Rule 9.2.1 provides an exception to the duty of confidentiality where your client has expressly or impliedly authorised a disclosure. 

The Law Council of Australia’s commentary on the professional conduct rules (LCA commentary) notes that there is a degree of overlap between Rule 9.2.1 and rules allowing a solicitor to impart a client’s confidential information to colleagues in their law practice, other than where such information was clearly confided personally and exclusively to the solicitor (Rule 9.1.1) and that recognise that a solicitor may be either permitted or compelled by law to disclose a client’s confidential information (Rule 9.2.2). The LCA notes that: 

Rule 9.2.1 also encompasses situations where disclosure of client confidential information is necessarily incidental to the provision of the legal service sought by the client. The purpose of the express or implied authorisation exception in Rule 9.2.1 is to enable disclosure of information “precisely so that it can be used or disclosed for its purpose in the representation” and the duty of confidentiality “must be read subject to the lawyer’s authority to use and disclose information – albeit for the limited purpose of the retainer – where this is necessary for, or incidental to, the proper and normal conduct of the retainer.” 

A client may expressly authorise you to disclose confidential information in various circumstances, such as where a client has agreed to obtaining counsel’s advice, or instructed or agreed to the solicitor obtaining advice or assistance from another law practice. 

The LCA commentary notes that an example of implied authorisation includes a situation where a solicitor is retained to undertake a property conveyance. In this scenario, the solicitor would be considered to have implied authorisation to communicate such client information as is necessary to complete the conveyancing transaction to the other party and their solicitors, relevant financial institutions, and relevant government agencies. 

As a lawyer, you owe a duty of confidentiality to your clients not to disclose their confidential information. There are very limited exceptions to this general duty.

The duty of confidentiality is at the heart of the lawyer-client relationship. It is also fundamental to the effective operation of the justice system.

This guidance focuses on the exceptions to the duty of confidentiality. It has been designed to provide practical assistance to lawyers to help them assess when they can disclose confidential information. It also provides guidance on actions to be taken when a disclosure is made.

The duty of confidentiality is set out in rule 9 of the Legal Profession Uniform Law Australian Solicitors’ Conduct Rules 2015 (the professional conduct rules). This includes certain exceptions to the duty which permit the disclosure of confidential information that are important to understand.

A decision to disclose confidential information in accordance with an exception listed in rule 9 should not be taken lightly. Inappropriate disclosure may harm your client’s interests, or result in your client losing their legal privilege. It could also result in disciplinary action against you, civil action against your firm (e.g. a claim for damages) and/or breach of state or federal privacy laws (where they apply to your practice).

On this page

Commissioner's foreword

Welcome to the VLSB+C’s Risk Outlook 2023, which highlights five risks for the Victorian profession that will be areas of regulatory focus for us in the coming year. It describes issues and conduct associated with each risk – all of which have the potential to cause consumer harm – and explains our planned response to them. It also contains some useful tips about how to avoid these risks.

One of our organisational goals is to improve our communication with lawyers. I hope that you take the time to read this publication, consider its relevance to your workplace and, if necessary, follow our tips.

We plan to publish a Risk Outlook annually, so we're interested in whether you find it useful and any improvement suggestions you may have. Please send any feedback to: policy&consultations@lsbc.vic.gov.au.

Key risks for the legal profession in 2023

1. Cybercrime

Globally and domestically, cybercrime is surging.

Hackers and cybercriminals are constantly alert to vulnerabilities that allow them to steal money or sensitive and/or confidential data. Recent events at Optus and Medibank show the scale of reputational and personal damage that successful cyberattacks can cause businesses and their customers.

Law practices are holders of often-significant client funds and sensitive information. They are an obvious and rich target for cybercrime. This is borne out by both the number and quantum of cybersecurity claims processed by the Legal Practitioners’ Liability Committee, which continues to increase year on year.

For this reason, preventing cybercrime in law practices is one of our five key regulatory focus areas for 2023.

When considering the possibility of a cybercrime incident affecting their operations, law practice principals need to be aware that cybercriminals do not just target large or medium-sized law firms, or specialist conveyancing practices. Irrespective of size or area of practice, all law practices are likely to store sensitive client information that, if released, could compromise a client’s business activities or personal privacy. Smaller law practices and sole practitioners often handle large money transactions in high-value property transfers, deceased estates, and family law settlements, making them lucrative targets for cybercriminals to infiltrate. 

Specific issue/conduct of concern and our regulatory response

In terms of cybersecurity breaches, we have recently seen phishing (including voice impersonation fraud and phone hacking), email modification/redirection frauds (involving compromised email accounts and fraudulently altered bank account payment directions on emails) and ransomware attacks on law practices. Attacks on third party service providers, for example on IT platforms used by law practices, have also occurred.

Our observation is that cybersecurity breaches are typically the result of insufficient systems and/or behavioural controls in law practices.

Systems controls include having strong passwords, multi-factor authentication, prompt security updates, appropriately secure technology platforms and experienced IT support.

Behavioural controls are controls on the actions of individuals. They include protocols or procedures requiring staff to, for example, confirm bank details in person before authorising payment, never rely on email authorisation for electronic funds transfers and add a “call before you pay” notice to email footers. Other behavioural controls involve educating clients and staff about security risks, building a culture in which people can quickly raise security breaches, and clearly explaining to employees why certain security protocols are required.

