Tuesday, May 21, 2013

COLP and COFA : Instruments creating a culture of compliance

All firms have their own distinct culture and way it does business. How a firm engages with its compliance obligations will be determined, in part, by its culture and the approach taken by its COLP and COFA . Over time certain approaches to compliance and assumptions as to what is required will become ingrained across the firm.

A positive culture of compliance within a law firm includes strategic vision and relates to larger strategic goals. It is:

• established by the COLP and COFA
• characterised by senior partners example
• embedded in activities such as targeted CPD training
• reinforced by incentive systems
• Punitive measures against  those violating the firm's compliance policy.
• integral to legal matter management systems and their use and management
• inseparable from the firms structure, processes, and management style

A positive culture of compliance also:

• addresses the risks that arise in each area of law that the firm practices
• establishes control points for the risk elements
• ensures controls are well documented for internal and external purposes
• identifies partners or managers responsible for managing each compliance element

Without a commitment to compliance, even the best policies and procedures will be useless.

As you build and maintain a culture of compliance, be sure to reward those alerting the COLP and COFA to potential problems at least as much as those who report only smooth sailing. Be sure that all fee earners and support staff realize that the firm will not accept the covering-up of problems, especially non-compliance. If the message from compliance officers is “Only good news, please,” then lawyers may seek to mask any problems – including noncompliance.

Be very suspicious if you never get bad news. As far as a COLP or COFA is concerned, no news is bad news !

Sunday, May 19, 2013

Exceptional care for vulnerable clients

How do the lawyers within your firm identify vulnerable clients and meet their needs?

The concept of vulnerability has been examined by a number of commentators in a range of fora. A good starting point is the Oxford Dictionary defines vulnerable as “…exposed to the possibility of being attacked or harmed, either physically or emotionally”. Collins’ definition goes on to add “…exposed to …persuasion”. Both definitions are useful to the COLP. Clients can be said to be vulnerable if they are incapable of making an informed decision about their affairs or do not understand the actual or potential consequences of any action they may be instructing you to take on their behalf.

What should be your firm’s priorities and responsibilities when deciding to act for and when advising ‘vulnerable’ clients?

The Principles of the Code of Conduct 2011 require you to provide a proper standard of service, taking into account the individual needs and circumstances of each client.

Indicative Behavior 1.6 states that, in taking instructions and during the course of the retainer, you must have proper regard to your client’s mental capacity or other vulnerability, such as incapacity or duress. Indicative Behavior 1.28 states that you are unlikely to have complied with the Principles if you act for a client when there are reasonable grounds for believing that the instructions are affected by duress or undue influence without satisfying yourself that they represent the client’s wishes.

Indicative Behavior 1.7 requires you to consider whether you should decline to act or cease to act because you cannot act in the client’s best interests.

The leading compliance legal matter management system CLIENTCAREmonitor (CCM) identifies a “taxonomy of vulnerabilities”. In setting up a new matter CCM forces the lawyer to concentrate their mind as to whether the client is exposed to any of the following:

Information vulnerability
Pressure vulnerability
Redress vulnerability; and
Impact vulnerability

Information Vulnerability

Some clients may be particularly vulnerable as a result of the greater difficulties they face in obtaining and processing the legal advice given to make informed purchasing decisions. For example, if the clients are restricted physically, such as by being housebound, they may find it difficult to access the information necessary to make an informed choice. Furthermore, some consumers will lack the ability to use information seeking tools, such as the internet. It should also be noted that such consumers are likely to be subject to what has been termed “marketing exclusion”. Because they are not seen as profitable, they may find that they are not targeted by suppliers with information that they might have found useful.

The SRA have recently issued press releases about language vulnerabilities. How do you advise clients for whom English is not their first language or who speak no English at all?

To comply with the Code and provide a proper standard of service, you must ensure that your client understands the advice you are giving and fully appreciates the ramifications of their actions. Using a family member as an interpreter may appear to be a practical solution,but may simply move you towards a ‘pressure vulnerability’  as in many instances this has merely facilitated underlying duress, undue influence or, in the most extreme situations, fraud.

The use of independent interpreters/translators is the only certain means of ensuring your client’s best interests are served, but this comes at a cost. If your client, or rather, potential client, is not prepared to bear that extra cost, you may well have to advise that client to go elsewhere, as you cannot act in his or her best interest. Other examples of information vulnerabilities include age (although advancing age does not necessarily imply vulnerability), mental health issues, learning disabilities, depression, serious Illness, addiction, deafness or blindness.

Pressure Vulnerability

In the perfect market, the client’s actions are fully voluntary. In practice, clients frequently make decisions when subjected to pressure. There may be overlap with other aspects of vulnerability; for example, clients may be more easily pressurised into making a decision if they lack relevant information. The most common pressure vulnerability is undue influence, for example in a situation where a client seeks to radically change the terms of their wills, transfer shares in property, release equity in their properties, particularly if a client is accompanied by the person to benefit at the time of giving instructions. In these circumstances, it is good practice to speak to the client alone and ascertain that the wishes are those of the client alone without undue influence from any third party.

