July 8, 2023

office building dusk

Every industry has specific legislations that apply to it. Compliance with the regulatory requirements may be interpreted as the necessity for an organisation to meet the regulatory requirements that apply to that particular business sector in which it operates (Compliance Institute Southern Africa (CISA): Generally Accepted Compliance Practice Framework – Principles, Standards and Guidelines; January 2013; p 14)). ‘Compliance obligations’ are the requirements that an organisation has to comply with (‘compliance requirements’) and chooses to comply with (‘compliance commitments’).

‘Compliance management consists of efforts organisations undertake to ensure that employees and others associated with the firm do not violate applicable rules, regulations or norms’ (Alexander S Gills – What is compliance? (www.techtarget.com), accessed July 7, 2023)). Compliance guides an organisation within a system of standards and regulations. An organisation is usually in a state of being in accordance with the compliance obligations or in the process of becoming so. It is imperative for law firms to comply with the regulations that apply to their sector. It is perfectly situated within the practitioner to know which laws and regulations govern and guide legal practice, making it well suited to ensure that the practitioner observes the rules.

Every organisation should have a function responsible for ensuring that compliance works efficiently at all times (Financier Worldwide Magazine (2017) ‘Innovation and technology for GRC’ (www.financierworldwide.com, accessed July 7, 2023). The compliance function is ideally suited to deal with compliance risk as part of operational risk (CISA, p 18).

Compliance risk is a failure (or perceived failure) to comply with the values and the compliance risk-related laws, regulations, codes and standards that are relevant to the specific services offered by a law firm, or its ensuing activities, which could damage the practice’s reputation, and leads to legal or regulatory sanctions and/or financial loss. Compliance risk is the risk that the procedures implemented by the organisation to ensure compliance to the relevant statutory, regulatory and supervisory requirements are not adhered to and/or is inefficient and ineffective.

The practitioner should establish and maintain a culture of continuous awareness of compliance issues. The role of the compliance function is to assist law firm s to comply with the regulatory requirements through the provision of compliance risk management, defining the compliance universe and monitoring activities, and assessing compliance risk of the practice. The structure of the function should be appropriate to the organisation’s operations.

The ultimate responsibility for management of compliance risk and overseeing the management of compliance with the regulatory environments resides in the legal practitioners. An effective compliance program will include adequate training and communications so that employees understand their compliance obligations. The purpose of a compliance program is prevention, detection and correction to ensure that the practice complies with any applicable laws or regulations.

An efficient compliance program will promote an organisational culture that encourages ethical conduct and commitment to compliance with the law. The structure of the compliance risk management framework simplifies the process of compliance monitoring and empowers the practitioners to foster better governance of their practices. It sets the “tone” of the practice’s risk management control environment and is a foundation of all other controls in an organization. The CRMP can be viewed from the Regulatory Requirement Register within a business.

Law firms must provide for a formal and structured monitoring of compliance process, to ensure compliance with applicable legislation. Active monitoring to evaluate all efforts and regular training on compliance obligations is essential in building a culture of compliance into operations of the law firms, from C-suite to the post room. The monitoring of the implementation and design of internal controls is the responsibility of the legal practitioner.

Rule made under the authority of ss 95(1), 95(3) and 109(2) of the Legal Practice Act 28 of 2014 (LPA), requires the legal practitioner to implement and design internal controls to provide reasonable assurance of reliable financial reporting and to ensure that they operate effectively, and are monitored regularly throughout the reporting period. The legal practitioner is responsible for supervising the practice concerning the design and efficacy of the internal risk management and control systems, risks inherent in the practice’s activities and compliance with laws, regulations and internal rules from the compliance management plan perspective.

The firm’s internal control system is important to monitor and manage risk. The internal control systems must be followed in everyday management or actual operations of the practice. Compliance is a form of internal control and internal controls are the processes designed, implemented and maintained by a legal practitioner to provide reasonable assurance about compliance with the laws, regulations and internal rules; while external compliance refers to rules and regulations and industry standards set by the law to ascertain whether or not the legal practitioner complied specifically with the requirements of the laws and regulations. It is essential to have a fair balance of both external and internal compliance.

