How to approach outcomes focused regulation and the new Code of Conduct Peter Scott Consulting

Disclaimer This presentation is for general guidance only. It should not be relied upon or acted on in any way whatsoever and is provided without responsibility on the part of the presenter. You should consult a solicitor or other professional adviser before taking any action in relation to anything contained or referred to herein.

Today’s session 1.To provide a roadmap to help you find your way around outcomes focused regulation and the code of conduct, and what it will mean for you in practice 2.What COLPs and COFAs will need to do in order to effectively perform their roles 3.How to implement OFR by systemising your compliance Where to find the new regulations?

1. What OFR will mean in practice Everyone who works in a law firm is now subject to regulation by the SRA Managing risk and compliance needs to be seen as ‘everyone’s job’ – and everyone has a role to play Compliance needs to be ‘lived’ on a daily basis by everyone and there should be no exceptions to following procedures. Otherwise everyone is at risk

But it will not be enough just to be compliant … “If you cannot demonstrate compliance we may take regulatory action” SRA – “Outcomes Focused Regulation at a glance” – SRA website

Why is it so important that all the new regulations are fully complied with? Consider the impact on a firm and its people of: - Disciplinary action - Bad publicity - Lost clients - Complaints and claims - Increased professional indemnity premiums

SRA’s enforcement approach An enlarged set of regulatory tools : – Risk based supervision – desk and firm based – Relationship managers – monitoring visits – regulatory settlement agreements – increased powers to fine – Interventions

The Handbook Contains all the requirements to regulate solicitors, partnerships, LLPs, limited companies and ABS and their staff. It includes: The Principles Code of Conduct Authorisation Rules Accounts Rules Specialist Services Rules Indemnity Insurance Rules/Compensation Fund Rules Disciplinary Procedure Rules All training requirements

The Principles Overarch the Handbook Based on the previous core duties (rule 1) in the Code of Conduct 2007 Mandatory – deal with fundamental behaviour. Stand alone

The Principles Mandatory Six will be familiar to you: – integrity; – independence; – best interests of clients; – proper standard of service; – uphold rule of law and proper administration of justice; and – maintenance of the trust the public places in you and the provision of legal services. Four are new …

The Principles continued ….. Comply with your legal and regulatory obligations and deal with your regulators and ombudsmen in an open, timely and co-operative manner; Run your business or carry out your role in the business effectively and in accordance with proper governance and sound financial and risk management principles; Run your business or carry out your role in the business in a way that encourages equality of opportunity and respect for diversity; Protect client money and assets.

The Code of Conduct Requirements of the Code are expressed as outcomes, which are mandatory Outcomes describe what you are expected to do in order to comply with the relevant Principles NB - the Outcomes set out in the Code are not an exhaustive list of the application of all the Principles Supplemented by Indicative behaviours, which are examples of behaviour in respect of achieving outcomes and are non mandatory

The structure of the Code of Conduct Divided into four sections: – You and your client – You and your business – You and your regulator – You and others

You and your client Has 6 chapters setting out Outcomes in relation to: Chapter 1 Client Care Chapter 2 Equality and diversity Chapter 3 Conflicts of interest Chapter 4 Confidentiality and disclosure Chapter 5 Your client and the court Chapter 6 Your client and introductions to third parties

Chapter 1- client care Principles to be achieved – acting in best interests of clients and providing a proper standard of service Indicative behaviours are grouped into 4 areas: - Dealing with the client’s matter - Fee arrangements - Complaints handling - Accepting instructions

Client care outcomes include … – you treat your clients fairly – you provide services to your clients in a manner which protects their interests in their matter, subject to the proper administration of justice; – clients are in a position to make informed decisions about the services they need, how their matter will be handled and the options available to them – the service you provide to clients is competent, delivered in a timely manner and takes account of your clients needs and circumstances; – you have the resources, skills and procedures to carry out your clients’ instructions; – clients receive the best possible information both at the outset and when appropriate as their matter progresses about the likely overall cost of their matter;