We expect principals in law practices of all sizes and in all practice areas to implement appropriate systems and behavioural controls, scaled to reflect their entity’s size and level of risk. We will support the profession in this endeavour by working with the Legal Practitioners’ Liability Committee and Law Institute of Victoria to:

• help the profession deal with known cyber risks
• share intelligence about emerging risks and potential cyberattacks, and
• develop minimum cyber risk management standards.

Our regulatory response to this issue will also involve:

• undertaking compliance audits of at-risk law practices – using our powers under section 256 of the Legal Profession Uniform Law (LPUL) – where there are reasonable grounds to do so based on the conduct of, or a complaint against, the practice or one of its associates
• where relevant, issuing management system directions under section 257 of the LPUL to ensure that a law practice implements the necessary cybersecurity procedures to competently provide legal services
• inspecting trust accounts, and issuing management system directions, where we have reason to believe – based on information received from banks, external examiners, clients or mandatory reports – that there is a security threat to a law practice’s trust account, and
• where necessary, taking disciplinary action against individuals regarding failures to implement appropriate cybersecurity measures, leading to actual or potential consumer harm.

Tip: Our guidance to the profession on the minimum cybersecurity expectations for law practices can be found on our website, as well as information for lawyers on the common warning signs of a cyberattack and good cybersecurity practices for lawyers to adopt in their day-to-day work.

2. Costs disclosure non-compliance

In Australia, as in many other countries, there has been a tightening of monetary policy in response to inflationary pressures, with successive rapid interest rate rises affecting both retail and commercial borrowers’ ability to service debt. In addition, labour shortages are making it harder for businesses to hire and retain personnel with the required experience to undertake profitable work.

Financial and staffing pressures that affect law practices’ operations and viability may exacerbate the risk of non-compliance with important legislative obligations. One such obligation is costs disclosure that complies with the LPUL.

Unfortunately, we continue to receive a high volume of complaints from consumers about their lawyers’ bills, many of which could have been avoided had the appropriate disclosure been provided. The resulting harm caused to consumers is the reason non-compliance with costs disclosure obligations is our second key area of regulatory focus in 2023.

Costs disclosure is a critical consumer protection. Not having transparent information about their estimated legal costs causes clients distress, diminishes their ability to make informed decisions about whether and how to proceed with their matter, and fractures their trust in their lawyer. Conversely, full and effective costs disclosure is a valuable tool in establishing and maintaining good working relationships with clients – relationships that are likely to enhance a law practice’s sustainability by leading to repeat business and word-of-mouth referrals.

Specific issue/conduct of concern and our regulatory response

The types of non-compliance, or inadequate compliance, with costs disclosure obligations that we see most often relate to LPUL requirements to:

• provide an estimate of a client’s total legal costs
• update costs disclosure as soon as practicable
• take reasonable steps to ensure a client understands and consents to proposed costs, and
• notify clients of their rights in a costs dispute.

We have also observed concerning failures by lawyers to comply with disclosure requirements regarding conditional costs agreements, including the requirement for a client to sign these agreements.

Our own and others' research suggests that disclosure can be challenging, particularly in matters that are complex or which involve multiple stages. Therefore, we will work to educate the profession about our expectations, and assist lawyers to provide disclosure that is both compliant and effective. We will also participate in the Legal Services Council’s review of costs disclosure obligations and advocate to make aspects of disclosure more straightforward for lawyers.

We will also respond to non-compliance using regulatory powers where appropriate. In certain circumstances, a warning may be sufficient, but if non-compliance is recurring, substantial or egregious, we may:

• determine that a lawyer has engaged in unsatisfactory professional conduct, or
• prosecute the lawyer for professional misconduct.

Tip: Understanding the work likely to be involved in a matter – and any contingencies – will assist you to provide full, frank and compliant costs disclosure. It is crucial that you detail the assumptions on which your costs estimate is based, the normal scope of work that would be expected in a client’s matter, and the variables that might cause your costs estimate to change. Having this information front and centre will also help you to update your disclosure in a timely and informative way. Tip 2: Law practices can reinforce costs disclosure discipline by putting in place processes that require employees to undertake detailed scoping work and regular reviews. Costs disclosure precedents, such as those published by the Law Institute of Victoria, may be useful. Tip 3: If you’re not particularly experienced in a particular area of law, there’s a risk you won’t fully understand the complexity of a matter or anticipate the work involved, which in turn makes it harder to provide proper costs disclosure (as well quality advice). This risk is significantly lower if you do work you know and understand.

3. Non-compliance with trust money obligations

The same kind of business pressures that may lead to, or exacerbate, law practice non-compliance with costs disclosure requirements may also result in increased non-compliance with trust money obligations.

The importance of complying with trust money requirements – and the risk to consumers when this does not happen – is hard to overstate. It is reflected in the legislative protections that apply to money held on trust. Only principals or legal directors authorised to receive trust money may do so, and they must comply with the extensive provisions designed to guard against misuse of trust money set out in Part 4.2 of the LPUL. All lawyers have obligations to understand key trust money obligations, not to cause deficiencies in trust accounts, and to report any irregularity or suspected irregularity in a trust account to us.

Many client harms can occur when lawyers:

• do not have trust authorisation but nonetheless accept and deal with trust money
• have trust authorisation but do not understand their trust account obligations
• fail to keep proper records of the money that they deal with
• fail to notify us when they cause a deficiency in a trust account, or
• fail to notify us of irregularities or suspected irregularities.

