Ethical compliance: Tips for managing conflicts and confidentiality

With law firms' risk and compliance functions focused on big issues like money laundering, misuse of client funds and cybercrime threats, it's easy to forget to be vigilant of compliance with basic ethical requirements. Conflict and confidentiality management is a non-negotiable aspect of law firm practice. But, it is often an area in which there are many misunderstandings on the part of both lawyers and client alike.

Having the correct understanding of what the regulator expects to see - together with the means to ensure this happens - is crucial if both lawyers and their firms are to have a good relationship with their clients and regulators. The risks attached to non-compliance with regulatory requirements
on conflict and confidentiality management
must not be underestimated.

 

---

IF A CONFLICT IS IDENTIFIED DURING A CONFLICT SEARCH

Do

• Record the fact and ensure that the correct person within the firm is notified

• Ensure that an audit trail is created to demonstrate compliance with the SRA’s requirements

• Manage communications with the client thereafter. If the conflict results in the non-acceptance of instructions, the reason must be communicated with care, bearing in mind any duty of confidentiality owed to other clients or former clients

Don't

• Ignore the fact and carry on regardless

 

Case studies

Consider, for example, a recent ruling
made by the Solicitors Disciplinary Tribunal (Case No. 11257-2014) which shows
the regulatory intolerance to a solicitor,
Nigel Harvie, who had acted in what
was considered to be an own-interest conflict situation.

A record fine of £305,000 was levied on Harvie, who was found by the tribunal to have taken unfair advantage of a former client. He was also ordered to pay costs of £37,016. Tellingly, prior to this ruling, the previous highest monetary fine to a law firm for misconduct had been £50,000 and
the most an individual had been fined had
been £40,000.

In return for paying for the care and living costs of a lady, for whom he had acted previously, Harvie had acquired ownership of her house. The house was valued at £300,000 in 2005 when the arrangement began and, over the next five years, Harvie paid out in the region of £200,000. The house was never valued again and the arrangement came to an end in 2010 when the former client died. The Land Registry recorded the value of the house at
£800,000 in 2012.

The client had declared in her will that her estate should be used to set up a trust fund to help foreign students, but this had not happened. The matter was only discovered when neighbours of the deceased complained to the Solicitors Regulation Authority (SRA) that her wishes had not been carried out. Harvie asserted that the deceased lady had only been his client when he prepared her will for her in 2004 and that she was happy with the arrangement. He also said that the co-executor of her estate was aware of
his actions at all times.

In delivering the sanction, the tribunal said the public would be appalled by the behaviour of Harvie in taking unfair advantage of his former client and that he had significantly harmed the reputation of
the profession. He denied the allegation,
but the SDT upheld the ruling.

Having the wrong approach to conflicts of interest and the sister duty of confidentiality can have disastrous effects for solicitors and their firms. Not only is there the risk of SRA censure of the individual, but also scrutiny of the firm and its compliance officers and managers may follow. Undoubtedly, there will be issues with client relationships as well.

The fallout can lead to adverse publicity, as was the case when JK Rowling was revealed to have used the pseudonym 'Robert Galbraith' to publish her crime novel The Cuckoo's Calling in 2013. This revelation appeared in the national media
and was linked to the indiscretion of a partner in the law firm which had been instructed to act on her behalf; in other words through a breach of confidentiality owed to a client of the firm.

The importance of the duties of conflicts and confidentiality is perhaps made clear by the fact that the SRA has drafted mandatory outcomes as follows:

• SRA Code, Outcome (3.1) - you must have effective systems and controls in place to enable you to identify and assess potential conflicts of interest; and

• SRA Code, Outcome (4.5) - you must have effective systems and controls in place to enable you to identify risks to client confidentiality and to mitigate
  those risks.

---

COMMON MISUNDERSTANDINGS ABOUT CONFLICTS OF INTEREST AND CONFIDENTIALITY

 

Compliance in practice

How can a law firm manage regulatory compliance and, equally important, demonstrate such compliance in practice? What is involved in the development of effective systems and controls? Of course, we cannot expect the SRA (or anyone else for that matter) to provide a prescriptive answer to these questions or to provide 'safe harbour' guidance. However, the following strategies may be useful.

1. One management voice

Senior members of the firm - partners, heads of departments, risk and compliance managers, and the COLP - must be agreed, and have one voice, on both the non-negotiable regulatory requirements and the 'bolt-ons' which can be added to those basic requirements.

Bolt-ons will be largely commercial decisions (for example, agreements not to act against the interest of a particular client or not to act for a client's competitor and similar). Bolt-ons are acceptable, provided that regulatory obligations are not compromised and that anything which is agreed in addition will be achieved. Bolt-ons mean that the firm's systems must incorporate methods to ensure the additional obligations are understood.

