Hello and welcome to this podcast on the subject of COLPs and COVID – managing compliance and risks during the crisis and beyond. My name is Michelle Garlick and I'm a partner at Weightmans LLP and head of its Compli service which advises lawyers and their businesses on regulatory and compliance issues.
I'm sure that as COLPs or risk managers you will have been extremely busy over the last few weeks managing the many risks that law firms have had to face during these exceptional and challenging times, and as firms start to plan a return to work, the risks for firms will, in all likelihood, remain as they were when lockdown was first introduced with a few additional ones thrown in for good measure.
A COLP's duties are extensive even at the best of times but the pandemic will have served as a reminder of how much COLPs have to think about and be made aware of to ensure compliance and to manage the risks involved. In this podcast I'll highlight a number of these risks and offer some suggestions for COLPs to refer to as we ease gradually out of lockdown and move towards what is likely to be a new norm for firms in the future.
But before considering the COLP's duties in these challenging times, it's worth reminding ourselves of what the SRA has said its approach will be. So, when lockdown was first announced, firms looked for guidance from the SRA on what they needed to do and this was issued in the form of a Coronavirus Hot Topic Update on its website. It provided some guidance on common queries, FAQs, whilst also referring readers to the many Law Society guidance notes that it had also issued. Of course the SRA also had to deal with lockdown for its own staff, so the professional ethics telephone helpline was no longer accessible, leaving only the website chat line or email as the means of answering any specific queries.
The update said that it expected firms to have appropriate contingency plans in place but recognised that firms would face challenging issues over the coming months under exceptional circumstances so confirmed that it would be pragmatic in its approach to issues arising and would take a proportionate approach including with regard to enforcement. It stressed, however, that it still expects solicitors and firms to meet the high standards expected of them by the public, meaning that firms had to do everything that they reasonably could to comply with the SRA rules. The emphasis would remain on ethics, doing the right thing and identifying and managing the risks to firms own specific businesses, its staff and its clients.
So, what does that all mean for COLPs in practice? So the COLPs' responsibilities as a reminder, are set out in Rule 9 of the Code for Firms, which in summary requires COLPs to take all reasonable steps to ensure compliance by the firm, its managers, employees and interest holders and to make a prompt report to the SRA of any facts or matters that you reasonably believe are capable of amounting to a serious breach of the terms and conditions of your firm's authorisation or the SRA's regulatory arrangements which apply to your firm, managers, or employees.
Now as far as ensuring compliance is concerned a COLP's first port of call will be to the SRA's standards and regulations. The changes to the SRA regulatory arrangements in November 2019 which introduced new SRA codes of conduct for solicitors and firms resulted in far less prescriptive rules about what firms must and must not do. So when faced with an unprecedented pandemic there is, not surprisingly, only very limited reference in the standards and regulations to those issues and even then it's at a high non-prescriptive level. Firms are required under paragraph 2 of the SRA Code for firms to have effective governance structures, arrangements, systems and controls in place to ensure managers and employees comply with regulatory obligations and which enable compliance officers to fulfil their obligations under paragraph 9. Requirements include keeping and maintaining records to demonstrate compliance, active monitoring of financial stability and business viability, identifying, monitoring and managing all material risks to your business and notification to the SRA of any indicators of serious financial stability or an intention to cease operating.
Now, lockdown for most, if not all firms, meant significant and sudden changes to how the business operated on a day to day basis including the need for remote working and, or, extensive adjustments to the office to ensure social distancing and protection of employees if working at home wasn't possible.
COLPs, with up-to-date risk registers and business continuity plans, will as part of the crisis team have no doubt been ready to work through the plans and adapt to suit the unique circumstances arising, in reality though many wouldn't have had workable plans in place so will have had to start pretty much from scratch. Identifying, monitoring and managing all material risks to your business involves carrying out a risk assessment related to the pandemic, implementing processes and procedures to deal with the risks and ongoing active monitoring. Whether this has been done via your risk register or not, what's really important is maintaining records of your decision making during all stages of the crisis in order to demonstrate compliance should there be a problem or a complaint made to the SRA.
So as we start to plan to return to work there are, I think, some key risks which COLPs will need to continue to monitor depending upon the nature and size and location of your business. Now, I've categorised these risks under three main headings namely Employees, Clients and Business Risks.
So, taking employees first of all, one of the main risks of working remotely will be supervision. What is effective supervision for office working may not be quite as effective when working remotely. Conversations over the telephone which might identify a complaining client won't be picked up by the supervisor. If staff have been furloughed, what steps have been taken to ensure that any key dates or deadlines have been allocated to another fee earner to deal with. Is anyone checking team diaries for these key dates so that nothing gets missed? COLPs will be aware of paragraph 4.4 of the code for firms which requires that you have an effective system for supervising client matters and 3.5 in the code for solicitors that where you supervise or manage others providing legal services (a) you remain accountable for the work carried out through them and (b) you effectively supervise work being done for clients. Paragraph 3.6 of the solicitors’ code also provides that you ensure that the individuals you manage are competent to carry out their role and keep their professional knowledge and skills, as well as their understanding of their legal, ethical and regulatory obligations up to date. So regular online team meetings and one-to-ones will help to ensure that the supervisors are on top of the fee earner workloads and that fee earners feel able to raise any difficulties they may be having, whether with clients, managing their workload or experiencing feelings of isolation. This might also be a good time for everyone to catch up on their outstanding online training. Independent auditing may also prove to be a useful tool for monitoring risks during the crisis and going forward.
