In her latest blog on COLPs and COFAs, Allison Wooddisse, head of Legal Futures Associate LexisPSL Practice Compliance, looks at the race to get your house in order before the new regime kicks in
Comparisons between the 2012 Olympics and the compliance officer for legal practice (COLP) nomination process are more obvious than you might think: both were years in the preparation, shrouded in mystery, beset by operational PR disasters and, ultimately, over in a flash.
This month’s blog brings you live coverage of the five-month dash: that’s how long your COLP has to get the firm’s house in order before they become responsible for compliance. Like bog-snorkelling and extreme ironing, the five-month dash is a niche sport, unlikely to grace the Olympics, but pundits are predicting there’ll be a least 11,000 participants by the end of the year.
On your marks
As the late, great Peter Cook once said, the key to sporting and managerial success is three-fold: motivation, motivation, motivation. That’s all very well, but the main problem for most COLPs is simply where to start. It’s worth a quick action-replay of the COLP role:
- Take all reasonable steps to ensure the firm, its managers and employees comply with:
- the SRA Handbook (apart from the Accounts Rules);
- any terms and conditions of the firm’s authorisation; and
- other relevant legislation, eg anti-money laundering, bribery, data protection.
- Maintain a record of compliance failures; and
- Ensure the firm’s compliance failure record is made available to the Solicitors Regulation Authority (SRA) on request.
It’s also worth remembering that we have a relatively new SRA Handbook and the SRA has declared its intention to take a risk-based, firm-based, outcomes-focused approach to regulation.
Taking all of this into account, here’s what should be in any COLP’s starting line-up.
Governance takes first place because it’s (a) new and (b) clearly a big priority for the SRA.
In fact, the SRA announced that firms would be expected to provide a copy of their governance structure as part of the COLP nomination process. This proved not to be the case, perhaps because the nomination process didn’t go through mySRA. It doesn’t mean that governance has gone away; see here for tips on what governance is and why you should care.
No2: Compliance failure process
Taking second place by a whisker, a compliance failure policy is a must, to ensure that your COLP and COFA can meet their three core duties. My blog next month will include some thoughts on what this might look like.
No3: Risk management policy and risk register
This deserves a place amongst the medals because risk sits at the heart of the new regulatory regime. The SRA will take a risk-based approach to regulating you and expect you to take a risk-based approach to running your business. Risk management is one of those dark-arts areas of compliance, but don’t worry – I’ll be providing some much-needed illumination in a future blogs before the end of the year.
No4: Compliance plan
Let’s be clear about why compliance plan didn’t make it onto the medal podium: it’s not compulsory. The new Code of Conduct doesn’t mention compliance plans at all and there’s no rule anywhere in the entire Handbook that you must have one. BUT…
A guidance note lurking in the deepest recesses of the authorisation rules suggests the SRA assumes you’ll have a compliance plan. In fact, the SRA helpfully recommends what might be included: see here for suggestions on formulating a compliance plan.
Outsourcing had a one-line mention in the 2007 Code of Conduct under ‘Confidentiality’. It now gets five dedicated requirements in the 2011 Code. You may be outsourcing without realising. This isn’t necessarily a disaster; in principle, you can outsource anything so long as you comply with the relevant SRA requirements. The stringency of these requirements depends on the type of activity you outsource. This can be broadly broken down into three categories:
- Reserved legal activities;
- Other legal activities and operational functions that are critical to the delivery of any legal activities; and
- Other non-legal activities.
If you outsource in the first two categories, you must have contractual arrangements allowing “the SRA or its agent to obtain information from, inspect records (including electronic records) or enter the premises of the outsourcing provider”. This is one of a raft of new requirements, so you really need to think about whether you’re already outsourcing.
No6: Client care
This is at the bottom of the starting line-up because it’s not a new concept but it’s still hugely important. The whole philosophy behind the new Code of Conduct is that you will be measured on whether you achieved the necessary outcomes for the client.
It’s worth having a client-care policy and most firms should take a look at their client-care letter and terms of business. The Legal Ombudsman and SRA both say that client-care letters should only contain information that is relevant to the recipient. If you send client-care letters that incorporate every conceivable costs, funding and billing option known to man, it’s time for a rethink.
Is that it?
Afraid not—these are just the items that made it through to the first six. At the risk of depressing you, other important areas in the SRA Handbook include: conflict and confidentiality, complaints, referral and fee sharing, payment of interest, cheque signatories, commission and financial benefits, business continuity, equality and diversity. Plus, there’s whole raft of generic legislation and regulation to keep on top of: anti-money laundering, bribery, data protection, cookies, website and e-mail monitoring, distance selling… the list goes on.
I’m thinking of doing a Paula Radcliffe!
Compliance is a marathon: it’s not glamorous and, boy, it seems to go on forever. Sitting by the side of the road and giving up isn’t an option. Think Eddie Izard and his 43 marathons in 51 days—by the time you’ve tackled our top six, you’ll be a finely honed compliance athlete.
Bog snorkeling or extreme ironing anybody?