COLP Forum - May 2012
1.1 On Tuesday 22 May 2012 representatives of a number of law firms met at the offices of Maurice Turnor Gardner LLP to discuss the role of the Compliance Officer for Legal Practice (COLP) under the SRA Handbook (published on 6 April 2011 and updated in Edition 2 on 23 December 2011 and in Edition 3 on 18 April 2012). This report summarises the issues discussed.
1.2 The deadline for nominating the COLP nomination is fast approaching. The SRA have announced that the COLP must be nominated by 31 July 2012 with the role “going live” on 1 January 2013.
2. ENSURING COMPLIANCE
2.1 The discussion focussed on the COLP’s responsibility for ensuring compliance by the firm, its managers and staff and how the COLP should go about doing his or her “job”.
2.2 SRA Authorisation Rule 8.5 provides: “
(c) The COLP of an authorised body must:
(i) take all reasonable steps to:
(A) ensure compliance with the terms and conditions of the authorised body's authorisation except any obligations imposed under the SRA Accounts Rules;
(B) ensure compliance with any statutory obligations of the body, its managers, employees or interest holders in relation to the body's carrying on of authorised activities; and
(C) record any failure so to comply and make such records available to the SRA on request; and
(ii) as soon as reasonably practicable, report to the SRA any failure so to comply, provided that:
(A) in the case of non-material failures, these shall be taken to have been reported as soon as reasonably practicable if they are reported to the SRA together with such other information as the SRA may require in accordance with Rule 8.7(a); and
(B) a failure may be material either taken on its own or as part of a pattern of failures so to comply.”
The guidance to Authorisation Rule 8 suggests that this will need to include the following:
(a) having a compliance plan which has a system for monitoring, reviewing and managing risk (AR 8 guidance notes para (v)(g));
(b) having a system of file reviews (AR 8 guidance notes para (v)(i));
(c) keeping appropriate records of failures in compliance to:
(i) monitor overall compliance with obligations;
(ii) assess the effectiveness of the firm's systems; and
(iii) be able to decide when the need has arisen to report breaches which are material because they form a pattern (AR 8 guidance notes para (x)(e) – (g)).
2.3 The SRA has recently indicated that when a firm nominates their COLP, COLPs will have to declare that:
(a) “they understand their obligations and have sufficient responsibility in the firm and are in a position of sufficient seniority to perform the role;
(b) they are satisfied that the firm's managers have put in place suitable arrangements to ensure that they are able to discharge the COLP/COFA duties in accordance with the rules; and
(c) they will take all reasonable steps to ensure compliance.”
2.4 The group discussed the tools and sources of information that are available to assist the COLP in fulfilling these duties and considered the extent to which COLP should proactively monitor risk. A number of firms have adopted additional wording in the LLP deed under which each member covenants that he or she will assist the COLP. Others felt that firms need to go further than this and ask both employees and members to support the COLP.
2.5 Would it be practical to require partners, fee-earners, and possibly even support staff, to declare formally that they are not aware of any breaches of the Code? Although it would be important to train people to make disclosures as early as possible, this would act as a fail safe and might flush out issues that would otherwise have been missed. Even if this does not, such a declaration would act as a regular reminder to partners and staff of their responsibilities. It was felt that the fairest approach, and the one that would yield the most useful results, would be to ask specific questions to serve as a prompt and make each fee earner really think about whether they are compliant or not.
3. INTERNAL TOOLS
3.1 Firms will need a number of registers and/or systems. At the very least, they will need a risk register, complaints register, claims register and breaches register. The COLP will need to monitor these registers regularly, and report on them to the board/partners on a periodic basis (it was suggested, at least annually) and on an ad hoc basis as required. The COLP will need to report to the SRA if a material matter is identified, or a pattern emerges which indicates a material failure. The firm should also use information on breaches to assess risks and update the risk register and to complete the annual authorisation renewal.
3.2 Using the data to benchmark internal performance against external guidance was recommended. For example, a firm can compare its complaints procedures against the Legal Ombudsman’s guidance on good costs complaints handling, Law Society Practice notes or guidance from the Law Society’s Risk and Compliance Service.
3.3 It was generally felt that the firm should also use the information to monitor the conduct of staff and partners and that such monitoring should be formalised as part of the appraisal process. In this way, everyone has a clear role to play in ensuring compliance and a culture of compliance is embedded within the firms at all levels.
