PETER SCOTT CONSULTING

Business Management

Systemize your compliance with Rule 5

Peter ScottPeter Scott Consultingwww.peterscottconsult.co.uk

- and with an eye on outcomes focussed regulation in relation to business management …

how to plan at the same time to comply

with:

The new SRA Code The Principles The outcomes

PETER SCOTT CONSULTING

Who currently has a compliance / risk manager?

The future …

“The management and supervision of firms is covered by chapter 7

of the new handbook. Firms will be required to have a compliance officer for legal

practice to oversee and embed adherence to the principles, rules and outcomes, and

a compliance officer for finance and administration to ensure compliance with the

Accounts Rules. You might wish to start considering who within your firm might

fulfil these roles and how they will carry them out.”

Charles Plant – chair of the board of the SRA

Law Society Gazette 8 July 2010

Rule 5 aims to set out…

Responsibility for the overall supervision and management framework of a firm

Minimum requirements to be ‘qualified to supervise’

Minimum standards for supervision of client matters

Minimum requirements for business arrangements essential to good practice and integral to compliance with supervision and other duties to

clients PETER SCOTT CONSULTING

The scope of Rule 5

Supervision

Management of risk

Key regulatory requirements

certificationP I

accountants reports

registration

recognition

conflicts

Rule 2 – client relations

Financial management and controls

SARs

Control of undertakings

safe keeping of documents and assets

Rule 6 – equality and diversity

Training

- Competence

- CPD

-Qualified to

supervise

Practice continuation

Are you in control of your risks?

Peop

le

Op

eration

alRegulatory

IT

Co

mp

etit

ion

/bu

sin

ess

Eco

no

mic

,p

olit

ical

,fi

scal

Financial

Asset

Reputational

Management

Who believes they are currently fully compliant with Rule 5?

How do you know you are compliant?

PETER SCOTT CONSULTING

The challenge of Rule 5….

How to manage compliance with Rule 5 in a way which will enable you to evidence, even with limited resources, that appropriate arrangements are in place and operating, so you can demonstrate:

compliance the effectiveness of that compliance

The challenge of Chapter 7 of the new SRA Code?

Is about the management and supervision of a firm

Provides that 10 listed outcomes must be achieved

In particular ….

PETER SCOTT CONSULTING

firms must have .... - have appropriate systems and controls in place to

achieve and comply with all Principles, rules and outcomes and other requirements of the Handbook

- identify, monitor and manage risks to the achievement of all outcomes, rules, Principles and other requirements in the Handbook if applicable and take steps to address issues identified

Who already has appropriate systems and controls in place …to

currently comply with Rule 5?

PETER SCOTT CONSULTING

What is required?

A need to manage your:

Resources Knowledge

PETER SCOTT CONSULTING

Resources?

People and Money Internal or external? Part time partners or professionals? Bespoke or ‘off the peg’?

Carry out a cost / benefit analysis to establish the most resource effective method for your firm to manage compliance and risks

Knowledge? - Failure to manage knowledge involves widespread risk

Compliance / Risk Management

Knowledge

Management

Compliance and risk – do you know your risk areas?

Where does the knowledge of your compliance and risk areas reside?

Can you access it?

Do you have systems to maintain and

upgrade your knowledge?

PETER SCOTT CONSULTING

Where to start?

A systematic approach is needed

Management driven, with top level buy-in Zero tolerance is required Managing risk and compliance needs to be seen as

‘everyone’s job’ – a mindset change is needed Need a ‘no guilt’ culture to encourage disclosure Approach compliance and risk management from a

knowledge management viewpoint and vice versa

PETER SCOTT CONSULTING

A systematic approach is required

Put in place a formal compliance and risk management process to identify and manage every

area of compliance and risk for Rule 5 compliance and for the new SRA Code

Establish a comprehensive database covering all compliance and risk areas

Standards such as Lexel and ISO 9000 are likely to help Use of IT systems?

Advantages of a formal compliance and risk management process for Rule 5 and under the new SRA Code?

