When a solicitor drove off with a client’s file on the roof of their car and it was lost, reporting it as a ‘massive’ breach of the Code of Conduct was never in doubt for compliance and risk director Adele Jones.

She heads compliance at NewLaw, the first Welsh firm to become an ABS, and is one of the first compliance officers for legal practice (COLPs) to be approved by the Solicitors Regulation Authority. ‘I took the view,’ she says, ‘that there was a huge potential risk to the client of identity theft so we immediately reported it to the SRA and to the Information Commissioner’s Office as a data protection breach. The ICO said they were happy with how we had resolved the matter.’

Deciding what needs to be self-reported immediately to the SRA and what should be recorded in the annual reporting log is going to be high on the agenda for the new breed of COLPs and COFAs (compliance officers for finance and administration) as they prepare to take on their new roles from 1 January.

While the first tranche of several thousand compliance officers has now been authorised by the SRA, which has to complete the process by 31 December, 600 firms had failed to start the process by mid-September and face enforcement action. If they fail to nominate either officer by 1 January, the SRA can revoke their licence. In the meantime, those taking on the new roles will have version 5 of the SRA Handbook to study. The SRA has also promised to publish more advice, including more detailed guidance on the difference between a material and non-material breach of the code. For instance, a single breach may be trivial but, if it is part of a series, then it may be material.

With so much still uncertain, the Law Society has taken the unusual step of offering ‘safe harbour’ advice for compliance officers, promising to stand by its advice if the SRA takes a different view. Members of its Risk and Compliance Service can email queries which will be considered by a panel of nine practitioners and three internal regulatory compliance experts.

COLPs in the top 100 firms can turn to the pilot Compliance Reference Group. They can submit their queries to a panel of 15 volunteers from firms which reflect the different size, practice areas, clients and risks they face. The panel can provide a practical interpretation of the code, authorisation rules or any other part of the SRA Handbook. Elliott Vigar, the Society’s head of regulation, says the panel will enable compliance officers to bounce ideas around in a safe environment. ‘If the individual or firm follows the group’s advice and the SRA disagrees with it, we will stand by them. That may be by lobbying or being involved in the formal regulatory process before the Solicitors Disciplinary Tribunal,’ he says.

‘We are not offering to carry the financial burden of any regulatory action but we won’t back away from our view. If the issue went before the SDT in the worst-case scenario, we would be very clear and vocal that this was the view of senior, respected members of the profession. If the SRA adopted a different stance, we would argue it highlighted a much more substantial issue than something affecting just one firm.’ The panel is being chaired by Robert Bourns, senior partner of commercial practice TLT. He plans to be ‘mentor and soulmate’ to their COLP, head of risk John Verry.

‘Offering a safe harbour is unusual but it is indicative of this being a good initiative,’ he says. ‘What we are trying to ensure is that it doesn’t make us overly cautious. We want our responses to be useful rather than anodyne.’ The panel is likely to be a welcome port of call, given the personal liability faced by the new compliance officers if they get something wrong.

While the SRA stresses ultimate responsibility for compliance lies with the managers – whether partners, directors or members – of the firm, it can fine individual compliance officers in traditional firms up to £2,000, with the SDT able to set unlimited fines. The fines become eye-watering with ABSs – individuals can be fined up to £50m, firms up to £250m. The SRA has also made it clear that the power to do more automatic administrative fining is at the top of its shopping list for secondary legislative change.

A survey of 75 firms of different sizes by specialist law firm Khiara Law and consultants Edge International this summer found that three-quarters of firms expressed concern about the personal liability attached to the new roles. Survey co-author Rachel Khiara says they were aware of a number of firms where the most suitable person had been reluctant to take on the role. Most of the respondent firms had made constitutional changes, such as indemnifying the compliance officers, imposing a duty on other managers to disclose breaches and amending employment contracts. Nearly one in five respondents had introduced specific sanctions on managers for breaches of regulatory duties.

