This website uses cookies

This website uses cookies to ensure you get the best experience. By using our website, you agree to our Privacy Policy

Manuel Sanchez

Information Security and Compliance Specialist, iManage

Quotation Marks
"As the lateral hire starts the process of integrating into the firm, security should be part of the onboarding process."

Balancing risk and profitability in the onboarding of lateral hires

Balancing risk and profitability in the onboarding of lateral hires


Lateral hiring in law firms, driven by strategic advantages, necessitates intricate security and compliance vetting processes, says Manuel Sanchez

Law firms have two basic choices when it comes to acquiring talent: they can either hire someone fresh out of law school, or they can hire a more experienced legal professional who has already built a solid reputation and chalked up several – or many – years of experience.

The trend towards option #2 – lateral hires – has been gaining steam in recent years and shows little sign of slowing down. In 2022, for instance, the London legal market saw around 5,500 lateral moves across the AMLaw 100 and UK Lawyer 50 firms.

The reasons for the continued popularity of lateral hires are both strategic and tactical in nature. In many cases, it’s an efficient way for a firm to enhance its reputation and profitability, and strategically expand its footprint either into a particular industry or sector, a new geography, a new practice area or simply strengthen an existing practice area.

Sometimes, the rationale behind lateral hiring is much more tactical in nature: The legal market is very competitive, and firms are keen to acquire talent that brings new client relationships and the associated new business.

Regardless of the underlying reason, lateral hiring activity is continuing at a steady clip across the legal landscape – which means it’s never been more important to shine a light on the security and compliance considerations that need to be carefully addressed when firms bring a lateral hire on board.

Conflicts, compliance, and more

While the compliance checks around a recent graduate are fairly straightforward – perform standard background checks, verify their education, etc. – the vetting process for a lateral hire candidate is much more involved and complicated.

Not only is it necessary to go into much deeper checks to identify and assess the risk a lateral hire could pose to the firm, such as malpractice claims or past allegations within the workplace, they also need to identify any potential conflicts of interest stemming from the client work the lateral hire has performed in the past, as they may have information that an existing client to the firm could perceive as detrimental to their own interest. For instance, have they done extensive work for Company Group X? This might create a conflict if Company Group Y is a client of the hiring firm but also a direct competitor to Company Group X, with both parties being involved in a claim dispute in previous years.

From an information security standpoint, there is also work to be done to protect sensitive client data by identifying the repositories where this data is stored and making sure information barriers or ethical walls are in place. This should ensure that incoming lateral hires with potential conflicts are only able to access the information they need to access, limiting any future repercussions. Skipping any of these areas when bringing lateral hires within the folds of the organisation can be the equivalent of stepping on a security and compliance landmine.

Fortunately, technology – in conjunction with people and processes – can go a long way towards streamlining these complex tasks.

An assist from automation

The process of recruiting lateral hires is constantly evolving, with the Risk & Compliance department becoming more heavily involved from the outset.

The Conflicts Check team needs to perform all necessary checks, as they would do for new matters and clients, accessing and analysing a variety of data points from various different sources. For example, looking at the clients list of the candidate’s current firm, the candidate’s social media accounts or reviewing responses from data collection forms sent to the candidate’s current firm, including any former employees.

This is by no means a small amount of information. It’s a massive amount of data to pore over.

The right technology helps to bring all those data points into a single interface so that the Conflicts Check team can carry out the necessary searches without having to interact with a multitude of different systems, create spreadsheets, and then manually perform checks against that information.

Integrating those diverse different data points – and then providing clear results for those involved in the recruitment process to take the necessary actions – greatly simplifies the process and helps to reduce the possibility of any potential red flags going unnoticed.

Ultimately, the key priority for the firm is to protect their clients’ interests. The more that the Risk & Compliance department can introduce automation into the due diligence process for lateral hires, the better they can deliver more thorough results in a shorter amount of time, and better achieve that goal.

Putting up walls

If a conflict of interest with a potential lateral hire is identified, it needs to be addressed. Typically, that means requesting an existing client to grant a conflict waiver.

A client waiver however is only the tip of the iceberg. Information barriers, or ethical walls, will also need to be put in place across content where the candidate is a conflicted party. This is the most common way for firms to make sure that they’re not in violation of any of the client requirements for confidentiality, ensuring information isn’t open and accessible to everyone in the firm – only those who need to know.

While this process can be done manually, the right technology makes it much more scalable and seamless. Once the hire has been accepted, the process of setting those information barriers can be automated and completed as part of the onboarding workflow – ensuring that information barriers are in place even before the hire starts.

Integrating into a culture of security

As the lateral hire starts the process of integrating into the firm, security should be part of the onboarding process.

Although they may have many years of working experience under their belts, it does not mean that they could not fall victim to a phishing email. It is important to reassure new hires, lateral or otherwise, that the firm takes security seriously and encourages a culture of security.

Building a security culture means all staff across the firm working together to make security part of their daily work and know how to recognise malicious attempts to compromise the firm. To further fuel this culture, firms should consider processes and threat detection systems that are unobtrusive, supported by regular security awareness training.

An intelligent approach drives better business outcomes

Despite the many risks associated with bringing lateral hires into a firm, lateral hiring is not going to go away. That’s because it’s simply too valuable as a tactical and strategic tool for law firms.

As long as that remains the case, law firms would be well served to make sure they’re approaching the lateral hiring process intelligently, in a way that reduces potential risk while maximising the reward. Leaning on technology to automate much of the process and conduct Risk & Compliance activities more thoroughly in less time is a way for firms to reach this promised land and deliver better business outcomes.

Manuel Sanchez is an information security and compliance specialist at iManage