Structured approach focuses on key compliance and risk areas

Can demonstrate how a firm is complying and the effectiveness of compliance / outcomes

Continuous monitoring ensures management of compliance and risk is “lived” day to day

Universal application to all compliance and risk areas

Comfort / assurance to PI insurers

Use of IT systems for compliance and risk

management? Use an integrated compliance and risk management system to cost effectively manage compliance and risk areas by:

creating and maintaining one central, up to date compliance and risk database

providing information access to all who need it in relation to exposure to risk

embedding compliance and risk management procedures – e.g. client inception procedures

streamlining identification, assessment, mitigation and monitoring

Implementing a compliance and risk management strategy

Diagnosis Identification and assessment

Implementation of complianceprocedures and Mitigation of riskAvoidance, control or transfer

MonitoringAuditing, tracking and reporting

LimitationMinimising the effects of

crystallised risks

PETER SCOTT CONSULTING

Identification of compliance and risk areas?

Needs to be management- driven ‘Top down – bottom up’ brainstorming sessions to: - to identify every compliance and risk area - are we compliant in every area? - do we have gaps? - what will be required to comply? - to what standards should we comply? - how should we prioritise our efforts? Assignment of responsibilities and lines of accountability

Compliance and risk assessment

Incidence - probability Impact - severity

Risk Mapping-where to focus resource?

Try this out on your ... Supervision arrangements Financial controls Business continuity planning Client care letters AML procedures

etc

PETER SCOTT CONSULTING

Assessment of non-compliance and other risks

Consider the impact of, inter alia:

Disciplinary action Bad publicity and loss of reputation Lost clients Complaints and claims Increased P.I. premiums

Assessment of compliance and risks

Assess severity of high-level risks

Identify high level risks of non compliance

Set criteria for assessing compliance and risks

Identify detailed risks

Assess severity of detailed risks

Compliance and risk map

Compliance and risk summary

Compliance and Risk Mitigation

Designed to:-

Ensure effective compliance Avoid / reduce non compliance Avoid / reduce incidence of risks Transfer some risks

Risk mitigationcompliance and risk

map

Compliance and risk summary

Consider impact/probability

correlation

Required controls

summary

Insurance requirements

summary

Contingency plan requirements

Residual risk summary

Consider available mitigation techniques

PETER SCOTT CONSULTING

Some techniques to put in place compliance and mitigate risks

Top level buy-in – management must not only drive compliance but also live it

Zero tolerance – just do it! Training and education programmes to build awareness

and change mindsets Continuous and systematic monitoring and reporting A need to continuously challenge the effectiveness of

compliance and risk management

Compliance and risk monitoring involves…

Auditing, tracking and reporting Comparing actual outcomes to preset indicators Confirming effectiveness of risk responses Reporting compliance and exceptions Annual compliance and risk management report

Compliance and risk monitoring

Required controls summary

Contingency plan requirements

Insurance requirements

summary

Set compliance and risk indicators and methods to

monitor them

Annual Compliance

and Risk Report

How are you going to demonstrate the effectiveness of your firm’s compliance with Rule 5?

Supervision

Management of risk

Key regulatory requirements

certificationP I

accountants reports

registration

recognition

conflicts

Rule 2 – client relations

Financial management and controls

SARs

Control of undertakings

safe keeping of documents and assets

Rule 6 – equality and diversity

Training

- Competence

- CPD

-Qualified to

supervise

Practice continuation

F i n n c i a l

In the future how are you going to demonstrate achievement of outcomes under the new SRA Code?

Start now – systemise your compliance and risk management

PETER SCOTT CONSULTING

The future?

How will law firms be able to provide the increasing resource needed to be fully and effectively compliant? - by consolidation? - by pooling of resources? - by other means?

Outsourcing your compliance and risk management?

Outcome 10) of Chapter 7 – Management of your business

Where legal activities or operational functions are outsourced you ensure

such outsourcing does not:

(i) jeopardise the quality of your legal activities nor impair the quality of your internal controls; and

(ii) impact on the SRA’s ability to monitor your compliance with all obligations in the Handbook.

Any questions?