Where physical intimidation is present layers would doubtless have little hesitation in finding a remedy, such as by allowing the victim a private law right or allowing an enforcement authority to take action. Greater difficulties arise where psychological pressure is in issue. The trick is to identify this as early as possible (hence the logic of CLIENTCAREmonitor) and to ask probing questions as early as you can; don’t wait until the client is about to sign the relevant document. It may be sensible to advise clients in this position that you will want to speak to them alone at the time they make the initial appointment rather than springing it on them at the time.

I recently attended a meeting with the head of fraud at a top 5 lender who advised that lenders were become increasingly concerned by the inability of some solicitors to recognise vulnerable clients. I was advised of a scenario involving a wife/partner being asked to remortgage the matrimonial home to secure funds for the partner/husband’s business ventures (but equally this scenario could also fall into the sections on mental health or depression/illness etc). In the case of a mortgage default the lender will soon be made aware of the claim of vulnerability. Not only could such a situation lead to your firm being removed off the panel but also potentially being reported to the SRA as well as facing an insurance claim.

All property lawyers should be familiar with the the ruling of the House of Lords in Royal Bank of Scotland v Etridge. This case lead to an overhaul by the banks as to how co-owners in this situation should be advised. A solicitor once admitted to an underwriter at  Zurich that, when she had a meeting with a wife who had been asked to remortgage the matrimonial home to secure her husband’s business debts, the wife had no idea what she was really being asked to do, i.e. put her home at risk of repossession if her husband’s business failed. After a frank discussion with the solicitor, she refused to sign the papers.

Insurers, regulators, the LEO and lenders all say that there are still too many co-owners in this situation who are not being properly advised (or perhaps more accurately -  it can’t be proved that they were properly advised) and negligence claims come in from lenders against the law firms when the business fails but repossession proves to be troublesome when the co-owner defends on grounds that they weren’t properly advised.

Redress Vulnerability

Another way in which clients may be vulnerable is through the greater difficulties they face in obtaining redress (redress vulnerability). Again, there will be a connection here with other aspects of vulnerability. For example, clients may find it difficult to secure redress because they are unaware of their legal rights, or of the mechanisms under which they can seek a resolution of their grievances. Where a firm sends and receives countersigned  a well drafted client care letter then the issue of redress vulnerability goes away.

Impact Vulnerability

Impact vulnerability is perhaps the least obvious vulnerability and concerns the greater effect of loss, or harm, on certain clients.

The greater loss suffered by vulnerable clients from making inappropriate decisions is likely to result from low income and/or low wealth (although not impacting solicitors take note of the recent FSA issues concerning pay day loans).

The ideal way of reducing impact vulnerability is to reduce the chance of the client making a decision that will have such an impact. A client who is well-informed, confident and capable, acting with choice and without pressure in circumstances where he has a remedy should it need to be used is unlikely to make such a decision. Impact vulnerability can, therefore, perhaps be best-tackled by addressing the other forms of vulnerability identified and discussed above.

Sunday, May 12, 2013

Compliance: How many files should you audit?

The introduction of OFR and the new SRA handbook has left the legal industry in a rather confused state. Firms are now being forced to interpret rules and hope that they’ve got it right.

One key area which seems to be very ‘grey’ at present is around file reviews. It seems that most COLPs and COFAs are unclear how much file reviewing they should be completing on an ongoing basis.

I am sorry but I confess that there is no definitive answer.

At the end of the day, the SRA will expect firms to have appropriate systems and controls in place to ensure they are compliant. Therefore the level of file reviews completed really does depend on each firm’s structure and what areas they advise upon and what experience their advisers have.

The best example I can give relates to a new firm, who don't have much industry experience. They should be having 100% of their files checked.Once the solicitor has shown that his/her files are indeed competent, then that figure should naturally be reduced to say 50% and documented within a training plan, then again after an agreed period of time, reduced to 25% and then finally set at a minimum of 10% with ongoing reviews to ensure this figure is sufficient.

The 10% figure is a very sensible approach to file reviewing and the financial services industry (upon which the new SRA regime is based) seems to have settled on that figure as a minimum.

Another way you can look at file reviewing is by checking cases that pose a higher level of risk (to the firm and the client). Therefore areas such as conveyancing or probate may result in a higher percentage of cases being reviewed. After all, the SRA have highlighted conveyancing as a high risk area.

What about sole practitioners? Clearly file reviewing your own files smacks of a lack of objectivity. The alternative is for sole practitioner to adopt a buddy system where they can each review an agreed percentage of files

If you have the internal resource available be sure to check at least 10% of all cases and as stated above concentrate more checks on riskier areas or lawyers. However if you are maxed out with time and would prefer a third party with no ties to your firm to complete a review then make sure that you implement it. I am happy to recommend some 3rd party compliance experts who can conduct file reviews.  

Saturday, May 11, 2013

SRA Compliance, it’s all about evidence

An SRA assessment can take place in a number of different ways e.g. they can visit firms at their premises or the assessment can be completed over the telephone. In the case of the FSA they would occasionally meet at say a local hotel.