Client harms range from stress caused by delays and difficulties in locating or understanding where their money has gone, to the loss of significant amounts of money due to negligence or fraud perpetuated or aggravated by the law practice. A lawyer’s non-compliance with trust money obligations also makes it harder for us to assist clients to access the protections that may be available to them under the Fidelity Fund.

Despite the critical importance of ensuring that trust money is treated in a way that protects the interests of the persons for whom it is held, we continue to see lawyers who do not comply with their regulatory obligations. Accordingly, and given what we see as an increased risk of non-compliance, trust money non-compliance is our third key area of regulatory focus for 2023.

Specific issue/conduct of concern and our regulatory response

The types of non-compliance with trust money obligations that we have identified range from lower-end (but still concerning) breaches of accounting requirements to significant contraventions of what should be well-understood obligations. Matters of particular concern to us involve:

• not sending trust statements as soon as practicable after 30 June
• not having up-to-date trust account reconciliations
• withdrawing a client’s money from a trust account before they have had time to review (and object to) their bill for legal costs
• failing to identify and notify us of trust account irregularities or suspected irregularities, as required under section 154 of the LPUL
• not properly supervising trust accounts, and
• failing to implement basic measures to prevent cybercrime.

We are also particularly concerned about lawyers seeking payment in advance of providing legal services and claiming – erroneously – that the money is not trust money, because of the terms on which the legal services are to be provided.

Our approach to dealing with these issues is multi-faceted.

Because we want practitioners to be well-placed to understand their legislative obligations, we plan to work with legal education providers to improve education outcomes regarding trust obligations. We will also develop an information pack on trust obligations to be sent to lawyers after they obtain a principal practising certificate, and create clearer pathways for lawyers to report trust irregularities or suspected irregularities.

We will respond to every reported breach and, if necessary:

• investigate or conduct an audit of law practices’ record keeping, in circumstances where their external examiner report identifies significant or systemic breaches in their management of trust money
• use our powers under section 257 of the LPUL to issue binding management system directions directed at ensuring better trust account management, and
• take disciplinary action against holders of trust account authorisation.

Tip: If you’re unsure of your trust money obligations or concerned about your trust account management practices, seek help from the Law Institute of Victoria’s confidential trust consultancy service, TrustConsult, which supports lawyers to implement sound trust money and trust record management practices, or validate existing practices. Our website has a good overview of your obligations in managing a trust account.

4. Unethical conduct

Two of a lawyer’s fundamental ethical duties are to act with honesty and integrity, and to act in their clients’ best interests. Lawyers are also ethically obliged not to place their own interests above those of their clients.

These basic ethical obligations are a cornerstone of the profession. Unfortunately, there is a concerning trend of a small number of lawyers acting unethically and/or improperly to protect either their own or a client’s interests, and in doing so causing significant consumer harm.

Unethical and improper conduct is our fourth area of regulatory focus for 2023.

Specific issue/conduct of concern and our regulatory response

It is well-understood among the profession that lodging caveats without having proper grounds to do so is unethical. Unfortunately, we have identified several instances in which lawyers have improperly lodged caveats. We have encountered lawyers who have lodged caveats over their client’s property to secure their own costs, despite not having a charging clause in their retainer. We have also observed lawyers lodging caveats on behalf of their clients, without having sufficient instructions and/or a proper basis to do so. As well as being unethical, conduct of this kind forces applications to the Supreme Court of Victoria for the caveat’s removal – a process that involves time and expense, and may require legal advice.

Similarly, we have observed increasing numbers of lawyers claiming liens over client files to secure outstanding legal costs without ensuring they have a proper basis to do so. In some cases, liens have been claimed without a lawyer having given their client a bill. Although technically permissible, this is usually unfair. We are also aware of lawyers claiming liens over wills for unpaid legal fees when there is no right to do so.

Dishonest attempts to conceal mistakes is an increasing problem. This conduct may often be the product of extreme pressure and stress, which reduce a lawyer’s wellbeing and professional judgement. Nonetheless, it is an unjustifiable ethical breach.

Incidents involving gross overcharging of clients are also of critical concern to us, as they cause serious consumer harm and bring the profession into disrepute.

We will respond to these issues using several regulatory tools at our disposal. We will:

• undertake targeted communications campaigns for the profession
• attempt to informally resolve complaints – noting that these issues raise the prospect of a finding of professional misconduct, and are more likely to be escalated for formal investigation
• where appropriate, formally investigate complaints and take disciplinary action.

We may also pursue disciplinary charges against law practice principals if the relevant conduct reflects poor practice management.

Tip: Before lodging a caveat over property, familiarise yourself with the relevant case law. Ensure you have evidence of a proper basis to lodge the caveat. Obtain proper instructions from your client. Tip 2: Rules 14 and 15 of the Legal Profession Uniform Law Australian Solicitors’ Conduct Rules 2015 set out your obligations when claiming a lien. If, after reviewing these rules, you remain unsure whether you have the proper grounds to do so, you should review relevant commentary (see Handy Hints on Legal Practice and Law of Costs), guidance and case law or seek assistance from the Law Institute of Victoria’s Ethics line by phoning 03 9607 9336. Tip 3: If you make a mistake in your practice, resist the urge to conceal it. Mistakes happen to everyone. They can usually be rectified and are unlikely to lead to the cancellation of your practising certificate. Once dishonesty occurs, the situation becomes much more serious, and you risk losing your right to practise. If you need help sorting out a mistake, the Law Institute of Victoria’s Ethics Line is a good place to start.

