38
PETER SCOTT CONSULTING Business Management Systemize your compliance with Rule 5 Peter Scott Peter Scott Consulting www.peterscottconsult.co.uk
| Date post: | 15-Jan-2016 |
| Category: |
Documents |
| Upload: | hortense-mcdonald |
| View: | 225 times |
| Download: | 0 times |
PETER SCOTT CONSULTING
Business Management
Systemize your compliance with Rule 5
Peter ScottPeter Scott Consultingwww.peterscottconsult.co.uk
- and with an eye on outcomes focussed regulation in relation to business management …
how to plan at the same time to comply
with:
The new SRA Code The Principles The outcomes
PETER SCOTT CONSULTING
Who currently has a compliance / risk manager?
The future …
“The management and supervision of firms is covered by chapter 7
of the new handbook. Firms will be required to have a compliance officer for legal
practice to oversee and embed adherence to the principles, rules and outcomes, and
a compliance officer for finance and administration to ensure compliance with the
Accounts Rules. You might wish to start considering who within your firm might
fulfil these roles and how they will carry them out.”
Charles Plant – chair of the board of the SRA
Law Society Gazette 8 July 2010
Rule 5 aims to set out…
Responsibility for the overall supervision and management framework of a firm
Minimum requirements to be ‘qualified to supervise’
Minimum standards for supervision of client matters
Minimum requirements for business arrangements essential to good practice and integral to compliance with supervision and other duties to
clients PETER SCOTT CONSULTING
The scope of Rule 5
Supervision
Management of risk
Key regulatory requirements
certificationP I
accountants reports
registration
recognition
conflicts
Rule 2 – client relations
Financial management and controls
SARs
Control of undertakings
safe keeping of documents and assets
Rule 6 – equality and diversity
Training
- Competence
- CPD
-Qualified to
supervise
Practice continuation
Are you in control of your risks?
Peop
le
Op
eration
alRegulatory
IT
Co
mp
etit
ion
/bu
sin
ess
Eco
no
mic
,p
olit
ical
,fi
scal
Financial
Asset
Reputational
Management
Who believes they are currently fully compliant with Rule 5?
How do you know you are compliant?
PETER SCOTT CONSULTING
The challenge of Rule 5….
How to manage compliance with Rule 5 in a way which will enable you to evidence, even with limited resources, that appropriate arrangements are in place and operating, so you can demonstrate:
compliance the effectiveness of that compliance
The challenge of Chapter 7 of the new SRA Code?
Is about the management and supervision of a firm
Provides that 10 listed outcomes must be achieved
In particular ….
PETER SCOTT CONSULTING
firms must have .... - have appropriate systems and controls in place to
achieve and comply with all Principles, rules and outcomes and other requirements of the Handbook
- identify, monitor and manage risks to the achievement of all outcomes, rules, Principles and other requirements in the Handbook if applicable and take steps to address issues identified
Who already has appropriate systems and controls in place …to
currently comply with Rule 5?
PETER SCOTT CONSULTING
What is required?
A need to manage your:
Resources Knowledge
PETER SCOTT CONSULTING
Resources?
People and Money Internal or external? Part time partners or professionals? Bespoke or ‘off the peg’?
Carry out a cost / benefit analysis to establish the most resource effective method for your firm to manage compliance and risks
Knowledge? - Failure to manage knowledge involves widespread risk
Compliance / Risk Management
Knowledge
Management
Compliance and risk – do you know your risk areas?
Where does the knowledge of your compliance and risk areas reside?
Can you access it?
Do you have systems to maintain and
upgrade your knowledge?
PETER SCOTT CONSULTING
Where to start?
A systematic approach is needed
Management driven, with top level buy-in Zero tolerance is required Managing risk and compliance needs to be seen as
‘everyone’s job’ – a mindset change is needed Need a ‘no guilt’ culture to encourage disclosure Approach compliance and risk management from a
knowledge management viewpoint and vice versa
PETER SCOTT CONSULTING
A systematic approach is required
Put in place a formal compliance and risk management process to identify and manage every
area of compliance and risk for Rule 5 compliance and for the new SRA Code
Establish a comprehensive database covering all compliance and risk areas
Standards such as Lexel and ISO 9000 are likely to help Use of IT systems?
