New Law Firm Regulations in England and Wales Will Affect U.S. Firms

New law firm regulations in England and Wales will affect U.S. firms

Frank Maher and Anthony E. Davis The National Law Journal July 21, 2011

Legal Risk’s Hinshaw & Culberston’s Frank Maher Anthony E. Davis

A nascent regulatory scheme governing U.K. law firms that will go into effect on Oct. 6 is likely to have profound implications for U.S. firms with U.K. offices. The new rules represent a significantly different approach to the regulation of lawyers — and law firms — than the prevailing structure in place in the United States. Since the new rules will affect all partners in U.S. law firms with London offices, either directly or indirectly, those lawyers and their firms’ leaders will ignore the new structure at their significant peril.

The Solicitors Regulation Authority (SRA) published its draft handbook on April 6, including a new Code of Conduct and Accounts Rules dealing with the handling of attorney-client trust accounts that contain wide extraterritorial effect.

The new rules will shortly be followed by provisions in the Legal Services Act that permit both external investment in law firms and nonlawyer involvement in the practice of law through the medium of alternative business structures. There are already reports of interest both from private equity funds and from “high street” retail and banking chains that would like to move into the legal services marketplace, and national firm Irwin Mitchell has become one of the first law firms to give notice that it will seek external investment.

What makes the new rules so distinct from anything remotely familiar to U.S. lawyers and firms is the underlying premise of “outcomes-focused regulation.” Instead of a detailed set of ethics rules governing permissible and impermissible conduct, the new rules instead focus on mandatory outcomes.

The introduction to the Draft Code of Conduct states: “Outcomes-focused regulation concentrates on providing positive outcomes which when achieved will benefit and protect clients and the public. The SRA Code of Conduct (the Code) sets out our outcomes-focused conduct requirements so that you can consider how best to achieve the right outcomes for your clients taking into account the way that your firm works and its client base. The Code is underpinned by effective, risk-based supervision and enforcement.”

By Oct. 6, the SRA hopes to:

• Put in place a new outcomes-focused code of conduct as part of a handbook of all regulatory requirements.

• Regulate using a risk-based and outcomes-focused approach.

Of critical importance in understanding this new approach, law firms will not only be required to achieve the designated outcomes, but also to demonstrate that they are achieving them. “Indicative behaviours” will assist the regulators in determining compliance with the outcomes. In addition, the primary responsibility both for achieving and demonstrating compliance will be in the hands of the law firms themselves, subject to supervision by the SRA. However, that supervisory role will be undertaken in the context that the SRA will have real teeth in carrying out its enforcement responsibilities — and those teeth will be directed at firms as much as individual lawyers.

A report in The Lawyer on April 11 said, “The terms of the Legal Services Act give the regulator stronger powers to discipline firms, and [the SRA’s chief executive, Antony] Townsend insists that it will be using these. ‘We’ll be publishing a lot more than we used to,’ he adds. ‘We have the power to reprimand firms publicly and fine them up to [2,000 pounds ($ 3,300)].’? “

While fines of $3,300 may not seem excessively punitive, the reputational impact of a “name and shame” policy cannot be ignored, and in more severe cases the Solicitors Disciplinary Tribunal has power to impose unlimited fines on all members and employees of law firms.

In implementing this new approach, the SRA plans to shift its supervisory emphasis toward assessing a firm’s risk-management systems and identifying whether they are achieving the requisite outcomes, rather than a detailed consideration of law firms’ individual processes. The level of supervision a firm will experience will depend on the perceived risk that its internal systems (or lack of them) pose to the regulatory objectives. Supervision will also be tailored to take account of factors such as firm size and risk-management protocols, as well as the firm’s previous compliance history and positive engagement with the SRA.

The SRA’s vision is to:

• Concentrate on dealing with firms that pose serious risk.

• Encourage firms to assess and tackle the risks themselves.

• Concentrate on those that cannot — or will not — put things right.

The SRA recently launched its consultation on the new rules under the strapline “Freedom in Practice.” However, this encouraging formulation needs to be treated with caution: It means there may be more than one way to comply with a requirement but does not mean lawyers will be able to avoid the consequences of what they do — or don’t do — to comply with the regulatory scheme.

The net effect is more regulation than English lawyers have hitherto experienced. The handbook contains more than 200,000 words — compared with just above 40,000 in the Solicitors’ Practice Rules 1990 and associated rules and codes in force when the previous government launched its regulatory review of legal services in 2004. The hand book includes 10 requirements for policies; 14 monitoring requirements; and 17 reporting and information requirements.