Now it's not just client file management that is important on supervision but also health and safety and the mental health and welfare of your staff will also need to be a high priority, making sure that you don't expose staff to risks from home working such as the use of computers and work equipment at home, any reasonable adjustments required but also stress and lone working.
So, what decisions have you made or will you be making in relation to the safety of staff upon returning to office working? Will staff be worried about returning to an office environment and, if so, how will these concerns be addressed? Check out the Law Society's return to work toolkit for a useful starting point from which to work out your plans. Will you continue to allow home and agile working going forward and if so what further steps, equipment, changes to terms of employment will be needed? Surveys of your staff will help you understand where there may be concerns and whilst HR will take on the main responsibility for managing this, COLPs should also be involved and kept informed given their overall responsibility for managing risk.
So that's employees. From a client risk perspective COLPs will need to have in mind things like data protection. As you know keeping clients’ information confidential is a fundamental requirement of the SRA's rules and of course data protection legislation. The transition from office to home working will no doubt have been more smooth for those firms who had already moved to paperless or paper-lite offices and those with electronic case or document management systems but still, for many, paper files are the norm and the risks of client data being kept on dining room tables during lockdown would have been a real headache for many COLPs and DPOs and will continue to be so once lockdown is relaxed. Cyber threats have also increased due to the greater number of staff working remotely, possibly on their own devices, another layer of risk. The SRA has provided tips and information on keeping business and clients cyber safe and COLPs should ensure that they, or their IT support continue to monitor the effectiveness of their security and ensure staff are kept aware of the increased risks.
Another risk from a client risk is money laundering. Many COLPs will also be the MLRO or the MLCO. Now the Legal Services Affinity Group, the LSAG has identified an increased risk of money laundering during the pandemic due mainly to criminals seeking to take advantage of potential weaknesses in systems and procedures around customer due diligence, particularly when unable to meet a client face to face. The LSAG has issued detailed guidance on remaining compliant with money laundering obligations during the outbreak which is essential reading for all those in the regulated sector. Be alert also to client take on processes and the potential pressure that partners and fee earners may feel to generate new business but which might increase the risk of fee earners turning a blind eye to potential money laundering and conflicts. And of course you can't forget client service and competence, keeping clients up to date not only with their case but also the ways in which your firm is handling the pandemic and how you're going to be returning to office work, who clients can contact and how, are also really important. Clients will remember feeling looked after, or not, as the case may be and the relationship will either be enhanced or potentially lost depending upon how you've communicated with them.
And finally, looking at business risks, and in particular financial stability which I am sure will be on every firm and COLPs mind during the pandemic and beyond. Questions and issues requiring almost constant monitoring over the next few weeks and months will include, what's the firm's cash position? How are chargeable hours bearing up during a period of upheaval? Which practice areas will be, or have been, most affected by a drop in instructions? What's he firm's debt position? Will debtors be slower to pay bills? Are there any savings that can be made on discretionary spend? Travel, for one, will be a big saving, I'm sure, and maybe in the future looking at saving in office space.
Remember that it is the COLP's duty under the new standards and regulations to report issues of financial stability if the worst case scenario arises. The joint obligation of the COFA has been removed and the obligation now rests firmly with the firm and the COLP. The requirements are set out in paragraphs 2.4 and 3.6 of the code of conduct for firms which states that you actively monitor your financial stability and business viability and once you are aware that you will cease to operate you effect the orderly wind down of your activities. And 3.6 of the code states that you notify the SRA promptly of any indicators of financial stability relating to you or if a relevant insolvency event occurs, or if you intend to, or become aware that you will cease operating as a legal business. So these obligations mean that firms shouldn't wait until the worst case scenario of insolvency occurs, similarly the COLP's obligation under 9.1(d) to notify the SRA of facts or matters capable of amounting to a serious breach lowers the threshold for reporting. Now whilst I don't believe that the SRA will expect firms to report a general concern shared by all that they will face difficult times ahead financially if it becomes apparent that for example a firm can't meet its debts as they fall due, which is an indicator of financial stability, a COLP and the firm would be expected to notify the SRA of this fact. To protect your firm from any regulatory criticism in the future you should ensure that your business continuity procedures, decisions and ongoing monitoring are being carefully documented and take specialist advice if necessary.
So that is a gallop through some of the risks that COLPs will need to manage now, and in the future. If there is one key message that I would give, it would be to learn from how you dealt with this crisis, what worked well, what could you have done better and what improvements do you need to make. Document it all in your live risk register and keep this up to date. Keep horizon scanning what's happening in your firm, in the markets in which your firm practices and in the economy, and be quick to adapt if necessary in order not just to survive but also to thrive in the future.
So this brings an end to this podcast. You can also view my article on this subject which first featured in the Law Society's legal compliance bulletin in the July 2020 edition but can also now be found on our Compli web pages at compli.weightmans.com. I hope you found it of use and if you have any queries or are interested in exploring any of the issues raised in this podcast further then please don't hesitate to get in touch with me and I'd be delighted to discuss how we can help you and your business. Thank you for listening.