Michael Napier

The views27Q: Dealing with compliance isstill the devil in the detail, withthe Risk Register proving to be anew headache. So, how best totackle them?Important dates have comeA: and gone with more diarisedfor the coming months. I don’tthink this will change for us in thenear future as the legal sectoris all about new requirements,amendments, updates, changesand reviews.Great to see firms prioritisingcompliance and enquiries regarding outsourcedservices are at an all time high.New firms we are working with are going throughcompliance reviews. Firms that have completed thecorrective action required and have their complianceplans drafted are going for Lexcel. One area we areworking on with all our firms is the Risk Register.Registers that we know well include those used forDeclined Instructions, and High Risk Instructions but theRisk Register is something new.So how to go about drafting one? You firstly need toconsider the main categories: Strategic Risk, DisasterRisk, Regulatory Risk, Financial Risk and Operational Risk.Then consider the generic risks per case type thatyou deal with: Residential Conveyancing will includeRegulatory risks including Money Laundering andMortgage Fraud. Negligence claims and Conflict ofInterest will also be applicable. List these for each casetype that you deal with.Then move onto the detail. The way we areapproaching this is in the format of a table and eachrisk is listed and the grading of the risk is then stated.You need to consider what the starting risk is and if thischanges due to the processes and policies you haveput in place. So as an example Money Laundering maybe high risk to start off with but due to the policiesand procedures that are in place, the risk may bedowngraded to medium or low. Other specific riskscould include failure to report breaches to the COLPand COFA, the risks of being removed from lenderpanels, losing clients and tenders.Finally, bear in mind that the Risk Register is aworking document that should become a valuable tooland an important part of your Risk Management.By Jaunita Gobby, Director, Legal Eye LtdRisk: identify,target, complyRisk assessment is compulsory*but how do you do it?Looking at your firm’s claimshistory is OK as far as it goes. Afterall lightning often strikes twice inthe same place. But rememberonly a tiny proportion of mistakesproduce claims, so your claims datadoes not tell you enough.Also look at complaints. Losing a good client cancost as much as paying out on a claim. So scrutiniseyour firm’s own complaints records but also check outthe data from the Legal Ombudsman (http://www.legalombudsman.org.uk). This shows that clientsmostly complain about a failure to crack on, ratherthan mistakes (i.e. failing to advise or keep the clientinformed, or to make progress accounts for half ofcomplaints). Do you have adequate training, guidelinesand supervision to address those issues?Also check your records on time written-off. Again,firms lose more money through write-offs than claims.The people who are writing off time and producingcomplaints are probably the ones who are creatingother risks too.Use a structured approachThere are many potential risk areas, so think carefullyabout all your management systems. Socratespublishes a questionnaire that takes firms through thekey areas.People issues are often neglected, but that is wherebig risks can lie. For example do you have some rogueelephants in your firm, who refuse to submit to normalprocedures and supervision? Do you have anyone whois serially unreliable, or has a drink problem, or (whisperit quietly) you do not trust? These are tricky problemsto resolve, but the first step is to acknowledge that theyexist.For each risk identified, estimate its likelihood, andthe seriousness of the potential consequences.When you have identified the risks with seriousconsequences, which have a significant likelihood ofoccurring, you have to set about mitigating them. Butthat is for another day.By Bernard George, Director of SocratesTraining Limited* Code of Conduct Outcome 7.3 requires that you:‘identify, monitor and manage risks to compliancewith all the Principles, rules and outcomes and otherrequirements of the Handbook, if applicable to you, andtake steps to address issues identified’.ML // November 2012