We all know about compliance abuse and incidents from the articles published in the Law Society Gazette or Legal futures, that then are shared on social media.
How often do you really read them and ask yourself the question of “could it be happening in my firm?” Compliance has so many layers, it’s easy to get bogged down in the detail without seeing what’s really going on and having the clarity to take a step back to undertake a root cause analysis to put measures in place to ensure an incident doesn’t happen again. I hear all the time “it wouldn’t happen where I work”. How sure can you really be though?
We have some big changes coming in this year – we have already seen for SRA regulated firms the new CQS regime which will be assessment/audit based. I am really pleased so see these changes, as it has been a concern of mine for some years that whilst there are some really fantastic firms out there, there are also those firms who take a smoke and mirrors approach. These are the firms that have accreditations and use them merely as a tick box exercise without embedding the compliance functions into the culture of the firm. This I feel means more about the firm and dismisses the true value and work that other firms put in to obtaining and maintaining these accreditations.
On a risk based approach what is one of the biggest assets and highest risk? Y Yes of course your staff. I have said it on many occasions, but you are only as good as your weakest member of staff and that could be the person who lands you in hot water Compliance is your safety net of minimising the risks that you may face, it underpins your business.
Keeping up to date with compliance means, updating and reviewing your policies and procedures at least annually. There are many firms that I come across who do not have written policies/procedures, who I am unsure how they expect their employees to be compliant on any level.
I have seen and dealt with many situations that could have been so easily avoided. I had one firm who had a client who they were representing in the criminal proceedings, who they then referred to Civil Litigation to deal with a Freezing Order, under the Proceeds of Crime Act, who then subsequently referred the same client to conveyancing who very helpfully transferred the property to another individual for nil consideration. I asked whether that client was grateful, and the response was “yes he bought myself and my secretary a Prada handbag”. You seriously couldn’t make it up, but people do take these risks and more worryingly is that the staff involved didn’t think they had done anything wrong!
The point being is that you can have policies and procedures in place, but do you know they are being adhered to, do you provide training, do you stress test the policies. With this particular firm, training was key. In addition to this, file reviews were not carried out on a regular basis.
Think very carefully and revisit what you are doing and if you were faced with a similar situation what would you have done differently. If there is a change to a policy, change the policy as opposed to sending an email round to staff. These emails get lost or forgotten and do not provide a reference point.
We rely heavily now on Case Management Systems and these are fantastic tools. Think about how you use them from a compliance function and how it can not only assist you on a day to day basis, but driving compliance values, embedding compliance, running matters more efficiently, leading to increased revenue and happy staff.
The culture of a firm cannot be underestimated. We talk a lot about mental health well-being, look out for any trigger signs of a colleague who may not be on top of things. Quite often there are tell tale signs, complaints, reduction in time recording, non-compliances on file reviews, appearing withdrawn.
It may be that you are doing all the right things and I see just as many good firms as I do those who need to make improvements. What I would say lead from the CEO and filter down, “top down, bottom up”, have regular training and never assume that everyone knows everything.
Embrace compliance, engage with your employees and embed into your culture.
For further information please contact: firstname.lastname@example.org