Keeping in step with regulation

The culture of compliance that pervaded regulation in the past is giving way to a fresh principles-based approach 

Simon Callander

By Simon Callander, general counsel and partnership secretary, Olswang

The arrival of outcomes-focused regulation in October 2011 was greeted with howls of concern by the solicitors’ profession as a whole. A new and uncertain regulatory landscape lay ahead of a profession that has a strong desire for certainty and clarity at the very heart of its culture, training and service offerings. Commentators at the time noted that the new regime offered plenty of negatives and few positives. Eighteen months on, though, the landscape feels very different. Those that have embraced the changes can feel empowered by them and are able to drive risk management into their business as a key part of the business process, rather than simply a compliance burden.

There are things that firms need to be aware of, principally that the change in regulatory structure has moved responsibility away from the regulator to the regulated, with a consequent need to apply sufficient resource to risk-management activities. But there are also opportunities to be exploited. Not opportunities to play fast and loose in the face of broader, less prescriptive, regulatory rules, but instead opportunities to focus on making regulatory, compliance and risk management a more central part of any business and to construct it in a way that fits with your business needs rather than regulatory strictures.

In experiencing these regulatory changes, law firms are feeling no more than the change of regulatory approach that is sweeping through other industries and professions. The world is moving away from a process-driven tick-box compliance structure to ‘principles based’ and ‘outcomes-focused’ regimes. Recent changes in the financial services markets have seen the newly-formed Financial Conduct Authority clearly state a desire to focus on the root causes of regulatory issues and do away with the over formulaic reliance on disclaimers, legal documentation and point of sale checklists. 

This has all happened against a financial, social and political climate where it is no longer acceptable to demonstrate that one has followed the rules. Whether it is about expenses scandals, the conduct of the financial services industry or other areas of business, the key question being asked is, “was it the right thing to do?” and not, “was it permissible?”. 

Good faith

So how do you know whether something is the right thing to do? One of the first things you need to do is to realise that over-reliance on systematic process-driven risk management is not the be-all and end-all in the new regulatory world. Systems and processes are undoubtedly needed as part of your risk management infrastructure but in addition you must also allocate enough experienced resource to allow important judgement calls to be taken. 

Decisions need to be taken that can be explained after the event and which properly consider and weigh competing factors, including the potential for ambiguity or uncertainty. It will be important to make sure you document your decision process and evidence what factors were considered and how they were balanced. While the fear is that in so doing one leaves the decision vulnerable to subsequent criticism, the Solicitors Regulation Authority has made it clear on a number of occasions that its intention will not be to second-guess the conclusions of those who take those decisions. One of the key things it will be looking for is the thinking behind a particular decision and evidence that a proper decision-making process was followed. It accepts that decisions may look wrong in hindsight, but should not criticise those involved for getting a decision wrong where it was made in good faith. 

Greater flexibility

This change obviously brings with it responsibility for law firms. It also brings greater operational flexibility. With the right level of risk management and regulatory input, it is open to firms to fashion decisions to individual circumstances, rather than having to follow formulaic and prescriptive rules which take little or no account of those individual circumstances. Your decision can be moulded to your client and the circumstances of the case, allowing you to more appropriately deal with the issue at hand. There is no need to treat a sophisticated corporate client with plenty of in-house legal expertise in the same way as an individual private client. Equally, decisions may be affected by the nuances of the underlying fact pattern. The response of law firms to individual issues can therefore be fashioned to meet specific situations, allowing a better result for clients as a whole.

To make these sorts of decisions, firms must think about the resources they apply to them and how they embed the change into their business operations. The most obvious change in terms of resources has been the growth in the number of people holding the role of general counsel at solicitors’ firms. Law firms have recognised what other industries have known for some time: having someone with a specific role to provide not only purely legal advice but also a broader commercial and ethical perspective creates a truly independent challenge and real value. No lawyer would profess to have a complete understanding of all areas of the law, especially in a world where specialisation is the norm, so having someone with experience in taking and implementing these sorts of decisions becomes a critical part of your risk management infrastructure. 

They must be able to take risk-based decisions and offer solutions that facilitate the aims and objectives of their business while protecting client interests. That is a complex balancing act, but one where the legal profession has an undoubted advantage, as it is meant to be a core professional skill. As a result, unlike other industries and professions, it should be easier to empower those in the front line of any legal business with the ability to take many risk management and regulatory decisions themselves.

Managing risk 

The changes go wider, however, than individual decisions on individual issues. They require firms to look at risk management on a broader basis and to consider things at an operational as well as an issue-specific basis. For example, financial data provides a good source of information about potential risk areas in a business. A practice group that is performing exceptionally well against budget is to be much admired, but may be carrying extra risk as it operates at full capacity. When one starts to see additional risk signs, such as high turnover of staff, reports of deadlines missed or other failures, one starts to see a wider risk where it may be necessary to intervene with questions about capacity and recruitment plans.

Similarly, an area of a business experiencing significant write-offs may be finding itself priced out of a marketplace. A good risk management intervention would be to ascertain the extent to which that area of the business is exploring how it might achieve greater efficiency, for example through greater standardisation or even automation. 

In both cases risks are being run which might not lead to immediate losses to the business or its clients. Experience tells us, though, that in the long run that is unlikely to remain true. The reality is that everyone in a senior leadership role needs to be engaged in thinking about risk management in its broadest perspective. 

Skilling up

Driving change and improvement is what outcomes-
focused regulation is really about. In an environment where a business is actively thinking about what it is doing, applying sufficient senior resource and putting protection of client interests at the core of its operations, little is likely to go wrong.  

Now is the time to ensure that your risk management capability is ready for the challenges of not only the new regulatory world, but also the wider commercial and competitive pressures in the marketplace. As other industries such as banking massively up-skill in this area, the legal industry should make sure it keeps in step.