How can your firm manage risk and compliance in an increasingly digital world?
As law firms continue to adopt digital ways of working very quickly as a result of the rise in remote working; it seems likely that some of these changes in working practices are likely to be here for the long term.
Some staff will be considering whether they’d like to work from home more even after the coronavirus pandemic has passed. Many will be reflecting on the positives they have been able to take from being at home more such as less time spent commuting and more time for family, exercise or other interests and may perhaps look to adopt a mix of working splitting time between working from home and in the office.
Patterns of consumer behaviour are also continuing to change with many more people being happy to interact with businesses online; even when it comes to personal or business matters where previously a face-to-face meeting may have been strongly preferred. This will make it more possible for lawyers to advise clients from home or by working in a mix of from home and from an office.
In turn this will mean that practices have to change the way in which they operate; both in terms of client-facing work and internal operating practice and procedure. One area that has not necessarily kept pace with the times in terms of adopting digital ways of working is managing risk and compliance procedures and processes.
These are largely not carried out routinely in by digital means. This makes communication with staff (at home, in the office or a mix of both) much harder. It’s also more difficult to monitor whether people are following the required (and correct) policies and procedure when supervision is having to be done at arm’s length instead of in the office.
Changing risk landscape
In November 2020 a report by Lexis Nexis said:
“Covid 19 is impacting law firms in an unparalleled way. Client and team meetings are now virtual and so are most courts and tribunals. The standard way of running a small law firm has changed, possibly forever.”
In recognition of the shifting landscape, the SRA identified several increased or changed risks including: AML; supervision; client ID and verification: data security and cybercrime.
At the same time the SRA has continued to move away from prescriptive rules instead placing the emphasis on firms to do what’s right for your own firm in the circumstances.
All of which means that firms cannot afford to be complacent about how they manage these risks. As firms have had to adapt to new ways of working then risks that were already present have become arguably more relevant with criminals actively trying to catch law firms out in the areas of AML, client ID and verification and cybercrime in particular. The SRA also identify supervision and data security as key risk areas for firms to concentrate on.
In its Risk Outlook 2020/2021 published in November 2020 the SRA said:
“We know that many firms have updated their risk assessments following Covid-19, but some have found it difficult to judge the evolving risks.
“For example, changing from face-to-face to online communication exposes firms to different risks, so they will need different methods to control them.
“Criminals will take advantage of uncertainties and changing circumstances to deceive firms and consumers. Solicitors need to fully understand the risks and to adapt their practices accordingly.”
Updated risk assessments
During the first lockdown firms were, understandably, not necessarily concerned about undertaking a detailed review of their risk and compliance processes and procedures as firms got to grips with remote working, the threat to income and of course the health and wellbeing of staff. However now that we are all established and able to swap between normal trading and operating in a lockdown with relative ease it is a good opportunity to conduct a review.
Obligations under the SRA around risk management are to have effective business systems to ensure managers and employees comply (section 2 SRA Code for firms) including:
- Identifying, monitoring and managing all material risks to your business (2.5)
- COLP/COFA are able to discharge their duties (2.1(d)).
The SRA suggests that you consider having a risk review carried out by an independent third party in order to provide an objective assessment and bring to bear the experience and professional assessment of a risk expert.
Here at Legal Eye we have seen demand increasing for a risk review. Typically firms find our annual risk review product very helpful as it includes a thorough review of your risk management policies and procedures and provides a written report along with any recommendations resulting from the review.
Our team of expert compliance professionals often give the following tips for reducing risk:
- Train staff on the importance of risk management and what you expect of them
- Outsource file reviews to get an independent view on errors, causes of errors, identify and carry out corrective actions
- Regular internal comms – make it easy – even fun! – for people to access and use the resources they need to properly manage risk
- Make sure knowledge is up to date.
Providing a digital home for all the risk resources that your firm needs make sense in providing an easily accessible and flexible resource for your staff so that they can access the information and training they need.
We suggest the following steps in moving your risk management approach to a digital approach:
The risk and compliance hub from Legal Eye brings together a library of policies, procedures and precedents in one place online. Resources are regularly updated to keep you up to date; and staff have access to online training modules to ensure everyone is up to date.
Find out more about the risk and compliance hub here or contact [email protected] or 020 3051 2049 to arrange a no obligation demo.
Access free webinar on demand
Legal Eye has recorded a 20-minute webinar looking at how firms can adapt their risk management approach and access new tools to embrace an increasingly digital environment.
This short webinar outlines the advantages of taking a digital approach to risk management and reflects on how this could help firms to overcome some of the challenges in maintaining and growing a sustainable and profitable practice in the current environment and in the months and years ahead.
We also highlight the evolving risks, identified by the SRA in its Risk Outlook for 2020/2021, firms should be aware of and how they might mitigate those risks.