Advantages of a formal compliance and risk management process for Rule 5 and under the new SRA Code?
Structured approach focuses on key compliance and risk areas
Can demonstrate how a firm is complying and the effectiveness of compliance / outcomes
Continuous monitoring ensures management of compliance and risk is “lived” day to day
Universal application to all compliance and risk areas
Comfort / assurance to PI insurers
Use of IT systems for compliance and risk
management? Use an integrated compliance and risk management system to cost effectively manage compliance and risk areas by:
creating and maintaining one central, up to date compliance and risk database
providing information access to all who need it in relation to exposure to risk
embedding compliance and risk management procedures – e.g. client inception procedures
streamlining identification, assessment, mitigation and monitoring
Implementing a compliance and risk management strategy
Diagnosis Identification and assessment
Implementation of complianceprocedures and Mitigation of riskAvoidance, control or transfer
MonitoringAuditing, tracking and reporting
LimitationMinimising the effects of
crystallised risks
PETER SCOTT CONSULTING
Identification of compliance and risk areas?
Needs to be management- driven ‘Top down – bottom up’ brainstorming sessions to: - to identify every compliance and risk area - are we compliant in every area? - do we have gaps? - what will be required to comply? - to what standards should we comply? - how should we prioritise our efforts? Assignment of responsibilities and lines of accountability
Compliance and risk assessment
Incidence - probability Impact - severity
Risk Mapping-where to focus resource?
Try this out on your ... Supervision arrangements Financial controls Business continuity planning Client care letters AML procedures
etc
PETER SCOTT CONSULTING
Assessment of non-compliance and other risks
Consider the impact of, inter alia:
Disciplinary action Bad publicity and loss of reputation Lost clients Complaints and claims Increased P.I. premiums
Assessment of compliance and risks
Assess severity of high-level risks
Identify high level risks of non compliance
Set criteria for assessing compliance and risks
Identify detailed risks
Assess severity of detailed risks
Compliance and risk map
Compliance and risk summary
Compliance and Risk Mitigation
Designed to:-
Ensure effective compliance Avoid / reduce non compliance Avoid / reduce incidence of risks Transfer some risks
Risk mitigationcompliance and risk
map
Compliance and risk summary
Consider impact/probability
correlation
Required controls
summary
Insurance requirements
summary
Contingency plan requirements
Residual risk summary
Consider available mitigation techniques
PETER SCOTT CONSULTING
Some techniques to put in place compliance and mitigate risks
Top level buy-in – management must not only drive compliance but also live it
Zero tolerance – just do it! Training and education programmes to build awareness
and change mindsets Continuous and systematic monitoring and reporting A need to continuously challenge the effectiveness of
compliance and risk management
Compliance and risk monitoring involves…
Auditing, tracking and reporting Comparing actual outcomes to preset indicators Confirming effectiveness of risk responses Reporting compliance and exceptions Annual compliance and risk management report
Compliance and risk monitoring
Required controls summary
Contingency plan requirements
Insurance requirements
summary
Set compliance and risk indicators and methods to
monitor them
Annual Compliance
and Risk Report
How are you going to demonstrate the effectiveness of your firm’s compliance with Rule 5?
Supervision
Management of risk
Key regulatory requirements
certificationP I
accountants reports
registration
recognition
conflicts
Rule 2 – client relations
Financial management and controls
SARs
Control of undertakings
safe keeping of documents and assets
Rule 6 – equality and diversity
Training
- Competence
- CPD
-Qualified to
supervise
Practice continuation
F i n n c i a l
In the future how are you going to demonstrate achievement of outcomes under the new SRA Code?
Start now – systemise your compliance and risk management
PETER SCOTT CONSULTING
The future?
How will law firms be able to provide the increasing resource needed to be fully and effectively compliant? - by consolidation? - by pooling of resources? - by other means?
Outsourcing your compliance and risk management?
Outcome 10) of Chapter 7 – Management of your business
Where legal activities or operational functions are outsourced you ensure
such outsourcing does not:
(i) jeopardise the quality of your legal activities nor impair the quality of your internal controls; and
(ii) impact on the SRA’s ability to monitor your compliance with all obligations in the Handbook.
Any questions?
