Solicitors are increasingly setting up law practices across the country, and their allure is apparent. Being self-employed provides the opportunity to directly profit from your effort, outside of external targets and demands.
Starting and running your law firm is more than just getting business premises with your name on the door. Getting SRA authorisation and Professional Indemnity Insurance are only initial steps towards full compliance. Once the practice starts running, several other regulatory guidelines must be observed.
Start-up lawyers have a higher risk of incurring fines and penalties from non-compliance, unlike more established practices that have dedicated risk and compliance officers. If you are unable to hire a compliance officer, you can outsource to a specialised compliance service provider.
In this article, we share some insights from Jonathon Bray, a qualified solicitor who has consulted in the field of compliance for solicitors since 2011. Learn everything you should know about SRA standards and regulations and other aspects of risk and compliance.
Compliance Prioritisation: Considering the Outcomes
Start-ups have the difficult task of determining how to stretch their limited resources best to ensure the business runs profitably. Moreover, it is near-impossible to maintain perfect compliance because the law and regulations keep changing.
In the beginning, it helps to identify and prioritise your most significant areas of risk, i.e. where non-compliance can land you in serious trouble or where you have the hardest job. Start with the areas that a regulator can quickly pick up on and the highest stake ones, where non-compliance can send you to prison. Then, moving down the list, you have the tasks that make your systems run efficiently and keep your clients happy.
To start with, you need robust systems for anti-money laundering and client account issues. Getting these wrong may get you jailed or lose clients, respectively. You must get this right from the start, but it isn’t as straightforward as it seems. Many firms run for years without setting up anti-laundering frameworks.
Risk and Compliance Changes: Stay Updated
While you undoubtedly understand the basic concepts in the SRA Standards and Regulations, there are plenty more technical details you want to keep updated / up to date with. You don’t want to be the lawyer that complied with the rules from six or eight years ago and never bothered to update their practice’s compliance systems since.
The SRA keeps changing the rules, mostly for the better, and it is critical to be aware of every small change. While non-compliance in some areas may not have serious consequences, there are others where even minor non-compliance issues can earn you a dawn raid by the regulator. You don’t want to make any late filings or have clients complaining directly to the SRA because of something you should be doing.
COLP and COFA Obligations
The SRA requires that every legal practice appoints two compliance officers, the COLP and COFA. These are disparate roles, although they can be fulfilled by the same person or an outsourced service provider.
The Compliance Officer for Legal Practice (COLP) is responsible for general risk management and compliance in the daily running of the practice. The Compliance Officer for Finance Administration (COFA) looks after clients’ money and the legal cashiering system that protects it.
Your appointee to fulfil your COLP and COFA roles matters; if they are bad at their job or sloppily non-compliant, your business could bear the brunt. The COLP and COFA are like your internal auditors, but they are also the eyes and ears’ of the regulators. For instance, specific guidelines require them to make reports to the regulators, and they can be sanctioned for failing to fulfil their responsibilities.
The COLP and COFA should ensure that the firm’s management systems are well established to comply with the SRA handbook regulations. Every law firm must dedicate adequate resources towards administrative compliance and not just improving legal expertise. It is your responsibility to review the efficacy of your COLP and COFA roles and provide a reporting structure that empowers them to fulfil their obligations to both the firm and regulator.
Other SRA Obligations and Best Practices
Your legal practice is required to maintain proper records demonstrating compliance. The compliance officers above must also record all breaches occurring.
These records can help you appreciate your firm’s risk management. Use them to discover areas that expose you to various risks and where such threats emanate from: are they inherent within the firm’s systems or processes, or the result of witlessness, wilful or otherwise?
The SRA does not prescribe how such breaches must be recorded. Your firm should implement its recording procedures as part of the risk management strategy that suits you best. Familiarise yourself with matters which must be reported to the SRA, called notifications. On other issues, the COLP and COFA can use their discretion to decide whether or not they are obliged to report.
PM and CM Software
Many new and small legal practices face compliance challenges because they rely on manual systems. Leveraging the right PM and CM software can help you to stay compliant, as you have built-in risk management, data security, and compliance validation procedures.
Your practice management software and case management software should support system compliance and reduction of risk. You must build risk management and data security into any local or cloud-based systems.
Effective use of CM and PM software to create workflows and processes will ensure that you maintain high standards of risk management and compliance.
Find software that can adapt workflows and processes to changing risk management and compliance requirements.
Compliance and risk management should not be considered a burden; compliance should be the natural outcome of running your practice effectively and efficiently. Prioritising is a valuable tool, especially at the beginning, when resources are scarce. At this stage, outsourcing to professional compliance managers and risk management experts can keep you on the right side of the law until you can afford to employ your own compliance team.
Compliance is an ongoing part of running your business. Once you accept this, you can keep adding layers and reviewing to ensure you stay compliant over the long term.