The Legal Risk & Compliance space has grown rapidly in recent years, with new roles emerging to handle a range of new legislations and increasing pressure on firms to comply with them. On Episode 12 of The UNCOVER Pod I was joined by Matthew Sturgeon, the General Risk Counsel at Foot Anstey LLP, to discuss the evolving regulatory landscape and its impact on law firms and compliance professionals. We also touched on the best way to balance risk management and business success. Read on for his insights.
How has the regulatory landscape evolved in recent years, and what impact has it had on both law firms and compliance professionals?
“In my view, there isn’t too much that is new. The basic principles still apply and the basic expectations apply. I’ve been doing this for 13 years, and what I’ve noticed is a higher expectation, and more to deal with. Sanctions are now impacting areas like Anti-Money Laundering (AML). The war between Russia and Ukraine has created more issues and amplified them. It’s touching on the SRA, which is impacting compliance. That has an amplified role in diversity, preventing harassment and bullying and an appropriate supervision structure. Essentially I think I found that the tentacles of risk have grown.
When I started out in risk management, neither I nor my team were involved in areas like procurement at all. In fact, back then there wasn’t a procurement team to speak to. Now, it’s a very big part of what we do in supply chain management. What’s the impact that that has had on law firms? There has been a change in manning or staffing requirements, and there’s some cultural shifts needed, because you need more people to deal with it, and your team is growing as a result. Where you used to have one partner who would do bits of different things like complaints or money laundering, now you have entire teams. It’s an expectation.
On a practice level, there’s just more things to think about than there were before. Different firms do it in different ways. The approach to risk management and management reporting is much more sophisticated than where it was before. Those are big changes, and therefore compliance professionals have to be engaging with them. Compliance for me is a subset of risk management, but there’s more to be thought about. There is a big role for a risk management and compliance professional now because there is more that needs to be done.”
What are the common challenges that organisations face in adopting new regulations, and how can compliance teams address them effectively?
“The challenge is winning hearts and minds. Compliance professionals are busy people, so finding the time to do that, to explain what it is that they need to do and why they need to do it is a challenge. In a firm with an appropriate culture, you’re not going to get pushback as if it’s the risk team’s fault, or they generated the rules, but what you are going to get is ‘No, we’d rather we didn’t have to comply.’ And I agree, I’d rather you didn’t have to be doing this as well. But given that we do have to comply, we need to accept that. Then the question is, ‘How do I do that? How does this work? How can it be simplified and streamlined?’ There’s some thought about automation and using whatever tech is available to make this as simple as possible for the business. We need to keep our noses clean and do the right thing while continuing to run our business, because we don’t want to wrap ourselves up in cotton wool.
It’s about profit and the success of a business. I see it as a coin; on one side is performance management and fee earning, but another side of it is seeing the money and keeping things safe and avoiding spending. That is a large chunk of what a risk management professional can do on the strategic side. They go hand in hand. Risk management doesn’t exist as a silo, it’s part and parcel of a business. Going back to the first question about the changing regulatory landscape, I’m increasingly seeing that risk management does walk hand in hand with the business. It isn’t just compliance, it isn’t just the SRA’s rules. Particularly on the strategic side there’s a greater role there to help with decisions, and to keep them on the right side of the line and avoid loss.”
As everything is becoming more specialised, do candidates still need the same range of knowledge to be successful?
“If you’re setting off in the risk management profession, that increasing specialisation lends itself to a word of advice, which is ‘you can’t know everything’. I’m not looking for you to know everything, but you should know a good deal about some things, and certainly have a passion to learn more and take a holistic view of risk management. It’s more important to understand that if you poke a balloon here, it can have an impact over there.
If you are saying, ‘I’m really interested in everything and I know everything’, that’s not possible nowadays. Issue spotting is key, and there are times that you get a question about x, but what you’ve detected is that there’s another issue there, and being able to explore that and answer the question at the same time is part of the risk manager’s skill. You’re never going to be bored if you set off as a risk manager. You may frequently be pressured, so it’s not an easy option, but it’s never dull. There is always something new and there’s always a challenge to respond to, because firms are growing and doing new work. “
To hear more about the changes happening in the Legal Risk & Compliance field, tune into Episode 12 of The UNCOVER Pod here.
