This website uses cookies

This website uses cookies to ensure you get the best experience. By using our website, you agree to our Privacy Policy

Sign Up for our Free Newsletter
Solictors Journal logoSolictors Journal logo
Jean-Yves Gilg

Editor, Solicitors Journal

Strategic compliance: Create a law firm culture of risk management

Feature
Share:
Strategic compliance: Create a law firm culture of risk management

By

Place your COLP in your management team to embed risk management in your law firm, says Angela Robertson

The emerging landscape of regulatory-driven requirements has introduced new challenges to traditional law firm structures in the UK. Outcomes-focused regulation brings a shift in emphasis from prescriptive rules-driven compliance to a more flexible client-centred approach. It encourages decision making based on judgement and promotes the operation of effective systems and controls appropriate to the risks faced by a law firm. This of course assumes that the law firm is equipped, through its internal compliance function, to influence and implement any required changes.

Established risk and compliance teams are fairly embedded in law firm structures, although the role of the general counsel is a relatively new addition. Up until recently, clients did not expect their external advisers to have a general counsel. But, they now recognise the GC as a key individual in defining the firm’s approach to risk and compliance – an area which comes under increasing scrutiny in client pitches. How has this structure evolved?

Risk and compliance

Back in 2000, new business take-on was identified as an area warranting risk management, although anti-money laundering checks had been established for a number of years. The structural initiatives around new business take-on were partly regulatory driven, but also a consequence of the era of law firm mergers – particularly those which were internationally driven.

Trying to manage multi-jurisdictional conflicts issues and varying money-laundering regimes prompted the creation of teams of experts to handle these areas of work; some were an adjunct to finance or other business service areas, but teams now exist in their own right, normally
within the framework of a risk and compliance department.

Although there are similar themes running through risk and compliance team structures, there are also very clear structural variations, particularly around responsibility for decision making and in the overall resource model which supports today’s regulatory challenges. This is true even amongst firms of a similar size and international reach.

A significant challenge for any substantial law firm, particularly those in multiple office locations, is the resource model for conflict management, which is technology dependent and process driven, yet a failing in the system or in the decision making around it can create significant reputational damage to the firm. Some firms adopt a committee approach to decision making, while others rely
more on an escalation process for
ultimate determination.

When the Solicitors’ Regulation Authority (SRA) introduced the role of the compliance office for legal practice (COLP), most large and medium-sized law firms were well positioned to accommodate the roles within their existing structures. The bigger challenge was to find a suitable individual to fill the role – for a start, the COLP has to be a lawyer, of sufficient seniority and in a position of sufficient responsibility to fulfil the role. The SRA guidance indicates that the COLP should have clear reporting lines to the governing body and access to management systems and information.

For some firms, it created a problem where the standing head of risk was not a solicitor. Although non-lawyers might be well equipped to perform the role of COLP, the requirements precluded them from doing so. In other firms, the issue was the internal structure around the risk function and whether it had sufficient authority and standing in the firm’s governance structure to equip the COLP with the authority required to perform the role.

These issues have been largely ironed out and most firms have adjusted their structures to accommodate the compliance officer roles, though I expect that, with time, there will be a reassessment of the COLP’s position.

Although the COLP derives authority from the outcomes focused regime and,
as such is a creature of regulation, the role-holder is of fundamental importance
in influencing:

  • relationships between the firm and
    its clients;

  • the firm’s approach to its commercial activities; and

  • the firm’s culture.

Compliance is driven not only by the regulator but also by client expectations. External perceptions of how a firm manages risk can impact its brand and reputation, it is a factor in the outcome of pitches and in how the professional indemnity insurance market perceives the firm. Clients, the SRA and insurers are exposed to a number of different law firms, making them well positioned to benchmark approaches to risk and to categorise or profile firms accordingly.

Position of influence

The COLP will often sit in the firm’s risk and compliance team, so it is important to look closely at where the team sits in the overall firm structure. Views may differ between firms as to whether the risk team encompasses regulatory risk or all aspects of business risk. Given the regulatory connotations of risk and compliance,
I have renamed my team as the general counsel team. This aligns the team more closely with an in-house specialist
advisory function, rather than defining
the team’s responsibilities solely by reference to regulation.

