Allison Wooddisse, head of Legal Futures Associate LexisPSL Practice Compliance, looks at whether COLPs need to put in place a compliance plan, and if so, what should be in it
Consolidating all your compliance policies into a plan could produce a vast and unwieldy document
This month’s COLP Report comes to you in the wake of the Solicitors Regulation Authority’s (SRA) announcement that the dates for opening the process for nominating your compliance office for legal practice (COLP) and for finance and administration (COFA) will be later than originally planned.
This means your COLP has a little more time to polish their shiny new ‘Compliance Prefect’ badge and ponder what the job actually involves. Yes, they’re responsible for implementing compliance procedures and playing watchdog for the SRA; reporting material compliance failures as ‘soon as reasonably practicable’.
But what about a compliance plan? Is it a need-to-have or simply a nice-to-have and, more to the point, what on earth is a compliance plan?
Do I need a compliance plan?
Compliance plans are the Emperor’s New Clothes of the SRA regulatory regime. Everyone’s talking about them, but no-one wants to admit they can’t see them and they don’t know what they are.
There’s a good reason for this – compliance plan requirements are virtually invisible in the SRA Handbook. You won’t find them unless you know where to look. The new Code of Conduct doesn’t mention compliance plans at all and there’s no rule anywhere in the entire Handbook that you must have one, but…
But what…?
Buried deep in a guidance note to rule 8 of the Authorisation Rules, you’ll find this statement: “What needs to be covered by a firm's compliance plan will depend on factors such as the size and nature of the firm, its work and its areas of risk.”
So there may be no regulatory requirement for a compliance plan, but the SRA clearly expects you to have one. In fact, the SRA helpfully suggests what might be included: governance, financial management, undertakings, new staff/contractors, regulatory deadlines, risk management, conduct issues, supervision, staff training/development, regulatory approval of key personnel, disaster recovery/business continuity planning, and outsourcing.
This list is very revealing; it reflects a shift of regulatory focus, away from traditional conduct issues towards financial, risk and practice management.
Where to start?
The lack of certainty about whether a compliance plan is even necessary has one silver lining – at the moment, there’s no right or wrong way to go about creating one.
One approach is to consolidate all your compliance policies and procedures into a single, comprehensive compliance plan. This approach has several drawbacks:
- Your final compliance plan will be vast and unwieldy;
- If you amend one compliance policy, you will have to amend and reissue the entire compliance plan; and
- Simply handing your staff a weighty compliance plan is unlikely to secure their buy-in and could well have the opposite effect.
Another approach is to treat your compliance plan as an overarching statement of your compliance arrangements, perhaps appending a schedule of your numerous different policies and procedures. This approach seems to be gaining more traction and it has the attraction of simplicity and flexibility; whenever you change an individual compliance policy, you simply have to update your schedule rather than reissue the entire compliance plan.
An overarching statement shouldn’t be confused with an empty statement. Your compliance plan is the ideal place to record:
- What you have to comply with and why compliance is important;
- Who is responsible for compliance, at every level across the firm;
- Who have you designated as your COLP and COFA, what the roles involve and what happens when they’re away from the office;
- The compliance arrangements you have in place (this is a good place to refer to an appended schedule of policies and procedures, which should at the very least cover the items on the SRA’s list);
- How you monitor compliance;
- Whether you have a separate policy for reporting and recording compliance failures; and
- Your arrangements for reviewing your compliance arrangements and the compliance plan itself
Period of grace
Whichever approach your COLP takes, they have six months to get the firm’s house in order before they’re officially responsible for compliance (from 31 October 2012) Hopefully, by this time, compliance plan angst will be a dim and distant memory and your COLP can return to polishing their badge.
Watch the LexisNexis video COLP and COFA Clinic for everything you need to know in detail.
For Allison Wooddisse's first COLP Report, on whether to indemnify your COLP, click here.
