Compliance officers: friend or foe?

Over the past six months, covid-19 has brought swift and seemingly overnight transformation to the work environment. This ‘new normal’ of remote and hybrid home/office working has, among other things, raised some big questions for compliance officers within law firms. In particular, what should a firm’s compliance leaders particularly be alert to as people make the switch to technology enabled remote working? What practical steps can they take to wrap their arms around this situation; and what challenges and opportunities will this bring to firms?

DIFFUSION

Before we look at where we’re currently at, it’s helpful to understand where we came from. In the not too distant past, lawyers were typically sat in their offices using almost identical computers, monitors and software. Clearly, that’s no longer the case. Lawyers are, in most cases, working remotely using the technology that they have available at home. One person’s setup can be different from that of another individual. There has also been a move from standardised communication channels – think here of the black plastic landline sitting on people’s desks at the office – to a reliance on Webex, Zoom and Microsoft Teams (to name but a few of the video conferencing and messaging applications proliferating across firms and their clients). Even basic tasks such as printing are often no longer centrally managed. Traditionally, firms have controlled what documents or emails were actually printed out, to keep information from flowing out of the business.

That has now become more difficult to manage in a remote environment. Within this new, technologically-diffused landscape, a compliance officer can add value to their firm by focusing on three core pillars:
— Security – How are you helping your lawyers to manage security in this remote world and keep their clients’ data safe and secure? Given that they’ve gone from a world where the firm had almost complete control over their physical and technological environment to something quite different, it’s imperative to take steps to reassure stakeholders that security is being appropriately managed.
— Governance – Next, how are you helping your firm’s lawyers to understand and take action on their new responsibilities in this remote world? Lawyers will need to be able to reassure clients that they’re taking all reasonable steps around not only security but also data protection, including regulations such as the General Data Protection Regulation (GDPR), and other compliance areas.
— Productivity – How are you helping lawyers be as productive as possible in the remote working world? This is all about putting yourself in the shoes of the lawyer and never forgetting that law firms are businesses that essentially sell legal advice at a price that the client is willing to pay. The compliance officer needs to ensure their actions align with the firm’s wider business strategy. This third category is perhaps the biggest shift, because compliance officers are not typically seen as facilitators of innovation – and now they are in an environment where their firms need them to be open to new approaches and guide innovative ideas in a strategic direction. So, how best can compliance officers help address these three core areas and strike the right balance?

A BALANCING ACT

The starting point should be around further building up of trust with the lawyers and the firm’s management. In practical terms, this may mean doing some extra information gathering to make sure that you understand the reality of people‘s situations, and what kind of user journeys you’ll now have to facilitate. It’s also important to reassure people who have previously worked in a certain way that it’s okay for them to work in new ways in their current environment. Consider direct outreach to check in with a sample of people to see that they’ve got everything they need – and take action based on feedback received. The goal here is to raise lawyers’ trust in compliance officers – that they understand the situation and they’ve got it under control. This is not as easy as it might seem, because the technology is so much more diffused. But it’s vital that you do so because when circumstances change, our views and suggested approaches have to change too; otherwise our actions risk being rendered obsolete by failing to accurately reflect the new reality.

FRIEND OR FOE?

While compliance officers aren’t responsible for a firm’s technology stack, technology can actually be a compliance officer’s friend and play a key role in helping them to address the core areas of security, governance and productivity. For instance, work that is digitised and stored in a centralised location is often easier to secure and govern, while aiding productivity. A geo-isolated cloud can ensure that data is properly domiciled and in compliance with the appropriate regulations. Monitoring digitised work, whether manually or using automated approaches, also allows firms to stay vigilant against any breaches or unauthorised access by internal or external threats. Likewise, the ability to easily generate and apply security policies for that work can ensure that ethical walls and other information barriers are put in place and adhered to, and that no one has access to content that they shouldn’t. The ability to share and collaborate without putting information at risk, especially if it involves remote external parties, also becomes a business critical requirement – and adds yet another piece to the puzzle involved in balancing and optimising security, governance, and productivity.

OPPORTUNITY KNOCKS

If there’s a lesson from this, it’s that law firms cannot simply put in place temporary measures or half measures for this new normal. They need to recognise that it’s a full-fledged change in business reality; and that they should implement tools and processes which are fit for purpose in this new world. To put it another way, most of us will not be returning to the world of working from the office five days a week any time soon. The solution isn’t band-aids, it’s surgery. For the compliance officer, this necessary fundamental reimagining of a firm’s organisation presents an opportunity to go from acting in a static environment – occasionally being seen as a ‘tick box’ role – to acting decisively to manage innovation effectively and being seen as a dynamic, strategic business advisor; fully engaged in the running of the firm and essential for its success in a disrupted and fractured working environment. There are important questions for firms to answer around how they are going to adapt to this new world. It won’t necessarily be easy. Change has come at a dizzying pace, and compliance processes may seem to have shifted more in the last few months than the last few decades. But in this fast-moving area, compliance officers can act now to elevate their role, take control of the conversation in their domain and further establish themselves as an essential business advisor to firm management.

Ian Rodgers is legal AI practice lead at iManage RAVN iManage.com