Client care indicative behaviours include … agreeing an appropriate level of service with your client, for example the type and frequency of communications; explaining your responsibilities and those of the client; ensuring the client is told, in writing, the name and status of the person dealing with the matter and the name of the person responsible for its overall supervision; explaining any arrangements, such as fee sharing arrangements or referral arrangements, which are relevant to the client’s instructions; explaining any limitations or conditions on what you can do for the client, for example, because of the way the client’s matter is funded; in taking instructions and during the retainer, having proper regard to your client’s mental capacity or other vulnerability, such as incapacity or duress;

And some more indicative behaviours … discussing whether the potential outcomes of the client’s case are likely to justify the expense or risk involved including any risk of having to pay someone else’s legal fees; clearly explaining your fees and if and when they are likely to change; discussing how the client will pay…;

Complaints The best way to deal with complaints is to prevent them happening in the first place If you sense even a hint that a complaint may possibly be made, then immediately speak to the appropriate person you work with so the matter can be dealt with.

A few questions for you … Do your client care procedures and letters of engagement need review? In particular, do you need to reconsider complaints handling? How will you demonstrate that you are treating clients fairly? Is your costs information clear?

Chapter 2 – equality and diversity Principle - Equality of opportunity and respect for diversity Unlawful discrimination and victimisation are not acceptable Outcomes Your Equality and Diversity Policy – do you know what it says? NB – the Indicative Behaviours

More questions for you … Do you need to review your E and D policy? Does it contain procedures which will enable you to demonstrate compliance with the Outcomes? What would be appropriate training for your people?

Chapter 3 – conflict of interests Deals with - own interest conflicts – you must never act - client interest conflicts – can only act in 2 limited circumstances Outcomes, include - O (3.1) you must have effective systems and controls in place to enable you to identify and assess potential conflicts of interests. - O (3.6) and O (3.7) – exceptions where you may act when there is a client conflict

conflict of interests Client conflict - “…any situation where you owe separate duties to act in the best interests of two or more clients in relation to the same or related matters, and those duties conflict, of there is a significant risk that those duties conflict.” Own interest conflict - “…any situation where your duty to act in the best interests of any client in relation to a matter conflicts, or there is a significant risk that it may conflict, with your own interests in relation to that or a related matter”

Exceptions where you can act where there is conflict Outcome O(3.6) - The clients have a substantially common interest in relation to a matter; or Outcome O(3.7) - The clients are competing for the same objective. Conveyancing conflicts - Buyer / Seller? - Lender / Borrower? “The difference with the new code is that the decision whether or not a conflict exists will be a matter for your professional judgment – the decision rests with you” - SRA Professional Ethics Team

More questions for you … Do your conflict checking procedures need review? “Own interest conflicts” – do you have a register of interests? Do you have a policy for conveyancing conflict situations? Do you have a ‘conflicts committee’ to consider conflicts? Staff training

Chapter 4 - confidentiality Principle – acting in the best interests of clients Outcomes require that confidential information is protected Do you have effective systems and controls in place to preserve client confidentiality? Outcomes also require that: – you must disclose to your client information of which you are aware that is material to their case – if your duty of confidentiality to one client comes into conflict with your duty of disclosure to another the duty of confidentiality takes precedence

Chapter 5 – your client and the Court Principle - Upholding the rule of law and administration of justice Outcomes must be demonstrated if you conduct litigation or advocacy Responsibilities to court Versus duties to clients – note O (5.5) Treatment of witnesses and witness evidence

Chapter 6 – Introductions to third parties Principles - Independence and Integrity and acting in the best interests of clients Applies to all introductions including to other lawyers How can you demonstrate compliance with these outcomes?

You and your business Chapter 7 Management of your business Chapter 8 Publicity Chapter 9 Fee sharing and referrals

Chapter 7 – management of your business Must have effective systems and controls in place to achieve compliance with all the regulations in the Handbook ensuring staff are trained to maintain an appropriate level of competence, Supervising clients’ matters and checking of quality of work. Outsourcing – links to COLP’s and COFA’s responsibilities

Chapter 8 - publicity Principle – to maintain the trust the public places in you Accurate publicity Clarity on charges Prohibition on unsolicited approaches Clear information about your regulatory status Risk areas in relation to publicity?

