managingpartner COLP & COFA conference 2012 The first 100

Outcomes focused regulation and compliance in
Peter Scott
Peter Scott Consulting
Do you really know what is expected of you by the SRA?
This is what Samantha Barras, Executive Director of the SRA said
in December 2011
“What has changed is the explicit requirement for firms actively
to engage with Principles and Outcomes, and avoid a tick-box
approach. That is the role of the COLP in particular – to be
responsible for taking reasonable steps to put in place systems
and controls for good compliance in the firm”
Do you have systems and controls for good
- Outcome O(7.2) requires firms to have appropriate systems and controls in
place to achieve and comply with all Principles, rules and outcomes and
other requirements of the Handbook
- Outcome O(7.3) requires firms to identify, monitor and manage risks to the
achievement of all outcomes, rules, Principles and other requirements in
the Handbook if applicable and take steps to address issues identified
- Outcome O(7.4) requires firms to maintain systems and controls for
monitoring their financial stability … and take steps to address issues
What steps will your COLP and COFA need to take to ensure you
have systems and controls in place for good compliance?
• Have they considered whether they will be able to
satisfactorily fulfil the roles?
• And if so, how will they from the outset be able to ensure
they can meet their responsibilities?
First steps?
1. Secure internal accountability as a condition of taking on the
2. Assess whether they will be provided with sufficient:
- access to information regarding risk; and
- resources to effectively discharge their responsibilities
1. Securing internal accountability
“We have no room for those who put their own personal
agenda ahead of the interests of the clients or the
David Maister’s “Predictive package”
Who has one (or more) of these in their firm?
“That’s a great idea
…for the rest of you!”
“Heavyweight gorilla”
“You can’t manage
I’m a big biller!”
Deal with your big gorillas!
Adopt a ‘zero tolerance’ approach
Review your governance arrangements and incorporate
for example the following agreements by partners …..
• All partners to comply with all Principles, Outcomes and Rules and other
requirements of the Handbook and to fully support the COLP / COFA –
with sanctions if they do not.
• Full access to be given to COLP and COFA to all the firm’s information
• Indemnities to be provided in relation to the COLP’s / COFA’s
responsibilities in respect of penalties, costs and expenses
• A right to take independent advice at firm’s expense for the resolution of
• Firm to pay premiums on appropriate insurance policies for COLP and
• Incorporate a ‘whistle-blowing’ policy
2. Ensure they will be provided with sufficient ……
• access to information regarding risk; and
• the resources to do the job
Access to information / knowledge?
Will they be provided with access to full information likely to
impact on compliance and other risks?
What are your risks?
Where does the knowledge of your risks reside?
Can you / will you be able to access it?
Do you / will you have systems to monitor, review and
upgrade your knowledge?
If you cannot measure risk, you will not be able to manage it
Law firm risks
Failure to manage knowledge will involve serious risk
Compliance / Risk
Some examples of compliance risks
Lack of management commitment to best practice
and compliance risk management
Lack of knowledge by management
Lack of supervision
High risk work
Lack of client vetting / fraud
Lack of client care / matter care
Lack of resource capability
Lack of knowledge / expertise / experience
Precedents / multiple use of advice
International work / overseas offices
Compliance Risk Mapping
H ig h
H ig h im p a c t/ lo w in c id e n c e
H ig h im p a c t/ h ig h in c id e n c e
L o w im p a c t/ lo w in c id e n c e
L o w im p a c t/ h ig h in c id e n c e
H ig h
Establish the resources you will need to
effectively carry out your role
For example:
Do you have a budget?
What will your team look like?
Internal or external resource?
Part time partners or professionals?
Paper records or use of IT?
Use of IT as a risk management tool?
Use an integrated risk management system to
quantify, assess and control risk by :
– streamlining diagnosis, mitigation and
– embedding common risk management
– providing information access to all who
need it
– creating and maintaining one central, up to
date risk database
Advantages of a systemised compliance risk
management process?
Structured approach focuses on key compliance risk
Can demonstrate how a firm is complying and the
effectiveness of compliance / outcomes
Continuous monitoring ensures management of
compliance and risk is “lived” day to day
Universal application to all compliance and risk areas
Comfort / assurance to PI insurers [and SRA?]
Planning your resources
Carry out a cost / benefit analysis to
establish the most resource effective
method for you to manage the roles of COLP / COFA to ensure
your firm is compliant
Other areas on which to focus
Compliance management will need to be management driven with top
level buy-in - management must not only drive compliance but also live it
Zero tolerance is required, with no exceptions – just do it!
A mind-set change will be required – managing compliance risk needs to
be seen as everyone’s job - training and education programmes can build
awareness and change
Build a ‘no blame’ culture to encourage disclosure
Above all – identify your ‘big gorillas’ and deal with them
Your challenge
“If you cannot demonstrate compliance we may take regulatory
Outcomes focused regulation at a glance –
How are you going to be able to demonstrate you are compliant?
Any questions?

similar documents