5 Ways to Run a Compliant Law Firm
Maintaining compliance is a must for any firm that wants to keep their clients happy, avoid issues with their bar association, and run an ethical, efficient practice. The stakes are high in the legal industry, where violations can result in disciplinary actions, including sanctions and even disbarment. To avoid this, law firms must be dedicated to setting up processes and operations to ensure they adhere to compliance requirements.
Focusing on a few key elements can make sure your firm is running up to speed with the many rules and regulations demanded of it.
1. Centralize Recordkeeping
Data and records are important for any company, but for law firms, keeping proper track of these documents goes beyond reasons related to business success. Centralizing them in one location makes it much easier to ensure compliance.
Conflict Checks
Checking, evaluating, and resolving conflicts of interest are required in any intake process. With so many rules dedicated to the topic, it’s clear attorneys should be paying special attention to the task.
During the check, you’ll be looking for any ties between the prospective client and your connections that could prevent you from representing them in their best interests, including:
- Conflicts with concurrent clients with adverse interests
- Conflicts with successive clients with adverse interests
- Conflicts resulting from non-client relationships
It’s crucial to run a check not just against clients, but against all of your contacts. Doing this manually opens up the potential for risk, so you’ll want to use a technology-based search mechanism that can identify possible conflicts. In this search, you should be able to easily see how these individuals relate to your case.
To conduct the search and make sure the full breadth of potential conflicts is included, you’ll need to have all of your records in one location. Shuffling through papers, spreadsheets, and emails is a sure way to spend unnecessary time and miss key connections that would preclude you from representing a potential client. Most legal practice management systems offer a comprehensive conflict check system, so keep all your data and contacts in one system to take advantage of this tool to efficiently and effectively check for conflicts.
Matter Trust Ledgers
Matter trust ledgers, or client trust ledgers, track of all the transactions related to a particular matter including debits and credits. As far as compliance goes, trust accounting is at the top of the list when it comes to the most essential (and most complicated) areas to be aware of. To ensure trust accounting compliance, you need to have a solid handle on these ledgers in order to avoid violations such as commingling of funds or over-drafting.
Cross-checking this information across multiple tools means you’ll be open to risk as you won’t be able to prevent these types of issues due to the nature of human error. However, if you house all this information in one system, you’ll be able to ensure the financial records are up to date and client trust accounts are being maintained properly. Otherwise, the process of avoiding mishandled accounts will involve having to check information in multiple locations, then relying on individuals to catch, correct, and avoid any mistakes.
Audit Trail for Billable Activity
The majority of activities will wind up on a client invoice and there will inevitably be times when a client questions the amount. To avoid a client dispute and the possibility of having to lower the bill amount or your client not paying, you’ll want to be able to clearly document and track where the charge in question came from. When matter data, accounting, and billing systems are separate, this can present issues in being able to create a clear audit trail for billable activity.
Smooth Communication Between Tools
Using multiple tools presents a host of concerns that aren’t present when everything is in one location. Which tools are integrated and how is the information being sent? Is the information truly related or tied to another piece of data?
An even bigger problem arises when the systems aren’t integrated, as double entry is often required to ensure the data is the same in both systems. For example, when using one program for accounting and another for billing, firms must ensure the numbers are entered correctly in both systems. When this information needs to be manually inputted, there is an increased risk of incorrect entry, which can lead to big headaches down the road when it comes time to reconcile accounts.
2. Be Proactive Toward Client Disputes
Not only are client disputes time consuming and stressful, but they can also negatively affect your reputation. Dissatisfied clients can remove you as their representation, seek legal action, or refuse to pay their bill. By thinking ahead and putting measures into place, you’ll be able to head off many of these types of client issues.
Engagement Agreement
No matter what you and your client discuss verbally, the written agreement is what matters. That said, it’s imperative to lay out from the start what they can expect. Managing expectations, such as the scope of work and the billing arrangement, can prevent conflicts and ethics complaints down the road.
