AJ Fox Compliance ask: What is Law Firm Risk & Compliance?
The Risk and Compliance function in a law firm has a wide range of responsibilities. Primarily it exists in order to mitigate and protect against risks and maintain compliance with relevant regulations and legislation - but what does that mean in practice? Different law firms organise their risk and compliance functions in different ways - in this article we talk about 4 of the main types of risk and compliance issues with which firms are concerned.
1. Conflicts of interest
A fundamental part of being a solicitor is working in the best interests of your client, but there are other obligations and duties a solicitor can owe in various circumstances that can cause a conflict to arise. Solicitors will generally abide by a code of conduct (e.g. the SRA Code of Conduct in England & Wales) which dictates the rules around legal conflicts issues; but there are different codes of conduct in different jurisdictions and so when dealing with international matters this can become even more complicated as the conflicts rules themselves may be in conflict! Risk professionals also need to consider commercial conflicts issues where there may not be any legal reason preventing working with a particular client but it may not be in the best interests of the firm to act in the circumstances.
Part of the role of the risk and compliance function is to analyse and identify potential conflicts issues before they arise, look into workarounds and strategies to avoid these conflicts or else manage the conversations where work needs to be turned down.
This role can often involved having difficult conversations with senior fee-earners about clients with whom they may wish to work but are unable to do so due to a conflict of interest.
Increasingly the larger more global firms are having to be proactive in their conflicts assessment to ensure that their growth does not see them running into uncomfortable conflicts issues, you might therefore find yourself undertaking proactive conflicts analysis against the major clients in a new jurisdiction the firm is looking to expand into, or of another law firm with which your firm is considering a merger.
2. Anti money laundering/client due diligence
In order to be able to avoid inadvertently facilitating money laundering or handling the proceeds of crime it is important to know who your client is! This may sound obvious and may be a pretty straightforward process in many cases, especially if you are representing an individual in relation to a personal matter, however law firms work with all sorts of different businesses and entities which can make this process more complicated. The question that needs to be answered is "Who is actually benefiting from the services of the fee-earners?". It may be that you are doing some work for ABC Limited but unless you understand who owns ABC Limited then you don't really know for whom the work is being undertaken. In order to determine this you may need to analyse the corporate structure of the client - it may be that the business is owned by another company, which in turn may be owned by a trust located in the Cayman islands. You will then be required to determine the details of the ultimate beneficial owners of the trust. This can involve significant analysis and research.
Once you have determined who the firm is actually working for you will then want to consider whether there are any risk issues in relating to working with them. This involves checking to see if there are Politically Exposed Persons ("PEPs") involved or if there could be a breach of Sanctions involved in taking on the work. You may also look at adverse media and reputational risks that the firm could be exposed to in working with this particular client.
As you can tell there is a lot of analysis involved but work in this area is a crucial part of the fight against organised crime and terrorism.
3. General risk & compliance
Just like any other business there are a myriad of rules, regulations and legislation that law firms need to abide by and it is the role of the risk and compliance function to review these, understand their impact, develop processes and policies for maintaining compliance and then ensure that fee earners and the business generally is educated and trained around these issues. Recent examples include the General Data Protection Regulations, the Modern Slavery Act, the 4th/5th Money Laundering Directive, the Criminal Finances Act, the list goes on! As you might imagine there are very many rules and regulations and firms have to consider these in all of the jurisdictions in which they operate.
Firms may then undertake internal audits, gap analysis and file reviews to determine if the business is compliant - if it is not then it is important to try to understand where it is falling short and how this can be remedied.
Risk & Compliance functions will also spend time looking at the contracts the firm enters into, whether these be third party supplier contracts or the day to day letters of engagement that are sent to clients. The terms of these documents can have a significant impact on the risks that the firm is exposed to and so Risk & Compliance professionals will asses terms defining liability levels, the scope of work, and more general commercial and legal risks.
4. Claims and complaints
What happens when it all goes wrong?
Contrary to what many believe lawyers are human too and so inevitably mistakes are made. Whilst good risk and compliance functions will work hard to ensure preventative measures are taken to avoid the risk of complaints and claims they are hard to avoid completely. The risk and compliance team will be involved in managing complaints issues and trying to prevent them escalating - however in some cases they do become claims and court proceedings may be filed against the firm. Here the risk and compliance function will work to investigate the issue itself and where necessary to defend the firm, generally through instructing outside counsel. But it works the other way around too, in some cases clients may not pay, or may cause other issues for the firm, and in certain circumstances the firm may need to take action against a client.
The claims record of the firm can have a significant impact on the cost of Professional Indemnity Insurance and so it is important to deal with these effectively and to be proactive to avoid repeat issues. Reducing the cost of insurance renewals is a great way to immediately and tangibly demonstrate the value of the risk and compliance function. In a space in which results are often less tangible (e.g. the value of making sure the firm does not get fined for non-compliance may be hard to define) these sorts of financial savings can be important in ensuring the buy-in of the partnership.
As you can see Risk & Compliance is a very broad area covering a significant range of issues. Legislation and regulation is being created and amended all the time and so this space is fast moving and ever changing.