Compliance and Covid-19

I imagine that many of you are reading this not from your usual place of work but from the new normal, a remote workstation.

While many of us are comfortable with colleagues having the occasional day out of the office and working from home, the consequence of  this possibly being the main place of work for the majority (if not all) staff for the foreseeable future must be considered now that ‘self-isolation’ and ‘social distancing’ are part of our vocabulary.

This new normal requires a different response from compliance professionals who will play a key role in ensuring that legal services continue to be provided without compromising risk management and ethical behaviour standards.

The Solicitors Regulation Authority (SRA) has produced guidance as to what they expect to see from us during this emergency. We should all be regularly checking the SRA’s website for any further updates. The Law Society has also reacted quickly and produced advice and updates which should be used when working out our next steps.

What is clear, with the benefit of hindsight, is that the majority of our business continuity plans or disaster recovery plans, while often beautifully crafted documents, are full of platitudes which don’t cut the mustard in the current situation.

Business as usual is an aspirational phrase and, of course, commendable but does not capture the practical difficulties we are now encountering.

A cynic might suggest that it has turned out to be a hollow phrase. Perhaps, a more constructive approach is to consider the essential regulatory, compliance and ethical matters which the owners of the business and their compliance professionals cannot let slip.

My suggestion is that a business’s primary focus must be on the needs of its own people before it turns to thinking about client needs. As the compliance function, the starting point must be to consider how we put our own people first and support them.

If we need justification for this approach, then the SRA Code Of Conduct For Firms describes the proper governance standards that should be maintained (chapter 2) and the service and competence standards which are addressed to the needs of staff (chapter 4) are to be noted. Remote working should not, either for regulatory or in truth for reputational reasons, be allowed to compromise this.

Some thoughts:

What messages are we communicating to our colleagues about the support they will receive from the firm?

Are we reminding our colleagues of the expectations which the business has of them as ambassadors for the brand?

Are we recognising that not everyone will adapt comfortably to remote working and are we fulfilling employment duties to protect the wellbeing and mental health of our colleagues?

Are the right people visible and accessible? Are the owners of the business, the COLP and COFA, money laundering reporting officer and senior lawyers and supervisors available?

Are we being clear about the essential compliance messages that remain non-negotiable despite the circumstances?

Are we also being clear about what we expect in terms of notification and reporting duties?

What do we consider is the new business as usual in terms of the provision of legal services?

Compliance processes and procedures cannot be allowed to decline or become less relevant. We still need to incept new clients, new matters, new matters for old clients in a risk managed way.

This requires maintenance of conflict checking, client identification processes for both SRA purposes (ie paragraph 8.1 of the SRA Code Of Conduct For Solicitors and mirrored in the SRA Code Of Conduct For Firms) and for anti-money laundering requirements, and of course risk analysis by the correct people.

If more clients are self-isolating, how do you manage the risks that this presents in terms of the client identification checks which are necessary?

While email usage will ease the way we act on client instructions, the risk of never meeting a client face-to-face will need to be managed, perhaps by the use of FaceTime or similar.

We also need to deliver messages about the need for the firm to demonstrate that it is keeping records for regulatory and compliance purposes. Mistakes will continue to be made and complaints received. The firm will be on the backfoot with the SRA, the Legal Ombudsman and their insurers if these are not handled correctly and notified promptly.

Another important message from the compliance team must be about changes to the management of risk events. The firm’s risk register and supporting documentation should be reviewed and mitigation measures assessed for appropriateness.

By way of an example, remote working will expose the business to different confidentiality and data breach issues, so consideration is needed about case management, access to paper-based files, storage and destruction of paper-based documentation, IT usage and the risk of cyber-attack. It is a sad observation that we are being made aware of cyber scammers taking advantage of Covid-19 and we will not be immune to such attacks.

Effective supervision must be maintained. I would argue that the role of good supervision and the behaviours of supervisory staff will be the key to successfully transitioning to this new style of work.

Supervisors who understand that their role is to be the lynchpin between individuals and the business as a whole are already invaluable assets. The new challenge is delivering the right messages about supervision in the current climate and to ensure that solicitors and other regulated lawyers who must comply with the SRA Code Of Conduct For Solicitors, Registered European Lawyers and Registered Foreign Lawyers, remember the individual regulatory duties placed on them in paragraph 3.5:

“Where you supervise or manage others providing legal services:

you remain accountable for the work carried out through them; and

you effectively supervise work being done for clients.”

This individual responsibility is a demanding expectation at the best of times, but the role-holder can take comfort from the fact that they are supported by paragraph 4.1 in the Code Of Conduct For Firms which requires the business to have “an effective system for supervising clients’ matters.”

The best supervisors are the individuals who are visible, accessible, unflappable and diligent. These characteristics are as important as ever but need to be coupled with the ability to be adaptable, to be present in the form of telephone or video conference facilities, to consider the particular needs of colleagues to be supported in a way commensurate with their experience or perhaps, more pertinently, their lack of experience.

Consider the needs of trainee solicitors, paralegals and other less experienced colleagues who have been pushed into a new way of working which might not be appropriate given the skillsets which they currently possess.

In terms of dealing with client matters more generally, we have already mentioned conflicts and confidentiality. Consideration also needs to be given to the following:

How we demonstrate that we are acting on client’s instructions that are given properly and/or
properly authorised instructions from a third party.
The monitoring and proper recording of undertakings.
Protection of client money.
The need to ensure that the client money is protected.
Upholding the right behaviours in terms of equality, diversity and inclusion.
Ensuring our duties to the court are not compromised.
These are strange times, and these are some initial thoughts which I am sure will be expanded upon in the next few weeks and months. Compliance professionals have always been at the centre of business continuity and this continues to be the case.

Tracey Calvert is a consultant at Oakalls Consultancy Limited oakallsconsultancy.co.uk