Stay in Contact
Even if there is no update to provide, keep your client in the loop. It doesn’t need to be extensive communication, but don’t go silent because there’s nothing to report. These types of status reports are a necessity between billings.
By reaching out to your client, you’re letting them know they’re still on your radar and that their case is actively being worked on. It’s helpful to find out how your client prefers to communicate, whether by text, phone, or email. Getting in touch through their preferred method will help solidify your relationship.
Detailed Billings
Clients want to know what they’re paying for, so simply listing the case name, the number of hours worked and the charge isn’t going to cut it. Spell out the work that was done and be sure to include any waived charges or fees. Send out your invoices in a regularly scheduled manner—you don’t want to surprise your client with three month’s worth of charges.
Adhere to Deadlines
A missed deadline can damage a client relationship beyond repair and also get you in trouble for legal malpractice. There’s a lot to keep track of within a matter, including discovery deadlines, the statute of limitations, filing deadlines, and more. It can be helpful to use a specific tool to manage your due dates and set reminders to make sure everything is completed when it should be.
Learn more about preventing client disputes in Five Ways to Avoid Client Disputes.
3. Always Be Prepared for an Audit
The highly regulated area of trust accounting is one of the most important compliance areas for law firms and also where the most violations occur. There are many detailed rules and requirements surrounding these accounts, so law firms need to be thinking about their proper management as if an audit was taking place tomorrow.
Knowing what’s expected is essential in order to pass an audit. Do you know what data or reports are needed and how far back they’ll want to see? You’ll also want to have a solid understanding of what you should and shouldn’t do when it comes to trust accounts, as the Bar Associations have maintained that being unaware isn’t an acceptable excuse for improper handling.
To stay fully compliant, utilize tools that not only prevent you from mishandling trust accounting funds but also make it easy to produce the necessary reports for an audit. Legal-specific practice management tools come with built-in safeguards to block you from committing common trust accounting mistakes. They also provide ways to create required trust accounting reports with the click of a button, such as three-way reconciliations.
For more information on how to properly handle trust accounting, take a look at Trust Fund Accounting Dos and Don’ts.
4. Securely Handle Client Data
Law firms are constantly entrusted with personal, privileged information from their clients as part of their role. Protecting this data is a critical requirement and firms should take adequate steps to be able to show a good faith effort was made to protect this information in the event a breach occurs.
Internal Policies
Human error is one of the leading causes of data loss and data breaches, so no matter how strong your firewalls are or how excellent your IT department is, you need to have policies in place to prevent an inadvertent incident.
Enforce using strong and secure passwords, which according to the National Institute of Standards and Technology (NIST) means using 8-64 characters and avoiding common words and phrases. Make sure employees aren’t leaving passwords lying around on sticky notes or in a Word Document. Instead, support using a password manager, a tool that is managed by one master password and holds all passwords in one location, applying them as needed.
To add an additional layer of protection, require two-factor authentication, where the user must enter a code sent to another account or device to verify their identity, wherever possible. Provide regular training on common threats such as phishing and ransomware and provide what steps they should take if they find themselves subject to these schemes. This should be an ongoing, regularly scheduled training given the frequent changes in technology and the approaches hackers take to gain access to data.
Should these policies still result in a breach, you need to have data back-ups available so you can get up and running quickly. If all of your data is completely wiped because you only had a singular instance of it, you could be facing legal malpractice suits for not taking adequate due diligence to prevent an avoidable situation. Implement the 3-2-1 plan to best protect your firm’s data which includes:
- 3 back-ups of the data
- 2 local copies on different types of storage
- 1 off-site location back-up
Vendor Management
Law firms often rely on experts and outside vendors to help fulfill needs such as managed services, document storage, and e-discovery. As part of this interaction, data is often sent to these vendors and frequently includes personal identifying data or otherwise privileged or confidential information. Firms can’t control how their vendors operate, but they still need to reduce the risk of a breach from third-party vendors as much as possible.
