How to improve the relationship with fee earners
Webinar summary
This session covers how compliance teams can improve their relationship with fee-earners while strengthening risk assessments. Our guest speakers talk about using a mix of technology and traditional methods, like client risk assessment forms that promote deeper thinking beyond simple checkboxes. The session also highlights the importance of open-source research, enabling compliance and fee-earners to look at a client’s risk profile in full context. It’s not just about what you know about them; it’s about what the rest of the world knows about them. Complete the form to learn more about Xapien.
Book a consultation with our team
Webinar transcript
Pearl: If we talk about pain points, I want to think about pain points related to what happens when there's an internationalisation of either the client or where that money’s coming from. From our perspective, a lot of issues might crop up around jurisdictions. Not every jurisdiction is necessarily as rigorous, regulated, or structured as the UK is. Issues can arise when controls are not as stringent as we might want them to be.
At that point, our policies, processes, methods, and forms kick in differently, and it’s about ensuring that everybody's playing ball and doing what we expect. That’s one of the things that can come up for us. With internationalisation, we often find that we start dealing with complex corporate structures, and in some cases, they can be quite circular. So another piece of work involves fee earners getting their heads around exactly who we’re dealing with, precisely who's contributing to this transaction, and where the money is coming from.
Of course, given the state of the world today, we want to ensure that we’re not acting for anyone who is a sanctioned individual. That’s our policy—there’s zero tolerance. It feels like the wrong term, but we don’t act for sanctioned individuals. We need to ensure that we’re not doing this accidentally, and not on purpose. This opens up the whole world of PEPs (Politically Exposed Persons). Yes, I know there’s been some adjustment in who's considered a primary PEP, a junior PEP, or a lesser PEP. We don’t believe in any of that. If someone is a PEP, they’re a PEP, and our process is straightforward. If this person is a PEP, we want to look at them properly and register them properly. We try to keep things simple for our people. Rather than giving leeway to think someone doesn't matter, everyone matters, and we treat them all the same.
If, during the process, we find something slightly different, then we’ll have that conversation. Oh, I should also point out that language and culture can be a pain point. Different languages and business practices can make it difficult to properly interpret, understand, and complete the due diligence process. We often need to have conversations with our individuals about this. So, I think rather than calling these pain points—because they don’t necessarily hurt—I’d say they’re more like attention points. They cause our radar to go up.
Jess: You previously mentioned that the focus is on the relationship between you and the fee owners. It's in that area where things tend to get slowed down. Similarly, the relationship between the partner and the potential client — is that one of the challenges you experience frequently?
Pearl: We spend a lot of time rapport building. We spend a lot of time on communications. We spend a lot of time having conversations and engaging with our fee-earners so when we have these conversations around what is the right level of due diligence to apply, it’s not the first time we’re talking to people.
We also have a couple of other directors and our General Counsel. Together, we make up the thread that runs our compliance department at the top of it. There’s something about saying to people, "Look, here are all your opportunities. Let’s have these conversations. Let’s build rapport. Ask your questions now, so that when we start asking questions later, it doesn’t look like we’re the 'no brigade'." If you don’t take the opportunity to have that conversation, you can be sure you’ll have to have it later. That would be where you can slow down because we’re not just going to say, "Oh no, don’t worry."
Jess: Cary, what would you say are the biggest challenges that you're facing?
Cary: For overseas clients, the lack of public registers in some jurisdictions, including the US, can be a problem. Sometimes dealing with UBOs can be difficult. But on the whole, I think the world is becoming a better place, and people are more prepared to provide information. It gets more challenging around things like the source of wealth and source of funds, particularly when dealing with extremely wealthy people in the Middle East/ Much of that information is in the public domain, so it's easier to build a picture.
When I say "build a picture," I mean you just keep going until it makes sense. If you look at the wording in Regulation 2811, you don’t need to provide chapter and verse on everyone. You need to do enough to ensure that you understand the client and where the money is coming from. Pearl also mentioned designated persons and sanctioned individuals. I think one of the biggest challenges is the risk-based approach.