5. Inadequate supervision and oversight

The meaningful supervision of lawyers in the early stages of their careers, and the diligent oversight of law practices, are necessary pre-conditions for good client outcomes. This is recognised by the LPUL, which restricts new lawyers from engaging in unsupervised practice for a set period and makes principals responsible for taking reasonable steps to ensure that the legal services provided by – and the conduct of employees at – their law practice comply with regulatory requirements.

Unfortunately, we have encountered matters in which early career lawyers have not been adequately supervised in their delivery of legal services. We have also identified law practices in which the required legal directors have been unable answer questions about the practice’s operation, due to a lack of insight into the responsibilities of a principal. Accordingly, inadequate supervision and oversight is our fifth area of regulatory focus for 2023.

Specific issue/conduct of concern and our regulatory response

We urge lawyers to understand the risks of failing to appropriately supervise early career lawyers. Supervising lawyers should ensure that they provide the degree of feedback and overall oversight necessary to ensure that supervisees provide quality legal services, and progressively develop the type of skills they need to operate independently in the future. Specific arrangements should be put in place to ensure that early career lawyers who are not physically co-located with their supervisor are supervised effectively.

We also remind lawyers of the significant risks to clients, and their own associated disciplinary risks, of acting as a principal or legal director for law practices over which they do not have the required oversight. The risk to clients of being exposed to incompetent legal advice, or the risk of the law practice being used to achieve fraudulent ends, is clear.

Our regulatory response to these issues in 2023 will involve:  

• talking to principals and/or supervising lawyers to determine whether there has been any failure to properly supervise new or inexperienced lawyers, in circumstances where we have concerns about the quality of legal services provided or the conduct of the lawyers in question
• undertaking targeted discussions with principal lawyers/legal directors of multiple law practices, to confirm that appropriate oversight is being provided
• if required, using our compliance audit powers under section 256 of the LPUL to examine the practice management of law practices whose principal lawyers/legal directors act in that capacity for multiple practices
• if necessary, issuing management system directions to law practices under section 257 of the LPUL, and
• taking any other disciplinary action we consider appropriate.

More and more Victorians are feeling the impacts of the state’s growing housing crisis. That’s why the Victorian Legal Services Board and Commissioner is interested in addressing the associated legal problems. We asked consumer rights advocate and lawyer Gerard Brody to explore the legal sector’s role in improving housing security in Victoria.

On this page

Commissioner's introduction

Welcome to the VLSB+C’s Risk Outlook 2024, our second annual overview of the risks facing the legal sector in Victoria.

All businesses and service providers are exposed to risks that need to be identified and controlled, and legal practices are no exception.

In a previous life, I was CEO of Justice Connect and before that, General Counsel at World Vision Australia, and Special Counsel at Clayton Utz. So I appreciate the range of risks that lawyers confront and successfully deal with on a daily basis – risks to their organisation’s security, financial viability and reputation, their personnel, their clients and even themselves.

Our objective in publishing this risk outlook is not to exhaustively catalogue all the risks facing the profession, but rather to spotlight certain risks that we, as Victoria’s legal regulator, are most concerned about. These are the risks that are causing consumer harm – or have the potential to cause harm – and therefore have serious regulatory implications.

Some of the risks we explore this year have carried over from last year’s risk outlook. That’s because cybersecurity breaches, non-compliance with core legislative obligations, unethical practice and inadequate supervision in law practices continue to happen, to clients’ detriment. This year we’re also flagging, for the first time, risks associated with the use of artificial intelligence, involvement in certain referral schemes and inadvertent facilitation of money laundering.

Poor or deficient practice in any of these areas is a breach of your professional duties and obligations that may attract regulatory attention. At the practice level, this might mean we undertake compliance audits of firms, inspect trust accounts, and/or issue management system directions. If warranted, we may also investigate individual lawyers’ conduct and act to vary, suspend or cancel practising certificates, or prosecute breaches of the Legal Profession Uniform Law (Uniform Law) or rules made under the Uniform Law.

Fortunately, almost every risk is either preventable, or can be substantially minimised. Taking the time to understand each of these risks and implement measures to avoid or prevent them will help you meet your professional and ethical duties. Keeping up to date with meaningful continuing professional development is also important, as is ensuring you have the professional and personal support you need – our experience is that when lawyers deal proactively with emerging challenges, and seek help early, outcomes are significantly better for all involved. We also have many helpful tips and resources for you.

I welcome your comments on the utility of this risk outlook, including any improvements you may suggest. Please direct feedback to: policy&consultations@lsbc.vic.gov.au.

1. Cybersecurity breaches

The scale and severity of cybercrime continues to increase, adversely affecting individuals, businesses and governments globally. The magnitude of this risk warrants urgent attention, which is why cybersecurity is this year’s priority risk, as it was last year.

In the Australian Signals Directorate’s (ASD’s) most recent Annual cyber threat report, it was noted that a cybercrime is reported roughly every six minutes in Australia – up from one report every seven minutes. In 2022–23, there were nearly 94,000 cybercrimes, 23% more than the previous year. The average self-reported cost of cybercrime was up by 14% to $46,000 for small businesses, $97,200 for medium businesses and $71,600 for large businesses. The professional, scientific and technical services sector reported the highest number of ransomware-related cybersecurity incidents. The top three cybercrimes reported by businesses were email compromise, business email compromise fraud, and online banking fraud.

