Earlier this month, the ICO handed down a fine of almost £100,000 to a top criminal law firm whose IT compliance was found wanting and it suffered a ransomware attack.
The case is a stark reminder that the ICO will not hesitate to fine practices that breach the GDPR. Law firms have both a moral and legal obligation to protect clients’ personal and sensitive information and it’s more important than ever that firms are vigilant and remain compliant with their obligations.
The good news is that with the right technology in place, which is used to its best advantage, your firm is in a strong position to manage risk and ensure compliance. By implementing and integrating best practices and compliance requirements into your team’s daily workload you’re able to reduce the cost of staying compliant, have peace of mind that procedures are followed, and better protect client data to mitigate risk.
Here are five, practical steps you can take to ensure you are compliant, and that your clients’ data is protected whilst also ensuring efficiency and productivity across your firm:-
1. Standardise tasks to allow automation
Automation removes time-consuming and costly manual tasks, helping to improve the efficiency and productivity of a firm. This can provide endless benefits not only for managing compliance processes, but also across the wider business, including enhanced client service, employee satisfaction, and improved profitability.
Building out a series of practice area and process-specific workflows within your practice and case management solution (PCMS) is the best place to start. Workflows help to integrate compliance tasks into employees’ daily tasks, so staying compliant becomes an easy habit to master. They provide greater control for everyone since pre-agreed processes are standardised across the firm. Workflows also provide peace of mind to COLP, COFA, MLO and other business stakeholders that nothing is missed, and best practice is always followed.
Osprey Approach provides over 50 pre-templated workflows that can be edited and configured to meet practices’ needs. Pavilion Row, a York-based law firm specialising in wills and probate, successfully uses Osprey’s automated workflows to ensure compliance, as Operations Director, Nicola Houston, explains, “Workflows ensure we’re being consistent. In all areas of the business, we use workflows for the key compliance tasks during the file opening process to ensure that we’re doing all the appropriate checks and we’re not missing anything.”
2. Streamline data collection to reduce errors
The data you collect, store, and use is at the core of all your compliance and regulation requirements and ensuring its accuracy, accessibility, and security needs to be a priority. This begins by streamlining your data collection process to guarantee that the data you put into your PCMS is valuable and reliable.
The best way to streamline data collection and avoid human-error from rekeying data from paper files or client emails, is for your clients to input directly into your case management system. This not only speeds up the process and reduces risks but also provides a more convenient service to clients who can securely log on to their client portal and complete online questionnaires. Osprey enables you to create customised questionnaires that can be shared with clients, at any stage of a case, via the web portal, so the responsibility of data capture lies with the client.
When completed online, data is collected and stored centrally in your case management solution to be used again in future letters or documents without the need for copy and pasting. The same can be done when collecting other types of data such as signed documents, proof of identity, or bank statements. The collateral is collected once online and stored centrally for future reference.
3. Digitise client onboarding to improve due diligence
Provide an easy and convenient service to your clients and ensure compliance by digitalising your client onboarding using a secure, integrated web portal. There are several moving parts and key compliance actions involved in onboarding a new client; standardised processes that utilise a client portal is an effective way of keeping data and documents centralised while ensuring tasks are completed on time.
You can also speed up your client due diligence formalities by reducing data duplication and utilising electronic signatures and digital verification checks. Osprey Approach integrates with leading e-signature tool, DocuSign, meaning you can get your client letters signed in hours, not days. Osprey also integrates with InfoTrack, which offers a suite of digital client onboarding and verification checks to further streamline your onboarding processes.
4. Data protection
As the case of the law firm fined under GDPR has shown, data security needs to be a top priority for all practices. Regardless of whether staff are working in the office or at home, there shouldn’t be any difference in the way that your firm accesses, protects, and processes its data.
Using Osprey Approach’s practice and case management system (PCMS) as an example, the use of strong passwords with two-factor authentication (2FA) is required as standard practice. It is worth noting that the firm fined for a data breach had failed to implement 2FA.
Regardless of whether you’re accessing files via the Osprey app on the move or from your office, you can be confident that your data is hosted securely in our UK data centres, which are ISO27001 compliant. Osprey also has features to ensure GDPR compliance such as data retention dates, erasure requests and client access functionality.
5. Gain visibility to increase control
When your data is connected and easily accessible, compliance officers are in control and can proactively monitor operations to resolve any potential breaches and non-compliance before they become an issue for the firm. Proactively reviewing processes reduces potential investigations, complaints or claims, and subsequently removes both the financial and reputation costs associated with those challenges.
Powerful reporting tools help firms gain visibility so you’re always one step ahead. Firm-wide reporting provides management-level insight that drives improvement, so you can perform at your best and easily show the steps your firm is taking to mitigate risk. Osprey Approach aids your COFA, COLP and MLOs with their compliance monitoring obligations. Key data sources and reports can be produced more easily which helps to alleviate the pressures of accreditation applications such as CQS, WIQS and Lexcel. Lengthy application processes can be reduced when your data and documents are organised and accessible.
A final word
Compliance affects and involves every area of a law firm, and that’s why there is no single way to stay compliant – but implementing best practices into daily workloads and having better visibility of performance provides control.
To mitigate the risk of receiving a hefty GDPR fine, it’s vital that your firm embeds compliance regulations into the fabric of the business. By embracing technology solutions to connect and integrate tasks, they can be easily implemented into your team’s daily workload, so they become a habit. When effective compliance habits are formed across the firm, your clients and staff gain reassurance and confidence in the operational success of the business, whilst your fee earners are freed up from manual tasks to focus on value-added work that builds client relationships.
Ben Kellet is Product Advisor & Workflow Developer at Osprey Approach. His extensive knowledge of the industry helps to shape and optimise Osprey’s software solution, workflows, and services to ensure their suitability and effectiveness for the modern law firm.