In 2023 we saw increased levels of guidance and new directives from our industry regulators along with new legislation and ongoing changes in areas such as sanctions. Therefore, it’s never been more important to be on top of your compliance. Choosing the right partner to assist you is an important part of developing ‘Compliance that Works’ for law firms in 2024. Here, we consider some of the things you might want to contemplate when compliance planning, to ensure you feel confident, safe and ‘Regulator Ready’.
Preparing an annual compliance plan will allow you to breakdown and design an ongoing effort that’s more likely to permeate the whole firm and its behaviours, rather than having the sugar rush and panic of concerted efforts or crisis avoidance.
Where to start compliance planning
Before you prepare your annual plan, you need to ensure you’re up-to-date with the following:
1. Guidance and legislation
Have you got round to reading the LSAG Guidance including the March and November updates and the significant areas covered including the 36 Principles and Proliferation Financing? Much has changed since the last version. There’s also been an update to some Sectoral AML Risk Assessments which you need to take account of, in addition to other guidance, including the results of Thematic Reviews.
Are you up to speed with the requirements of Sanctions legislation? Regulators are beginning to assess firms compliance, visiting them to see how they are coping, what their policies and procedures are.
So, make sure you’re up-to-date with these changes.
2. Policies and procedures
Another great way to start the year is giving your AML policies and procedures a health check.
Don’t forget to provide updated training (another area subject to Regulatory scrutiny at present) and ensure that changes you make are embedded in processes, particularly as we know the SRA, Law Society of Scotland and CLC are committed to carrying out audits and are testing against LSAG Guidance as well as the Regulations.
3. Audits
Carrying out audits is a a good way to start a year. Are people appropriately documenting source of wealth and funds, are matter risk assessments completed appropriately and do they reflect the new guidance and policies, is there documented ongoing monitoring of matters? How about undertaking AML file audits to get the year off to a good start?
4. Risk assessments
You may need to revise your firm wide risk assessment if its more than a year old and record your risk assessment relating to Proliferation Financing. Don’t forget to keep copies of the old one, to evidence it is a living document.
A Sanctions risk assessment would be good idea too!
Compliance planning
It’s now time get the diary out and plan your compliance activity for the year ahead.
January
Now might be a good time to remind everyone of the importance of ensuring that file reviews and supervision are done. Don’t let this drift. Ensure any trends are identified and dealt with. Is training up to date? As well as AML and information security, what about equality and diversity? Have you only undertaken your Bribery Act training just the once, all those years ago?
Regulators are now looking at how firms are dealing with a wide range of Economic Crime, not just AML – there’s Tax Evasion and Fraud too. Don’t forget recent recruits who might not have had all the required training. The Teal Tracker is designed to make this easy for firms to collate and track. Get in touch if you’d like to know more.
February
Are your information security measures adequate? They may well be tested – we know of firms that have been the victims of sophisticated hacking and ransomware, and it has lasting effects, taking many months (and disruption and expense) before things return to normal.
This isn’t simply ensuring homeworkers are updating their anti-virus software. More essentially, are they carefully checking emails and client instructions in order to spot attempts by fraudsters to intercept the movement of completion monies? Is your accounts team in the loop?
March
We know that March is year end for lots of firms, so much of this month could be used up ensuring time is recorded, bills are raised, and general housekeeping dealt with to ensure the figures look as good as possible. However, there are some things to consider if time allows:
- If you have the CQS standard, now would be a good time to review your compliance with it. Why not also check your Lexcel compliance if it’s also a standard you have obtained. Remember the requirements for training.
- It’s a year since the latest LSAG guidance was published. It might be worth giving it a once over, just to remind yourself what it says.
April
New financial year means a new budget. This is where training should be considered, especially if you haven’t done anything recently.
You may also want to consider that independent AML audit that you’ve been putting off. Regulators are of the opinion that the vast majority of firms need one, no matter how small the firm may be. If you do a reasonable amount of AML regulated work, you need one. If you do conveyancing, you will be caught.
May
May should be a good time to consider your risk management. Do you have a disaster recovery (business continuity) plan? Now would be a good time to test it and learn from the experience. If you can’t test the whole process, you should consider checking one of the greatest risks, such as cybersecurity. Consider:
- Is all your IT running the most recent updates?
- Have you arranged a Penetration Test with your external IT support?
- Have you arranged a mock phishing exercise to see how many colleagues click on dubious links?
- Have you considered ‘Friday Afternoon Fraud’?
- Have you done any training?
- Have you set training reminders?
June
Now’s the time to get to grips with all of that unbilled WIP. Close files, send them to storage, and destroy the really old records that went past their destroy date years ago.
Alongside this, ensure any client monies you have no reason to keep hold of are sent back to clients. You don’t want to get fined for failing to deal with residual client money!
July
Since you did get round to checking CQS issues in March, how about going one step further and organising an independent CQS audit? Contact us to organise one.
Perhaps consider training for your COFA. It’s a good idea to ensure they get specific training. Remember training is a hot topic for Regulators, so make sure the COFA gets some too.
August
Staff will no doubt want a well-earned break which can present additional risks which you should now consider. How will you deal with holiday cover? How will you adapt to people being unavailable?
For those needing to get away from the same four walls, foreign travel might well be on the cards, and they could be venturing to where mobile reception is poor, and Wi-Fi is not secure.
September
If you have spare time, you could look at improving your information security status by checking how you compare against the CyberEssentials standard, or CyberEssentials+.
However, renewal time is likely to keep you busy all month.
October
It’s the anniversary of the SRA Transparency Rules each December and it’s something the Regulator is keeping its eye on. So, now would be a good time to start your review.
Have staff changed? What about fee rates and other costs? Not just changes to your own firm, but think about delayed responses from third parties, busy Courts and other factors. Does your website need a review?
Remember, firms are being fined for lack of compliance.
November
It’s nearly the end of the year, so make sure those file reviews done.
If you have a considerable backlog, your colleagues really aren’t going to be grateful for another round of chasing them to get them done.
Why not get in touch with Teal to undertake some for you? We can help with both AML reviews and Regulatory ones, client care letters, conflict checking, costs updates and the like.
December
Now is as good a time as any to carry out a review of your risk register. If you don’t have one, it’s a good time to create one.
Your risk register should cover things like:
- Complaints and claims
- Identified trends from file audits and supervision
- Business Continuity Plan review outcomes
- SARs submitted (or not)
- DSARs and information security issues
- What went wrong and what went right
- The year ahead – what are your audit and training plans for example?
It’s then back to that compliance planning for next year!
Get in touch
At Teal, we’re here to support your journey towards compliance that works by mitigating the risk of legal compliance issues.
Whatever time of year, if you need compliance assistance, our team of experts are on hand. We offer a range of compliance services to ensure you’re on track to achieve compliance success.