This website uses cookies

This website uses cookies to ensure you get the best experience. By using our website, you agree to our Privacy Policy

Sign Up for our Free Newsletter
Solictors Journal logoSolictors Journal logo
Tracey Calvert

Director, Oakalls Consultancy

Wayward emails, regulatory breaches and compliance culture

Feature
Share:
Wayward emails, regulatory breaches and compliance culture

By

How you deal with emails sent to the wrong client is a good indicator of how effective your compliance culture is, says Tracey Calvert

It's an undeniable fact in a busy law firm that emails will, from time to time, be sent to the wrong person by any manner of employees. The response of the individual who makes the mistake is a good sensor of the compliance culture within the firm and will be of interest and importance to anyone with a compliance and risk management role.

Can you guess what the reaction would be in your firm? Maybe, it's regarded as one of those things and no harm done, or, whoops, let's hope no one finds out or, perhaps, better not tell anyone because of what may happen to me? Or is it that the knee jerk reaction is to ensure that the firm's compliance team is made aware of the issue?

Risk-based responses

Creating the compliance culture where the default position is one where the compliance team is made aware of such issues should be the goal, both of the compliance team itself and the managers of the law firm. Identifying issues which need to be judged - both in terms of regulatory duties and in risk management - is the only way the firm can ensure that it is able to demonstrate an appropriately risk-based and entity-based response to the challenges presented by the requirement that everyone within the firm must comply with the Solicitors Regulation Authority Handbook.

Perhaps this is the hardest aspect of the SRA's style of regulation; leaving ownership of notification duties with firms themselves means that those in the compliance network cannot be in the position where they have "unknown unknowns". What is clear is that simply having beautifully crafted documents to explain what response is required of individuals in any given situation is not going to be sufficient. Instead what's required is a strategy to ensure that everyone understands certain non-negotiable truths:

• That everyone in the firm has personal obligations and a requirement to understand the force of the SRA regulation on them, albeit proportionately applied to their role within the entity.

• Adherence to SRA requirements means that the firm is a safe environment, both for those who work within it and those who receive services from it.

• The creation of systems and policies are designed for the purpose of strengthening the firm's compliance culture and not to add to the burdens of administration.

• That compliance equates to openness, accountability and responsibility;

• However, openness is not intended to create a blame culture

• Communication of issues and concerns, in a timely manner, is the key to making these duties manageable.
 

Hearts and minds

It's easy to say, but you will have to win over hearts and minds of everybody in your firm. How do you do this? Having visited a good number of firms, my experiences have led me to suggest the following:

• Make sure that senior members of the firm - partners, department and team heads, and supervisors - understand that they have an ambassadorial role in terms of compliance.

• Make the corporate structure clear and visible. Members of staff should know who they can talk to and who has responsibility for what requirement.

• Secure ownership of risks at all levels by asking relevant people within the organisation what matters to them and making sure that they appreciate the consequences of their actions. Do your support staff understand the implications of emailing client advice to the wrong recipient? Do reception staff understand, more generally, their responsibilities in ensuring that client confidentiality is not breached by careless talk in common areas?

• In terms of openness, ensure that there are opportunities for the sharing of concerns, debate of difficult issues etc., such as in departmental meetings, one-to-one meetings, through mentoring and supervisory roles and perhaps firm wide through the introduction of e-newsletters and internal bulletins.

• Share the compliance load with a network of support staff, whether they are a risk and compliance team, deputies, compliance champions within each department, or supervisors.

• Do not underestimate the value of investing time and money in good quality and appropriately targeted training to all members of staff, not merely because of the reasons why working in a SRA-regulated firm is an issue for every employee, but also what will be expected of individuals and why, and the firm's systems and what they are designed to achieve.

This is at the heart of entity-based regulation which is one of the biggest challenges of the modern style of regulation: the SRA's requirements must be observed by everyone employed within the firm, regardless of qualification and status, and anyone could place the firm's authorisation under scrutiny.

And to offer my view on the conundrum of wayward emails: of course this will happen from time to time but all such incidents should be reported to the compliance team in order that the COLP can make decisions about materiality in a timely fashion.

 

 

Tracey Calvert is a regulatory compliance specialist and the director of Oakalls Consultancy Limited. She is the author of Conflicts and Confidentiality for Law Firms and co-author of OFR: Compliance in Practice and COLP & COFA: Compliance in Practice, published by the Ark Group

oakallsconsultancy.co.uk

tcalvert@oakallsconsultancy.co.uk