Outcomes-focused regulation is a blessing in disguise

The UK Legal Services Market 2011 research by consultancy IRN found that solicitors surveyed had three main concerns arising from the Legal Services Act. The first was increased competition; the second was increased practice costs relating to staff, insurance, compliance and property outgoings; and the third was the national economy.

What is striking is that compliance with outcomes-focused regulation (OFR) appears not to be recognised as a significant issue. Is this because, as SRA executive director Samantha Barrass suggested in a well-publicised comment, solicitors haven't been listening, or because amid all the other concerns it has been missed that, in pursuit of a level playing field between ABS and traditional law firms, the SRA has in mind to apply to all types of firm the levels of ?fine for non-compliance set for ABS, namely up to £250m per firm and up to £50m ?per individual?

A more likely reason for lack of concern about regulatory compliance is the assumption that, as in the past, regulation will essentially revolve around professional ethics. Perhaps regrettably, this will not be the case. The entry of commercial organisations into the profession, the increase in the number of regulators and the principal underlying objective of the Act to encourage competition, all point to a dilution of professional standards, and ethics are likely to become increasingly less important.

Feedback from SIFA roadshows suggests that many Lexcel-accredited firms assume that Lexcel will tick all the boxes for compliance, but, while Lexcel is clearly helpful in providing standards and procedures, it does not, unfortunately, dovetail with OFR. As the summary of Lexcel V5 states: COLP and COFA 'is a SRA regulatory specific requirement which practices should automatically be compliant with. As such, it has not been included ?in V5.'

A further factor that may contribute to solicitors' relaxed attitude towards OFR is the assumption that, having identified their COLP and COFA office holders, partners have effectively passed the buck and, provided they keep their noses clean, need have no further concern with compliance. This is not the case. The introduction to chapter 7 of the code of conduct, titled 'Management of your business', reads: 'Everyone has a role to play in the efficient running of a business. However, overarching responsibility for the management of the business in the broadest sense rests with the managers. The managers should determine what arrangements are appropriate to meet ?the outcomes.'

This reflects an important new principle in the code, namely principle 8, that: ?'You must run your business or carry out your role in the business effectively and in accordance with proper governance and sound financial and risk management principles.'

The FSA experience

Like so much of the new regulatory regime, the requirement for management systems and controls flows from the adoption by the SRA of the precedent set by the Financial Services Authority (FSA). More than ten years ago the FSA faced a similar challenge to that subsequently confronting the SRA, namely that of devising a regulatory regime that would be sufficiently flexible to accommodate a wide range of business models. And it is not without significance that the responsible SRA director, Samantha Barrass, and a number of her colleagues were recruited from the FSA.

The solution adopted was to replace hard and fast prescriptive rules with a set of objectives, in the form of principles and required consumer outcomes, which enable firms to determine solutions appropriate to their own particular circumstances.

So, the regulatory buck stops ultimately with management, and compliance officers are entitled to assume that their firms' management will have provided the framework of systems and controls that will enable them to carry out their functions in what the FSA has described as a compliant environment, within which compliance becomes to a large extent synonymous with best practice.

SRA chief executive Anthony Townsend has been at pains to emphasise that the SRA will not regard COLPs and COFAs as 'sacrificial lambs', and in September 2010 Simon Morris of CMS Cameron McKenna commented in Professional Adviser magazine in relation to the FSA experience: 'Telling the regulator you relied on the compliance team to manage risk is not good enough. Now when the FSA investigates a firm it includes the CEO, the chairman, the managing director and all the senior management.'

A 2011 case in point concerned an FSA-regulated firm whose risk management procedures were found to be deficient in a number of respects. The firm's compliance officer was found to have failed to take reasonable steps to ensure that the firm complied with the regulatory requirements designed to ensure the protection of client money and had also failed to demonstrate a sufficient knowledge of the rules with which a compliance officer is expected ?to be familiar. Nevertheless, whereas the firm was fined £85,750, the compliance officer was personally fined only £3,000 ?(www.fsa.gov.uk/library/communication/pr/2011/030.shtml).

Creating a compliant environment

So how should firms go about creating a compliant environment? Outcome O(7.1) of the new code requires firms to have 'a clear and effective governance structure and reporting lines'. This suggests that an organisational chart or organogram is a good starting point, which should make clear the direct reporting line between COLP and COFA and the SRA, and the positive tension that is expected to exist between the respective roles of compliance officers and management.

The organogram should be made available to all members of the firm and supported by job descriptions for the members of management charged with the main areas of functional responsibility, notably compliance officers, the money laundering reporting officer and managers responsible for training and competence, HR and complaints.

Clear definition of reporting lines should assist in bringing to a close the era of the 'confederation of sole practitioners', in which every partner does his or her own thing in defiance of any attempt at central coordination or control. It should also facilitate the orderly compilation and sharing of client data and the cross-referral of clients within the firm.

Management of client data is a major shortcoming for many law firms and results partly from the silo-based transactional approach to business, which causes solicitors to concentrate solely on the matter in hand and to fail to enquire into clients' wider needs, and partly out of the reluctance to share clients within the firm.

Some firms pride themselves on having installed CRM systems, but these often provide little more than contact information. Compared with the sophisticated client data systems operated by some of the new entrants to the legal market, they hardly scratch the surface of client relationship optimisation. It has been said that Tesco knows what time its clients get out of bed, whereas solicitors hardly know who their clients are

Perhaps the most tangible indication of the SRA's expectations is its enforcement strategy for conveyancing, the first such strategy document to be issued. This concentrates on the risks posed to firms and their clients; for example, from overdependence on particular clients or types of business and possible new sources of competition.

The vehicle for evidencing the fact that firms have considered these and other issues and are keeping them under periodic review is the risk register which firms involved in the SRA's consultation process were asked to compile. Other risks that might typically be included would be the risk of loss of documents and/or IT equipment through fire, flood or theft and risks to client data security. In the case of firms involved in family disputes it could even extend to the risk of physical violence. Ideally, a mechanism should be introduced for staff to put forward their own suggestions for improvement.

A related question that firms need to be seen to be asking themselves is whether they are taking appropriate steps to ensure their future viability. This clearly demands evidence of a business plan, supported by written policies and procedures covering a wide range of issues such as those that ?firms need to have addressed for the purposes of ABS applications: client care, complaints, equality and diversity, conflicts of interest, client confidentiality, money laundering, training and development of staff, publicity, fee sharing, undertakings and accounts.

The lesson that has been learnt by FSA-regulated firms is that the requirement for management systems and controls that underlies principles-based regulation can be of immense benefit in improving their business efficiency. For solicitors, this ?could make all the difference between success and failure in the post-Legal Services Act era.