The prevalence of cybersecurity incidents in the professional sector, and the increase in monetary loss, is consistent with the experience of the Legal Practitioners’ Liability Committee (LPLC). In December 2023, LPLC reported a surge in cyber fraud incidents affecting law practices, including many small firms and sole practitioners. They noted that claim costs for the first five months of the 2023-2024 financial year had already exceeded the entire 2022–2023 financial year, due to larger sums being stolen, and recovery of funds often not being possible.

In last year’s risk outlook, we clearly outlined our expectations for law practices of all sizes and in all practice areas to implement appropriate cybersecurity measures, scaled to reflect their entity’s size and level of risk. We know that law practices are lucrative targets for cybercriminals wanting to steal money or information, and their methods for doing so are sophisticated and continually evolving. The need to take preventative action is vital.

Our Minimum cybersecurity expectations resource, published earlier this year, details the system and behavioural controls that we expect all law practices to implement to help minimise the risk of cyber-attacks. It also highlights three ‘critical controls’ that offer significant protection from cyber-attacks. These critical controls are straightforward to implement, and if you’re a principal of a practice and have yet to put them in place, they should be your highest priority. They are:

1. turning on multi-factor authentication (MFA) on all online accounts and services where it’s available
2. having strong and unique passwords or passphrases for all devices or accounts used to handle work data, and
3. turning on automatic software updates where available, or manually checking for new, improved, or fixed versions at least once a fortnight.

Each of these critical controls is also recommended in the ASD’s 2022–2023 Cyber threat trends for Australian businesses and organisations fact sheet.

While law practice principals are responsible for implementing the system and behavioural controls outlined in our Minimum cybersecurity expectations resource, cyber-safe practice is a crucial professional competency for all lawyers. Our Red flags and good practices resource helps law practice employees and volunteers understand the warning signs of a cyberattack or breach and respond swiftly to mitigate its impact. This resource also includes information about good cybersecurity habits to develop and details our expectation that lawyers verify client identities before acting on email instructions.

Even when appropriate cyber controls are implemented, we appreciate that breaches may occur. A brief checklist we’ve prepared about how to respond to a breach can be found here, and we recommend that you prepare yourself for this eventuality by developing an incident response plan. The LPLC’s Cyber security guide for lawyers and the Law Council of Australia’s Cyber precedent are useful starting points.

In the event of a breach, we expect you to take immediate and proactive steps to stop the threat, secure systems and make relevant notifications. You should report all incidents to our office via our lawyer enquiry form, including near misses. We don’t want to know about obvious spam that you delete, but we do need to know about external attempts to breach your systems (which you avert) or successful breaches that you quickly identify and rectify.

For those law practices using the latest version of Microsoft Outlook, there is now a phishing notification icon allowing direct reporting of phishing emails to your network administrator.

2. Artificial intelligence – improper use

A key risk this year concerns lawyers’ use of artificial intelligence (AI) platforms.

AI’s potentially transformative effect on the profession has been the subject of much media and professional commentary during the past year. This technology clearly offers law practices significant benefits, and consumers increased ways to access help with legal problems. Using AI, law practices can automate labour-intensive and repetitive tasks, triage clients, identify legal issues, and improve the clarity and comprehensibility of legal information and advice. We know the profession is already experimenting with large language models (LLMs) – a form of AI that can process and generate text – and are even developing in-house LLMs using their own data.

Understanding how AI works is an important technical competency that all lawyers should develop. However, while enjoying the benefits of AI, it’s important to remember that you’re obliged to provide competent, ethical and confidential services, irrespective of the tools you use to deliver them. We offer a brief overview of some of the features, risks and limitations of AI in our Generative AI and lawyers resource. The LPLC and the Supreme Court of Victoria have produced useful commentary for practitioners on this topic. The Victorian Bar has also produced four seminars on AI and the legal profession, which are available to be viewed by its members.

If you use AI in your work, we expect you to:

• understand that it is your duty to provide accurate legal information, not the duty of the AI program you use, and therefore you will be held responsible for your output
• never use AI to create outputs you’re not personally capable of validating (e.g. translating legal information into a language you don’t speak)
• properly supervise early career lawyers and legal support staff using AI in the course of their work, and verify their output
• never enter confidential, sensitive or privileged client data into generic LLMs or other AI products
• thoroughly assess whether it’s appropriate to use client data to train in-house LLMs or AI products, noting that regulatory implications will flow if confidential or privileged information is incorporated in a way that breaches client confidentiality, or results in information from a client matter being used to benefit other clients
• understand how your clients may be adversely and unfairly affected by AI (e.g. because of bias or discrimination within automated decision-making platforms)
• be transparent with your clients about your use of AI, and pay regard to any concerns raised by clients, and
• comply with any regulatory guidance that VLSB+C may issue on the use of AI.

Despite the current limitations of AI – and the need to be careful about when and how AI products are used to deliver legal services – we appreciate the benefits this technology will deliver for lawyers and their clients. However, notwithstanding the benefits of AI, it pays to remember that unlike a great lawyer, AI cannot exercise superior judgement. It remains your responsibility to understand a matter in the context of legal principles, the human psychology of its parties, external complicating factors and future possibilities. It’s ultimately your expertise that clients rely upon when they engage your services.

You can find more information in our statement on AI use in Australian legal practices.

3. Uniform Law obligations – non-compliance

This year, failures to comply with key legislative obligations continue to be a regulatory concern. Of particular concern, and of significant harm to consumers, are breaches of trust accounting requirements and costs disclosure requirements.

Costs disclosure

About one third of all complaints we receive concern legal costs. This is an ongoing trend, and while not all costs complaints we receive involve poor or inadequate disclosure, our analysis shows that many do. As an obvious risk factor for client dissatisfaction and potential disciplinary action, this is something that all lawyers should take steps to avoid.

