Jody Evans is the Director of Business Development at Legal Eye Ltd.
Jody has a successful background in risk and compliance, with her past work including leading the in-house risk team for a top 50 law firm and taking responsibility for developing a comprehensive framework in the area, as well as the delivery of firm-wide training and awareness programmes. In this interview, she discusses the difficulties firms face in terms of managing risk and introduces Legal Eye’s new online training Academy.
Why do firms choose to use an external company such as Legal Eye to handle their compliance?
On a general basis, people may come to us if they don’t have a risk team at all and will, therefore, be lacking in risk and compliance resource and specialist expertise. Alternatively, they may already have a risk team within the business but may need to build additional capacity into this team, or could be seeking assistance or advice around a particular risk or process area to complement their existing expertise.
Increasingly, we are finding that people are choosing Legal Eye to outsource compliance simply because they’ve heard great things about us. Trust is a big factor in the legal market and, as a well-established provider of risk and compliance services, law firms in particular have come to rely on the breadth of experience which we pride ourselves on. This is purely down to the vast range of expertise that’s within the Legal Eye team, including people who have previously worked for in-house compliance teams, for the Solicitors Regulation Authority, financial institutions and the Legal Ombudsman. Through engaging with Legal Eye, our clients automatically gain access to a ‘risk team’ with a breadth of knowledge and experience of the key risks within the sector, which helps us to apply practical solutions. As many of us have worked in similar environments to the client, we are able to quickly appreciate the issues our clients face, see things from their perspective and develop measures which we know will work for them.
In recent feedback, a client told us that they felt that by outsourcing their compliance to Legal Eye they had gained their own professional risk team. This is a great reflection of how we work collaboratively with our clients rather than in isolation. We feel it’s important to utilise the relevant experience within our team when putting together a plan for the client, and we find that they benefit from having the variety and depth of expertise which we are each able to offer.
For example, if a client raises a specific issue or question, I will happily circulate this to the team to gain the benefit of their expertise and experience in order to provide the most comprehensive answer to our client. Demonstrating this level of expertise from the outset helps us to establish a long-term relationship with the client, encourages trust in the delivery of our service, and ultimately adds real and tangible value to the client.
You have just launched the Legal Eye Academy – what services does the Academy offer?
The Legal Eye Academy is an online learning management system which we’ve developed in-house following feedback from some of our clients. The aim is to provide firms with a central online training platform, enabling them to deliver core compliance learning to multiple members of their team simultaneously. The standard package covers the key mandatory regulatory topics including anti-money laundering, anti-bribery and an introduction to the upcoming General Data Protection Regulation (GDPR). Each module has an interactive element, enabling the user to answer questions and test their understanding as they progress through the topic. The implementation of this function is in direct response to our client feedback; whilst testing knowledge at the end of a module is one thing, assessing it at different points throughout the process can really help the user to engage throughout the learning process.
Given that Legal Eye Academy’s aim is to offer a streamlined solution for firms, we felt that the duration and flexibility of the training modules were important features of the platform and have created ‘bitesize’ topics. Lasting around 30 minutes, they provide professionals with a comprehensive training solution which can fit the training into their busy workday. The training platform includes a tracking and reporting system, making it possible for a firm to view individual and collective progress, which can then be utilised as evidence of training completion to a client, regulator or insurer. There is also an in-built ‘reminder’ alert system, something which we thought would be a useful feature for staff, especially when they’re busy.
We encourage firms to use the Legal Eye Academy in a way which works for them and it’s something that can be a great tool to help train new starters or to refresh training for internal staff. Being based online, the platform is easily accessible for staff and helps to relieve some of the administrative burdens where staff training is concerned.
Whilst stage one of the Legal Eye Academy has predominantly focussed on the core compliance training modules including an introduction to the GDPR, the second stage will extend the breadth of topics to include key risk areas such as reputational management and effective client service delivery. All things considered, it is essential that the Legal Eye Academy works for our clients, so feedback we receive will be an integral part of the development process going forward.
What do law firms look for when choosing a training partner?
Whilst this will differ for firms, there are typically a few key things which professionals tend to look for in a training partner.
Legal Eye is a credible and established provider within the market, which are often deciding factors as to why clients have chosen to work with us to help deliver their risk and compliance training. We have found that clients are increasingly looking for training to be delivered using a variety of different delivery methods. It is rare that a client will solely be looking for online training to fulfil all of their training needs and so they will engage us to deliver a combination of online, webinar based and face to face training. For us to do this, we feel it is essential to engage with the client from the outset to ensure that the training sessions are tailored with the client’s audience in mind. Dedicating time to speak to the client and understand what they feel would be an effective approach for their staff and can help to ensure that everyone will get the most out of each session. It is this aspect of our approach which we have received the most positive feedback on.
Whilst the implementation of the GDPR is not far away, how many law firms do you believe are ready for the change in regulations?
Whilst there has been a lot of discussion around the date that the GDPR comes into force, May 2018 should not be seen as a ‘deadline’. For all businesses, the regulations should mark a cultural change around evidencing accountability in their data management processes, extending far beyond the ‘deadline’ for compliance. The GDPR requires us to adopt a different mindset where data is concerned. Whilst as businesses, we never ‘own’ the personal data entrusted to us, the management of this data is entirely our liability.
This is central to the approach we are taking with our clients, helping to embed processes which will encourage a long-term cultural change as opposed to a quick fix and ‘box tick’ solution. The implementation of the GDPR is, after all, a long-term change for business practice.
For the majority of our clients, there is a feeling that positive steps can be taken to improve the approach to data management, and in particular, the storage processes and retention periods for physical and electronic data. Whilst there are lawful exceptions to data destruction including regulatory requirements and limitation periods, the GDPR provides firms with an important opportunity to review their processes, to re-engage with their client base to obtain explicit consent as well as becoming more efficient and reducing data storage costs. Preparation for GDPR could, for example, provide a key opportunity for marketing if utilised in an appropriate way.
Businesses really need to consider all of the data they hold, not just for the delivery of their client work and marketing activities. They really need to map the journey of this data from start to finish, paying close attention to interaction with any outsourced suppliers. Whether this is an outsourced storage service or a cloud provider, it is essential to understand the processes and documentation to ensure that the risks are considered and mitigated.
What is the single biggest challenge facing law firms in relation to their risk and compliance activities?
Where risk and compliance are concerned, time is a real challenge at present, especially given the pace of change within this area.
Setting aside time to monitor the impact, review processes and adapt to the changes can be incredibly difficult for firms, particularly when juggling a range of different, and often conflicting, objectives. In many cases, firms simply don’t know what they don’t know in this area, so struggle when it comes to prioritising the changes they need to make. Knowing where to start can be incredibly overwhelming.
What’s more, it is often the case that resources in this area can be split, meaning that the time set aside to plan and deliver the changes can be easily compromised. This then becomes an ongoing issue; as well as struggling to keep on top of updates, firms will also have trouble embedding the required changes as well as training their staff. No matter how well equipped a firm may be to handle a sudden or significant change, the key challenge is being able to stay one step ahead.
This is one of the key benefits of outsourcing compliance, particularly in terms of the range of expertise that we have access to. We continually monitor the risk, regulatory and compliance landscapes to ensure that we are proactively engaging with our clients on the required changes. In terms of responding to risk issues identified by a firm, it is unlikely that we have not previously come across a similar issue with one of our other clients, associates, or within our trusted network. By sharing the issue amongst our team, we are then able to draw from experience and specialist expertise to create a practical solution for our clients. Many of the firms we work with appreciate that by contacting Legal Eye, they then have the support of a sounding board and experienced risk team.