As far as I’m concerned the vast majority of firms do install a compliance culture within to their operations however the key area where firms usually fall short is based around evidencing it all.

In order to comply with the SRA requirements firms should be:

  • Regularly reviewing their Management Information and acting upon any issues that arise; 
  • Reviewing files on a regular basis and ensuring that full CPD records are being maintained; 
  • In the absence of having automated matter management systems engaging a third party compliance specialist to complete an audit on the firm and reacting to any issues that have been identified; 
  • Sending client satisfaction questionnaires so that the firm can establish if the client’s expected outcomes have been achieved and allowing the customer to voice any concerns that they may have; 
  • Reviewing any public facing literature (website, client care letters etc ) to ensure all the content is clear, fair and not misleading; 
  • Analysing any complaints received to ensure that the same issues don’t crop up again.

I could go on and on (as per usual) but the above is just a few examples. Yes there is always the underlying fact that firms must be fit and proper but the main areas firms fall short on is based on not having the evidence on file to show that they are complying and meeting the high level expectations that are set by the SRA. The above areas will almost certainly be assessed by the regulator so my advice is to ensure that you are familiar with all of the above examples as an absolute minimum.

As a final thought I’d like to end by saying that when it comes to compliance, it really is all about evidencing compliance.

Monday, May 6, 2013

An Integrated Approach to Risk Management and SRA compliance

The solicitors' profession has undergone a sea change in culture over the last 10 years. In particular there seems to be are ever increasing statutory, regulatory, compliance and risk creep which,for many firms, verges on being suffocating. At the same time solicitors have been forced to become more commercial and the business world has become more competitive with fewer firms have retaining a lock step structure. The resultant change of ethos has caused partners to become far more entrepreneurial and much less averse to risk.

Traditionally, the industry has viewed compliance and risk management (the latter previously known as ‘best practice’)  as two separate areas typically managing them in a silo'd fashion.

Over the next few years COLPS and COFAs will come to understand that better integration of risk management and compliance is the direction they must take to survive. This view recognizes the need to rectify firm-wide weaknesses that lead to significant operational risk, losses, or regulatory censure or fines. A key challenge, however, is how to bridge specific areas of risk and compliance into a unified and firm-wide approach.

This article outlines ideas to help optimize a firm’s approach to risk and compliance management by leveraging the synergies and return on investment (ROI) that can be gained from addressing both in tandem

Taking an integrated approach a firm can get the most “bang for its buck”.

The following key benefits exist when taking a more integrated approach to compliance and risk

  • Understand the full risk management and compliance profile of your firm and the lawyers working for you.
  • An integrated approach to compliance and risk provides a more holistic view across departments or areas of law. It creates an extra “layer” to review high-risk clients.
  • Creates a culture whereby all the lawyers within a firm have an appreciation of and contribute towards compliance and risk management.
  • Manage and monitor breaches, track remedial action to minimize your exposure to professional indemnity. Generate comprehensive reports as required by the SRA.

Law firms may feel the proverbial noose closing in around it’s neck but an investment in managing risk and compliance, whether or not it be in terms of time or technology or both has to made. Doing nothing is not a viable option. Without sophisticated technology usually reserved for larger firms, it is hard to produce quantitative and objective evidence of compliance and risk management ; Success is hard to measure.

Low-cost  on-line ‘compliance  management’ systems such as CLIENTCAREmonitor (CCM) are starting to emerge. CCM was designed to assist small- to medium-sized firms meet their compliance requirements under the OFR. The system can integrate with case management systems, is simple to use, and is highly effective. CLIENTCAREmonitor's matter-level compliance and risk management is designed to be used by every fee-earner at a firm, on every transaction.

During the client take-on and file closure phases of a legal matter, the lawyer performs CCM’s compliance assessment checklist. The checklist is presented as a simple one-page screen with multiple-choice questions that takes two to three minutes to complete. An instant risk classification, based primarily on the SRA’s scoring metric, is then produced and the COLP or COFA  is immediately alerted to the risks via their dashboard.  

Rationalizing the use of client take on data and file closure data  can result in effective watch lists and Risk Assessment Mechanisms. The integration of this data can be used as evidence to support reporting or non-reporting and can developed over time. In the area of risk and compliance, the objective is to detect (or even prevent) breaches and risks as early as possible to mitigate losses and reduce their impact on clients.

Law firms will continue to be called upon to do more with less. Especially in relation to regulatory compliance, but even more relevant within risk management, where return on investment and impact to the bottom line can be directly calculated. Coupled with an increased incidence of fraud and money laundering schemes and more opportunity to register complaint’s with 3rd parties, the result is a clear necessity to upgrade systems, streamline processes and improve efficiencies. Additionally, as we continue through a time of upheaval and reduced earnings within the legal services industry, lawyers must be even more focused on customer care and retention. A reputation for strong compliance, security and risk management becomes a competitive USP and helps breed confidence with your PI insurer and those who may be interested in investing, merging or buying your business.