This article aims, firstly, to highlight the importance of the broad compliance environment in which law firms – as business entities – operate and, secondly, to make the argument that a compliance plan must be developed and applied in every law firm for which a dedicated resource should be appointed.
An often repeated adage goes along the lines of ‘a man who is his own lawyer, has a fool for a client’. The prudence in obtaining independent external legal advice, when faced with legal challenges, cannot be overemphasised. However, the adage may not always be apposite where the legal questions facing a legal practice are of a compliance or governance nature. In such instances, the legal practitioners in the firm, with their understanding of the nature, structure, size, and operating environment of the firm are best placed to scan the compliance landscape and to develop a compliance plan. The duties in respect of compliance ultimately lie with the partners. The compliance requirements facing law firms have their origin in the legal and regulatory environment in which the law firm operates.
Often, legal practitioners are called on to identify and interpret the compliance obligations for themselves and that has its own inherent disadvantages, including a possible lack of objectivity and an underlying need to protect one’s turf.
The compliance universe in which a law firm operates, includes the general compliance landscape applicable to any other business enterprise. Certain compliance obligations are unique to law firms, for example, the requirements applicable to the management of trust funds. General compliance and governance in legal practices cover an area, which is too wide to cover exhaustively, in this article.
The complex compliance framework
The compliance obligations for commercial business entities in general have seen a sharp increase in the last two decades as the various regulatory authorities have sought to address a number of matters, including –
The compliance landscape for legal practitioners in South Africa (SA) has also undergone significant changes in this period, most notably with the implementation of the Legal Practice Act 28 of 2014 (the LPA), the Rules and the Code of Conduct for all Legal Practitioners, Candidate Legal Practitioners and Juristic Entities (the Code) promulgated in terms of the Act, the Companies Act 71 of 2008, the Financial Intelligence Centre Act 38 of 2001 (FICA) and the Financial Advisory and Intermediary Services Act 37 of 2002 (the FAIS Act). The LPA introduced significant changes for the regulation of the legal profession in SA. The Companies Act affects commercial juristic entities established to conduct legal practices, with the FAIS Act applying to those legal practices providing financial advisery and/or intermediary services, while FICA applies to all legal practices as accountable institutions. Legal practitioners are also obliged to comply with other pieces of legislation such as the Prevention of Organised Crime Act 121 of 1998 and to have regard to the implications of the Protection of Personal Information Act 4 of 2013 (POPI) in preparation for its scheduled implementation. The complex compliance web includes –
There have been several articles written on the impact of the data protection obligations of the legal profession arising from the provisions of POPI and the GDPR. Statutes, which do not receive as much general media coverage, also impose obligations on law firms pursuing practice in areas falling within the relevant statutory ambit. For example, s 3.3 of the PFA Guidance Note No 6 of 2018 issued in terms of the Pension Funds Act 24 of 1956 that prescribes the recovery of arrear contributions from an employer is outsourced to a legal practitioner, the agreement entered into between the pension fund and the attorney must at least provide that –
This is an example of a compliance obligation prescribed to form part of the terms of the mandate granted to a legal practitioner imposing an obligation on the legal practitioner (the obligation to pay the funds within the prescribed period) and also specifying that the mandate granted to the legal practitioner must make provision for the obligations of the defaulting employer. The latter will, in the ordinary course, not be party to the agreement between the legal practitioner and the pension fund, and yet the requirement is that the obligations of the defaulting employer (a third party) are included in the mandate. It is unclear how the legal practitioner will be expected to ensure compliance with this obligation by a party who is not party to the agreement.
The compliance obligations imposed by certain pieces of legislation (such as the FAIS Act) prescribe that the regulated entities must appoint a compliance officer. In certain industries the regulated entities have had to increase the capacities of their respective compliance resources in order to meet the applicable requirements. Increased compliance obligations may result in a commensurate increase in the operating costs.
