Practising in an increasingly complex regulatory environment

March 1st, 2023

The complexities of conducting a legal practice have increased substantially in recent years. Legal practitioners now face multifaceted challenges, including difficult economic and business conditions on the one hand, compounded by the introduction of several new regulatory requirements on the other. The new requirements have a significant impact on all areas of the legal practice, affecting both the way the firm services clients and how the firm as a business entity is managed.

The various pieces of legislation adopt different forms of regulation. In some the regulatory approach is risk based, while in others it can be rules based. Some activities may simultaneously fall into the regulatory ambit of multiple regulators with different regulatory and enforcement approaches. All these factors make for an increasingly complex regulatory environment for legal practitioners.

Taking on the mandate

Long gone are the days when a mandate commenced simply with a general discussion between an attorney and client about the matter, with the attorney making a few cursory notes of the legal issues as outlined by the client, the latter signing a power of attorney or other document confirming the mandate in broad terms and then leaving the attorney’s office after a handshake. Granted, an important part of the discussions would have been about the attorney’s fee, when and by whom it would be paid. The client may then have been required to make an upfront payment of either the full fee and the anticipated disbursements, if applicable, and the payment may have either been made in person at the attorney’s office or later by a deposit into the attorney’s trust account. The attorney would been considered to have received full instructions (understood to be placed in sufficient funds) and there was an expectation that the mandate would then be carried out. The client would then have expected the attorney to act as instructed. Factors, such as the existence of possible conflicts of interest, whether the mandate fell within the attorney’s area of practice and the client’s ability to pay the attorney’s fees would have been foremost in the latter’s mind when considering whether to accept the instruction. Essentially, attorneys were only subject the ethical rules applicable to practice and the statutory framework applicable to the legal profession. Little, if any, consideration may have been paid to the source of the client’s funding for the legal fees or the funds utilised in the underlying transaction. The attorney-client privilege was sacrosanct and the idea of reporting your client’s suspicious funds to any regulatory body of other institution was regarded as unthinkable. The regulatory and business worlds have changed significantly since then and, thankfully, so have the ethical responsibilities of attorneys.

When considering the profile of the client, some firms would have been reluctant to take on matters for parties with adverse reputations or cases that they expected would draw bad publicity for their practices. Unpopular clients and unpopular causes were a no-go area for some firms. The phrase ‘politically exposed persons’ would have been understood as reference to persons associated with political organisations or causes.

Alas, much has changed in recent years. There is now a host of legislation and regulations that must be complied with, including the Legal Practice Act 28 of 2014 (LPA), the Financial Intelligence Centre Act 38 of 2001 (FICA), the Contingency Fees Act 66 of 1997 and the Protection of Personal Information Act 4 of 2013 (POPIA). These statutes regulate various activities in legal practices, including documenting the terms of the mandate, a duty to do a risk assessment on clients, the requirements to report suspicious activities to the appropriate regulator and how data is processed, securely stored and eventually disposed of. There are numerous other pieces of legislation that also apply. It is important that legal practitioners read each piece of legislation carefully, gain a full understanding of their obligations in respect of each statute and implement internal systems to ensure ongoing compliance with the regulatory prescripts. It will also be prudent to attend the specialist training sessions on each of the regulatory topics offered by knowledgeable experts, to ensure that staff in the practice are also upskilled and to invest in appropriate practice management systems. Developing systems to regularly audit internal compliance with the various pieces of legislation will be one effective way of mitigating regulatory risks.

Taking the simple scenario sketched above into account, the simple signature of the broadly worded power of attorney will simply not be sufficient. Section 34(1) of the LPA provides that: ‘An attorney may render legal services in expectation of any fee, commission, gain, or reward as contemplated in this Act or any other applicable law, upon … request directly from the public for that service.’ Rules 35.3, 35.4 and 35.5 of the Rules made under the authority of ss 95(1), 95(3) and 109(2) of the LPA, respectively, prescribe that:

‘35.3 When written instructions are given by a client to an attorney the attorney must ensure that they set out the intended scope of the engagement with sufficient clarity to enable the attorney to understand the full extent of the mandate. If the attorney is uncertain as to the scope of the mandate the attorney must seek written clarification of the intended scope of the instruction.

35.4 Where the client instructs the attorney verbally, the attorney must as soon as practically possible confirm the instructions in writing and in particular must set out the attorney’s understanding of the scope of the engagement.

35.5 An attorney who is in receipt of instructions from a client must comply with those provisions of legal services, including, without limitation, the provisions of sections 34 and 35 of the Act’.

