Wednesday, June 12, 2013

It ain't what you do, it's the way that that you prove it.

You won't hear many compliance consultants say that it’s not enough to have policies, it’s not enough to have procedures, and it’s not enough to have a great client-care letter or Terms and Conditions or a complaint web-site. It’s certainly not enough to have good intentions. All of these  help. But to be successful, compliance must be an embedded part of your firm’s culture. A external compliance expert can't do that . . . only you, the COLP, can.

If this blog is posted on another site (other than, chances are that that there will be  compliance consultants urging you  to enlist their help in setting up your client care letters, Terms of Business, your file opening procedures, etc.  Whilst it's very tempting to try to outsource your compliance,  the best way of dealing with compliance is for the COLP  to require everyone to contribute to compliance and to be armed with a compliance management system.

Compliance management cannot be viewed as a set of simple evaluations, each having a binary “compliant” / “non-compliant” result. It must be possible for you to answer straight-forwardly “who”, “why”, and “how” questions about your risk registers and compliance plans. The SRA may ask for deep management information because they understand that compliance failures or problems are driven by constituent compliance components.

A point-in-time compliance management system for the COLP to complete that obscures result drivers does not serve its purpose. Most compliance technologies claiming to manage risk  policies, tasks, alerters, and  diaries are really just sophisticated ways of ensuring that  a process can be demonstrated. It is window dressing--or what I call ‘fig leaf’ technology.

An effective compliance system will let you trace the factors that underpin overall compliance.

Systems like CLIENTCAREmonitor implement the Pareto principle, concentrating their efforts on identifying and managing 20% of genuinely high-risk matters--high-risk for claims, for money laundering and for compliance risk. Taken together, the system forces risk management into the day-to-day culture of lawyers and the firm as a whole starting with that pause for thought before a lawyer completes the on-line client-take-on checklist and file closure checklist. The culture is reinforced because the lawyers know that high-risk cases are notified to the COLP and MLRO via their own dashboard.

Real compliance includes controls and measurements with solid reliability whether they demonstrate desired results or results that are borderline or below target levels. And yes, these may highlight a material breach,  but at least you will be aware of it early!  It is better to know about a risk from the outset than to be surprised to learn the compliance system or culture is flawed after the SRA have their claws in you.

No comments:

Post a Comment