The complex compliance environment has created some upside risks for the legal profession in that providing compliance advice and support has become a lucrative area of practice, as there is an increased need for legal and other specialist professional services to assess the impact of the compliance obligations for their clients and to provide advice on how the compliance obligations are to be met. The flip side is that there is also a downside risk associated with the increased compliance requirements in that legal practitioners now have a myriad of compliance obligations to meet in their own practices. In some instances, meeting the compliance obligations has placed additional strain on the (often limited) financial and human resources in practices, particularly smaller practices. Some legal practitioners have, colloquially, raised a concern that the increased compliance requirements may create an additional barrier for new legal practitioners wishing to enter practice or suggested that the financial burden of (and time dedicated to) compliance may be the reason that some legal practitioners cease practising. I am not aware of any comprehensive study carried out in this regard where the effect of increased compliance requirements has been studied and empirical evidence examined in order to assess how, and to what extent, the decision to enter or exit practice is affected by the compliance obligations on law firms.
The impact and perception of the three related concepts of governance, risk and compliance has been assessed in a number or reports, including those produced by PWC (‘Being a smarter risk taker through digital transformation’ www.pwc.com, accessed on 22-7-2019) and Aon (‘Managing Risk: How to Maximize Performance in Volatile Times’ www.aon.com, accessed on 22-7-2019). It will be noted from the Aon report that the risk associated with changes to the regulatory or legislative environment is only partially insurable.
Some of the compliance challenges for law firms
Compliance obligations cut across every area of operation in a legal practice. Writing on the attorney’s trust accounting environment in the United States, Dr Rick Kabra (‘Top 10 Compliance Challenges for Law Firms’ www.cosmolex.com, accessed on 22-7-2019) lists the top ten challenges for law firms as:
The ten challenges listed by Dr Kabra would also apply in the South African environment.
In larger law firms and those with adequate financial resources, a specialist dedicated compliance resource may be employed. Smaller firms will not have such capacity and the compliance function may be delegated to one of the legal practitioners as part of their other duties. Sole practitioners, in particular, are at risk as the single practitioner will be responsible for compliance as part of all the other functions carried out in the firm and when providing legal services to clients. No matter the size or structure of the legal practice, ultimately the responsivity for compliance resides with the partners/directors jointly.
In the trust accounting environment, for example, legal practitioners have a responsibility to study and apply the applicable rules. For example, r 54.14.7 is of particular importance and it provides that:
‘54.14.7 A firm shall ensure:
Internal controls
54.14.7.1 that adequate internal controls are implemented to ensure compliance with these rules and to ensure that trust funds are safeguarded; and in particular to ensure –
54.14.7.1.1 that the design of the internal controls is appropriate to address identified risks;
54.14.7.1.2 that the internal controls have been implemented as designed;
54.14.7.1.3 that the internal controls which have been implemented operate effectively throughout the period;
54.14.7.1.4 that the effective operation of the internal controls is monitored regularly by designated persons in the firm having the appropriate authority’.
Essentially, compliance with r 54.14.7 requires –
The compliance obligations in respect of trust accounts are much more than those set out in r 54.14.7.
Some suggestions for a compliance plan
In developing a compliance plan, a law firm may consider a number of tools including:
Remember that in the event of a breach of any of the statutory compliance obligations, ignorance of the law will not be an excuse.
Thomas Harban BA LLB (Wits) is the General Manager of the Legal Practitioners’ Indemnity Insurance Fund NPC in Centurion.
This article was first published in De Rebus in 2019 (September) DR 10.
De Rebus proudly displays the “FAIR” stamp of the Press Council of South Africa, indicating our commitment to adhere to the Code of Ethics for Print and online media, which prescribes that our reportage is truthful, accurate and fair. Should you wish to lodge a complaint about our news coverage, please lodge a complaint on the Press Council’s website at www.presscouncil.org.za or e-mail the complaint to enquiries@ombudsman.org.za. Contact the Press Council at (011) 4843612.
South African COVID-19 Coronavirus. Access the latest information on: www.sacoronavirus.co.za
|