Outcomes focused regulation and compliance in practice Peter Scott Peter Scott Consulting www.peterscottconsult.co.uk Do you really know what is expected of you by the SRA? This is what Samantha Barras, Executive Director of the SRA said in December 2011 “What has changed is the explicit requirement for firms actively to engage with Principles and Outcomes, and avoid a tick-box approach. That is the role of the COLP in particular – to be responsible for taking reasonable steps to put in place systems and controls for good compliance in the firm” Do you have systems and controls for good compliance? - Outcome O(7.2) requires firms to have appropriate systems and controls in place to achieve and comply with all Principles, rules and outcomes and other requirements of the Handbook - Outcome O(7.3) requires firms to identify, monitor and manage risks to the achievement of all outcomes, rules, Principles and other requirements in the Handbook if applicable and take steps to address issues identified - Outcome O(7.4) requires firms to maintain systems and controls for monitoring their financial stability … and take steps to address issues identified What steps will your COLP and COFA need to take to ensure you have systems and controls in place for good compliance? • Have they considered whether they will be able to satisfactorily fulfil the roles? • And if so, how will they from the outset be able to ensure they can meet their responsibilities? First steps? 1. Secure internal accountability as a condition of taking on the roles 2. Assess whether they will be provided with sufficient: - access to information regarding risk; and - resources to effectively discharge their responsibilities 1. Securing internal accountability “We have no room for those who put their own personal agenda ahead of the interests of the clients or the office” David Maister’s “Predictive package” Who has one (or more) of these in their firm? “That’s a great idea …for the rest of you!” “Heavyweight gorilla” “You can’t manage me. I’m a big biller!” Deal with your big gorillas! Adopt a ‘zero tolerance’ approach Review your governance arrangements and incorporate for example the following agreements by partners ….. • All partners to comply with all Principles, Outcomes and Rules and other requirements of the Handbook and to fully support the COLP / COFA – with sanctions if they do not. • Full access to be given to COLP and COFA to all the firm’s information • Indemnities to be provided in relation to the COLP’s / COFA’s responsibilities in respect of penalties, costs and expenses • A right to take independent advice at firm’s expense for the resolution of disputes • Firm to pay premiums on appropriate insurance policies for COLP and COFA • Incorporate a ‘whistle-blowing’ policy 2. Ensure they will be provided with sufficient …… • access to information regarding risk; and • the resources to do the job Access to information / knowledge? • Will they be provided with access to full information likely to impact on compliance and other risks? • What are your risks? • Where does the knowledge of your risks reside? • Can you / will you be able to access it? • Do you / will you have systems to monitor, review and upgrade your knowledge? If you cannot measure risk, you will not be able to manage it Law firm risks Operational Management Failure to manage knowledge will involve serious risk Compliance / Risk Management Knowledge Management Some examples of compliance risks • • • • • • • • • • • Lack of management commitment to best practice and compliance risk management Lack of knowledge by management Lack of supervision High risk work Lack of client vetting / fraud Lack of client care / matter care Lack of resource capability Lack of knowledge / expertise / experience Precedents / multiple use of advice International work / overseas offices Mergers Compliance Risk Mapping IM P AC T H ig h H ig h im p a c t/ lo w in c id e n c e H ig h im p a c t/ h ig h in c id e n c e L o w im p a c t/ lo w in c id e n c e L o w im p a c t/ h ig h in c id e n c e Low Low H ig h IN C ID E N C E Establish the resources you will need to effectively carry out your role For example: • • • • • Do you have a budget? What will your team look like? Internal or external resource? Part time partners or professionals? Paper records or use of IT? Use of IT as a risk management tool? Use an integrated risk management system to quantify, assess and control risk by : – streamlining diagnosis, mitigation and monitoring – embedding common risk management procedures – providing information access to all who need it – creating and maintaining one central, up to date risk database Advantages of a systemised compliance risk management process? • Structured approach focuses on key compliance risk areas • Can demonstrate how a firm is complying and the effectiveness of compliance / outcomes • Continuous monitoring ensures management of compliance and risk is “lived” day to day • Universal application to all compliance and risk areas • Comfort / assurance to PI insurers [and SRA?] Planning your resources Carry out a cost / benefit analysis to establish the most resource effective method for you to manage the roles of COLP / COFA to ensure your firm is compliant Other areas on which to focus • Compliance management will need to be management driven with top level buy-in - management must not only drive compliance but also live it • Zero tolerance is required, with no exceptions – just do it! • A mind-set change will be required – managing compliance risk needs to be seen as everyone’s job - training and education programmes can build awareness and change • Build a ‘no blame’ culture to encourage disclosure • Above all – identify your ‘big gorillas’ and deal with them Your challenge “If you cannot demonstrate compliance we may take regulatory action” Outcomes focused regulation at a glance – www.sra.org.uk How are you going to be able to demonstrate you are compliant? Any questions?