Be proactive, not reactive about risk

We talk so much about being compliant, but how many firms practice what they preach? Words sometimes fail me when I see fundamental basics not being carried out and I am astonished at the risks being taken.

Over the last few weeks your social media feeds will have been full of protecting yourself from potential fraud and cyber attacks. It is no longer a case of being extra vigilant on a Friday afternoon for the conveyancing frauds; you must be permanently reviewing your systems, processes, and staff to ensure you are minimising the risks as far as possible.

Every week we are seeing firms and individuals falling foul of what they should be doing and the destruction and snowballing consequences it causes.

As a compliance consultant, I meet a wide variety of firms. Invariably, the firms that tell me they are bulletproof in terms of their initial compliance procedures truly believe they have the systems in place, yet their staff do not always know what the COLP or COFA is, let alone who they are within the firm.

There is also the misconception of support staff not thinking they have a responsibility in terms of key procedures and analysis, such as conflict and anti-money laundering checks. I understand that a lot of firms have dedicated departments to deal with client take-on; however, there are also those that do not, and they are the firms that are more at risk. Firms need to ensure that all staff are fully aware of their obligations and are trained appropriately.

Going back to basics from the time the potential or existing client makes an enquiry is key. Regardless of whether you have a state-of-the-art practice management system or a spreadsheet, there is simply no excuse for not carrying out full conflict checks before sending out an estimate or agreeing to act.

On each and every occasion, I would be asking whether the individual has been known by any other name, following marriage, divorce, adoption, or changing their name by deed poll. This is a basic question that should always be asked, and by not doing so you are creating a risk.

We are all aware of the upcoming changes coming in with the Fourth Anti-Money Laundering Directive. Always carry out AML checks via an online facility. Each firm needs to have a robust system in place.

There are some great products out there now which integrate into practice management systems and provide live data. Take the time to review the documents that have been provided to you.

I have on a couple of occasions had to review documents, and while they may initially seem as they should be, on closer inspection it may be that the photo isn’t quite right or the formatting on a document is not consistent. If in any doubt, get everything double-checked and run an enhanced check. The BBC recently covered the warning signs to look for on Rip Off Britain – why not ask your staff to watch it?

Do not take money on account before the clients have cleared the AML checks. It’s a total no brainer, so why do some firms feel that they can take that risk? It is a risk not only to the firm but to all the employees you have working for you.

Chapter 11 of the Law Society’s AML practice note sets everything out clearly, so ensure that you train all your staff on how to risk-assess on an initial and continuing basis and on the warning signs to look out for throughout the transaction.

The concluding risk assessments are equally as important as the initial and ongoing ones. Unfortunately, there are many fee earners who feel that once they have concluded the transaction and billed the matter, then they do not have to see the file again. They believe that the support staff will deal with the file and the matter will not appear on their print-out.

This potentially leads to a can of worms that could be opened at any time, whether it is documents still on file, money on account, or actions not being carried out and outcomes communicated to the client. As Symphony Legal’s Steve Billot said in a previous article, keep up with your housekeeping and these risks will be kept to a minimum.

If you have concerns about something, then it is generally a risk – do not let anything get to that stage where the risk is too great. Be proactive, not reactive.

Vicky Simpson is a compliance consultant at Symphony Legal

@symphony_legal www.symphonylegal.com