At public services specialists TPP Law, director Owen Wilcox has been approved as the COLP, with practice director Jayne Hughes taking on the role of COFA. ‘We decided the roles sat well at director level,’ he says. ‘We both sit on the board and have the appropriate seniority and access to decision-makers.’ A specialist in charities and social enterprises, education, healthcare and local government, Wilcox has been thinking about what the role means for him personally. ‘It isn’t a full-time role but the firm has accepted that I need to be freed up to concentrate more heavily on it. Also, indemnities and protocols will be appropriate. I worked in local government before where I had a similar role as the statutory monitoring officer, and we had governance arrangements, protocols and support in place.’

At NewLaw, Jones says they have addressed the indemnity issue in their extended contracts of employment and extended their PII to cover the two roles. ‘We looked at standard D&O insurance but it doesn’t cover these new roles very well,’ she says. Until it is clear what action the SRA will take against a compliance officer for something they did or did not do, it will be difficult to decide how far the indemnity should go.

‘It’s important to strike a balance between protecting them against any adverse consequences of their appointment and protecting the firm against open-ended or ill-defined liabilities,’ says Allison Wooddisse, head of LexisPSL practice compliance. ‘A simple agreement to indemnify a COLP against "any losses" could have unforeseen consequences. Disqualification by the SRA could damage their employment and earning prospects over a long period but most firms wouldn’t expect to be liable for an open-ended loss-of-earnings claim.’

When it comes to insuring the risk, she says it is not common for nominated officers to be indemnified or insured against breaches of the anti-money laundering regime, so some firms may question why their compliance officers should be treated differently. However, she notes: ‘Insurance can be an attractive proposition, either to underwrite or stand in place of an indemnity. Several products have already appeared on the market covering representation costs and, possibly, financial penalties, but they generally don’t cover consequential losses.’

Firms should also look closely at the policy wording, she says. ‘Some element of wrongdoing is generally required on the part of the compliance officer before the SRA will disqualify or withdraw approval. If the policy excludes costs or losses caused by their negligence or misconduct, much of its benefit could be negated.’ The extent of the responsibilities is certainly worrying practitioners. Hamish McNair, chair of the Sole Practitioners Group professional sub-committee, says most SPs will have to nominate themselves for both roles.

‘I can’t see a good reason why SPs need these roles – we do it all already,’ he argues. ‘The real risk for SPs is one of regulatory overload with the result we may have to devote too much time to it and less time to helping clients and running our businesses. Regulation has to be a balance – strong enough to maintain the integrity and good reputation of solicitors but not too costly in time and resources.

‘It is early days for the OFR regime. How successful it is will depend on how it is administered by the SRA. It says it wants to regulate in a proportionate manner but whether that will be the case time will tell.’ In-house lawyers are also concerned that the SRA has not considered how the new regime and Code of Conduct will affect them.

Nina Barakzai chairs the 6,000-member Commerce and Industry Group. She welcomes OFR and the mandatory principles, but is concerned that the guidance is in the context of private practice. ‘In most instances, the SRA forgets we exist,’ she says. ‘There should be an awareness of our role which happens in other professions. The code of ethics handbook for accountants, for instance, has a whole section on professional accountants in business looking at potential conflicts, acting with sufficient expertise, inducements, preparation and reporting of information.’

David Hackett, the SRA’s regulatory policy manager, acknowledges the gap and says the regulator will be reviewing more broadly how OFR works for in-house lawyers. ‘There has been a feeling that they haven’t been catered for and have been treated in piecemeal way,’ he says. ‘This is particularly pertinent with ABSs coming online, because what distinguishes you as an in-house lawyer becomes more blurred.’

The SRA is about to sign a contract for a wide-ranging study of the sector so it can understand the demographic breakdown better and identify the risks in-house lawyers face in adhering to the Code of Conduct. The review will report back in February 2013 after surveys are completed and more detailed focus groups created. For those in private practice, the uncertainty over how the SRA will police the regime and the lack of practical guidance or worked examples of what to report is causing consternation.

