Risky Business

In many firms the transition to the SRA's outcomes-focused and risk-based regulatory requirements has been made easier by the pre-existence of a risk and quality team able to absorb the brunt of compliance duties created by the SRA handbook. While the compliance officers may be new to their roles, these roles tend to require risk and quality skills which are inherent in the existing internal team and these skills can be exploited to good effect.

Unquestionably where this resource is not available the challenges of compliance are greater. In many circumstances, a fee earner with an already busting caseload has accepted a compliance role in the knowledge that the budget, resources and business plan do not facilitate full-time commitment. This will almost inevitably be the case in most small and medium-size firms. In such firms, the feeling may be that it will be sufficient to dust off the office manual and update the policies within it.

Unfortunately this is not so. A review of existing procedures is the starting point, but it is shortsighted to consider that the publication of a new version of the office manual is the job done.

The regulator expects self-ownership of risk '¨with entity-wide coverage of compliance duties and this may cause many compliance officers to wonder whether they will ever have time again for the day job.

So what can compliance officers who are also holding down fee-earning roles do in this situation? How do you manage the compliance function in such circumstances and with the end result being a good, fuss-free working relationship with the regulator?

Before considering compliance tools, it is probably a useful reminder to say that the compliance officers are not expected to do everything without support. One of my favourite quotes from the SRA makes this point quite directly: "it is absolutely not the case that COLPs can be wheeled out as convenient scapegoats if something hits the fan". Or, as SRA executive director Samantha Barrass said in her opening speech at the 'Risk management for law firms' conference on 6 December 2011: "Controlling interests cannot hide behind their COLP - particularly if their COLP has been under-resourced without sufficient backing from the top. Ultimate responsibility and culpability for regulatory compliance under OFR still lies with the most senior people, and the SRA will swiftly move in that direction if we detect serious unresolved issues.".

Shared responsibility

The regulator does not expect or require the compliance officers to take sole responsibility for addressing all their concerns. While they do have specific duties in the SRA Authorisation Rules, and they are seen as the focus for SRA and firm engagement, the expectation is that the firm's ethos will be such that the compliance officers are first among equals.

The SRA's compliance requirements are made more achievable if certain conditions are in place within the firm. This should start with the genuine commitment of those at the top of the firm to the creation of a business environment where the compliance culture is owned by everyone. This requires support for both the style of regulation, and the role of the compliance officers particularly in recording and reporting, from the senior members of the firm who must ensure that ownership of the function is a business requirement.

The message should be one that everyone within the firm must demonstrate good compliance skills and that this will help the firm succeed not only in terms of managing the regulator's expectations but also in the '¨commercial context.

There are many quick-wins to achieving this compliance culture (see box 1).

At first sight this may seem burdensome and there may be firms which feel that in their particular circumstances all they can do is pay lip service to regulatory requirements. However, there are measures which can be introduced so that the 'first among equals' mentality prevails with good firm-wide compliance values in evidence.

Inclusive, not exclusive

Looking at the list of quick-wins, what pervades all the points is the benefit of getting ownership of compliance values by all members of the firm. Compliance should be inclusive rather than exclusive. Here are some pointers:

 Ensuring that the senior members of the firm understand their role in creating a system whereby there is evidence of Principle 8 is operation (running your firm or role effectively and in accordance with proper governance and sound financial and risk management principles).

 Making the corporate structure clear and visible. Members of staff should know who they can talk to and who has responsibility for what requirement.

 Securing ownership of risks at all levels by asking relevant people within the organisation what matters to them. Does the receptionist have concerns about the discussions which he or she or other people overhear in the public areas? Do support staff undertaking client inception checks have difficulties in obtaining full instructions from fee earners? Are fee earners concerned about methods of working which seem high risk? Such information assists with risk management strategies and the creation of sensible and workable policies.

 Facilitating informal arenas and mechanisms for the sharing of concerns, such as in departmental meetings, one-to-one meetings, through mentoring and supervisory roles, and perhaps firm wide through the introduction of e-newsletters and internal bulletins. The point here is that openness is a vital component of a compliance culture so the more opportunities there are to raise concerns, or heighten awareness of compliance worries, the better.

 Sharing the compliance load. The handbook provides for two officer holders only: the compliance officer for legal practice (COLP) and the compliance officer for finance and administration (COFA). However, there are good reasons to share the responsibilities with a network of support staff whether they be deputies, compliance champions within each department, or supervisors.

'¨And of course, side by side with this is the need to ensure that members of the firm understand what is expected of them, both in terms of the managers and compliance officers, but also in terms of the SRA itself.

While solicitors should understand the importance of a good personal relationship with the regulator, tied in as it is with the ability to hold a practising certificate, this may be news to other members of the firm. The message should not be lost on them.

Entity-based regulation is one of the biggest challenges of the modern style of regulation: the SRA's requirements must be observed by everyone employed within the firm, regardless of qualification and status, and anyone could place the firm's authorisation under scrutiny.

Training on such requirements is another of the quick-wins to creating a firm-wide compliance culture. A basic understanding of the SRA, its style of regulation and key handbook requirements is an essential starting point - otherwise how will firm members understand why compliance, and the need to keep the firm safe, matters so much.

More specific training to deal with common conduct issues, or areas of the business where mistakes are more likely to happen, is also beneficial: client care, complaints handling, conflicts and confidentiality and common Accounts Rules issues can all be the subject of '¨firm-wide training programmes designed to ensure that the firm's and the regulator's requirements are clear.

Tailored training

There are many ways of addressing this so that it does not become the costly exercise of sending individuals to public courses at the expense, '¨both in time and money, that this attracts. '¨Consider the following:

 Developing training programmes which are focused on the risks evident in individual departments which can be undertaken in team meeting time.

 E-learning.

 Peer mentoring.

 Hiring trainers to come to your premises and deliver training to groups of people in a bespoke manner with you providing the criteria for the package.

'¨From my own experience it is clear that there are several quick-wins with training, particularly where this is delivered in-house: shorter, bite-size training sessions delivered to different departments allows the content to focus on the issues that really matter to the individuals.

For example, in a general conflicts session it would be easy to rely on property-related examples to make a point but with commercial lawyers this is less meaningful than discussions about the conflicts that they see with their corporate clients.

Also, training of unqualified fee-earners and support staff should not be ignored and can be addressed to their starting point of knowledge, which is less theoretical and more practical, and may address different aspects of a procedure than that undertaken by the solicitors in the business.

The position of being the compliance officer in a firm where resources and budget may be tightly controlled may be daunting but there are ways of making the role workable.

Above all else, communication of expectations and requirements and the development of a compliance network provide the title-holders with the support which is essential to managing the regulatory requirements. SJ