In 2022, the Victoria Law Foundation (VLF) undertook a Public Understanding of Law Survey (PULS), which explored how people understand, experience and navigate law, and everyday life problems with a legal dimension. This large-scale survey was made up of a predominantly face-to-face sample of 6,008 respondents across Victoria. The PULS found that although an overwhelming majority of survey respondents agreed or agreed strongly that they trusted lawyers to be knowledgeable and skilled in their work (96%), and to act in their best interests (92%), they were far less likely to trust lawyers not to overcharge them (63% agreed or strongly agreed). These results corroborate what we see as the regulator, that a lack of public confidence in the profession is far more likely to centre around costs and charging than the quality or benefit of lawyers’ work.

This finding confirms the importance and value of good costs disclosure – by which we mean compliant disclosure, explained fully and transparently. Good costs disclosure is a valuable tool in establishing and maintaining good working relationships with clients, and gives your practice a significant reputational advantage by encouraging repeat business and word-of-mouth referrals.

We appreciate that good costs disclosure is not always straightforward and in the year ahead we’ll work with the Legal Services Council and regulators in other Uniform Law jurisdictions to identify opportunities to improve the operation of these requirements. We’ll also continue our in-house Costs Support Program, where we provide support to lawyers who generate a high or disproportionate number of costs complaints and who need help complying with their costs disclosure obligations. This is a voluntary program that helps lawyers understand our expectations, provide compliant and effective disclosure, and implement better business practices.

Our website has useful general information about your costs disclosure obligations under the Uniform Law and last year’s risk outlook also has useful tips on providing full, frank and compliant costs disclosure. We also encourage you to consider the examples of good costing practices identified by the VLF and Monash University in recent VLSB+C-commissioned research on pricing practices in Victorian legal services, including:

• using regular billing cycles to prevent bill shock and keep clients informed
• raising the issue of costs directly and up-front with a client at the initial interview, clarifying exclusions and inclusions, and providing price breakdowns in respect of complex or multi-stage work
• setting clear boundaries to help clients understand the service being provided, and
• adopting digital tools to track billing against the estimate provided.

Trust money

In last year’s risk outlook we described the significant harm to consumers when trust money is improperly handled, accurate trust records are not maintained, or lawyers fail to comply with compulsory notification requirements. Despite this, we continue to see lawyers who do not comply with their legal obligations, even though this is on its face unsatisfactory professional conduct – and a relevant consideration for us when determining whether to renew a practising certificate.

The trust money obligations set out in Part 4.2 of the Uniform Law and associated rules are foundational consumer protection provisions that are designed to protect law practice clients from the theft or misapplication of their funds. We expect strict and complete compliance with these obligations if you’re authorised to receive trust money. In particular, we remind you that you must:

• provide trust statements as soon as practicable after 30 June
• meet all end of year trust reporting requirements
• have up-to-date trust account reconciliations
• not withdraw client money from a trust account before clients have had time to review (and object to) their bills
• identify and notify us of trust account deficiencies or irregularities (or suspected irregularities) as required under section 154 of the Uniform Law, using our online trust account irregularity reporting form
• properly supervise trust accounts, and
• implement appropriate cybersecurity to prevent breaches (see our minimum cybersecurity expectations for guidance).

Even if you are not authorised to receive trust money (which is always the case, unless you have a practising certificate that specifically authorises you to receive it), we nonetheless expect you to:

• understand what trust money is and how it should be treated, and
• report any irregularities or suspected irregularities in a trust account to us as soon as is practicable, using our online trust account irregularity reporting form.

If you have recently been granted trust authorisation, or need a refresher about your obligations, you should closely read our information on Managing trust accounts. If you’re concerned about your trust money and trust account management practices, please seek help from the Law Institute of Victoria’s confidential complimentary trust consultancy service, TrustConsult. Email them at trustconsult@liv.asn.au or call 03 9607 9447.

4. Failure to comply with fundamental ethical duties

It’s a fundamental ethical duty of all lawyers to be honest, avoid compromise to their integrity and professional independence, and act in a client’s best interests. These duties are at the heart of what it means to be a member of the legal profession. If breached, they generally attract disciplinary sanctions.

Although most Victorian lawyers acquit their duties admirably, unethical and unprofessional conduct can occur. Sometimes, this can follow a lawyer’s failure to put in place and maintain proper professional boundaries with clients and other parties. More often, it’s linked to poor judgement exacerbated by stress, an inadequate understanding of substantive legal requirements, or simply failing to act fairly, honestly or reasonably in all circumstances.

In this section of the risk outlook, we’ll cover the forms of unethical behaviour that will be a regulatory priority for us in 2024–25.

If you require confidential ethical support, the LIV Ethics helpline is available to all lawyers by emailing ethics@liv.asn.au or calling 03 9607 9336. The Victorian Bar has a Health & Wellbeing Portal for barristers and a dedicated Ethics Committee that provides ethics resolutions and confidential guidance to barristers. More generally, you might like to undertake a guided reflection on your ethical understanding (and identify any skills or knowledge gaps) by using the reflective self-assessment tools we’ve developed for early-career, mid-career, and senior lawyers.

Dishonestly concealing mistakes

We’ve observed an unfortunate trend of lawyers ‘covering up’, disguising or concealing an embarrassing mistake or negligence, instead of being transparent with clients or employers about what’s happened. This includes instances of lawyers falsely witnessing affidavits, forging signatures and creating false documents before filing them at court.