What I mean by that is we're actually all very good at it, even if we don’t realise it. We're naturally good at identifying risks. There’s an educational piece around breaking down the risk factors so people can understand them in a way that applies to their everyday environment. You want to know who the client is, where they’re from, what services you're providing, how you’re going to deliver those services, and how they’re going to be paid for. That covers the five risk factors. And when you put it in those terms, you realize, "Well, actually, this isn’t that hard."
Jess: It's actually just having a full picture and understanding it like and building that up, which moves you away from tick box from clients as well.
Pearl: I was going to say that that whole concept of knowing who your client is and understanding where their money is coming from and things like that, is one of the recurring mantras we pass on to our individuals. Because we're saying to them, "You want to provide a good service; we want to provide excellent customer service—let's call it that—excellent client care." And what better information can you have than who they are, what they're trying to achieve, and how they might achieve it? That gives you the picture.
Cary talked about a picture. That picture enables you to provide them sometimes with solutions they don't even know how to ask for, without necessarily giving the impression that they're not informed. The whole idea of being their lawyer is that you can say, "Hey, if this is where you're trying to go, do you know you could do it this way?" Because you actually understand them.
And I found that when you explain it to the fee-earner consultants in that way, it almost becomes, "Oh, yeah, that's because everybody wants to do that." It becomes less about, "We have to do this because the SRA says," or, "This person says," or, "This other stakeholder says." But actually, this is what we really want to do, and this is what we're actually quite good at. It's just being able to understand that that bit is really the bedrock of very good compliance.
Jess: It helps to embed the culture of compliance. We previously discussed how lawyers wanted a go-or-no-go decision, but it's about building that understanding that it's so much more than that. Nick, I'd like to bring you in now to talk about some of the different ways we can improve that relationship. Cary mentioned open source. A lot of information is actually out there online at the moment, and it can help you build a picture of the client.
Nick: Just to reiterate, we see a huge amount of data. It grows daily, hourly, by the second, and I think it's really about truly understanding how we harness that data and ensure we present it back to our owners—your fee earners—in a meaningful way.
I think the challenge people face at the moment is the disconnect between various structured data sources, defined sanctions lists, and all these sorts of things, but also the softer view. What actually is there in open source that can help us not only understand their connection, their first degree of separation from a sanctioned party but also how to do better business with these people or companies?
The challenge that you all in compliance face is that there are so many rabbit holes you can dive down, and so many ways you can find data and compile a report. But the problem is every rabbit hole you disappear down adds more time and effort for your team and also impacts the fee earners' ability to engage the client meaningfully.
So, what we're trying to help with is giving that initial view, so that partners and fee earners can go into client engagements, win business, and have a better understanding of the client. They've surfaced things as simple as interests or hobbies, things that help with conversation. But more importantly, they help recognise real, problematic risks that are presented, even from a structured data set.
These reports are often so long and fee-earners are incredibly busy people. They can’t digest pages and pages of data. So, it’s about helping people pinpoint critical information, whether it’s a degree of separation or something else.
This is an important stepping stone because it takes the pressure off compliance from having to dig into every single rabbit hole. That’s not to say compliance doesn’t need to review, finesse, analyse, and validate the data sets. However, compliance can apply more strategic decision-making processes rather than just Googling everything. It also empowers fee earners to make meaningful decisions quickly as well.
Jess: So, there are three key benefits. Firstly, the time savings for the fee-earner. Ultimately, the firm’s resources can be applied more strategically—mitigating certain risks rather than just searching for them and saying no far too late in the process. Secondly, there's a wider business opportunity where you can drive value by providing insight from interesting hobbies or other aspects.
And finally, having all of that come together helps improve the relationship and gets buy-in from partners, which is really what this is all about, right? Trying to improve the culture of compliance. Pearl, I think you had some examples as well of how to improve the relationship, whether by building on what Nick said or sharing other examples of non-tech-enabled ways to embed that culture of compliance with the US.