Chapter 9 - Fee sharing and referral arrangements Outcomes emphasise the importance of the core duties – independence of professional judgement, integrity and clients’ best interests etc. Requirement to inform clients of any financial or other interest the introducer has in referring the client now extends to referrals between solicitors. Referral fees – now under review by government.

Chapter 9 - Outcomes Your independence and your professional judgment are not prejudiced by virtue of any arrangements with another person; Your clients’ interests are protected regardless of the interests of an introducer or fee sharer or your interests in receiving referrals; Clients are in a position to make informed decisions about how to pursue their matter; Clients are informed of any financial or other interest which an introducer has in referring the client to you; Clients are informed of any fee sharing arrangement that is relevant to the matter; You do not make payments to an introducer in respect of clients who are the subject of criminal proceedings or who have the benefit of public funding. Where you enter into a financial arrangement with an introducer you ensure the arrangement is in writing

More questions … Do you have a record of all referral arrangements which happen in the firm? If payment made for referrals - is agreement in writing? How do you monitor compliance with the Outcomes? How do you demonstrate achievement of the Outcomes relating to information which the client must have?

Chapter 10 – you and your regulator Principle - Dealing with regulator and ombudsman in open, timely and co- operative manner Notification requirements Production of documents and information Dealing with SRA’s and ombudsman’s enquiries Key Indicative Behaviours include actively monitoring achievement of the outcomes; The firm will only be able to do this if everyone in the firm immediately reports compliance problems to the appropriate person

You and your regulator “You notify the SRA promptly of any material changes to relevant information about you including serious financial difficulty, …serious failure to comply with or achieve the principles, rules, outcomes and other requirements of the Handbook.”

Chapter 10 - key Indicative Behaviours Compliance with outcomes demonstrated by, inter alia: actively monitoring achievement of the outcomes; actively monitoring you financial stability; notifying SRA promptly of indicators of serious financial difficulty such as inability to pay indemnity insurance, rent or salaries and breach of bank covenants; having a whistle-blowing policy;

You and others Chapter 11 – relations with third parties Principles - Integrity and trust Not taking unfair advantage Undertakings - connected with Chapter 7 Outcomes

Chapter 12 – separate businesses Principles - Best interests of clients and Integrity Who is bound? Prohibited separate business Permitted separate business activities What customers must expect from you

2. COLPs and COFAs Compliance officer for legal practice Compliance officer for finance and administration

Challenges for the COLP and COFA 1.Understanding the COLP’s and COFA’s roles and responsibilities 2.The planning COLPs and COFAs need to do to effectively fulfil their roles 3.How COLPs and COFAs can secure ‘buy-in’ and ‘accountability’ from everyone in a firm 4.Identification and assessment by COLPs and COFAs of a firm’s compliance risks - in order to be able to DEMONSTRATE to the SRA that a firm is compliant

Role of compliance officers A senior person A manager or an employee COLP must be a lawyer or REL COFA – no required qualifications

Time scales for approvals 31 May 2012 – nomination forms available on SRA website 31 July 2012 – deadline for nominations 31 October 2012 – approvals process to be completed NB – declarations to be given (see handout)

The scope of the COLP’s role under Rule 8 of the SRA Authorisation Rules is extensive and very wide 8.5.(c) SRA Authorisation Rules (i)Take all reasonable steps to: (A) ensure compliance with the terms and conditions of the authorised body’s authorisation except any obligations under the SRA Accounts Rules (B) ensure compliance with any statutory obligations of the body, its managers, employees or interest holders in relation to the body’s carrying on of authorised activities (C) record any failure so to comply and make such records available to the SRA on request;

8.5.(c) SRA Authorisation Rules (continued) (ii) As soon as reasonably practicable, report to the SRA any failure so to comply provided that: (A) in the case of non-material failures, these shall be taken to have been reported as soon as reasonably practicable if they are reported to the SRA together with such other information as the SRA may require in accordance with Rule 8.7(a): and (B) a failure may be material either taken on its own or as part of a pattern of failures so to comply.

