Are you getting complacent with compliance?

After months of many solicitors working from home, it's easy to get comfortable. But with complacency comes the risk of non-compliance with your regulatory obligations. Jessica Clay provides a refresher on your duties, the risks involved in remote working, and how you can stay compliant.

The SRA Standards and Regulations (StaRs) may have had a mixed reception since their launch in November 2019, but they have certainly provided an opportunity to take stock of how you practise and introduce essential steps to ensure ongoing compliance with your regulatory obligations.

However, after six months of working from home, there's a risk of complacency creeping in as we become more comfortable, which could leave us exposed to some fundamental risks in respect of compliance.

In this article, I provide a reminder of some of the risks in working remotely, and some practical tips on how you can stay compliant in case you've slipped into bad habits.

The key provisions

There are key provisions within the StaRs to be aware of when considering how best to ensure compliance with your regulatory obligations, and which might be engaged in the event of non-compliance.

SRA Principles

• principle 2 – you act in a way that upholds public trust and confidence in the solicitors’ profession and in legal services provided by authorised persons 
• principle 7 – you act in the best interests of each client

SRA Code of Conduct for Solicitors, RELs and RFLs (‘Code for Individuals’)

• paragraph 4.2 – you safeguard money and assets entrusted to you by clients and others
• paragraph 6.3 – you need to “keep the affairs of current and former clients confidential unless disclosure is required or permitted by law or the client consents”

For those with supervision responsibilities, paragraphs 3.5 and 3.6 are also key. These state that where you supervise or manage others providing legal services, you:

•  are accountable for their work
• must effectively supervise their client work
• must ensure that those you manage are competent to carry out their role, and keep their professional knowledge and skills, as well as their understanding of their legal, ethical and regulatory obligations, up to date

The risks in working remotely

Documentation and removable media

The increased risk of loss of confidential information and of data breaches through hard copy documents being transported and kept at home, rather than in offices with the necessary security, systems and controls in place, is inevitable.

You can minimise this risk by, wherever possible, working digitally and avoiding working from hard copy documents. This includes taking fewer handwritten notes during phone calls or virtual meetings; instead, consider typing contemporaneous notes or, where this is not possible or preferable, seeking support from colleagues to do this on your behalf.

If working electronically in this way is not possible, consider transporting and storing documents in a locked receptacle. If you have supervision responsibilities, you may want to stipulate the types of lockable storage you would prefer individuals to use, wherever possible (e.g. a large lockable filing cabinet or lockable drawer within a desk is likely to be harder to steal than a portable lockable rucksack).

Where this is not possible, remember (and remind others) to keep your working environment as secure as possible, by setting a home security alarm and/or closing windows when you / they go out. Avoid using removable media to transport data and, if it does need to be used, ensure the device is encrypted.

Data and cybersecurity 

Think about your day-to-day ‘home office’; where necessary and indeed where possible, try to work in a private environment where others cannot overhear your confidential conversations. If you share your working space, think about wearing a headset, so at least one half of your conversation cannot be heard. The same applies to your computer screen and making sure its content is not visible when it should not be. Also:

• avoid predictable passwords and consider using password managers
• update your password regularly
• regularly re-boot your computer and run updates, so that your antivirus software remains effective
• use two-factor authentication for email and log-ins, where possible
• verify email addresses by independent means wherever possible, and password-protect attachments (with the password being provided separately), to best protect against potential breaches

Video-conferencing

The ability to ‘share your screen’ through Skype for Business and Zoom should be used with caution and, in some circumstances, limited to internal meetings. You should:

• only share appropriate material / data with the parties in attendance
• disenable email pop-ups, so that confidential information is not inadvertently displayed to others whilst screen-sharing, and that if you are sending people into, for example, separate ‘Zoom rooms’, check this has worked properly before commencing a discussion
• verify all attendees before starting to discuss anything confidential

Being accountable

The themes of accountability and exercising your judgement pervade the StaRs. 

Wherever we are working, we remain accountable for our actions and we also need to be able to justify why we have acted in a certain way. It is also a reminder to us all that working remotely should not lead to a relaxed attitude towards the importance of one’s regulatory obligations. You should be aware that you are responsible for the professional judgement you exercise, and that any decisions you make on a particular case, particularly on complex issues where you could have arrived at a different outcome, should be carefully recorded. This should include reasoning for why you have chosen to act in a certain way, so that you can justify decisions, should you need to.

The SRA’s Enforcement Strategy recognises, however, that mistakes do happen; clear record-keeping will therefore help to distinguish between honest mistakes and less excusable ones.

ABOUT THE AUTHOR

Jessica is a Senior Associate with extensive experience specialising in legal services regulation. Jessica’s work in this sector focuses on advising her clients in relation to complying with regulatory obligations, better understanding the importance of legal ethics within regulation, regulatory investigations and public law matters, including reviewing regulatory frameworks and decision making processes.  Outside the legal services sector, she acts both for and against the regulators of the accountancy and actuarial professionals