Sarah Mumford reviews a recently published book on the compliance function in law firms.

Assessing and Addressing Risk by Rebecca Atkinson (Law Society Publishing, 2020, £65) 

Assessing Rsk&Cmpl Fc 800px

This timely book covers a very wide canvas by being both concise and extremely practical. The premise is to cover the risks that all COLPs/Directors of Risk should consider which flow from a traditional law firm’s statutory or regulatory obligations.

It doesn’t cover every area in exhaustive detail but gives enough information for people with responsibility for risk to create plans based on a gap analysis for which templates and checklists are also given. In a departure from other books in the practitioner series, it is written in a colloquial and chatty style – in fact it is like having a knowledgeable risk best friend on speed dial.

Rebecca Atkinson is Director of Risk at Howard Kennedy where she is also MLCO, MLRO, DPO, WBO and AB&CO. She covers all these areas in the book, putting her experience into the heart of the book.

The book is only just published but already some things have changed (I have in mind particularly the discussion of regulation 3 which I believe is now superseded). However, the key message of the book is to raise an issue and provide pointers so that the reader knows what to look for, to conform what is written to fit their own firm’s culture and style. This is not a book to follow slavishly, but to use as that companion I referred to at the start.

There is a lot of clear practical advice which I have not seen ‘under one roof’ and would have found very useful personally at the start of my risk career. There are sections dealing with auditor’s letters, completing a PII proposal (although ‘insurer’ is often used in that section where ‘broker’ might be more appropriate), procurement both of the firm and by the firm and a host of other practical issues.

For a new COLP, treatment of these issues will be invaluable and for an experienced legal risk professional it still will be a useful aide-memoire to ensure there is nothing that has been missed.

Atkinson uses the analogy of painting a house – once one has reached the ground floor one must start again at the top. Risk is certainly like that. To extend the analogy what one doesn’t want to find is a wing one didn’t know about, or to rely on a colleague saying that a room is complete when in fact it hasn’t started.

This is why the advice on starting with a gap analysis is so sensible. From that analysis a compliance plan or calendar can be compiled, with sub plans allocated to different teams, months or as required. Apart from helping the COLP to sleep well at night, this approach is invaluable in showing a culture of continuous improvement both to regulators and as board assurance. The section on how different types and size of firm structure their risk teams will be of particular interest.

Just from the contents, one might be forgiven for thinking that the book covers the same ground as other toolkits. The subject matter may be the same but the treatment and consideration of risk in a holistic manner is new and helpful.

Order your copy here.

Sarah Mumford is a consultant advising law firms on risk management and compliance and is currently Director of Risk and Compliance at RPC.