2. Risk pinch points

Identify the risk pinch points in the business which compromise people's ability to display the correct behaviours. These can arise in many ways, due to, for example:

• misunderstandings over the behaviours which are expected;

• the type of work which is undertaken;

• commercial pressures of wanting to please a client or in order to generate
  fee income; and/or

• the lack of an appropriate conflicts search procedure.

Risk pinch points can be managed through the development of a compliance culture which promotes ethical behaviour and makes it clear that nothing, or no one, should create stumbling blocks. Restrictions should be created on how decisions are made and staff should receive training and education on
the issues.

3. Appropriate systems and processes

The SRA expects effective corporate governance and this means strong leadership and effective controls. How this is achieved is largely determined by corporate navel-gazing to determine what is right for the particular business. But, consider the following systems and processes to
manage the risks:

• an induction process which includes
  the identification of the standards expected and delivers the message
  that non-compliance, or acting as a maverick, will not be tolerated;

• a documented policy and process
  to support desired behaviours
  and enable everyone to pull the
  same way;

• risk review procedures so that systems are assessed on a regular basis for continuing appropriateness;

• a system for monitoring that standards are being met;

• a system to ensure that failures are identified; and

• continuous improvement measures to address identified system failures.

All of the above requires commitment from the senior echelons of the business. They must support their colleagues in the compliance roles, who are the lynchpins to make this happen. In turn, compliance managers need to understand which strategies will support them and what
they must achieve.

---

QUESTIONS TO ASK TO DETERMINE POTENTIAL CONFLICT AND CONFIDENTIALITY RISK

• Does an individual recognise an own-interest conflict when acting for a client?

• Are we looking for the right things when we undertake our conflict checks?

• Do we monitor for conflicts during the course of a retainer?

• Do we monitor the use of exceptions to the general requirement that we do not act in a client conflict situation?

• Are all the conditions of the exceptions being met?

• Do all our colleagues understand the pervasive nature of the confidentiality duty and the overlap with IT risks and data protection legislation?

• Do fee earners understand the significance of the conflict between the duty of confidentiality and the duty of disclosure?

• Are information barriers used appropriately?

• Do the compliance team and the COLP receive all the information they need in a timely manner?

• Do we have an effective audit trail? How are decisions recorded?

 

The compliance function

An effective compliance function is a risk monitor, informing both managers and employees of internal and external matters of relevance, ensuring appropriate education, and enabling an appropriate compliance culture to be implemented. This will result in the following achievements:

• the management and mitigation of the risk of non-compliance and non-achievement of the duties on a day-to-day basis, to ensure compliance with the SRA Handbook; and

• the maintenance of the reputation of the profession, which is of benefit to both clients and the wider public.

Compliance role-holder skills include the need to:

• have subject-matter knowledge;

• be able to reconcile this knowledge with business and commercial awareness;

• be decisive (particularly when making unpopular judgement calls);

• be effective communicators; and

• be approachable.

Conflict and confidentiality conundrums may often result in the need to make difficult decisions (such as whether to act for a client or whether to report a matter to the SRA), and this is not for the fainthearted. Similarly, there are many misunderstandings about what the SRA actually expects. There are a range of myths in law firms about client consent overriding regulatory restrictions and about when information barriers can be overridden. It is important that a member of the firm with concerns or doubts should feel comfortable in raising these with the compliance manager.

Tucked away in these attributes and qualities is the ability of the compliance function to educate colleagues. In many ways, this is the starting point to developing the right responses to their duty to manage conflict and confidentiality duties. Admittedly, the compliance officers may hire external consultants to deliver training on the core topics, but education is much more than this. It should be seen as a means of enforcing the right compliance culture and fostering an environment in which all colleagues have the ability to develop their knowledge and, quite simply, do the right thing.

These two topics are burdened with misunderstandings. Where the misunderstandings are rooted in decision makers within the business (such as partners and senior management), the ability to achieve the expected behaviours is made harder. Quite often, misunderstandings are based on deep-rooted and firmly-entrenched beliefs.

Training which can support compliance functions with their conflict and confidentiality duties would include:

• explanation (perhaps described as a reminder or review) of the SRA Principles and chapters 3 and 4 of the SRA Code of Conduct;

• discussion of the firm's systems for managing the risk of breaching these duties;

• identification of the firm's internal policies (for example, if support staff are involved
  in a conflict search process, they should understand both the mechanics of the process and what risks they are addressing);the systems which operate to address high-risk scenarios and which come into play when mistakes happen; and

• the key components of a successful compliance culture - openness and accountability as opposed to blame and shame, the need to discuss concerns rather than brush them aside, and the need for total commitment to the firm's methodologies.

 

Tracey Calvert is a regulatory compliance specialist at Oakalls Consultancy
(www.oakallsconsultancy.co.uk) and author of Conflicts and Confidentiality for Law Firms, 2nd edition (Ark Group, May 2015).