevant arrangements to tax authorities underscores our commitment to transparency.


KENNETH GOH, head of risk and compliance, Dentons Rodyk: It is critical for us as risk management cuts across nearly all aspects of our firm. From our practice areas to non-practice areas such as IT, human resource, finance and office administration, there are risks, which can result in reputational damage, financial loss, and civil or criminal liability, or professional liability.

While the firm has a dedicated risk and compliance team, a firm-wide risk management approach is adopted. There are specially assigned senior partners in the firm, who, together with the chief operating officer, assist the risk and compliance team in dealing with risk management issues.

Big-picture risks include:

  • Money laundering and financing of terrorism:  Risk of inadvertently facilitating an illicit transaction is a pervasive risk, and one that must be mitigated by careful client due diligence measures on an ongoing basis.
  • Sanctions: Non-compliance with sanctions can have serious repercussions. Our anti-money laundering and financing of terrorism policy covers this risk and explains the steps required for compliance with all relevant sanctions regimes.
  • Cybercrime: Technology is a double-edged sword. The way we work has changed immeasurably for the better because of technology. Yet, it also presents opportunities for bad actors, e.g., through malware or phishing, to gain access to confidential or price-sensitive information.
  • Data breaches: The risk of disclosing personal data of clients or staff to a third party can happen easily as all it takes is an email with personal data or other sensitive data inadvertently sent to wrong recipient.
  • Inability to operate in emergencies or disasters: It would be calamitous if we are unable to continue operating because of a natural disaster or other emergency. A business continuity plan is essential to ensure our firm can continue operations.


ABHISHEK AMAL SANYAL, chief risk, audit and compliance officer, Khaitan & Co: As a type of professional services firm, law firms not only inherit the risks associated with operating as a professional services firm, but also must bear an additional risk load, which is inherent to providing legal services that are universally taken to be high on the scale of confidentiality, privacy, and sensitivity. Keeping this in mind, the importance of having an internal, integrated, risk management, compliance and internal audit framework at law firms is underscored. The presence of such an internal, integrated framework empowers law firms to control not only their own exposure to financial impact, regulatory scrutiny, and reputational loss, but also control, very importantly, for any adverse impact on the client.

The top risks that stand out for law firms today are related to the fairly recent and ongoing adoption of artificial intelligence into the daily fabric of legal work; the protection of client data from an information security and privacy perspective; the ongoing compliance to an ever-evolving and complex regulatory regime (such as for the requirements for prohibition of insider trading, and cross-border requirements for service provisioning); and, the ongoing management of client and vendor-related risks (such as for anti-money laundering / anti-terrorist funding considerations, and supplier-specific ethics and related service consumption considerations).



Related Articles

FORUM: Bulletproofing the Future

by Sarah Wong |

The year 2024 is shaping up to be one that combines optimism and caution. Geopolitical contagion and economic headwinds continue to cloud companies' planning, while market optimism and bullish prospects on emerging technologies ignite hope for better days ahead. General counsel share with ALB the risks they perceive, and how they plan to hedge against them.

FORUM: Take No Chances

by Sarah Wong |

With threats, including cyber-attacks and data breaches, on the rise, law firms have become increasingly aware of the strategic benefit of internal risk management. Risk management leaders share with ALB on what their firms’ priorities are when tackling potential pitfalls.