‘The big unknown is – what is a material compliance failure?’ says Wooddisse. ‘Some firms are planning to report everything unless it’s absolutely clear they shouldn’t. This isn’t necessarily the best strategy. If you persuade the SRA you’re an inveterate rule-breaker, you can expect to find your firm classed as high-risk, which could lead to more intense supervision.’ However, it is not a good idea to under-report, she advises. ‘The human factor means that few firms can honestly say they never have compliance failures and a wall of silence is likely to attract the SRA’s attention sooner or later. As with all things, moderation and a sensible approach is probably the best way forward. If in doubt, pick up the phone to the SRA’s ethics helpline.’

Firms are also concerned about the potential impact reporting breaches will have on their PII. ‘Firms are expecting to see a question on future PII proposal forms along the lines of "how many (material) compliance failures have you reported to the SRA?"’ she says. ‘Some firms might err on the side of under-reporting for this reason alone.’ Questions have also been raised about potential conflicts of interest if reporting a breach could have a significant business impact on the firm. However, if a COLP’s position becomes untenable, they have to withdraw from the role, which has to be reported to the SRA, alerting it to a potential problem.

‘The official answer has to be that the compliance officer’s regulatory duty takes precedence over commercial interests,’ says Wooddisse. ‘In those circumstances the officer may have to remind his fellow partners that they have parallel obligations to comply with regulatory obligations. In practice, most lawyers are well used to dealing with such ethical dilemmas and they know how to behave. It would be very risky to turn a deliberate blind eye to a material compliance failure. If you’re found out, you can expect the SRA to make an example of you, which will be far more commercially damaging that simply owning up to the compliance failure in the first place.’

‘I am lucky,’ says Jones. ‘NewLaw was set up to become part of the brave new world of ABSs so there is complete management buy-in. If I said to the board "I recommend this has to be self-reported" and they disagreed, the next thing on the agenda would be my resignation.’

With so much at stake, training in compliance has become a big draw. TPP’s Wilcox says he is building on previous training by going on a course on writing a compliance plan. He has also taken all the firm’s staff through the Handbook chapter by chapter, working through scenarios to get them thinking about what OFR means for them. Interest in training has come in waves, says Rob Farquharson, managing director of CLT. ‘There was a big demand for courses for compliance officers earlier this year,’ he notes. ‘Then, when the SRA delayed the timing, there was a dip. Practitioners have been through the theory. They are now waiting until they are in situ and starting to come up against questions so they can seek practical help.’

The Law Society’s CPD Centre is offering the webinars ‘Help I am a COLP’ and ‘Help I am a COFA’ later this month, while BPP has created an online quiz to test existing knowledge of compliance issues. BPP has also developed an online subscription tool, the Compliance Companion, for compliance officers and managers to stay up-to-date with regulatory and legal requirements through a library of key templates and monthly updates.

Colin Davey, the College of Law’s business development manager, says the OFR regime should ‘drive management and compliance courses, as practitioners will need guidance on how to meet the outcomes. However, some practitioners will see the lack of prescription in the regime as creating "wriggle room" in the event of a complaint that they have not met a required outcome.’

Nottingham Law School has developed a new year-long postgraduate certificate on legal services regulation starting in January which will use reflective learning to ensure students identify what they gain from the course. Jane Jarman, Reader in Professional Legal Education at the law school, warns that not enough attention is being paid to the role of COFAs. While solicitors can take on both roles, the Khiara survey found over half of the participant firms had appointed their finance director or equivalent, rather than a partner.

