Tracey Calvert reviews the latest regulatory developments, and challenges firms to ensure their response to risk factors is appropriate
What makes a compliance professional an excellent compliance professional? Certainly, it includes the ability to keep abreast of external developments, understand what needs to change in the workplace and make this happen; and then collect enough data from the appropriate responses from colleagues to satisfy all stakeholders – not least the Solicitors Regulation Authority (SRA). This is not an easy or straightforward task, so it’s no wonder an excellent compliance professional is an asset to their employer and an essential business continuity force. Last year was yet another year of external developments and another sequence of internal changes. It seems appropriate at the turn of the year to reflect upon these changes, some obvious and others less clearly signposted but equally relevant. So what were the key developments in the past 12 months?
Here’s my annual compliance review. In regulatory terms, the replacement of the SRA Handbook with the SRA Standards and Regulations (STARs) stands out as the most significant event. Yes, it is evolutionary for the most part and builds on the foundation stones constructed with the SRA Handbook, but it would be wrong to think it is a case of business as usual – despite the regulator’s expectation that we will adapt so that the new rulebook is business as usual.
The new rulebook has been heralded as simpler and more future proof than what came before. At face value that’s the case, but frustratingly it can only be completely understood if read in conjunction with the copious amounts of standalone guidance that has been published, and continues to be published, to support it. Take, for example, the question of publicity and the restrictions on unsolicited approaches to members of the public contained in both codes of conduct. The regulatory clarification, meaning that mailshots might now be considered as an unsolicited approach, was only made clear in guidance issued in December 2019.
Who do you need to warn about this change? At the very least, your firm needs to consider the new language and tone and accommodate the changes and nuances into the internal compliance language and responses. For example, don’t forget that the expressions about client instructions (in chapter 3 of the SRA Individual Code of Conduct and replicated in the firm code) requires you to truly consider who you are acting for and whether instructions are properly authorised. Is there evidence of this on each individual file, even if assumptions would be difficult to dispute? Consider also the need to justify regulatory decisions (chapter 7 of both the codes) and reflect on the evidence you would be able to produce if required, for example, do your internal systems trigger the use of attendance notes and other documentary evidence? How comfortable would you feel in having a regulatory conversation without hard proof to back up your assertions? Should you be recommending any practice changes? Supervision is another big theme in the STARs. The expectations imposed on solicitors and other regulated individuals are described in paragraphs 3.5 and 3.6 of the individual code. Would they surprise those of your colleagues who are accountable for the actions of others? What is the firm doing to support its supervisors thus demonstrating effective governance? Compliance professionals would be welladvised to look at their firm’s supervisory expectations, systems and evidence. Do they remain fit for purpose? Is training needed to support the supervision process? Thinking of the bigger picture, the compliance professional will be the messenger of change to the business owners. Have the owners been told about both the joint and several liability they all have for compliance in the business? Does anything need to change in terms of compliance communications and the dissemination of data? Has everyone understood the all-pervasive nature of the SRA principles and the fact that these now apply to everyone employed in the business, all the time?
This is a big message to convey, particularly to colleagues who are employed for their business support skills and not to provide legal services. A challenge that has resurfaced with the STARs is ensuring that messages about working in a heavily regulated industry are delivered in an effective way to all colleagues, so that they not only protect themselves from censure, but are also trustworthy ambassadors for the business. This message can be delivered effectively using carefully chosen extracts from the copious amounts of guidance and case studies produced by the SRA; and by example with reference to SRA and Solicitors Disciplinary Tribunal decisions. The messages about behaviour not directly related to client services and rooted in professional ethics, and behaviour outside of the workplace, should be part of your training materials.
For example, consider the SRA’s emphasis on offensive communications and harassment. Make sure the messages about what the regulator and the business will tolerate are unequivocally communicated. Internal systems should monitor and review them for compliance. Consider also the individual and firmwide reporting duties. Have the firm’s and the SRA’s requirements been effectively communicated to all colleagues? Notwithstanding the introduction of the regulatory toolkit, the SRA remains a riskbased regulator and published its latest risk outlook in November 2019. It’s essential reading for all compliance professionals, providing insights into the SRA’s modus operandi with its descriptions about what bothers the SRA and what supervisory and disciplinary work it’s likely to focus on.
The clues are in plain sight. The good news is the latest outlook contains no new risk topics. The bad news is we are expected to be familiar with existing risk areas and have tested and appropriate risk management and mitigation techniques. So, compliance questions: do we have evidence that we have reviewed the 2019 outlook; and are we satisfied that our response is, and remains appropriate? Some risk topics are meaty but manageable. Protecting client money and ensuring the correct response to the risks associated with money laundering are easy to understand and can be remedied using internal policies, controls and processes.
The sting is in the tail with these topics. The regulator drills deep in its scrutiny of our response and this triggers more questions for the firm: do all our staff properly understand the risks and their individual contribution to the remedies? Do we demonstrate effective training, supervision and management as a firm? Another risk priority has a direct link with the direction of travel in the STARs: integrity and ethics.
The SRA states: “Acting with integrity means more than not being dishonest. It means following the ethical standards of the profession. Every aspect of your firm’s business practices and culture should reflect this.” Do you have evidence of this in your workplace? So as a compliance professional, what are the key takeaways from 2019?
I’d suggest considering these questions if you’re reflecting on recent changes:
— Have I informed the business owners of all the recent changes?
— Do we have agreement about what and who needs to change?
— Have we delivered the key compliance messages in an appropriate way so that an individual owner or employee understands both regulatory framework and internal expectations?
— Are we appropriately risk aware?
— If we had a conversation with our regulator, would it be supported by adequate documentary evidence?
This year is going to be another busy compliance year with new money laundering rules, Brexit developments, and SRA policy, supervisory and disciplinary work to incorporate into our internal working.
Tracey Calvert is a consultant at Oakalls Consultancy Limited oakallsconsultancy.co.uk