Regulation: where has firms’ common sense gone?
Are firms responding to regulation by over-engineering their compliance systems, instead of simply putting good practice at the heart of the business?
Now that the Solicitors Regulation Authority has confirmed 31st July as the deadline for nominating compliance officers for legal practice (COLPs) and compliance officers for finance and administration (COFAs), many practices will be increasingly focusing their attention on their risk and compliance systems. There has been much talk of outcomes-focused regulation (OFR) and the sea-change in compliance this will bring to the solicitors’ profession, together with a lot of hype about risk and compliance systems.
Perhaps we should all step back and think about what we need to achieve. A recent benchmarking survey conducted by the brokers Locktons showed that some mid-tier practices are over-engineering their risk and compliance systems, with their report which provides some refreshing advice:
'There has to be a commercial balance between cost, benefit and service, however, and in the middle firms the costs are disproportionate to the benefits provided.'
The understandable fears around personal liability for COLPs and COFAs are driving some practices to adopt systems which are disproportionate to the risks involved, instead of looking rationally at what can be expected of people within the compliance officer roles. The right systems, procedures and processes need to be in place, and the tools to check compliance. Whilst breaches may well occur - as COLPs and COFAs cannot be everywhere all the time - the systems in place will demonstrate to regulators that the risk is being properly and effectively managed.
Over-elaborate, costly compliance systems will not necessarily deliver what practices need or make them better at compliance. Practices should apply a cost-benefit analysis when deciding their risk and compliance strategy.
For compliance to work, it has to be part of everything you do - so it includes HR, IT, finance and business development. It shouldn’t be that separate thing you are forced to do simply to tick the compliance box. Nor is it the sole responsibility of the COLP, COFA or money laundering reporting officer.
If you want to make compliance work, then you must involve everyone in the practice and make them part of creating the risk and compliance processes. Systems and procedures which your team help to design are more likely to work than over-complicated systems which are imposed upon them.
The main blocks of a good risk and compliance system are policies and procedures which are relevant to the individual practice, its client base and the risks involved. A good system will enable the practice’s employees to evaluate the risks of the work to be undertaken, as well as providing a transparent governance framework for managing the business.
OFR hasn’t changed what constitutes good risk management; it has simply made it more compelling, because there are no rules in place to define what you can and can’t do. Those who have achieved quality accreditation already have systems and procedures in place. Now they must apply these good practices to ensure the outcomes in the SRA’s Code of Conduct are met.
Good systems which are well communicated and set within a strong compliance culture (for which read ‘no-blame’) go a long way to ensuring that clients receive the excellent client service all practices want to deliver, whilst the firm complies with its regulatory requirements.
Don’t think of risk management and compliance as being in one box and the running of your practice in another. Seize the opportunity this brave new world has created, to think about ways to improve how you manage your business and new ways in which you can deliver services to clients.
Remember, sometimes a little common sense can go a long way.
Jeanette Lucy is a director heading up compliance, quality and learning with law firm network LawNet