‘The focus has been on the legal practice side,’ says Jarman. ‘But COFAs are the more vulnerable of the two because, if there has been a default, everything is very clear. They will be in the crosshairs but they are the cinderellas of the profession.’ Vigar echoes her concern. ‘We need to be looking at the COFA role as it is just as important, and firms need to ensure they have the right person in place to undertake the role.’ The Risk and Compliance Service, set up two years ago, now has 1,500 members ranging from sole practitioners to top 100 firms. Manager Pearl Moses says it has gone out to 500 firms delivering one-to-one advisory sessions to both compliance officers, as well as OFR training to the whole firm, from the management team to fee-earners and support staff.

Her experience is that some people are ‘ahead of the game. They knew this was coming, they have done the reading and they could stand up and deliver a session themselves. Those in the middle are generally abreast of the issues but you couldn’t test them on it. Others have buried their heads in the sand and are in shock that it’s happened’. This reflects the SRA’s research which produced a ‘Table of 11’ compliance metric which runs from the ‘spontaneously compliant’, those who know the rules and would comply with them without the threat of enforcement, to the ‘calculatingly non-compliant’, those who knowingly break the rules and consciously accept the risk of getting caught.

Partner Michelle Garlick heads a team at national law firm Weightmans advising law firms on regulatory compliance. She has written a COLPs Toolkit, published by the Law Society, which includes a CD-ROM with draft policies, checklists, breach recording and reporting forms, and draft letters to the SRA. She says COLPs should make regulatory compliance less daunting or stressful for practitioners because they should be making sure their firm has the systems and controls in place so everyone complies with the Handbook.

She advises firms to carry out a gap analysis to identify what they need to focus on in a way that is proportionate and relevant to their practice. ‘Firms are concerned about the costs involved, not least in management time,’ she says. ‘The problem is some firms are taking the view that they were compliant before so they don’t have to do anything. But the SRA has made it very clear that isn’t the right approach. What I say to firms is: identify risk areas. If you are going to do something different, go back to the Code of Conduct and the 10 principles and carry out a risk assessment. Highlight the issues and document your decision. If you can justify it, it will be difficult for the SRA to take enforcement action.’

Firms will need to keep coming back to the principles and testing their decisions against them. The SRA is already focusing on how firms are responding to principle 9 in relation to delivering their equality and diversity obligations, and will be visiting 100 firms selected randomly as part of a pilot project to see how they are doing. ‘I don’t think any of the principles – such as requiring someone to act with integrity or to act in the best interests of their client – would be regarded as new or surprising,’ says TLT’s Bourns. ‘And broadly, the outcomes you are expected to achieve are not surprising. It is the bit in the middle – how you achieve that – that is the challenge.

‘My concern is we may be inclined to over-legislate for ourselves because we are used to working from rules which are prescribed. We now have to do it for ourselves by reference to our perception of our clients; how sophisticated they are; and the nature of the work – that is the bit which people struggle with. People feel uncertain because there are nuances in all the things we deal with.’

Overall, NewLaw’s Jones says the SRA was ‘probably right’ to move to OFR. ‘The legal profession loves to be told to do A, B and C and to tick when they have done it,’ she says. ‘But that isn’t necessarily right for clients. The old Rule 2 meant you overwhelmed clients with costs information even if they had legal expenses insurance. OFR means we can risk-assess that out and send out tailor-made client care letters which don’t worry them with unnecessary information.’

But, while it gives practitioners the flexibility to get things right for clients, it could be a painful process, she warns. ‘The whole ethos must be one of transparency,’ she says. ‘We need to have some faith that the SRA will police this with common sense. The trouble is they have a history of coming down like a ton of bricks on the good guys. It is fine to do it on the bad guys, but not on hapless COLPs.

‘I have been a solicitor for 25 years and a deputy district judge for 13. I really don’t want someone in the SRA making me feel that I must be doing something wrong when I am trying my hardest to get it right. Those deliberately breaching the code deserve everything they get, but remember – the great majority of us are just trying to do our very best.’

Grania Langdon-Down is a freelance journalist