What is a ‘material’ failure to comply? Guidance Notes to Rule 8 provide: (x) In considering whether a failure is “material” and therefore reportable, the COLP or COFA, as appropriate, will need to take account of various factors, such as: the detriment, or risk of detriment, to clients the extent of any risk of loss of confidence in the firm or in the provision of legal services the scale of the issue the overall impact on the firm, its clients and third parties. In addition, the COLP/COFA will need to keep appropriate records of failures in compliance to: monitor overall compliance with obligations assess the effectiveness of the firm’s systems be able to comply with the duty to report breaches which are material because they form a pattern.

The COFA’s role under Rule 8.5(e) of the SRA Authorisation Rules is to (i)take all reasonable steps to (A) ensure that the body and its employees and managers comply with any obligations imposed upon them under the SRA Accounts Rules; and (B ) record any failure so to comply and make such records available to the SRA on request; and (ii) as soon as reasonably practicable, report to the SRA any failure so to comply, provided that: (A) in the case of non-material failures, these shall be taken to have been reported as soon as reasonably practicable if they are reported to the SRA together with such other information as the SRA may require in accordance with Rule 8.7(a); and (B) a failure may be material either taken on its own or as part of a pattern of failures so to comply.

Additional responsibilities for COFA’s Ensure that they have access to all accounting records Carry out regular checks on the accounting systems Carry out file and ledger reviews ensure that the reporting accountant has prompt access to all the information needed to complete the accountants report take steps to ensure that breaches of the SRA Account Rules are remedied promptly, and report any breach to the SRA as required Monitor, review and manage risks to compliance with the SRA account rules

Why will the COLP/COFA need to keep records? Allow for inspection by the SRA Monitor overall compliance with obligations Assess the effectiveness of the firm’s systems Be able to comply with the duty to report breaches They will only be able to effectively carry out their roles if everyone in the firm works in the way they are required to do

What will a COLP and a COFA need to do to carry out their roles effectively?

Do you really know what is expected of you by the SRA? This is what Samantha Barras, Executive Director of the SRA said in December 2011 “What has changed is the explicit requirement for firms actively to engage with Principles and Outcomes, and avoid a tick-box approach. That is the role of the COLP in particular – to be responsible for taking reasonable steps to put in place systems and controls for good compliance in the firm” “To be the focal point in the firm for thoughtful engagement with our regulatory regime”

And she continued ….. “For those firms in the Relationship Management approach to supervision, we will expect to meet regularly with the COLP and for that person to be completely on top of risk and compliance in your firm ……. A titular COLP will not be acceptable”.

Bearing in mind those words … Have you considered whether you will be able to satisfactorily fulfil the role? And if so, how will you from the outset be able to ensure you can meet your responsibilities?

Systems and controls for good compliance? - Outcome O(7.2) requires firms to have appropriate systems and controls in place to achieve and comply with all Principles, rules and outcomes and other requirements of the Handbook - Outcome O(7.3) requires firms to identify, monitor and manage risks to the achievement of all outcomes, rules, Principles and other requirements in the Handbook if applicable and take steps to address issues identified As the COLP or COFA, what will you now need to do to ensure that you will be able to take all reasonable steps to enable your firm to achieve, inter alia, these outcomes?

First actions, first conversations to have? 1.Secure internal buy-in as a condition of your taking on the role 2.Assess whether you will be provided with sufficient: - independence of role; - access to information regarding risk; and - resources to enable you to effectively carry out the role.

1. Securing internal buy-in Who has one (or more) of these in their firm?

“That’s a great idea …for the rest of you!”

“Heavyweight gorilla” “You can’t manage me. I’m a big biller!”