The legal system encompasses the protection offered in laws (de jure) and to what extent the laws are enforced in real life (de facto) (Dr Farida Virani ‘Effective Corporate Governance (CG) – Ethical Perspective’ (www.academia.edu, accessed July 7, 2023)). Legal compliance mechanisms tend to promote a rule-based or the stick approach which corresponds to the letter of the law which may not necessarily inspire excellence. Ethical compliance mechanisms promote a principled-based or the carrot approach which corresponds to the spirit of the law. Ethical behaviour requires practitioners to see to it that the law firms conduct their business in accordance with the law and with a high standard of commercial morality.

Unilateral enforcement mechanisms involve efforts of individual firms to potentially improve their commitment power (Erik Berglof and Stijn Claessens ‘Corporate Governance and Enforcement’ (https://www.researchgate.net, accessed July 7, 2023)). The most common unilateral mechanism is reputation. In the absence of a well-functioning general enforcement environment, unilateral actions can be important. Reputation and self-enforcement are important when enforcement is weak, but stronger when environment is stronger. It is imperative for law firms to adhere to the compliance obligations relevant to the legal services sector.

‘Compliance with the regulations is a form of internalized norm enforcement within an organization’ (Pacella, Jennifer M. ‘The Regulation of Lawyers in Compliance’ (2020) (http://dx.doi.org/10.2139/ssrn.3430093, accessed July 7, 2023)). Much of what is included in the regulatory requirements represents good business practice. Law firms have a strong incentive to internalize the enforcement function by instituting procedures to guard against compliance risks. Although organisations may not have a fully developed and mature compliance function, it is important that they are constantly working towards that goal through the implementation and monitoring of a coherent strategy rather than being in reactive mode where compliance is not regarded as a priority (CISA, p.20).

Regulatory compliance requirements in legal practice may be enhanced through increasing the responsibilities of the practitioners and making them more accountable. Law firms need to be more proactive in creating ethical culture and climate than to be reactive and operate in compliance. There is a need for strong ethical corporate culture and leadership in law firms (Dr Farida Virani (op cit)). The Legal Practice Council (LPC), at best can provide certain environment, which will be favourable for such an attitude, but the primary responsibility is of the practitioners.

Rules are only as good as their enforcement (Klaus J. Hopt “Comparative Corporate Governance: The State of the Art and International Regulation” (www.aca demia.edu, accessed July 7, 2023)). Regulations should support effective enforcement; and law firms need some form of supervision. This can be done by the regulatory body, the LPC. The LPC has adequate enforcement instruments at its disposal that are available in the applicable regulations. The challenge for the LPC is to develop and apply enforcement strategies that achieve the best possible outcomes by achieving the highest possible levels of compliance.

Outside assessment and self-assessment need to be regular events to ensure the effectiveness of enforcement (Dr Farida Virani (op cit)). Effective enforcement requires the availability of effective, proportionate and dissuasive sanctions in the event of non-compliance. The effectiveness of enforcement mechanisms in legal practice depends on the general institutional environment (Erik Berglof and Stijn Claessens ‘Corporate Governance and Enforcement’ (https://www.researchgate.net, accessed July 7, 2023)). Much depends on the competence and regulatory style of the supervisory agency, which may be more active or passive. Competence and regulatory style of improving supervision stiffen enforcement practices, and powers of supervisory agency.

There is a need for the increased role of risk management, heightened regulations and greater strictures in the legal practitioners’ or law firm activities. Heightened level of enforcement can help reinforce the basic compliance risk management mechanism in legal practice. Enforcement may be based on the rules of the LPC. Enforcement techniques and efficiency will be directly dependent on the legal status of the rules, codes and standards that are relevant to legal practice (Eddy Wymeersch ‘Enforcement of Corporate Governance Codes’ (https://papers.ssrn.com, accessed July 7, 2023)).


Please note that our blog posts are informal commentaries on developments in the law at the time of publication and not legal advice.


About the author 

Sipho Nkosi

Sipho Nkosi is an experienced Legal Professional with a demonstrated history of working in the legal services industry. A strong legal professional with a B Proc degree focused in Law from the University of Natal (Howard College), with a keen interest in corporate governance and a profound insight into Compliance Risk Management. Skilled in litigation and procedural law, and an affiliate member of the Compliance Institute Southern Africa.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}