After so long in lockdown, planning for the reopening of offices is no doubt at the top of your to do list, but what else needs looking at?
Here are a few ideas we hope will assist in creating your Compliance Plan for the rest of 2021 and in looking forward to next year.
Ongoing disruption caused by Covid has probably meant lots of things from last year were put on the backburner, so start by reviewing last year’s plan. Everyone is likely to have an ‘it will have to wait’ list, so you need to decide if these can be kept on hold and if not, put them to the top. Other things of course definitely won’t wait or may have been thrust upon us with little or no notice.
Have you got round to reading the LSAG Guidance yet? All the relevant parts? Much has changed since the last version, and there has been an update to the National Risk Assessment too which you need to take into account. Now is the time to give your AML policies and procedures a health check if you haven’t already. Don’t forget to provide updated training and then ensure that changes you make are embedded in processes, particularly as the SRA is carrying out audits and are testing against the new Guidance. Are people appropriately documenting source of wealth and funds, are matter risk assessments completed, do they reflect the new guidance and policies, is there documented ongoing monitoring of matters? How about doing those AML file audits you have been putting off? You may need to revise your firm wide risk assessment as well and don’t forget to keep copies of the old one, to evidence it is a living document.
Next ‘to do’ –
There has been another SRA Equality & Diversity survey. This needs to be advertised to ensure as many people as possible complete it. If you choose to publish the results, perhaps on your website, remember to do so in a way that avoids people being identified. Reflect on your previous surveys and look for any improvements, record them and comment on them internally and in any relevant publicity. Consider any action you may need to take – when did you last provide E&D training? Have new staff members received it?
You need to consider holiday cover as people will be wanting a well-earned break. How will you adapt to people being unavailable? For those needing to get away from the same four walls, foreign travel might still be off the cards, so they could be venturing into remote parts of the country where mobile reception is poor and holiday home Wi-Fi is only available in theory.
If you have spare time, you could look at improving your information security status by checking how you compare against the CyberEssentials standard, or even CyberEssentials+. However, renewal time is likely to keep you busy all month.
It’s the anniversary of the SRA Transparency Rules in December and it’s something the Regulator is keeping its eye on, so now would be a good time to start your review. How has Covid affected timescales? Have staff changed? What about fee rates and other costs? Not just changes to your own firm, but think about delayed responses from third parties, busy Courts and other factors which mean things just aren’t moving as fast as they used to. Plenty of time to update your website if done now.
This month another anniversary – the SRA Standards and Regulations, so this month you should carry out your annual review of your policies and procedures to ensure all is in order. Has anything changed? Take a look back at recent SRA Updates, thematic reviews, and other announcements so you know what they are looking for. Can you evidence these have been taken into account?
Now is as good a time as any to carry out a review of your risk register, and if you don’t have one it’s a good time to create one. It should cover things like:
- Complaints and claims
- Identified trends from file audits and supervision
- Business Continuity Plan review outcomes
- SAR’s submitted (or not)
- DSAR’s and information security issues
- What’s gone wrong? What went right?
- The year ahead – what are your audit and training plans for example? Back to that Compliance Plan!
Now might be a good time to remind everyone of the importance of ensuring that file reviews and supervision are done. Don’t let this drift. Ensure any trends are identified and dealt with. Is training up to date? As well as AML and information security, what about equality & diversity? Have you only done your Bribery Act training just the once, all those years ago? Completing a Learning Needs Analysis will be required, so make sure learning is planned so people are able to make the necessary declarations. Don’t forget recent recruits who might not have had all the required training.
Are your information security measures adequate? They may well be tested – we know of some firms that have been the victims of sophisticated hacking and ransomware, and its regularly in the national news too. This isn’t simply ensuring homeworkers are updating their anti-virus software, but more essentially, are they carefully checking emails and client instructions in order to spot attempts by fraudsters to intercept the movement of completion monies. Is your accounts team in the loop?
I know, its year end for lots of firms, so much of this month could be used up ensuring time is recorded, bills are raised, and general housekeeping dealt with to ensure the figures look as good as possible. However, there are some things to consider if time allows –
- If you have the CQS standard, now would be a good time to review your compliance with it. Why not also check your Lexcel compliance if it’s also a standard you have obtained? Remember the requirements for training.
- It’s a year since the LSAG guidance was published – worth giving it a once over just to remind yourself what it says?
And one other thing – National Security Investment Act 2021. You may be unaware of the significant changes this legislation imposes upon you and in particular your clients, many of whom could be subject to strict reporting and approval requirements. Be warned!