4. USING IT
4.1 To what extent are firms using IT to ensure compliance and to monitor behaviour?
(a) IT is a useful internal tool and is likely to play a huge role in a firm’s compliance efforts. Automated systems should help to ensure that key documents such as engagement letters are never inadvertently overlooked and automatically generated reports should help firms to monitor trends and to identify patterns.
(b) IT is already crucial in matter acceptance processes and these can be used to support the COLP’s role. For example, firms’ automated systems can be used to record the risk level of particular matter and to assist with an appropriate level of monitoring throughout the matter. The COLP should consider asking fee earners to assess the level of risk at the outset and therefore fee-earners will need to be trained to evaluate and grade risks sensibly. The level of risk can the influence the way in which the matter is handled and the supervision of the matter.
(c) No matter how good the IT system, there is always a risk that people override automated IT checks and balances, for example claiming urgency as an excuse for not sending an engagement letter. It was generally felt that incorporating compliance issues into a fee earner’s appraisal would assist in reducing occurrences of this behaviour and therefore mitigate this risk.
5. FILE REVIEWS
5.1 Whilst file reviews are not compulsory under the Code, their inclusion within AR 8 guidance strongly suggests that the SRA feels that they are likely to be necessary. Further, AR 8 guidance, paragraph (ix)(c) suggests that the COFA should also undertake file and ledger reviews.
5.2 Despite this, a number of firms do not have file reviews and do not intend to implement them. These firms feel that because partner to associate ratios are high, and each file is likely to involve several partners, an appropriate level of peer review and supervision of client work is built in to the system and sufficient and robust monitoring processes are in place.
5.3 By contrast, some attendees held the opposite view, arguing that a system of file reviews to check that systems and processes are working is not difficult or expensive to establish, and is necessary to detect and therefore deter inappropriate behaviour. It was noted that Lexcel accredited firms are accustomed to file reviews and find them useful exercises, even though it was acknowledged that there were teething problems implementing the systems at the outset.
5.4 An example file review system was described:
(a) All fee earners (from trainees to partners) to be reviewed and perform some reviews, as a means of learning from how others work;
(b) Review to be undertaken by someone outside the core deal team;
(c) Random selection of files but ensuring that both advisory and transaction work reviewed as well as new and old clients etc.;
(d) Random reviews to be combined with risk based reviews where there are prima facie indications of risk- e.g. a very high level of initial risk identified for the particular matter, or long outstanding bills;
(e) Formal file management checklist used to guide fee-earners and staff, support new joiners and formalise expectation and to provide a checklist for file review.
5.5 It was suggested that the purpose of file reviews need not be to review legal advice given in detail, as opposed to compliance with supervision and quality policies and procedures. Outcome 7.8 refers to “quality of work”. This is new to the Code but under the old Rule 5 supervision was required, which arguably included file reviews. In some firms, perhaps inevitably, legal advice may be checked as part of the process. However, a number of people voiced scepticism about the extent to which a reviewer, with a specialism in a different practice area, would be able to check the reviewee had delivered against the scope of the matter as defined in the engagement letter. On the other hand, it was felt that as long as the reviewer is suitably experienced, the reviewee will have a sufficient sense of how well the matter has been conducted to identify serious issues, if any.
5.6 It was widely agreed that reviewing the quality of work was less important than reviewing files to check that the fundamental building blocks of compliance, such as the engagement letter, appropriate levels of supervision by those with appropriate expertise and adequate costs information were present. It is not uncommon to find partners who produce work of a very high standard but do not have signed engagement letters for their matters. File review would pick this up. To be meaningful, there must also be a formal procedure for addressing compliance failures through the appraisal process, and in serious cases, disciplinary action.
5.7 By instigating and possibly publicising disciplinary action for repeated or particularly serious compliance breaches, a clear warning could be sent to all fee earners as to the significance of compliance. Just as fee earners are aware of the reputational impact of any money laundering issues, compliance issues need to be elevated to the same level of importance. Although the Code is driving the pace of change in firms, it should be remembered that engagement letters are vital to a firm and the partners’ liability protection, particularly if standard engagement letters include caps on liability. However, this should be balanced against the need to encourage openness and disclosure, and the approach should therefore be to regard frankness as a very positive behaviour and failure to disclose a breach as serious non compliance.
5.8 It is important that time and resource spent on file reviews is not disproportionate. Even so, this could take a significant amount of fee earners’ time and it is important to ensure that file reviews are used as a learning tool so that there are benefits to incurring that time.