The SRA has identified lack of influence and access to information as pitfalls to avoid. These can stand in the way of effective dialogue with the SRA and fetter the COLP’s ability to influence business decisions. Yet, the COLP is the ambassador for the firm’s approach to risk management, not only before the SRA’s regulatory management team, but also the firm’s clients. The COLP decides what constitutes a ‘material breach’, which in turn informs the decision to report (and equally, not to report). Decisions around reporting can have repercussions for a firm, its management and any individuals named in the breach report. In short, a firm places absolute reliance on the COLP to exercise sound, reasoned judgement.

During the course of a firm’s history,
it will inevitably encounter a rogue employee or partner, but the effectiveness of the systems to manage such a risk can either prevent a problem from arising or mitigate its impact. At the core of a well-managed firm are appropriate systems
to manage these risks; the COLP plays
a key part in identifying and implementing those systems.

If compliance is to be embraced from the top down, it must be seen as an area of strategic commercial importance. Law firm size and structure can create a multiplicity of organisational issues, often with risk as an integral part of them. Recruiting a lateral hire, opening a new office, accepting work from a new client; these and others are routine business decisions, each carrying a degree of risk for a firm.

To be in a position to influence the board, the role of the COLP must be properly understood. If the board’s focus is on the COLP’s reporting obligations rather than the broader risk management aspects of the role, then the COLP’s value and ability to influence decisions will be significantly reduced.

In the same vein, the COLP’s reporting line and position relative to the firm’s executive or senior management team is key to the impact the role-holder can make; if the COLP is identified as part of the management team, compliance is more likely to be effectively integrated and accepted as part of the firm’s governance structure. As firms increasingly look to deliver new and innovative services to clients – often falling outside the traditional legal advisory model – the business objectives are inextricably linked with the risk profile.

Compliance culture

Is the COLP seen as a trusted or respected individual in the firm, or simply as a reporting line into the SRA?

Effective risk management, if it is to influence a firm’s culture and appetite for risk, is all about encouraging the right behaviours. Just as claims happen and are an accepted (though unwelcome) outcome of providing professional services, regulatory breaches are also an inevitable outcome for a regulated services provider. A culture that encourages individuals to disclose circumstances that might give rise to a claim or suggest a breach lends itself to the right behaviours.

Lessons can be learnt from breaches in the same way that they are learnt from claims; equally, clients tend to appreciate an open and frank dialogue around issues that arise, but are less receptive to the surprise factor if an undisclosed problem should subsequently emerge.

A pattern of breaches may say something about risks across the firm, identifying key areas to be addressed by the firm’s management, so it is important that individuals feel that they can report a breach without recrimination. To facilitate this openness, the COLP must be proactive in disseminating information and guidance across the firm; the flow of information must be reciprocal, with the COLP seen as a contributor as well as
a recipient.

It is vital for the COLP to be visible and accessible, not desk bound. For firms with an international practice, it is just as important to build relationships with international offices and encourage dialogue across all offices. Risk management does not have geographical boundaries; even if different offices locations are subject to local regulation, a consistent approach across all offices improves the client experience and sets the standard for the overall brand.

Interaction with all parts of the business – management, legal teams and business services teams – is a vital tool for a COLP to make informed decisions. Developing effective relationships around the business can ensure that the COLP is trusted to support the firm through difficult decision making, is seen to support individuals who have caused or reported
a breach and is identified as someone
who can offer valuable guidance.

People, collectively and as individuals, play a vital role in setting the risk profile; but is risk impact given sufficient weight? One indicator is whether risk is factored into performance reviews and promotion rounds, including new partner selection.

A risk function represents a cost to a firm but, if risk is poorly managed, the outcomes can undermine the profitability of the firm’s fee-earning activities. The cost can be measured in higher professional indemnity premiums, a breakdown in a key client relationship (perhaps attributable to a conflict of interest), quite apart from the wider reputational risk implications if a firm falls short in meeting its obligations.

An evolving role

In the course of time, I believe that the role of the COLP will evolve, not necessarily at the behest of the regulator, but in recognition of the wider benefits conferred by the role. ‘Compliance officer’ is something of a misnomer, as it does not completely and accurately characterise the role of the COLP – if the COLP is to operate effectively within the organisation.

As firms obtain a deeper understanding of the scope of the role and the positive impact it can play in the firm, both internally and externally, it will sit very differently in the law firm structure. An effective COLP is an asset to the firm.

Angela Robertson is a partner and the general counsel at international law firm Eversheds (www.eversheds.com). She is also the firm’s COLP.