Changes to Lexcel. Are you prepared?
If you are a Lexcel accredited firm you will be aware that Lexcel has been revised and your firm will be assessed against the revised standard…
If you are a Lexcel accredited firm you will be aware that Lexcel has been revised and your firm will be assessed against the revised standard Lexcel v6.1 from 1 November. The revised requirements set out the need for documented consideration of the management of key aspects, which are in part, if not in whole, linked directly to some of the most imposing new regulations and areas of increasing risk to affect legal practice in recent years.
If you have not already started (thinking that you can wait until the couple of weeks before your assessment to put everything in place) you may want to think again. There is a lot to do and, as with all risk and compliance areas, the work required will take longer than anticipated and will eat into valuable fee earner time, even if you have a risk and compliance team whose role it is to deal with such matters. You will need to risk assess, develop, train, implement and test before your next Lexcel assessment.
The changes bring Lexcel into line with recent new and revised legislative requirements including GDPR; DPA 2018; AML Regulations 2017; EU Financial Sanctions Regulations 2017 and The Criminal Finances Act 2017. The Cyber Essentials scheme will need to be considered as the requirements state that firms should be accredited against the scheme, and it is quite possible that in the next revision (which may be fairly soon if the new SRA codes come into force in 2019), there will be a requirement that firms must be accredited against Cyber Essentials.
Now is the time to consider your firm’s vulnerabilities and risks and address these, assess and manage the risk of breaches and other offences. You will need to undertake a thorough review which should include your compliance plan, risk register, policies and procedures, record keeping, breaches registers, monitoring and training etc. Do you maintain appropriate records of data processing activities, information asset registers, money laundering risk assessments and records? Do you have procedures in place for responding to DSARs, have your staff been trained to identify them and do they know what to do when one is received? Do you have/need a DPO? Is your DPO fulfilling the requirements of the role as set out in GDPR? If you have not appointed a DPO, do you have evidence (in writing) of the decision not to make the appointment and details of the alternative arrangements that are in place? Do you have a procedure for identifying when DPIAs need to be carried out? What are your data retention timescales? Remember it is important to keep records of your decision making to evidence compliance and to have robust breach reporting procedures.
You will need to prepare new bespoke policies and procedures in plain language relevant to your own practice, the areas that you practice in and undertake thorough risk assessments and gap analyses. If staff can understand them, they are more likely to follow them. Make sure your existing policies and procedures are effective by undertaking audits and spot checks.
Lexcel assessors will review your central documentation, follow the audit trails, check files and interview staff to check they understand their responsibilities and have received appropriate training relevant to their role. Can they identify potential breaches or compliance failures and do they know how report them?
If you need some help in preparing for your assessment, allowing fee earners to concentrate on what they do best, and allowing everyone to sleep at night, please get in touch. The Compli team can not only assist your firm and individual departments in their preparation and maintenance for Lexcel assessments, we can provide support for the broader aspects of risk and compliance on an ongoing basis, and can work with you on specific projects, as and when required.
Compli provides you with full support on all risk, compliance and regulatory issues, all with the benefit of legal professional privilege, together with a suite of e-learning courses. If you have any queries on these changes or wish to discuss how Compli can help take the strain, call us on 0345 070 1047 or complete the form below.