According to SRA’s Cost Benefit Analysis, “[Outcomes-focused regulation] is quite different from the traditional rules-based approach to regulation in the legal services industry. It seeks to eliminate detailed rules in favour of rather broadly described outcomes, and allows firms flexibility to decide how to achieve outcomes. The outcomes, however, are mandatory. Firms must also be able to evidence their achievement of outcomes.”

The handbook also contains significant detailed and prescriptive regulation. Underpinning the new rules are 10 core principles — many of which reflect the standards to which lawyers subscribe the world over and will be familiar to U.S. lawyers, but a notable addition is the inclusion of a business-management requirement: “You must run your business effectively and in accordance with proper governance and sound financial and risk management principles.” This has been included as a core requirement following the failure of a number of law firms as a result of economic pressures, including, most recently, Halliwells, previously a U.K. top 50 firm with profits of approximately $130 million, and Howrey, which dissolved earlier this year.

The requirements for business management include:

• A clear and effective governance structure and reporting lines.

• Effective systems and controls.

• Identification, monitoring and management of risks in compliance with all the principles, rules and outcomes and other requirements of the handbook.

• Maintaining systems and controls for monitoring the financial stability of a firm.

• A system for supervising clients’ matters, to include the regular checking of the quality of work, by suitably competent and experienced people.

Numerous disciplinary investigations and prosecutions have demonstrated that the last requirement — supervision — can be satisfied only by proactive systems; passive, “open door policies” will not suffice.

Firms that decide not to carry out file reviews will need to justify their stance, which may be challenging. Firms that already have a system need to review its adequacy. Firms in the regulated sector for anti-money laundering purposes should have systems for “monitoring and managing compliance” under regulation 20 of the Money Laundering Regulations 2007, but it is consistently an area of weakness the writers’ firms finds on audit.

The business-management rules also include requirements for compliance with anti-money laundering and data-protection legislation. Anti-money laundering legislation in the United

Kingdom is extensive in its effect and may require lawyers in certain circumstances to breach client confidentiality and report clients to the authorities. The anti-money laundering requirements also extend to counter financing of terrorism and sanctions compliance, which is gaining increasing significance because the legislative requirements are onerous.

Breaches of data-protection legislation can attract fines of up to 500,000 pounds (more than $800,000); there have been two significant cases involving lawyers, albeit not in private practice. The case of ACS Law, a firm whose systems were hacked, attracted much publicity worldwide and is now being prosecuted by the SRA.

Indicative behaviors suggest that firms should also have whistleblowing policies.

London offices with lawyers regulated by the SRA (including U.S. lawyers who are U.K. “Registered Foreign Lawyers”) will be required to comply with every element of the new rules. Whether and in what manner other offices of U.S. firms — those in the United States and other jurisdictions outside the United Kingdom — will be required to comply with the new regulations remains to be seen, and may vary depending on the nature of their structure.

Some otherwise “purely” U.S. firms have a small number of U.S. partners who are also members of the U.K. practice, and those firms will clearly be regulated in the United Kingdom within the new scheme. Others firms operating in the United States, however, also have an SRA-regulated practice (either head office or branch office) located in the United States, and these firms will also be exposed to regulation by the SRA in a way that they have never experienced in the past.

Under the new scheme, all partners (“managers” in the language of the rules) are individually responsible for compliance, but in addition — and unlike anything in place in the United States (other than New York, where law firms as such are at least theoretically subject to professional disciple) — law firms themselves will also be responsible for compliance. This regulation will be palpable in every firm because every law firm will be required to appoint two compliance officers — a compliance officer for legal practice and a compliance officer for finance and administration. Despite the title, the compliance officer for finance and administration will be responsible only for compliance with the provisions relating to attorney-client trust accounts under the accounts rules.

The obligations of both offices are onerous. Some commentators have suggested that the regulations appear to demand the impossible. Thus, the compliance officer for legal practice of a regulated law firm must take all reasonable steps to:

• Ensure compliance with the terms and conditions of the authorized body’s authorization except any obligations imposed under the SRA Accounts Rules.

• Ensure compliance with any statutory obligations of the body, its managers, employees or interest holders in relation to the body’s carrying on of authorized activities.

The two compliance officers will be required to keep a record of all rule breaches, however minor (and — somehow — whether or not they are aware of them!), and to report any noncompliance, which is either material taken on its own or as part of a pattern of failures, to the

SRA. Both compliance officers must be partners or employees of sufficient seniority and in a position of sufficient responsibility to fulfill the role, and their designation must be approved by the SRA. The compliance officer for legal practice must be an English or European-qualified lawyer within certain defined categories.

