This website uses cookies

This website uses cookies to ensure you get the best experience. By using our website, you agree to our Privacy Policy

Sign Up for our Free Newsletter
Solictors Journal logoSolictors Journal logo
Jean-Yves Gilg

Editor, Solicitors Journal

Regulatory risk

Feature
Share:
Regulatory risk

By

Regulatory due diligence is often overlooked by firms, but the risk of non-compliance can be severe, says Michelle Garlick

Earlier this year, our first article in this series on due diligence (SJ 159/6) gave an overview of the importance of the process
and the various areas that will require scrutiny. In the second
of the series, we focus on regulatory due diligence, although there are significant areas of overlap between regulatory, financial, and
legal due diligence.

Remember also that modern law firms are businesses like any other and, with that in mind, consider the ten principles contained in the Solicitors Regulation Authority (SRA) Handbook, but most notably principle 8: ‘Run your business… effectively and in accordance with proper governance and sound financial and risk management principles.’

Mergers and acquisitions
are occurring with increased frequency, and while each will be different, having positive as well as potentially negative effects on the profession as a whole, we must consider whether the regulatory risk is raised as a result.

As you might expect, those performing due diligence to a lesser degree may focus their attention on financial and legal issues. I would argue that regulatory due diligence ought to play as great a part in the process as any other, as the risk associated with non-compliance with the regulatory regime can be severe.

Compliance issues

That regime is complex and
often open to interpretation.
The regulator’s reluctance to offer firms compliance advice or safe harbour and the seemingly never-ending changes to the relevant regulations and laws
add up to a minefield of potential issues that must be detected and dealt with to mitigate the risk. Regulatory due diligence should reveal compliance problems, and if performed properly pre-acquisition will be crucial to determining whether to continue with the deal.

The list of areas to look at
ought to be risk-based, but will invariably cover issues such as:

  • The target firm’s relationship with the regulator, disciplinary history, and practising conditions;
  • How is the firm authorised (i.e. is it a recognised body or a licensed body, such as an alternative business structure)?
  • Systems and controls: The SRA will take enforcement action, often significant, on breach of its principles for failing to have in place adequate systems and controls. Among the key areas to consider are:

    • What management structure is there and how does it function?
    • Compliance officer for legal practice (COLP) and compliance officer for finance and administration (COFA) monitoring and breach records;
    • Procedures (conflicts, supervision, anti-money laundering, anti-bribery, etc.);
    • Review of matter files and standard documents;
    • Complaints;
    • Training for maintaining competence;
    • Business plans (including business continuity and disaster recovery);
    • Compliance with associated legislation (e.g. LASPO, Consumer Contracts Regulations, Data Protection Act, Legal Services Act); and
    • Compliance with the Solicitors Accounts Rules.
  • Does the firm outsource any activity or tasks? What due diligence does the firm perform on third-party suppliers?
  • Are they involved in any separate businesses? Are the terms and conditions of authorisation complied with?
  • Client assets: How does the firm ensure compliance with the Solicitors Accounts Rules? What arrangements are in place for the safekeeping of other client assets?
  • Do all of the above serve the needs of the business and do they address the business of the firm properly?

The right conclusions

Lesley Graves, the managing director of Citadel Law, a niche law firm which advises on the risk management, valuation, and profitability of personal injury claims, has gained further insight into the mergers and acquisitions market during the recent spate of personal injury book purchases and disposals and suggests that the regulatory due diligence process should also be concerned with:

  • Risk profile of the caseload, e.g. value, complexity, liability status;
  • Technical competence of fee earners, and their supervision and governance;
  • Case management system’s capability to drive high-quality management data;
  • Professional indemnity insurance cover – is it suitable for work undertaken (bearing in mind the new outcome 7.13 of the SRA Code of Conduct).


Of course, undertaking due diligence is fundamental, but what is also critical is drawing the right conclusions. It is important to keep a sense
of perspective about:

  • Serious breaches which are either not possible to remedy or extremely expensive to remedy, such that the deal becomes uneconomic;
  • Serious breaches which can be remedied, so that the purchase can proceed with an appropriate adjustment to the price and the right indemnities in the purchase agreement; and
  • Minor breaches that can be remedied easily, in which case consider requiring the remedy as a condition precedent to the acquisition. SJ

Michelle Garlick is a partner at Weightmans and head of Compli, the firm's risk management and compliance consultancy service

@compl_i