To mitigate the chances of a data breach and resulting compliance violation, law firms must evaluate their vendors’ current setup, procedures, and policies for any possible risks. This includes encryption, their data back-ups and redundancies, and who has access to the data.
Storage & Sharing
To keep your data fully safeguarded, it should be encrypted when it’s being stored or at rest to limit any security leaks. This means that even if someone does hack your system and gain access, they’ll only see a scramble of characters.
When sharing confidential information, don’t rely on email. Information sent through email isn’t encrypted and could be intercepted by a third party. Instead, look to a secure document transfer option, such as that offered through a client portal by many practice management programs.
When storing and transferring confidential information, you should be knowledgeable about the rules surrounding personal identifying information (PPI). Some states have specifically enacted statutes that require any companies that do business in the state to encrypt their data in an effort to protect their citizens. This information needs to be adequately protected not only from an ethical perspective, but also to comply with regulatory obligations.
5. Have Checks and Balances in Place
A key step in ensuring your practice is running up to compliance standards is to have solid checks and balances in place. Some information may warrant having a second pair of eyes review as well. These processes, as well as the additional review, take some time but are far less costly than a compliance violation and the resulting consequences.
Be Aware
Lawyers are ultimately responsible for any compliance issues, regardless of who in their office committed them. Even though many law firm tasks aren’t being handled by the lawyer themselves and rather being completed by internal and external staff, the liability still falls on the firm. For all of these key responsibilities, you should have a process in place to make sure everything is being completed in a compliant manner.
Take for example the role of the bookkeeper. There have been countless cases of embezzlement and fraud in the legal industry, which can be a disaster when client funds are involved. Regular reporting and routine updates can help ensure the day-to-day is going well while verifying bank statements and spot checks of records and receipts can make sure proper bookkeeping is taking place.
Having a secondary individual check these important pieces also helps make sure that, should someone leave or be unable to perform their job, someone else would be able to pick up where they left off. If these essential roles remain unchecked, there could be a mess of mistakes and errors for the next person to clean up. By staying involved in each part of the firm, it creates a well-oiled machine that’s running compliantly.
Avoid Double Data Entry
As we talked about earlier, double data entry significantly increases the risk of error and takes up unnecessary time. When data is stored in two different programs or tools, it can be impossible to make sure the records match. With financial records the reconciliation reports can help to pinpoint a discrepancy between the two data sets, but information such as client details and time and cost entries are much harder to track.
Routine Verification
There’s a fine line between making sure items are being reviewed routinely for accuracy and staying efficient. Pre-bill review is one area where it can be helpful to have someone look these over before they’re sent out. Many firms have this bill review phase where timekeepers review entries for accuracy and any necessary adjustments.
During the review invoice discounts, finance charges and other items are assessed. In looking at these invoice level additionals, think about how your firm calculates them and if they’re verified. Someone should be scanning them to track their possible misuse, even if it’s unintentional.
Client cost analysis is also an essential item whose review can help limit any financial mishandlings or mishaps. Take a look to make sure all matter related costs have been billed to the client and also collected. Income review ties into this as well, presenting another area for concern that can be checked to see what was collected, how long it took to come in and more.
You don’t want to take up all the time of your or your staff handling these, but set a consistent schedule to check-in.
Maintaining Compliance
Even though most lawyers didn’t become one so they could worry about compliance requirements, it’s a critical part of the job and can’t be avoided. By creating awareness and putting mechanisms into place to avoid non-compliance you’ll be setting up your firm for success and avoiding significant headaches down the road. These processes lower your liability and may even lower your insurance rates as well – an extra benefit!
Coordinating all of these pieces can seem daunting, but many of them can be handled by a legal-specific practice management tool. These programs incorporate features designed to head off potential missteps, such as trust accounting overdrafts, and keep all of your information in one central location to make it easy to handle the necessary compliance-focused tasks accurately. They also provide a way to create a clear audit trail, both for client billing and potential internal or financial audits.
Maintaining compliance isn’t optional and law firms need to take a proactive approach to making sure all appropriate precautions and steps are taken in an effort to avoid potential violations.