This website uses cookies

This website uses cookies to ensure you get the best experience. By using our website, you agree to our Privacy Policy

Sign Up for our Free Newsletter
Solictors Journal logoSolictors Journal logo
Subscribe
Jean-Yves Gilg

Editor, Solicitors Journal

Nature and culture: embedding compliance across the whole of your firm

Feature
Share:
Nature and culture: embedding compliance across the whole of your firm

By

Lawyers may feel more comfortable with rules and processes, but when it comes to compliance, it's a matter of culture, and getting it right matters now more than ever, says Alison Matthews as she reviews the steps a diligent managing partner would take

Lawyers may feel more comfortable with rules and processes, but when it comes to compliance, it's a matter of culture, and getting it right matters now more than ever, says Alison Matthews as she reviews the steps a diligent managing partner would take

It's the end of half term, you have been relaxing with the family and enjoying life. Even the prospect of work on Monday does not seem so bad, as everything has gone smoothly in your absence. Your COLP has everything under control and will update '¨you, as managing partner, on your return. '¨You reflect that, since implementing a robust compliance culture, managing the practice '¨has been much easier. You are now able to focus on the strategic challenges and running a profitable business, instead of spending your time dealing with complaints/negligence claims and fire fighting.

You think back to how different it was last '¨year and that disastrous case which ruined your holiday - and almost your marriage. It was after that debacle that you realised that good compliance is not just about the processes but about having a good compliance culture in which everyone in the practice understands why compliance matters.

What went wrong

It all started out so well, that was almost the worst of it. Mr Jones, the head of family had a call from a former client who said his old school friend John Smith, now a well-known and wealthy footballer, would be calling shortly. Mr Jones followed the firm's procedure by telling you Mr Smith had arranged an appointment the following week when you would be on holiday. As this was likely to be a very lucrative retainer, you congratulated Mr Jones on the referral, as a result of the good work for the former client.

As you left for holiday, it did cross your mind that it had been some time since you reminded staff about the importance of client confidentiality, given Mr Smith's high profile. Mr Smith arrived in reception the following Tuesday and asked to see Mr Jones. The meeting went very well and Mr Smith decided to instruct Mr Jones on his divorce.

Unfortunately Judy Brown, an office junior was delivering the post when Mr Smith arrived and heard him asking for Mr Jones. She recognised Mr Smith and happened to mention it that evening to her friends in the pub, one of whom had connections to a local newspaper who broke the story on Wednesday that Mr Smith was seeking a divorce from his celebrity wife.

You were relaxing by the pool when Mr Jones telephoned, he was very upset because Mr Smith was threatening to sue your firm for breach of confidentiality and had instructed Mr Andrews at Bloggs & Co.

After finding out what had happened, you reported to the insurers, who advised you to make a significant offer of damages and an apology to Mr Smith; you obtained advice on reputational crisis management and discussed disciplinary action with HR. HR said it would be difficult to take action against Judy because no one had told her that despite being a junior member of staff, the SRA Code of Conduct applied to her. She did not realise that it was a breach of confidentiality to tell her friends that Mr Smith was meeting a divorce lawyer. Your COLP had to report the material breach to the SRA (your name was in the press) who liaised closely with you about what action you were taking. You also had to discuss the matter with the Information Commissioner, who can levy fines of up to £500,000.

As if that were not stressful enough, your wife said she had had enough and threatened to contact Mr Andrews about a divorce.

Now and then

So what has changed? By the time you returned from holiday, you had realised that there were various weaknesses which had to be addressed if your practice was going to survive the current competitive, economic and regulatory challenges (summarised in the SRA's Risk Outlook (2013)). The insurers had made it clear that the practice had to improve the way in which risk was managed and provided valuable guidance.

The first step was to implement an effective governance structure (Outcome (7.1)) with clear allocation of responsibilities for all aspects of managing the business. Responsibilities for marketing (including reputational issues), HR/training, Finance (and financial stability), IT (including information security and business continuity) and Risk and Compliance were agreed at the first management committee meeting. Luckily, the COLP and COFA had already been identified. Compliance is always on the agenda including an update on the risk register and the compliance plan (the guidance to rule 8 of the '¨SRA Authorisation Rules 2011 was helpful '¨together with the SRA's Risk Index and '¨Regulatory Risk Framework).

You and the COLP discussed the changes with all the partners, who accept they must set a good example to embed a compliance culture, in terms of effective supervision, risk assessment and reinforcing the message that "good compliance makes good business sense" and "non-compliance is not an option". They support the COLP, COFA and MLRO instead of abdicating responsibility.

You sent out a memo to all staff - who are '¨your best defence - explaining the new arrangements (see box). You knew that this was just the start of the "embedding" process as plenty of employees would be cynical but actions speak louder than words.

You realised that people may be reluctant '¨or scared to raise issues so the COLP/COFA '¨started to circulate a regular newsletter in which breaches are highlighted anonymously so that learning can be shared. The first case study was about confidentiality.

The management committee reviewed the policies and procedures so they were easy to understand and practical. They were issued to all employees (even the cleaner) who had to declare that they had read them and you explained;

 Compliance is not an option;

 Everyone must comply with the regulatory requirements (the duty of confidentiality extends to every member of staff), no one is exempt;

 Everyone must comply with the systems and controls which are designed to manage and mitigate risk;

 Non-compliance would be '¨followed up.

Following through

You realised that the messages needed to be reinforced through training and the training programme was implemented, covering all aspects of the Code of Conduct 2011, e.g. data protection/confidentiality, money and laundering, OFR, client care (and treating clients fairly), equality and diversity and the importance of reporting.

The training is ongoing, all staff receive some form of training and the practical approach has made a real difference to the level of understanding.

Employees have made suggestions about improvements to systems because they understand that OFR is about treating the client fairly and providing a service that meets the client's needs. The client surveys (an employee suggestion) have highlighted star performers and identified areas for improvement.

The client retention rates are improving and even when there is a problem, the client's concerns are handled quickly and reasonably. As a result, you have not had any referrals to the Legal Ombudsman in the last six months. The numbers of negligence claims are also reducing because issues are being raised earlier and so action is being taken to rectify problems.

The degree of control that you now have over your finances has also increased significantly: you have taken full account of the SRA's guidance on financial stability and implemented the good behaviours.

You know that it is still early days '¨in terms of embedding a good compliance culture and managing '¨your risks effectively. A robust compliance culture means queries are raised earlier and can be dealt with more quickly and effectively, which limits the damage and reduces the risks and '¨costs involved in the SRA or Legal Ombudsman dealings and potential reputational damage.

Embedding an effective compliance culture by getting the buy-in of management and staff making staff feel valued and key to the success of the legal practice will help to cope with the unprecedented challenges from government, the economy, the SRA, competition and the changing needs or wishes of clients.

There could still be problems, of course, but as you watch the sun set, you are confident that your practice is on the right track because everyone in the practice understands that "getting it right" matters. SJ

 

 

Matthews: compliance is a question of culture across the whole firmAlison Matthews is a former partner at a top 100 firm and past professional ethics senior executive at the Solicitors Regulation Authority. She is a director at regulation and compliance consultancy '¨Alison Matthews Consulting Ltd