ARC regulatory conference, 18 October 2012
Elliot Vigar, Head of Regulation, Law Society of England and Wales
'Compliance officers cannot be sacrificial lambs. You can't just shuffle off responsibility for compliance.' Anthony Townsend.
How many people here in this audience believe that?
It's true the new OFR regulatory framework offers the prospect of allowing the profession flexibility of how their regulatory outcomes are achieved - better reflecting the risk profile of the work they do, the sophistication of their clients, and the resources of their disposal - it also carries with it the ambiguities inherent in a system bases on intentions and outcomes.
This matters - because the responsibilities (and there are many) for its success - or otherwise - within a firm is placed on an individual.
And while the SRA have highlighted that responsibility ultimately rests with the managers of the practice, individual compliance officers - those definitely not sacrificial lambs - may also find regulatory action is taken against them if and when they fail to meet their responsibilities.
With the SRA reassuring the profession that all will be fine if 'common sense' and 'good judgement' are used, I'm not surprised that in the run up to next January there is still some nervousness about the new regulatory requirements, the practical implications of the new regime, and where in the sand the line is drawn between management and personal responsibility.
To say nothing of the anticipated work involved.
Consequences that follow on from reporting a breach affects a firm's reputation, staff, professional and personal relationships while the consequences that flow from NOT reporting a breach are severe.
Reporting obligations cannot be avoided if you are to remain compliant with the new regulation, and the COLP/COFA reporting requirements are clearly laid out in the SRA's handbook - an overview of which can be found on our website.
In the meantime I want to run through by addressing the questions we are asked most frequently, I hope leave you slightly more confident about OFR than you were this morning and answering the question of one compliance officer who tweeted: 'Have you heard anything? Do you know what you've let yourself in for?'.
First, the bad news.
It is not clear to our mind that the regulator has articulated clearly its appetite for or tolerance of dysfunctional behaviour.
Without practical examples and worked guidelines it is perhaps - if one can still safely use this phrase: shades of grey rather than black or white.
But we do know this:
While responsibility for compliance ultimately rests with the firm and its managers or the recognised sole practitioner, compliance officers are not immune from regulatory action if they fail to discharge their responsibilities accurately.
COLPs will need to take all reasonable steps to ensure compliance with the terms and conditions of their firms' authorisation, including taking reasonable steps to ensure compliance with any statutory obligations, for example the duties imposed by the Legal Services Act 2007, the Solicitors Act 1974 and the Administration of Justice Act 1985.
The starting point will always be the SRA principles, and whether these have been, or may have been compromised, and if compromised the circumstances surrounding the breach.
This means taking reasonable steps to record all failures to comply, and reporting any such failures to the SRA as soon as reasonably practicable.
Failure may be material either of itself or as part of a pattern of failures to comply.
But when deciding whether the matter is reportable points to consider include: how prolonged is the issue, how severe is the problem, are clients' interests at risk, is there a risk to client money, and importantly, can you still say you are being open with the SRA if you keep this information to yourself.
COLPs will also be responsible for ensuring systems are in put in place for compliance, and there is clear guidance available from the SRA about the sorts of things they expect to see.
Including, but not limited to: ensuring undertakings are only given when intended, and that compliance with them is monitored and enforced as well as a system for ensuring appropriate checks on new staff or contractors, establishing systems for ensuring that basic regulatory deadlines, like the firm's accountant's report or arranging indemnity cover, aren't missed, as well as implementing a system for monitoring, reviewing and managing risks.
If it becomes necessary to report a breach of compliance to the SRA the firm may still be deemed compliant if they are reported as part of the Information Report required under Rule 8.7 of the SRA Authorisation Rules.
However, COLPs and COFAs will need to consider whether a breach is 'material', and such breaches must be reported to the SRA as soon as reasonably practicable.
That means considering the detriment or risk of detriment to the client, the extent of any risk of loss of confidence in the practice or in the provision of legal services, the scale of the issue and the overall impact on the practice, its clients and third parties.
While a single breach may be trivial, if it forms part of a series of breaches then it may be 'material', and a compliance officer will need systems in place to identify such pattern.
