- Legal Futures - https://www.legalfutures.co.uk -

A compliance plan: the Emperor's new clothes?

Allison Wooddisse, head of Legal Futures Associate LexisPSL Practice Compliance [1], looks at whether COLPs need to put in place a compliance plan, and if so, what should be in it

[2]

Consolidating all your compliance policies into a plan could produce a vast and unwieldy document

This month’s COLP Report comes to you in the wake of the Solicitors Regulation Authority’s (SRA) announcement that the dates for opening the process for nominating your compliance office for legal practice (COLP) and for finance and administration (COFA) will be later than originally planned [3].

This means your COLP has a little more time to polish their shiny new ‘Compliance Prefect’ badge and ponder what the job actually involves. Yes, they’re responsible for implementing compliance procedures and playing watchdog for the SRA; reporting material compliance failures as ‘soon as reasonably practicable’.

But what about a compliance plan? Is it a need-to-have or simply a nice-to-have and, more to the point, what on earth is a compliance plan?

Do I need a compliance plan?

Compliance plans are the Emperor’s New Clothes of the SRA regulatory regime. Everyone’s talking about them, but no-one wants to admit they can’t see them and they don’t know what they are.

There’s a good reason for this – compliance plan requirements are virtually invisible in the SRA Handbook. You won’t find them unless you know where to look. The new Code of Conduct doesn’t mention compliance plans at all and there’s no rule anywhere in the entire Handbook that you must have one, but…

But what…?

Buried deep in a guidance note to rule 8 of the Authorisation Rules, you’ll find this statement: “What needs to be covered by a firm's compliance plan will depend on factors such as the size and nature of the firm, its work and its areas of risk.”

So there may be no regulatory requirement for a compliance plan, but the SRA clearly expects you to have one. In fact, the SRA helpfully suggests what might be included: governance, financial management, undertakings, new staff/contractors, regulatory deadlines, risk management, conduct issues, supervision, staff training/development, regulatory approval of key personnel, disaster recovery/business continuity planning, and outsourcing.

This list is very revealing; it reflects a shift of regulatory focus, away from traditional conduct issues towards financial, risk and practice management.

Where to start?

The lack of certainty about whether a compliance plan is even necessary has one silver lining – at the moment, there’s no right or wrong way to go about creating one.

One approach is to consolidate all your compliance policies and procedures into a single, comprehensive compliance plan. This approach has several drawbacks:

Another approach is to treat your compliance plan as an overarching statement of your compliance arrangements, perhaps appending a schedule of your numerous different policies and procedures. This approach seems to be gaining more traction and it has the attraction of simplicity and flexibility; whenever you change an individual compliance policy, you simply have to update your schedule rather than reissue the entire compliance plan.

An overarching statement shouldn’t be confused with an empty statement. Your compliance plan is the ideal place to record:

Period of grace

Whichever approach your COLP takes, they have six months to get the firm’s house in order before they’re officially responsible for compliance (from 31 October 2012) Hopefully, by this time, compliance plan angst will be a dim and distant memory and your COLP can return to polishing their badge.

Watch the LexisNexis video COLP and COFA Clinic [4] for everything you need to know in detail.

For Allison Wooddisse's first COLP Report, on whether to indemnify your COLP, click here [5].