Selection of candidates for these roles is causing some consternation in the larger U.K. firms. Should it be an equity partner? Others may not have sufficient access to management information at the highest level. Should it be the general counsel? Notably, the reporting role described above is hardly consistent with the role of counselor: How can a member of the firm seek guidance on a possible rule breach already committed, faced with the prospect of the general counsel reporting the breach to the SRA? These and many other questions are being wrestled with in earnest by all the U.K.-based firms. But as discussed above, many U.S. firms fall under the purview of the new rules, and must also address these questions.

Of great importance is the fact that the new system can succeed only if firms are able to obtain “buy in” to all areas of compliance throughout the firm, from the top down. Compliance obligations are in no way confined to the two compliance officers. Guidance notes state, “The existence of compliance officers in a firm and the requirements on them to ensure that the firm, as well as its managers and employees, are complying with the regulatory arrangements [compliance officer for legal practice] and the SRA Accounts Rules [compliance officer for finance and administration] is not a substitute for the firm’s and managers’ responsibilities and their obligations.…Firms and managers need to take care not to obstruct, whether intentionally or unwittingly, [compliance officers] in fulfilling their role.”

Notable to many U.S. firms will be the fact that a key focus of the new rules is on client service, for which there are 16 mandatory outcomes, the first containing the laudable requirement that “you treat your clients fairly.” The rest of the rules may appear much more onerous and require that a great deal of detailed information on client care and complaints handling be provided to clients. In the past, lawyers have often resisted these kinds of rules as unnecessary, at least when it comes to sophisticated commercial clients, but henceforth there will be no choice.

Client-care rules for law firms’ non-English offices deal with accounting to clients for commissions and financial benefits, require firms to maintain lawyers professional liability insurance and prohibit unlawful contingency arrangements.

Outsourcing — both business and legal process — will be subject to onerous requirements. As well as taking “all appropriate steps to ensure that your clients’ confidential information will be protected,” there are specific provisions on the U.K.-equivalent of the unauthorized practice of law under which firms are prohibited from outsourcing “reserved legal activities [such as litigation and real estate] to a person who is not authorised to conduct such activities.” Other provisions include a requirement that outsourcing is subject to “contractual arrangements that enable the SRA or its agent to obtain information from, inspect the records (including electronic

records) of, or enter the premises of, the third party, in relation to the outsourced activities or functions.” The practicalities of this have yet to be fully explored.

Even referrals of clients between law firms will be subject to express requirements; for example, clients must be told of any fee-sharing arrangements with the referrer, and such arrangements must be in writing.

Detailed rules on attorney-client trust accounts deal with money that is not held primarily through the practice of law in a jurisdiction outside England; from a regulatory perspective, many U.S. law firms’ overseas offices are branches of the U.K. firm rather than the U.S. firm. These rules require client money to be held at a bank or similar institution that is subject to supervision by a public authority, used only for the purpose of holding client or trust money, and the title or designation of which indicates that the funds in the account belong to the client or are held on trust.

The rules also set out a detailed framework for when money can be paid into the client account and when and how it can be withdrawn. Firms are required to file an accountant’s report, broadly and annually, in an approved format.

There are also detailed obligations on production of records to the SRA. The rules also contain provision on payment of interest to clients.

Publicity and Web sites need changing on Oct. 6 to reflect the new regulatory regime.

The rules summarized here are merely a sampling of those comprising the new scheme — the full handbook runs to 574 pages. Firms subject to the scheme need to develop a detailed understanding of all the provisions. Critical steps that firms need to implement before Oct. 6 are:

(1) Draw up a workable compliance plan and risk register.

(2) Review existing firm policies as part of (1).

(3) Appoint the compliance officer for legal practice and the compliance officer for finance and administration — but ensure that partners understand that they are individually responsible for compliance, too.

(4) Implement a process that includes file reviews and systems of ongoing monitoring.

(5) Develop a checklist for compliance with each element of the handbook.

(6) Identify and address training needs.

(7) Make the required changes to firm stationery and Web sites on Oct. 6.

(8) Address — and answer — the question: How will your firm demonstrate compliance?

Meanwhile, the SRA has started a wholesale review of the regulation of international law firms, which may even result in non-U.K. partners having to pass examinations.

Frank Maher is a practicing English lawyer and partner at Legal Risk, based in Liverpool, England. He advises U.S., U.K. and European law firms on professional regulation and professional liability. Anthony E. Davis is a partner in the lawyers for the profession practice group at Hinshaw & Culbertson, and is based in its New York office. His practice concentrates on the law governing lawyers, professional responsibility and risk management.

Note: This version contains a small revision from the original to reflect a rule change on 23 December 2011.