Ultimately, what is 'material' will depend on the firm and the circumstances around possible failures to comply with the SRA Authorisation Rules.
And the SRA will judge each case on its own merits.
In addition, compliance officers will need to remain alert to the fact that the SRA Code covers a wide range of issues including business management and financial stability.
COLPs will need to alert the SRA if they believe the practice is in serious financial difficulty.
There are already established and effective systems that practices may consider putting into place to ensure good governance, including a centralised reporting system - allowing the capture and recording of all breaches in compliance.
Measures such as this mitigate against the risk of further non-compliance, as well as measuring the effectiveness of interventions to improve compliance.
It is quite a lot to take in - and we have a team of people back at Chancery Lane dedicated to unpicking it.
We have found that for us - like you - there are still some, 'Known unknowns and unknown unknowns'.
So who wants to take on this - so far - rather thankless task?
The good news is that the SRA does make that clear.
An authorised body must at all times have an individual.
Who is a manager or an employee of the authorised body;
Who is designated as its COLP;
Who is of sufficient seniority and in a position of sufficient responsibility to fulfil the role; and Whose designation is approved by the SRA.
There is as may be expected currently no definition as to what 'sufficiently senior or responsible' might amount to but COLPs should have clear reporting lines between themselves and the governing body of the firm as well as access to all management systems and arrangements.
Your firm's COLP should know how the firm operates, have day-to-day contact with fee earners, as well as support staff, and should be senior enough to make decisions that affect the firm.
Not every senior person however has detailed enough knowledge of compliance systems.
We are suggesting one solution that means appointing a more senior staff member who delegates some of the day-to-day functions (but not responsibility).
But I cannot stress this more strongly, the appointed COLP needs to monitor any work they delegate and there needs to be clear reporting lines between the COLP and those carrying out day-to-day functions on their behalf.
For those who still think they need more help the Law Society is providing two tailored services to help firms, their COLPs and COFAs.
Recognising that different size firms have different concerns the Law Society is providing two tailored services to help firms, COLPS and COFAs.
The first is for the largest 100 firms in the country, and the second is specifically designed for all other firms via our Risk and Compliance Service.
Our Client Reference Group represents diverse practices, including those with international reach, private client and volume operations, and it is currently operating among the largest 100 firms.
We have already received several enquiries, which have raised interesting issues about the role of compliance officers under the new regime.
Our experts are waiting for more issues to get their teeth stuck into, and it is hoped that the responses it yields will be fed back to the Society to assist in developing policy in this important area, which will in turn assist the profession as a whole.
The Society also runs a Risk and Compliance Service, which is designed to help our members understand risk management and their legal and statutory requirements, and aspires to equip them with the knowledge and skills to implement a robust and coordinated approach to their compliance regime.
The Service aims to address members' concerns by helping all firms demonstrate to the SRA and Legal Ombudsman that they are firmly focused on improving client care, complaints handling, supervision, risk management, quality assurance and the exercise of sound professional principles.
In both cases guidance will be issued by the Society to any enquiry seeking advice about what to do.
Our advice is formulated with a group of experts from the profession who are themselves COLPs and COFAs.
The Society will stand behind its advice and support firms who, having acted on that advice, are challenged by the SRA.
It further supports firms in assessing how best to respond to regulatory requirements and supervision based on the SRA's risk analysis of management systems and procedures.
The Society will provide 'safe harbour' advice for compliance officers, promising to stand by it even if the SRA takes a different view.
Membership will ensure that your firm is ready to respond proactively to the demands and uncertainties of operating within a fast evolving regulatory framework.
If you need our help (and here comes the plug) I strongly suggest you contact us - details can be found on our website.
The Law Society will continue to proactively monitor and guide the profession through the regulatory challenges posed by new compliance roles.
The reality is that there will be firms with good grasp on compliance, and those which have not put the systems in place.
In that respect, perhaps this is an opportunity for practices to bring themselves in line across the board, reaping positive rewards through effective relationship management.
For those of whom who still feel - and this is a direct quote from a soon to be - COLP:
'I really don't want someone in the SRA making me feel that I must be doing something wrong when I'm trying my hardest to get it right'.
The Law Society is here to help.
Thank you.