Deal with your big gorillas! Your role as the COLP or COFA will only be capable of being effectively carried out if partners and other owners of your firm accept that they must be ‘accountable’

Accountability? “We have no room for those who put their own personal agenda ahead of the interests of the clients or the office” David Maister’s “Predictive package” How can the COLP or COFA secure accountability?

You can try to persuade partners that this is why they should be compliant … “The pursuit of excellence, with the aim of doing things better for the clients” Director of Risk of a ‘top ten’ UK law firm However laudable, currently this is unlikely to ‘win hearts and minds’. Instead, adopt the ‘zero tolerance’ approach!

For example, require from your partners the following contractual assurances as a condition precedent to your acceptance of the role …. All partners to comply with all Principles, Outcomes and Rules and other requirements of the Handbook and to fully support the COLP / COFA – with sanctions if they do not. Full access to be given to all firm’s information Indemnities to be provided in relation to the COLP’s / COFA’s responsibilities in respect of penalties, costs and expenses A right to take independent advice at firm’s expense for the resolution of disputes Incorporate a ‘whistle-blowing’ policy Firm to pay premiums on appropriate insurance policies for COLP and COFA

2. Assess whether you will be provided with sufficient: independence of role; access to information regarding risk; and resources to enable you to effectively carry out the role.

Independence of role? The Guidance Notes to Rule 15.1 Authorisation Rules state that “As well as evidence about the candidate, the Suitability Test takes into account evidence about the honesty and integrity of a person that the candidate is related to, affiliated with or acts together with, whom the SRA has reason to believe that person may have an influence over the way in which the candidate will exercise their role.” How independent will your role be as COLP / COFA?

Independence of role, for example in relation to reporting obligations? If an employee or non equity partner? Even if an equity partner? If a managing partner, where responsibility to drive performance of the firm may conflict with the COLP / COFA role? (in many firms the managing partner is likely to be the only person capable of ensuring compliance procedures are followed)

Access to information / knowledge? Will you be provided with access to full information likely to impact on compliance and other risks? What are your risks? Where does the knowledge of your risks reside? Can you / will you be able to access it? Do you / will you have systems to monitor, review and upgrade your knowledge? If you cannot measure risk, you will not be able to manage it

Law firm risks People Operational Regulatory IT Competition /business Economic, political, fiscal Financial Asset Reputational Management

Failure to manage your knowledge will involve serious risk Compliance / Risk Management Knowledge Management

Establish the resources you will need to effectively carry out your role For example: Do you have a budget? What will your team look like? Internal or external? Part time partners or professionals? Paper records or use of IT If IT is used - bespoke or ‘off the peg’ systems?

Plan your resources Carry out a cost / benefit analysis to establish the most resource effective method for you to manage your role as COLP / COFA for your firm to be compliant

First actions, first conversations … other areas on which to focus Your role will need to be management driven with top level buy-in - management must not only drive compliance but also live it Zero tolerance is required, with no exceptions – just do it! A mind-set change will be required – managing compliance risk needs to be seen as everyone’s job - training and education programmes can build awareness and change Build a ‘no blame’ culture to encourage disclosure Above all – identify your ‘big gorillas’ and deal with them Otherwise everyone will be at risk

Above all, as a COLP or COFA you will need to continuously challenge the effectiveness of your firm’s compliance management

3. Systemise your compliance management

“If you cannot demonstrate compliance we may take regulatory action” SRA – OFR at a glance

The scope and volume of compliance now requires a different approach For example, under the SRA Code the Outcomes provide that firms must: - have appropriate systems and controls in place to achieve and comply with all Principles, rules and outcomes and other requirements of the Handbook - identify, monitor and manage risks to the achievement of all outcomes, rules, Principles and other requirements in the Handbook if applicable and take steps to address issues identified - Ensure compliance with all the reporting and notification requirements in the Handbook Do you already have appropriate systems and controls in place to comply?

Your challenge.... Is not merely to ensure your firm is compliant but … to be able to DEMONSTRATE to the SRA that your firm and everyone in the firm is compliant on an on-going basis How will you be able to do this?

Outcomes focused regulation is about managing processes How can these processes be systemised to provide a cost effective method to manage your compliance?

