The risks associated with supervision of incoming mail, including electronic mail, and how best to stay in control

Mail opening is one of the staple traditions of private practice. The deft filleting of envelopes, whilst not appearing crucial to the well being of the practice, is an important task in every practice’s information processing and service function. It does require specific risk management consideration.  Although only providing guidance and not practice rules, some useful advice is contained in the Society’s Model Procedures and the booklet

“Ensuring Excellence, Even Better Practice in Practice”

In relation to the supervision of incoming mail, the advice given is that ideally a partner should see all items of mail and be present when they are opened. The partners own the business and by not adhering to such advice, they run the risks that:

  • Individuals may conceal mail to conceal some dishonest conduct or because they cannot cope with their workload (but are unwilling to admit this) or because they are the subject of an adverse comment or complaint (and wish to prevent that coming to light).
  • Individuals without the necessary authority may see confidential material relating, for instance, to particularly sensitive client information.
  • “Time of the essence” communications are not given sufficient importance and are ultimately left unactioned.

These comments apply as much to sole practitioners (who may be very reliant on support staff) as to partnerships.

Mail opening procedures – issues to be addressed

There are understood to be no Practice Rules or other regulations relating to incoming mail handling arrangements. The contents of the Society’s Risk Management Flowchart and Model Procedures are advisory only. Model Procedure 8 (Supervision of Incoming Mail) suggests the following:

“Ensure that partners supervise incoming and outgoing mail"

Establish a formal procedure and stick to it

  • It is important that a partner sees all items of mail. They own the business and they take the risk
  • Mail should be opened in the presence of a partner (on a rota basis if more than one partner!)
  • All mail should then go to the relevant partner (if there is more than one) before going to any other fee earner
  • Any complaint should be immediately referred to the [Complaints Partner] and any letter indicating a claim to the [Senior Partner]
  • If the partner cannot be identified from the letter/mail then the person dealing with it should refer to the firm’s client listing. Any unidentified mail should be left in the mail area for identification”

Whatever arrangements are put in place, the objective must be that the firm’s arrangements address the perceived areas of risk, including those mentioned above, while remaining practicable. Sole practitioners may not have the same necessity for formalised procedures but all principals require to take a view on the importance of the mail checking procedures in place.  In addition to the points in the Society’s Risk Management Model Procedure, consider the following points:

  • Try to avoid reliance on one individual, or permitting the individual, to handle the opening and sorting of mail
  • If mail is sorted (not opened) by fee earners, there should be a rota so that a single fee earner does not deal with this exclusively
  • Mail may be sorted (not opened) by non-fee earners (independent) to whom the task has been formally delegated by the partners
  • All mail should be opened by a partner. If it is possible for mail opening responsibility to be dealt with on a rota basis by more than one partner in a particular department or area, that is preferable to relying on a single partner
  • Agreed procedures for dealing with private and confidential mail complaints letters incoming cash (c.f. cheques) any item of mail where the intended recipient is unclear second and subsequent deliveries (e.g. by hand)
  • If any category of mail is to be passed, unopened to any individual, there should be a procedure for dealing with such mail in the absence of the addressee
  • Where any of the foregoing tasks is delegated, the delegate’s instructions must address all the above issues e.g. how to deal with letters of complaint and contentious mail
  • Where mail is to be passed unopened to any individual or category of individuals, the partners should be aware of that arrangement and reminded of it on a periodic basis

Whilst sole practitioners do not require to give as much consideration to rota procedures, they still require to be aware of the necessity to ensure that they stay in control of the mail procedures – the possibility of delegation still exists in smaller offices.

Incoming faxes and e-mails

There should be clarity about non-partners receiving incoming faxes direct as this effectively contradicts the arrangements in respect of post/DX being seen by partners – it may be inappropriate for certain individuals to receive faxes direct. See comments in ‘Ensuring Excellence, Even Better Practice in Practice’ p36.

Likewise, there should be clarity as regards individuals receiving/sending unsupervised e-mails – it may be possible for certain individuals’ e-mails to be copied automatically to the responsible partner

With the advent of e-mail as an accepted method of communication to and from practices, firms should be aware of the need to extend the scope of their mail handling protocols. There is little point in rigorously applying mail opening procedures to the physical mailroom, if the virtual one is unmonitored. Practices should review the two main situations:
  1. Where the practice has a general/ departmental e-mailbox account such as or
  2. Where the practice has, in addition, e-mail addresses for individual fee-earners, e.g.
In the first situation, the practice requires to check:
  • That e-mail is downloaded from the server on a regular basis. Time-critical e-mails sent to a firm’s general mailbox will lead to risk management problems if the mailbox is checked infrequently. Additionally, clients may question why they are not receiving responses timeously.
  • That those e-mails are opened and checked by a partner before either forwarding electronically or physically
In the second situation, partners should be aware that individual e-mail addresses could lead to the bypassing of all mail protocols. Practices require to take a view on whether to ignore the issue or apply normal procedures. To extend mail procedures to cover this area, partners should bear in mind the following:

  • Whether the system should be configured to copy incoming e-mail to a designated partner
  • Whether the designated partner should be changed on a rota basis
  • Whether a designated partner takes responsibility for checking mail for fee-earners within their team
  • Whether all incoming e-mail should only be copied to a single checking mailbox, which would then be reviewed by a designated partner on a rota basis, where appropriate.
  • The procedures in place to monitor e-mail when the designated partner is absent
  • The situation where the intended e-mail recipient is absent from the office
  • The necessity to comply with regulatory issues, such as Regulation of Investigatory Powers and Data Protection Acts

The sole practitioner may not be faced with the above distinctions.  However, comments regarding downloading of mail still apply.  The sole practitioner may, in fact, require to pay more attention to the situation when out of the office on business.  Many clients may not bother to follow up on an e-mail by telephone and will assume that the contents have been read.  Without a checking system, a sole practitioner may return to the office to discover an overflowing mailbox full of urgent instructions.

Regardless of which e-mail scenario in which a practice finds itself, the normal mail handling risk controls should be extended to cope with e-mail; the firm’s policy and procedures should reflect this; the firm should arrange for compliance to be checked on a regular basis and the policy/procedures should be periodically reviewed.

The information in this page is (a) intended to provide guidance on matters of practical risk management and not on issues of law and (b) is necessarily of a generalised nature. It is not specific to any practice or to any individual and should not be relied on as stating the correct legal position.

Alistair Sim is Associate Director in the Professional Liabilities Division at Marsh UK Limited (e-mail:

Charles Sandison is a Consultant with the Business Risk Consulting Division at Marsh UK Limited (e-mail:

Share this article
Add To Favorites