Where the instruction falls within the ambit of the Contingency Fees Act, a written agreement that meets the requirements of that Act will have to be concluded.

When payments are received from clients or other parties, attorneys, being accountable institutions, will have to comply with their reporting obligations and other obligations set out in the FICA. A risk-based approach to managing financial and other FICA related risks must be adopted by the practice. A degree of professional scepticism is also required when considering explanations given by parties to a transaction. Pose pointed questions regarding the origins of funds, why the transactions are structure in a specific manner, who the ultimate beneficial ownership lies with and do some background checks to verify the information provided to you. Inform the parties to the transactions of your statutory obligations and document as much detail as you can. You must now conduct a due diligence exercise on your clients. Firms need to have a risk management and compliance program.

Executing the mandate

Legal practitioners must guard against intentionally overlooking certain FICA related risks thinking that they are doing so to avoid the risk of losing a client. An instruction, no matter how lucrative it may appear on paper, is not worth risking your professional career, breaching your statutory obligations, and being left to face the consequences. Contrary to a widely held belief, compliance with the FICA involves substantially more than simply obtaining a copy of the client’s identity document of proof of address.

You need to have a heightened level of risk awareness throughout the execution of your mandate. There may be developments not initially anticipated that trigger some or other regulatory requirements. Not all types of legal services will attract the same level of regulatory obligations, but all attract some form of obligations. If, for example, your firm invests funds on behalf of a client or clients and it controls or manages those investments, directly or indirectly, it is deemed to be carrying on the business of an investment practice (r 55.1). Firms conducting investment practices must comply with the Financial Advisory and Intermediary Services Act 37 of 2002 (the FAIS Act) and the regulations issued in terms of that Act. Investment practices thus have an additional level of compliance and an additional regulator, the Financial Sector Conduct Authority, to contend with in relation to their conduct falling within the FAIS Act. The investment practice may be ancillary to the legal services provided by the firm and thus also subject to the regulation by the Legal Practice Council.

The increasing cost of compliance

The changes to the regulatory model applicable to financial services industry over the past two-decades led to a huge increase in compliance costs in that industry. It is expected that legal practitioners will also be faced with an increased cost of running their practices as they are required to invest in appropriate systems to ensure compliance. In some instances, this will also require the employment of either more staff or more skilled staff and an increase in staff training costs. Either way, the personnel costs will increase, and these increased costs will have to be passed on to clients. Time will tell whether there will be an emergence of a compliance service industry, as has happened with the financial services industry, offering their services to the legal profession on an outsourced basis. Outsourcing your compliance functions to an outside company does not absolve you entirely of the risks. If something goes wrong, you will still be ultimately responsible.

Navigating the regulatory maze

You attitude towards compliance will be a major factor in determining how successful you are in dealing with the regulatory requirements. The regulatory tone will be set by you as the head of the firm. Do not view compliance as a mere tick-box exercise or another level of bureaucracy. Setting the internal compliance bar at achieving the bare minimum will be setting the bar too low and uncomfortably close to the non-compliance threshold. Create a culture of compliance with the letter and spirit of the law in your firm. Compliance requirements, though onerous in some instances, assist legal practices to conduct business better. Some of the new requirements, such as the FICA requirements, have been implemented to enable South Africa to comply with its international obligations to avoid the risk of a grey listing of the country. Do not view the various compliance requirements in silos. When you view the compliance requirements holistically, you will be able to identify the broader risks and behaviours that the requirements aim to address and then develop a holistic compliance strategy. Check the wording of the insurance policies you have in place and consult with your broker and underwriter to ascertain what insurance cover, if any, you have in place to indemnify you in case a party suffers a loss as a result of a bona fide mistake made by your firm or even if you face criminal, administrative or other regulatory action or a fine as a result of such an error. However, you will not be able to get insurance cover for an intentional unlawful act.

Effective compliance with all legislative and good governance requirements across all areas of your practice may assist in giving your firm a competitive advantage over the rest of the market. Prudent, risk averse clients will also be more likely to instruct firms that take regulatory compliance seriously rather than those who have a laissez-faire attitude to this important topic. You would not want to be in the embarrassing position where a client questions the effectiveness of your internal regulatory compliance regime or, worse still, be the legal practitioner who was exposed for non-compliance with regulatory requirements or not having sufficient knowledge of the applicable regulatory framework.

Thomas Harban BA LLB (Wits) is the General Manager of the Legal Practitioners Indemnity Insurance Fund NPC in Centurion.

This article was first published in De Rebus in 2023 (March) DR 5.