Do you know your compliance risks? What are your compliance risks Where does the knowledge of your compliance risk reside? Can you access it? Do you have systems to monitor, review and upgrade your knowledge?

A Risk Management / KM integrated approach Approach risk from a KM viewpoint and vice versa Need to manage the risks relating to knowledge in any event Managing the risks – Quality assurance – Greater competitiveness

Establishing the resources you will need to effectively manage your compliance For example: Internal or external? Part time partners or professionals? Paper records or use of IT If IT is used - bespoke or ‘off the peg’ systems?

A systematic approach is required Put in place a formal compliance risk management process to identify and manage every area of compliance risk for the SRA Handbook and Code Establish a comprehensive database covering all compliance risk areas Standards such as Lexel and ISO 9000 are likely to help

Implementing a compliance risk management Strategy DIAGNOSIS Identification and assessment MITIGATION Control, transfer and avoidance MONITORING Auditing, tracking and reporting When a risk crystallises LIMITATION Minimising the effect of crystallised risks

Use of risk management tools? Use an integrated risk management system to quantify, assess and control risk by : – streamlining diagnosis, mitigation and monitoring – embedding common risk management procedures – providing information access to all who need it – creating and maintaining one central, up to date risk database

Identifying and assessing your compliance risks

Compliance Risk Mapping

Compliance risk identification and assessment Incidence - probability Impact - severity

Some examples of compliance risks Lack of management commitment to best practice and compliance risk management Lack of knowledge by management Lack of supervision High risk work Lack of client vetting / fraud Lack of client care / matter care Lack of resource capability Lack of knowledge / expertise / experience Precedents / multiple use of advice International work / overseas offices Mergers

Using ‘brainstorming’ as a method of identifying and assessing compliance risks ‘Top down – bottom up’ brainstorming sessions in each group in your firm to: - to identify every compliance risk area - are we achieving every Outcome under the new Code? - are we compliant in every area? - do we have gaps? - what will be required to fully comply? - to what standards should we comply? - how should we prioritise our efforts?

Risk Diagnosis Assess severity of high-level risks Identify high level risks Set criteria for assessing risks Identify detailed risks Assess severity of detailed risks Risk map Risk summary

Compliance risk Mitigation Designed to:- Ensure effective compliance Avoid / reduce non compliance Avoid / reduce incidence of risks Transfer some risks

Risk mitigation Risk map Risk summary Consider impact / probability correlation Required controls summary Insurance requirements summary Contingency plan requirements Residual risk summary Consider available mitigation techniques

Compliance risk monitoring involves… Auditing, tracking and reporting Comparing actual outcomes to pre-set indicators Confirming effectiveness of your risk responses Reporting compliance and exceptions Establishing [annual / periodical] compliance risk management reports

Risk monitoring Required controls summary Contingency plan requirements Insurance requirements summary Set risk indicators and methods to monitor them Annual Risk Management Report

Risk limitation involves Risk crystalisation scenarios Contingency plans Limitation procedures Post event assessment

Advantages of a formal compliance risk management process for the new SRA Code? Structured approach focuses on key compliance risk areas Can demonstrate how a firm is complying and the effectiveness of compliance / outcomes Continuous monitoring ensures management of compliance and risk is “lived” day to day Universal application to all compliance and risk areas Comfort / assurance to PI insurers [and SRA?]

Effective use of IT systems for compliance risk management? Use an integrated compliance risk management system to cost effectively manage compliance risk areas by: – creating and maintaining one central, up to date compliance and risk database – providing information access to all who need it in relation to exposure to risk – embedding compliance and risk management procedures – e.g. client inception procedures – streamlining identification, assessment, mitigation and monitoring of compliance risks

Outcomes focused regulation is about processes Using IT systems is likely to be the most cost effective and compliant method to manage these processes. Any questions?

Compliance needs to be ‘lived’ on a daily basis by everyone in a law firm and there can be no exceptions to following procedures. Otherwise everyone is at risk.

Any questions?