As the compliance burden increases, the role of the compliance officer will become more demanding…
Talk to any random group of compliance personnel from any type of law firm and there is likely to be a consensus that the compliance burden is likely to increase in years to come and not diminish. Further complications that might arise will probably relate to the range of issues to be addressed and the method of proving that suitable arrangements are in place. How, exactly, do we therefore expect the compliance role to become more demanding and how should we plan accordingly?
COLP and COFA
The best starting point is within the SRA regime and the key roles, from the regulator’s point of view, of Compliance Officer Legal Practice (“COLP”) and Compliance Officer Finance and Administration (“COFA”). These roles have statutory origins and can be found within the Legal Services Act 2007 as one of the prime means by which professional controls would be maintained in the alternative business structures made possible by Part 5 of the Act. Subsequently, the SRA chose to extend the requirements to all traditional lawyer-managed-only practices as well.
There have been suggestions in the past that the need for the two roles, often combined by one office holder in smaller firms, should be relaxed in small firms on grounds that this amounts to ‘regulatory overkill’. However, the regulator seems to be just as committed to this link with all practices as ever. Within the revised Handbook the requirements for compliance officers can be found at section 2.1 of the Code for Firms under ‘Compliance and Business Systems’ and quite clearly continues to apply to all forms of practice that are authorised and regulated by the SRA.
Beyond these basic requirements there are numerous other policies and statutory roles that will require somebody to wear the badge; the COLP, compliance partner or officer most obviously, or managing partner otherwise. A non-exhaustive list would include health and safety, bribery, tax evasion, complaints, client care, IT security and equality and diversity. The anti-money laundering regime now requires (in a move primarily directed at the banks rather than professional practices) the appointment of a compliance officer as well as a reporting officer, but again it is commonplace to find that the two roles have been rolled into one. Data protection has, of course, become more high profile of late as a result of the changes brought about by the GDPR and, although few firms will be formally required to appoint a Data Protection Officer under Article 37, a partner or manager should be nominated as having control for this aspect of the firm’s operations. It will probably follow that they will become the person nominated to receive data subject access requests.
Addressing the challenge
So how to address the challenge that all of this presents? First, and quite obviously depending on the size and complexity of the firm, consideration needs to be given to whether it is realistic to assign all of these roles to one individual or whether they should be shared out between a number of people within the firm. This might involve employed compliance personnel who might perform limited functions such as client onboarding with the accompanying CDD checks as required by the Money Laundering Regulations 2017 and conflict checking, or perhaps more senior personnel in the roles of compliance manager or director. Whoever fills the role(s) it seems likely that the data they will be dealing with will be increasingly automated and so being comfortable with IT systems seems likely to move from ‘desirable quality’ to ‘required skill and attribute’.
Elsewhere a generation change can be observed bringing different problems in its wake. Those approaching retirement were brought up in an era when over-specialisation was discouraged and more emphasis was placed on becoming a ‘good all-rounder’ before finally developing into a particular niche. Being able to take a wider perspective on issues as they arise, and having some experience (however limited) of all of the problems in hand can prove invaluable if unravelling complex issues when they arise.
Perhaps, in summary, the main challenge for tomorrow’s compliance officer will be to harness knowledge and skills with wisdom and experience also. Let us hope that all such legal paragons are properly respected and rewarded.
Matthew Moore is a Director of Infolegal Ltd and a consultant solicitor on legal regulatory concerns www.infolegal.co.uk.
Matthew Moore will be moderating a panel session on finding the compliance officer of tomorrow at the Risk and Compliance for Law Firms conference on 30 January. To find out more or to book your place, visit https://riskandcomplianceforlawfirms.com/