Advise and comply
The first thing most lawyers think of when they hear “regulatory compliance” is their practice group that advises clients on the topic. You can bet, however, that general counsel and business intake groups perceive this phrase differently. They know the firm must look into the mirror and ensure that the firm itself complies with regulations governing every new client that crosses their threshold.
In law firms, the business acceptance team must flag industry-specific, privacy, cybersecurity, and other regulations that will apply to the firm if they represent the client. When a matter is accepted, the firm must establish appropriate procedures and monitor compliance that reflect the regulations. For example, when law firms handle protected health information in a matter, the law firm is by definition a business associate under the Health Insurance Portability and Accountability Act (HIPAA). As such, the firm must comply with strict HIPAA information access and data protection controls.
New client regulatory risks that are not caught during business acceptance will come home to roost as regulatory fines, reputational harm, and ruffled clients.
Reflect risk in profiles
The universe of regulations is constantly expanding. There’s a tsunami of rules that swirls around law firms as the caretakers of sensitive client data. Firms simply can’t continue to rely on manual spreadsheets and checklists to find every lurking regulatory risk. There are just too many global rules and nuances. Something, sometime is going to fall through the cracks and reflect badly on the firm.
Today, firms can automate regulatory risk scoring during business acceptance. Staff configure the technology with specific regulatory risk criteria and automatically generate a new client risk score and profile. From there, the risk team can quickly move to set up compliance procedures and ongoing monitoring.
KYC is not an annual party
Most lawyers enjoy getting to know their clients at holiday parties and lunches. The social time solidifies relationships. Know-your-client (KYC) laws, however, are a very different animal. KYC mandates force law firms to investigate clients and report any money laundering or terrorist financing concerns, which creates a very different reflection on client relationships.
The American Bar Association (ABA) states that compliance to anti-money laundering laws (AML) starts with intake procedures that focus on verifying client identity. The ABA recommends firms leverage global blacklists in their AML client research. Even if the findings tarnish a client’s image or inhibit business opportunities for the firm, under certain global and U.S. regulatory rules, a firm must divulge client research findings to authorities.
Law firms will want technology to help them comply with these expanding client due-diligence hurdles. Technology that provides live links to business databases and APIs for easy connection to watch lists and other research sources is a good place to start. Automatic alerts that trigger required KYC annual reviews, for example, are also an extremely helpful compliance tool for firms to consider.
Evolving business acceptance
New business acceptance is a law firm’s gatekeeper on risk compliance. As more regulations cause law firms to mirror the regulatory compliance of their clients, the old business evaluation approaches no longer work. Firms that want to discover how to evolve business acceptance for today’s regulatory climate can learn more here.