In most cases we’ve investigated, a lawyer’s ethical and professional judgement has been impaired due to extreme pressure or stress caused by a poor working environment. Although we appreciate this context, it’s never an excuse: as officers of the court, dishonesty in lawyers is always unjustifiable. Disciplinary consequences can include being formally reprimanded and penalised, suspended for lengthy periods and even struck off the Supreme Court roll of lawyers.

All lawyers make mistakes. What matters most is how they deal with them. If you make a mistake, we expect you to remedy it properly and honestly. This involves admitting to the mistake (to both your employer and client), taking appropriate corrective or mitigating action and, if necessary, advising your client to seek independent legal advice. As we made clear in a recent Commissioner update, if a mistake is remedied properly and honestly, there may be no need for us to get involved.

Lodging caveats improperly

We continue to observe lawyers lodging caveats without having the proper grounds to do so. This is well-established unethical conduct and causes consumer harm by forcing the owner of an improperly caveated property to apply to the Supreme Court for the caveat’s removal – a process that involves time and expense, and may require legal advice.

Before lodging a caveat, you must ensure you’re up to date on the relevant case law. You should also make sure you have evidence of a proper basis on which to lodge the caveat, and obtain proper instructions from your client.

Gross overcharging

Incidents involving gross overcharging of clients continue to occur, causing significant consumer harm and bringing the profession into disrepute. All lawyers are reminded of their obligation, under section 172 of the Uniform Law, to charge costs that are no more than fair and reasonable in all the circumstances, that are proportionately and reasonably incurred, and proportionate and reasonable in amount.

Motor vehicle claims

We regularly receive a significant number of complaints about lawyers who act in motor vehicle claims. By ‘motor vehicle claims’, we mean matters in which a person is involved in a motor vehicle collision and seeks to recover compensation from the other driver (or their insurer) for expenses such as repair and/or hire car costs.

We have observed that lawyers often become involved in these matters following a referral from another business in the motor vehicle industry (e.g. a repairer or hire car provider). Sometimes, the person involved in the collision may have signed an authority form provided to them by one of these other businesses, without realising that the form purports to authorise a lawyer to act on their behalf in relation to the claim, and/or purports to appoint a third party to provide instructions to the lawyer on the person’s behalf.

Complainants often allege that lawyers have unexpectedly undertaken legal work on their behalf, even to the extent of issuing proceedings without their knowledge or instructions. Other common issues in these complaints include lawyers:

• failing to advise on the risks of litigation, such as the possibility of an adverse costs order
• failing to obtain client instructions before settling the matter, and
• failing to comply with ethical obligations in relation to conflicts of interest, including lawyers putting their own interests ahead of those of their clients.

For many years, we have provided guidance to lawyers and law practices acting in motor vehicle claims, and undertaken outreach activities. If you act in these matters, we expect you to follow this guidance, and be honest in your dealings with your clients, courts and insurers. Failure to do so will attract regulatory attention. VCAT has repeatedly found conduct of this nature to be unsatisfactory professional conduct or professional misconduct.

Claim farming

Serious concerns have been raised with us recently about lawyers’ conduct in relation to government redress schemes designed to compensate individuals who were seriously harmed by government policy or within institutions. There are allegations that lawyers are intentionally targeting vulnerable people to acquire as clients, providing misleading or incorrect information to abuse survivors about access to the redress schemes and grossly overcharging clients for legal advice in relation to redress claims. If proven, this conduct, as with gross overcharging in any context, is capable of amounting to either unsatisfactory professional conduct or the more serious charge of professional misconduct.

We expect any lawyer who is involved in these matters to reflect seriously on their professional obligations and make sure any legal costs are fair and reasonable. Attempted exploitation of vulnerable individuals who seek redress for abuse or harm are anathema to the legal profession’s ethos and obligations and subject to disciplinary action. 

Failure to exercise professional independence

Recent royal commissions have exposed the complexities inherent in the role of a legal practitioner, and consequences of a failure to exercise appropriate professional independence in the delivery of legal services.

In our recent guidance on professional boundaries, we note that it’s not uncommon for lawyers to represent powerful clients with strong interests in a particular outcome. Nonetheless, it’s a key professional obligation to exercise independent forensic judgement in this situation. A clear sign that you’re not sufficiently independent of your client, and not able to exercise independent judgement, is if you don’t feel like you can advise them on their legal obligations or advise them against breaking the law.

Our expectation is that all lawyers, whether working in the private or government sector, will operate in an environment with appropriate structures and processes to support their professional objectivity and independence. If such structures and processes do not exist and cannot be created, it’s your responsibility to seek an alternative position, where you can properly exercise independent judgement without undue external influence.

5. Money laundering

Money laundering is the process by which money or property is moved through the economy in a way that hides its illegal origins or intended criminal purpose. The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act) establishes a regime for combatting money laundering, terrorism financing and other serious financial crimes.

Currently, Australian lawyers are only subject to AML/CTF obligations if they provide a ‘designated service’ as currently defined under the AML/CTF Act – which is not the case for most lawyers. They do, however, have obligations under the Financial Transactions Reports Act 1988 (Cth) (FTR Act) to report all significant cash transactions of A$10,000 or more (or the foreign currency equivalent) to AUSTRAC, in the format of ‘solicitor significant cash transaction reports’. Structuring transactions to avoid reporting requirements is an offence under the FTR Act.