5.9 Some attendees felt that file reviews should be undertaken frequently, but limited to a “tick box” style compliance review, for example checking an engagement letter is in place, with more in depth checks done on a limited, random basis. Post transaction debriefs could be initiated during which the partner and fee earners would be interviewed on how they managed the progress of the matter. This might be more likely to identify gaps in knowledge and therefore have a greater business benefit.
6. EXTERNAL TOOLS
6.1 A few firms already have external control systems in place. For example, Lexcel accredited firms have an annual visit from an external auditor. These firms felt that this sort of external review was helpful in embedding compliance culture. It imposes discipline that fee earners accept (albeit grudgingly at the outset) and encourages useful “tidying up” exercises before the auditor’s arrival. Once the “tick box” review becomes routine, more qualitative review can occur.
6.2 Internal auditors (whether from an outside supplier or from the firm’s risk function) can be used to review a firm’s processes and report on areas for possible improvement. An outside supplier may have a better knowledge of best practice in other industries and in competitor firm but will be less familiar with the firm’s practices and policies.. By using an external auditor, the opportunity for fee earners and risk function people to learn from other fee earners’ experience will be lost. Cost may also be a disadvantage although internal costs cannot be ignored.
6.3 IT compliance packages Some IT packages were considered.
(a) Lexis Nexis Compliance Manager This online system appears to be a useful tool with regulatory updates and compliance check lists. However, it is understood that it is necessary to print out and complete the reports by hand so collecting, monitoring and evaluating information is still a manual process.
(b) Reliance This seems to have been designed with reference to the Outcomes and has the advantage of using less paper as everything is stored centrally. It also includes useful links (for example, the SRA website). It is approximately £150 per month (per office) so is relatively cheap. However, it is somewhat inflexible. For example, the SRA require complaints to be reported in certain categories and the Reliance categories only reflect the SRA’s categories whereas it would be useful if Reliance could provide more detailed categories, tailored for each firm, to.
(c) Other Other compliance packages are available from Falcon and Vinci. It is understood that PLC are also developing a compliance package. The Law Society compliance toolkits with CD-Roms, which look particularly helpful and are cheap, will be published at the end of June.
7.1 The SRA has stated repeatedly that it is not just the COLP/COFA who will be held to account. However, to what extent will responsibility for compliance fall on the COLP personally in practice? The COLP’s role is not just that of Compliance Officer, he or she will have a portfolio of responsibilities. In a small firm, he or she will generally be a fee-earning partner and have other management functions as well as supervising fee-earners and staff. In a large firm with multiple offices nationally and internationally, the COLP’s portfolio of responsibilities may include General Counsel, MLRO, risk and board/management roles.
7.2 The COLP’s job is to make sure compliance is at the heart of the firm’s governance arrangements and to set up systems, policies and procedures for others to follow. The COLP’s role encompasses monitoring how well the systems are working as well as educating and training. The COLP should have sufficient internal resources to ensure that the systems and processes work properly, and will himself be likely to have an oversight role, delegating and supervising many of the necessary tasks. The COLP is the lynchpin in the relationship between the firm and the SRA.
7.3 Whilst the Code does not require a deputy COLP, the breadth of the COLP’s responsibilities, coupled with their other roles within the firm, may necessitate formal support. A deputy COLP may be useful. A deputy COLP can take on some of the more administrative responsibilities of the COLP, for example file keeping, whilst the COLP monitors and guides the compliance function. The deputy can also help to ensure that systems work properly in the absence of the COLP as well as learning the ropes for a possible future COLP role. The COLP will also need support from the Finance team and will work particularly closely with the FD, who may well be the COFA.
7.4 The question of how a COLP will monitor and oversee compliance in multiple international offices is more complex. Having a deputy COLP in each office, reporting to the COLP, could be an efficient way to oversee international compliance.
8.1 The key challenge for a COLP is to embed compliance in the firm’s culture and to ensure that the risk is considered with each board level decision.
8.2 If the firm can create a climate of transparency in which people feel able to approach the COLP to discuss potential issues, compliance will simply become another part of being a professional.
The next COLP Forum will be held on 25 September 2012.
Related in depth posts
Mergers, finance, technology and succession planning were high on the agenda at the latest Gazette roundtable, which discussed changing law firm business structures.
Brexit considerations for Professional Service firms
With the UKBA's requirement for a Tolstoyesque dossier of details on visa applicants, one may be able to sympathise with Roman Abramovich's immigration troubles.