emailfacebookinstagrammenutwitterweiboyoutube


COMPLIANCE COMPLICATIONS

Richard Hill, executive council and trainer at the Institute of Legal Finance and Management, and practice director at Stepien Lake, talks compliance challenges for SME law firms

Richard Hill, executive council and trainer|The Institute of Legal Finance and Management|

The word ‘compliance’ is often followed with a huge sigh or groan of despair. Compliance and risk management have always been one of the biggest challenges faced by SME legal businesses and disproportionately impacts them the most. It’s a reality we must accept, so what are the regulatory risks we face?

The fact that law firms transact a lot of client money puts them on the radar for financial crime, with the constant threat of cyberattacks and fraudulent scams. Email modification accounts for over half of all cyberattacks against law firms and professional indemnity insurers are reporting more sophisticated attacks leading to stolen client money.

The recent Solicitors Regulation Authority’s (SRA) request for firms to provide their firm-wide assessment, required under anti-money laundering regulations, was just the tip of the iceberg in the SRA’s increased focus on improving subject access requests following criticism of the legal sector by the Office for Professional Body Anti-Money Laundering Supervision (OPBAS), the body regulating the SRA on AML. As well as writing to the 7,000 at-risk firms, the SRA now plans an ‘extensive’ programme of targeted, in-depth visits to firms and calling in more firms’ risk assessments. The SRA’s direct approach of requesting this information has caught many firms unprepared, with many still thinking getting a certified passport is all that is required.

Then we have GDPR, as our hyper connected world becomes more reliant on data and solicitors often hold sensitive data. We must ensure we understand subject access requests and where data is stored, as well as how we cleanse it under the timeframes while still complying with our legal file retention policies.

The new SRA Standards and Regulations have the compliance officers for finance and administration and the compliance officers for legal practice thinking about the new framework and what it means for their firms.

The nature of legal advice means there is always the dark cloud of a negligence claim hanging over our heads – which for many firms is a major risk – with the hardened and restricted professional indemnity insurance market leading to some firms with no claims not obtaining cover in the recent renewal, according to brokers.

The ultra-regulated and high standards placed on firms can seem daunting but is there a positive side.

The potential positives:

• Consistent working methods – a framework to avoid a wide variety of day-to-day working practices where every solicitor thinks their way is best!
• Protect the business and individuals – highlighting the ‘red flags’ to watch out for
• Sound business management giving confidence to all stakeholders – for example, PII proposal form asking if the firm has had to report a breach to the SRA, had a data breach, had a lender file request and so on
• Provide a clear framework so everyone understands what (identify risk), how (process for dealing), when (timeframe) and who (people to report to) in the event of a risk arising.

The administrative and negative connotations of the word ‘compliance’ will not go away but extracting the positive benefits and commercial aspects of sound risk management can tackle the tick box mentality.

The ILFM will be hosting a roundtable risk and compliance session at the LPM conferences in 2020. I hear the groans already but we all want answers, tips and better ways of doing things, so these discussions and sessions are a good opportunity to hear what other firms are doing and how they are dealing with these regulatory headaches.

This article can be found in LPM December/January: A tale of 2020

LPM Conference 2025

The LPM annual conference is the market-leading event for management leaders in SME law firms

Digital danger

From phishing scams to ransomware attacks, what are the biggest cybersecurity blind spots, and how can modern tech advancements help with risk mitigation?