The SRA-enforced creation of law firm compliance officers has improved awareness about the real need to manage risk, but it is not enough to simply put processes in place – firms must monitor their exposure on a daily basis, says Peter Scott

Compliance officers for legal practice (COLPs) and compliance officers for finance and administration (COFAs) have been in their roles since 1 January.

So it is worth reflecting on whether the COLP/COFA regime put in place by the Solicitors Regulation Authority (SRA) to 'police' law firms is working effectively. Are law firms more compliant with SRA regulation than they were before COLPs and COFAs were appointed? 

Samantha Barrass, executive director of the SRA, said in a speech in December 2011: "The COLP will be responsible for taking reasonable steps to put in place systems and controls for good compliance." She added: "We will expect the COLP to be completely on top of risk and compliance."

So have COLPs and COFAs since appointment taken reasonable steps to put in place systems and controls for good compliance in their firms, and are they really completely on top of risk and compliance? 

flashlight-house-corbis-100685-260-webThe SRA would say that this should no longer be a 'work in progress'. Outcomes-focused regulation (OFR) has been in place since 6 October 2011 and the SRA expected law firms in any event to have in place their compliance plans long before the appointment of COLPs and COFAs, given that the SRA's principle 8 requires firms to "run your business or carry out your role in the business effectively and in accordance with proper governance and sound financial and risk management principles".

In support of that principle, outcome (7.2) in the SRA code of conduct requires that firms "have effective systems and controls in place to achieve and comply with all the principles, rules and outcomes and other requirements of the handbook where applicable".

Those obligations can be a tall order given the cultures of many law firms, their lack of resource and the extent and scope of regulation. But from the evidence I have seen from working with law firms and helping them put in place risk and compliance plans, firms and their COLPs and COFAs have made a big effort to establish procedures to try to manage as far as possible their compliance obligations, as well as trying to cover many other risks to practice.

One particularly good outcome resulting from OFR is that there is now a far greater awareness among those running law firms of the real need to manage their risks and compliance obligations. If the imperative for compliance and risk management can come from the top then that is likely to make the roles of COLPs and COFAs that much easier to fulfil. 

To that extent it may be fair to say that OFR and the COLP/COFA regime have helped law firms make progress towards becoming more compliant and less risky places to work. On the other hand, I tend to work with firms that are concerned with improving themselves and addressing risk and compliance. 

How many of the 11,000 or so law firms in practice are not so concerned about risk and compliance and, even though they have a 'titular' COLP and COFA, have put no effective procedures in place? Unfortunately, I suspect a substantial number are in that category.

Lack of client care

While overall awareness may have improved, questions remain about whether OFR and the appointment of COLPs and COFAs have achieved one of the main objectives of the current regulatory regime: to ensure better client care and service from lawyers.

Many firms tell me that the new regime has not resulted in any improvements to the way in which they look after their clients. If any measurable improvements to client care have been made then they are probably more as a result of the activities of the Legal Ombudsman in relation to improving complaints handling!

And alongside the limited evidence so far on how effective the COLP/COFA regime has been in making law firms more compliant overall – as opposed to the many who pay lip service to compliance – there are also several underlying difficulties that COLPs and COFAs face in carrying out their roles, which I list below.

Given the cultures of many law firms and the challenges facing much of the legal profession today, it will probably be many years before some of these problems can be resolved. 

Monitoring and reporting compliance failures

It is relatively easy to put in place a compliance plan and procedures, and many COLPs and COFAs probably think if they have achieved that then they have done enough.

However, OFR has to be lived on a daily basis. In particular, outcome (7.3) requires firms "to identify, monitor and manage risks to the achievement of all outcomes, rules, principles and other requirements of the handbook and take steps to address issues identified".

It is far more difficult to identify and assess compliance risks and then continuously monitor the effectiveness of procedures put in place, with a view to taking steps to improve procedures and report failures to the SRA.

This is the real task now facing COLPs and COFAs and I suspect some have hardly scratched the surface. For example, these are some of the most effective ways to identify, monitor and control compliance risks:

• regular random file reviews can provide an accurate picture of failure to follow procedures;

• pre-file opening risk assessments can prevent risky clients and work being taken on;

• positive self-certification of compliance by all lawyers that they have complied with certain core procedures can drive disclosure of breaches;

• effective supervision of fee earners and their work is vital to prevent mistakes occurring; and

• monitoring claims and complaints will help to assess whether risks are being effectively managed.

But how many COLPs and COFAs have put in place such methods and are actively operating them? Unless they do so, it is unlikely they will be able to comply with their reporting responsibilities to the SRA and they and their firms will be at risk of disciplinary action. Firms should include in appraisals of how effectively the COLP and COFA are doing their jobs.

However, the good news for COLPs and COFAs is that, on 1 October, version 8 of the SRA Handbook came into effect and this has ameliorated somewhat their obligation to report compliance failures. Under rule 8.5 of the SRA Authorisation Rules COLPs and COFAs must now "as soon as reasonably practicable, report to the SRA any material failure so as to comply (a failure may be material either taken on its own or as part of a pattern of failure so to comply)".

Gone is the obligation to report all compliance failures, although a record must still be made of all failures to comply. That still leaves COLPs and COFAs with the issue of deciding whether a breach is material and the only way to recognise whether a pattern of failures is material is by regular monitoring. Compliance officers of alternative business structures, however, must still report all failures. 

Accountability

Accountability in this context means the willingness on the part of partners to be managed and to accept that managing compliance must be seen as everyone's responsibility, which is not something universally accepted in many law firms. If this remains the case, then how likely will it be in these firms that COLPs and COFAs will be able to effectively fulfil their roles and not put themselves and their firms at risk? 

For example, will a COLP or a COFA be prepared to take a view on a material compliance failure in the face of opposition to reporting by fellow partners? In some firms such potential conflicts are being dealt with by putting in place new governance arrangements between partners designed to contractually secure internal buy-in and to provide compliance officers with an independence of role. 

Lack of resource

However, given the lack of sufficient size of the majority of law firms, most do not have adequate resources to enable their compliance officers to satisfactorily fulfil their roles, which need a substantial amount of time devoted to them. In a small firm, the partners will say they cannot afford to spend that amount of time on compliance instead of fee-earning. 

Firms need to carry out cost/benefit analyses to establish the most resource-effective methods for their COLPs and COFAs to fulfil their roles, and should provide them with adequate budgets. For example:

• to what extent can elements of compliance monitoring be systematised using IT? 

• can a team be built around the compliance officers to spread the load?  

• can external help be used or a professional compliance person be recruited to more cost-effectively carry some of the burden?

It is perhaps too early to be able to judge properly whether the COLP/COFA regime will fully achieve the SRA's objectives. However, some of the initial concerns of lawyers about the demands and potential liabilities associated with the roles have waned, and in their place a sense of complacency seems to have developed on the part of some. That could be dangerous. 

Peter Scott is principal of Peter Scott Consulting, which provides performance and compliance management services to law firms.