Lawyers must also comply with obligations in the Legal Profession Uniform General Rules 2015 to properly receipt trust money, including by recording the name of the person making the payment, the client and matter for which the payment is made, and particulars sufficient to identify the reason for the payment.

Relatedly, it is an offence to deal with money or property when it is reasonable to suspect the money or property is proceeds of indictable crime. Pursuant to section 400.9(2)(a) of the Commonwealth Criminal Code, it is taken to be reasonable to suspect that funds are proceeds of crime if the conduct constituting the offence (which would include receiving payments of money) involves transactions that are structured or arranged to avoid the reporting requirements of the FTR Act.

The Attorney-General’s Department (AGD) is currently consulting on proposals to expand the AML/CTF regime to capture certain additional ‘designated services’ performed by lawyers and other entities. In anticipation of these likely reforms, we strongly encourage you to develop an awareness of the risks of inadvertently facilitating money laundering on behalf of clients. Case studies of lawyers who have become unwittingly involved in money laundering are set out in the AGD’s most recent consultation paper, published in May 2024.

As well as expecting that lawyers with trust authorisation will strictly comply with the legal requirements relating to the handling of trust money in the Uniform Law and the General Rules, we also expect any lawyer who receives cash from clients to:

• verify the client’s identity
• make appropriate enquiries about the origin of cash payments
• strictly comply with AUSTRAC’s reporting requirement.

The Law Institute of Victoria has created an AML/CTF Hub designed to provide a one stop shop to practitioners to access AML/CTF knowledge and learning resources, and updates on the progress on of legislative reforms.

6. Inadequate supervision

Another key concern of ours is supervision. We are particularly concerned about principals who fail to effectively supervise their law practices, as well as the inadequate and inappropriate supervision of law practice employees.

Supervision of law practices

Section 34 of the Uniform Law imposes important supervisory obligations on law practice principals, in recognition that lawyers who want to run their own legal businesses are responsible for ensuring their staff deliver legal services competently and ethically. It requires each principal of a practice to take reasonable steps to ensure that associates of the practice comply with their professional and ethical obligations, and that the legal services provided by the practice comply with regulatory requirements and professional obligations.

It’s a privilege to be granted a practising certificate, particularly one that authorises you to run your own law practice. Unfortunately, we continue to encounter principals who don’t assume proper responsibility for the conduct of matters in their practice or exercise the degree of oversight required of them.

We are observing an increasing trend involving principals of law practices:

• failing to exercise proper oversight over the activities of employee lawyers, such that the principal is unable to answer basic questions about the conduct of client matters, trust account activity or even identify and access relevant files – sometimes necessitating an external intervention
• allowing themselves to be named as the ‘legal director’ principals in ILP legal service providers, but relinquishing effective control and responsibility over the practice to non-legal directors – in direct contravention of the Uniform Law, and
• failing to have proper oversight of the activities of other principals in the law practice.

Supervisory failures of this kind give rise to two key risks: the risk of clients being exposed to incompetent or unethical legal advice and the risk of the law practice being used to achieve fraudulent ends.

We remind any lawyer who has been granted a principal practising certificate of their unambiguous supervisory obligations. Our expectation is that each principal takes all necessary steps to ensure that the associates in their law practice comply with, and all legal services provided by the practice are provided in accordance with, the requirements of the Uniform Law and rules, and other professional obligations. A failure to uphold this responsibility can constitute unsatisfactory professional misconduct or professional misconduct.

If you’re looking for support, LIV provides a practice management consultancy service (PMConsult) designed to help lawyers develop their practice and risk management skills and comply with regulatory requirements. The service compliments the LIV’s existing Practice support line, providing an additional layer of support via a confidential and complimentary one-on-one consultancy service designed to work with practitioners to strengthen areas of practice management and develop remedial action plans. You can contact PMConsult by email at pmconsult@liv.asn.au, or by calling 03 9607 9329.

Supervision of law practice employees

The Uniform Law restricts new lawyers from engaging in unsupervised practice for a set period, in recognition that lawyers in the early stages of their careers need to be supervised by more senior, knowledgeable and skillful colleagues who can assist them to develop the foundational skills and attributes required for independent practice.

Good supervision has a powerful effect: it lays the foundation for good legal practice, and a sustainable and fulfilling career. Unfortunately, we continue to encounter inadequate – and in some cases, impermissible – supervision arrangements. We’ve encountered supervisees who have been given files well beyond their capability, or who have received too little in the way of instruction, guidance and oversight. We’ve also become aware of lawyers who are themselves subject to a condition requiring supervision purporting to supervise other lawyers, in direct contravention of the Uniform Law.

If you have responsibility for supervising another lawyer, our expectation is that you will be qualified to do so, i.e., you cannot be restricted from engaging in unsupervised practice, or otherwise restricted from supervising other lawyers. We also expect that you’ll provide the degree of feedback and overall oversight necessary to ensure that your supervisee provides quality legal services to clients and develops the skills they require to operate independently in the future.

Appropriate supervision is also relevant in a broader context: rule 37 of the professional conduct rules makes it clear that a solicitor with designated responsibility for a matter must exercise reasonable supervision over solicitors and all other employees engaged in the provision of legal services for that matter.

There are many resources exploring the topic of supervision. Our Guidelines for supervisors offer practical advice about how to supervise newly admitted lawyers. The LPLC has also produced many useful resources, including a podcast on supervision, and articles that explore what effective supervision involves and explain that even experienced staff require supervision.

Published 6 June 2024