Risk Management

Someone writing a report

Revised Lexcel Standard: Be prepared!

Blogs, Legal Compliance, Regulatory Compliance, Risk Management /

The Lexcel Legal Practice Quality Mark has been revised and expanded.  Lexcel accredited practices will be assessed against the revised standard from 1st November which means there is plenty for you to be working on. The Law Society Lexcel website gives you more information.

Broadly, these changes align the standard with recent new and revised legislative requirements in relation to data protection and financial crime.

The SRA Code of Conduct 2011 mandatory outcome 7.5 applies whether or not you are Lexcel accredited… ‘you comply with legislation applicable to your business, including anti-money laundering and data protection legislation’.

1. Start planning

There is a lot here to risk assess, develop, train, implement and test before your next Lexcel assessment … and of course to communicate to clients, as appropriate, and to your staff.

With regard to data protection, look at all the Lexcel requirements and you will soon realise that data protection touches all areas of the Standard.

2. Risk assess

You will need to look at the wider picture to assess and manage the risk of breaches and other offences.  A thorough review will include your compliance plan, risk register, policies and procedures, record keeping, monitoring and training.  Are you, for example, maintaining appropriate records of data processing activities, information asset registers, money laundering risk assessments and records?  Remember it is important to keep records of your decision making to evidence compliance and to have robust breach reporting procedures.  You need to understand your vulnerabilities and risks and address these accordingly.

3. Develop documentation

For all these new requirements off the shelf template policies or procedures may be helpful but are not always likely to be sufficient as every practice is different. One size does not fit all.  Examine the profile of your own practice, undertake thorough risk assessments and gap analyses.  Bespoke policies and procedures in plain language and applicable to your business are best practice, and likely to be more robust and easily understood by everyone.

4. Train, implement and test

Ensure your policies and procedures are effective. Undertake audits and spot checks.

Be prepared for assessors (and potentially other bodies), to review your central documentation, follow the audit trails, check your matter files and interview staff for evidence that they understand their responsibilities relevant to their role and have received appropriate training.  Importantly too, are your staff able to identify potential breaches or compliance failures and do they know how to go about reporting this?

A wealth of information and guidance is available on the ICO, Law Society and SRA websites.  As always, Teal blogs are a great resource for practical guidance.

Make sure you check out the Cyber Essentials scheme which, for Lexcel accreditation, firms are now encouraged to achieve.

Take a deep breath, consider your risks, raise awareness in your business, and start your reviews and preparation now.

Get in touch

Most of all, don’t lose sleep! To find out more about our risk management services, simply contact one of our experts today to chat about how we can help.

Revised Lexcel Standard: Be prepared! Read More »

Side view of silver laptop

Technology for compliance

Blogs, Legal Compliance, Risk Management /

At the recent Teal Annual Conference, I spoke to the delegates about Technology in Compliance. I’d like to pose some of the questions we talked about during the session. How would your firm answer?

  1. How do your current systems and processes work for you?

  2. As a firm, are you all working on the same system or is it a mix?

  3. Are you confident that all your employees are using the same versions of documents such as your Client care letters and Terms of Business?

  4. How often do you review your systems and processes?

The answers to the above questions are fairly self explanatory when it comes to assessing how effectively a firm is using technology to support their compliance function.

There are common themes for the majority of firms I meet. Firstly, there are still many firms that do not have a case management system (actually there are a lot) and who operate with a “S – Drive” where everyone can access and save documents. Secondly, there are those that have a mixture of different systems, and different levels of take up of those systems depending on the department.  There are of course some firms that use their CMS to the best of their advantage. This takes a significant amount of work, but the firms that make the effort, reap the rewards. Personally, I would like to see compliance embedded into the IT systems and processes within all firms.

By investing in people, processes and systems it allows compliance to become second nature, providing an additional layer to internal risk management, and an audit trail if something were to happen.

In addition, it can also help increase profitability – so what is there not to like?

With so many different systems on the market, if you do not have a system, or are looking to change, how do you choose the right one for your firm? Here are some pointers:

  • Select the project team in-house – have a mix of staff covering support staff, fee earners, IT, management. You need to have a complete overview from all perspectives. Also ensure you include different disciplines, as each will have their own requirements.
  • Scope the list of features you must have, should have and would like to have. A project cannot always be completed in one hit, and taking a phased implementation approach is often more successful.
  • Do your research into providers or bring in an independent consultant who can assist. It is not a case of one size fits all.
  • Know your budget – there is a vast difference between “out the box” and custom built.
  • Shortlist the systems that you consider will assist you in your business and arrange a beauty parade.
  • Have a selection of staff at demonstrations.
  • Take your time to work through the pros and cons.
  • Consider the change management that will be needed within the firm to implement the new system.

As a starter for ten, here are some of the features which you should consider embedding into your systems:

  • Conflict checks
  • AML – check the integration with AML providers
  • Streamline your systems and have mandatory workflows to embed compliance
  • Versioning control
  • Workflows
  • File reviews
  • KPIs
  • Key dates
  • Client feedback
  • Risk assessments
  • Outlook functionality
  • HR plugins
  • Office manual
  • Training and development
  • Risk register

I am strongly of the view that we can effectively use technology within our compliance systems to minimise the risks involved in running a law firm. Why make things more difficult for yourselves, your firm, your staff, and your clients than they need to be!

Get in touch

Teal Compliance offers a compliance technology platform which is built specifically for law firms. Find out more about Teal Tracker, or alternatively contact one of our helpful advisers.

Technology for compliance Read More »

Pinboard with a note pinned on saying "What's your goal?"

What are your compliance goals?

Blogs, Legal Compliance, Risk Management /

 

At the start of 2018 most us will have sat down and set personal new year resolutions. There are two questions I would ask:

  1. How many of those resolutions are you maintaining?

  2. Out of those resolutions, were any of them business focused?

Whether you are the decision maker in the firm or an employee it is always good to have goals to focus on.  Compliance underpins both the individual and firm wide goals, without it you are almost certainly not going to succeed.

At the very least whilst you may think you are succeeding without compliance, it will only take one complaint that leads to a negligence action or a rogue fee earner that will bring the walls tumbling down.  The foundation of any law firm is Compliance – how good would it be to achieve all your goals and sleep at night without the worry of “what if”?

Even in the most compliant firms partners will still at one time or another have that feeling of something going wrong, usually in the middle of the night.  At Teal we are here to make sure that those 3.00am wake up calls are few and far between.

Prevention is better than cure and sometimes the not knowing how to deal with something is far worse than the issue itself.

If you were building a house or a block of flats, you would not do so without the appropriate planning permission or foundations.  Building a block of flats on the same foundations as a single or double story house is a risk that we can all see.

You may not be able to see the risks in your own firm, which is where Teal can assist.  We know what to look for, how to deal with the warning signs and put systems in place.  We will set goals for you which we know you will be able to achieve.

Compliance is not about setting people up to fail, it’s about being realistic in training your staff, so they know what to look out for and question.  It’s about being preventative and having the knowledge of what is truly happening in your firm.  Not turning a blind eye because that fee earner bills a higher amount.  It’s about the culture and fit of the employees within your firm.  It’s your integrity, ethics and your reputation.

So, if we were to look at your compliance goals – what would they be?

Get in touch

We can help you achieve your compliance goals through a range of services we have to offer. Simply get in touch with one of our experts today to find out more.

What are your compliance goals? Read More »