When the ICO fined a prominent criminal law firm nearly £100k for breaching the UK’s Data Protection Act, it was a timely reminder that law firms aren’t above the law and need to be careful about compliance.[1] However, it shouldn’t only be viewed as a liability. Compliance can also contribute to the efficiency and profitability of firms.
Have you noticed that the word “compliance” is very often paired with “burden”? People speak about the compliance burden, but there can be an upside to it. After all, compliance walks hand in hand with good governance, which brings many business benefits. These include enhanced stability, productivity and performance; reduced risk and greater peace of mind; alongside a reduced likelihood of investigations, complaints, claims or reputational damage. All of this supports higher employee and client satisfaction and retention, more resilience, a stronger reputation, faster and safer growth and enhanced profitability.
Trust and confidence
Notwithstanding, and however you view compliance, it’s of utmost importance in the legal sector. Who’s going to be confident about working with a law firm that can’t obey the law? To earn clients’ trust and confidence, and to uphold the reputation and integrity of the profession, laws firms should always be compliant with prevailing laws and regulations across a range of areas. These include data protection and cybersecurity, health and safety, ESG, finance and accounting, employment law, tax law, advertising regulation, and corporate law. And compliance includes reporting duties: for example, on detecting a data privacy breach, organisations are required to inform the ICO; and all LLPs have financial reporting obligations.
Nor does compliance stop there. Firms are additionally held to account if they fail to comply with Outside Counsel Guidelines (OCGs). They should also be clear about any other commitments made, possibly as part of the firm’s ESG agenda, e.g. on reducing carbon emissions, or growing diversity in the firm. What promises have been made to suppliers, staff and the wider community; are these being fulfilled; and how is that being evidenced?
Finally, law firms and lawyers are also rightly held to very strict standards by the profession’s governing bodies: the Law Society and the Bar Standards Board; and its regulator, the Solicitors Regulation Authority. It’s a lot to keep track of, but it’s important that those with responsibility for governance, risk and compliance do so diligently and well. As to how it’s all managed, clearly technology has a strong role to play.
The contribution of technology
Firms need compliance controls, policies and procedures to achieve compliance consistently and to demonstrate intention to comply, and adherence to best practice. Employees must be educated about policies and procedures, and discipline processes put in place for breaches.
All that said, the best way to manage compliance must surely be “efficiently” and “cost effectively”. So, firms should be folding compliance into the firm’s processes and procedures and building it into the workflows and systems that control processes and consistency, ensuring nothing’s missed and shortcuts aren’t possible.
To give a concrete example: when clients are onboarded, anti-money laundering checks should be part of the firm’s standardised due diligence process. And if this process is managed using a digital solution there are clear advantages around speed, consistency, accuracy and accountability (because a standardised record will be created).
There’s also the opportunity to integrate. For example, opening a new client file in the firm’s practice and case management system (PCMS) could be blocked unless the due diligence module is completed satisfactorily. Data could also be carried across into the firm’s PCMS: obviating the need to re-key, so saving time, stripping our human error and ensuring the creation of a single, complete client record in one place, forming a single version of the truth, that’s easy to find.
Dealing with data
And talking of data, clearly special attention needs to be paid to its security and integrity because this is the focus of much data security and privacy regulation. Also cybercrime is rising, and legal firms are a particularly attractive target for cybercriminals. It’s therefore important to adopt systems that rigorously maintain data security, including when lawyers are working remotely. To support compliance, firms should always choose document management solutions that provide best-of-breed security.
Finally, monitoring, auditing and reporting are also necessary to control and demonstrate compliance. Again, the right systems will be of immeasurable help in keeping records of checks undertaken, and ensuring they’re securely held, accessible, up to date and uncorrupted. And luckily, when you think about compliance, the net result is often systems that deliver more efficiency and resilience too.
[1] https://ico.org.uk/media/action-weve-taken/mpns/4019746/tuckers-mpn-20220228.pdf