Pearl: I think a good place to start is to jump off from what Nick was talking about regarding the risk assessment side of this. For us, from my perspective, the most important thing fee-earners must do is this ongoing risk assessment, right from the very beginning, as the matter progresses, and right up until the end when you say it’s all done. Regardless of which area of law you are working in.
We need a proactive, front-foot approach to risk assessment. I like the idea of having data and information that makes it easy for someone to access without having to jump around looking for it. But we must remember that we are accountable to a regulator who will not allow us to outsource our thinking, our assessment of risk, or our rationale.
We have a mixture of technology and traditional risk assessment methods, such as client assessment forms that contain segments and questions designed to challenge you to engage your thinking. We don’t just do tick boxes; yes, there is a box to tick, but there is also another box where you can explain why you ticked it. This process allows us to clarify why we believe a client or matter is medium, high, or low risk, and why a certain jurisdiction might merit greater scrutiny or more rigorous due diligence.
We conduct ongoing risk assessments throughout the process. We also provide AML training, which we are compelled to do, but we don’t just do classroom-style training. We focus on scenario-based AML training. We take people through the forms together, and I know it sounds basic, but there’s nothing wrong with reading together. That’s how most people learn to read. During these sessions, people can ask real-time questions about the actual process. This helps us understand whether people fully comprehend the training and whether they are using it correctly.
Some may have opted out because, in our area of law, we’re outside the regulated sector and might feel they don’t need to participate. However, we do not support that mindset. Thankfully, sanctions ensure everyone is involved in the process. We conduct extensive training sessions, including webinars and pop-ups. We alsp produce a lot of written material. We have a publication called *The Compliant Times*, which we issue at least twice a month, along with advisories every week. These advisories usually address something current but also include a lot of recirculation.
We aim to engage people with memorable messages like “We are not a bank” and “We don’t believe in money laundering.” These are designed to capture attention and help individuals engage with the risk assessment process. They need to know they are not alone and that there is a team available for a second opinion. I always remind people to consider both the firm-wide code and the individual code, highlighting the importance of this distinction.
Jess: It's a real mixture of impersonal advisory and some mandatory, some not. Cary, what about you?
Cary: I think one of the key things is that the compliance teams should not see dangers that aren't there. We have this habit of catastrophising everything and viewing everything as a terrible risk. While everything is a risk, it’s about how you manage those risks.
The real key is to have a dialogue between the legal teams, who have a better appreciation of the client, the work being done, and the industry in which they operate, and the compliance team, which sees danger everywhere. Together, they can come up with an appropriate solution that works for the client and the matter at hand.
Sometimes it’s a case of, “Oh my God, this person is from this jurisdiction,” and you think that’s absolutely terrible. However, when you look into the details, it may not be as severe because the risks are mitigated in ways that make the matter perfectly manageable. It’s about not overstating the risks that are present. I mentioned crossing the road, where we mitigate the risk by using the pedestrian crossing. Crossing the road is still a dangerous thing to do, but if you mitigate the risk, it becomes an acceptable risk. So, I think that’s the key thing I’m trying to drive into my team. The important aspect is that communication and dialogue with those who understand the client and the matter much more than we ever will.
Jess: Coming back to the point about open-source research that you previously mentioned, it's about communicating what data to look at and how to understand it. Again, it's about moving compliance from a tick-box exercise to building an overall understanding. Is that something that you end up coaching fee-earners on as well?
Cary: You can provide people with loads and loads of data, but they need to know, as Nick was saying, how to sort it, arrange it, and make sense of it. So it's really about knowing what that data is telling you. Sometimes, you might need to sift through a lot of data, but as you become more experienced, you're able to sort the wheat from the chaff and drill down to the data that's important to the particular client or matter you're dealing with.
Jess: Let’s talk a bit more specifically about technology within all of this and what the role of technology is. First, let’s troubleshoot some issues. Given everything we've said about understanding the full picture and your client, what can be some of the issues with wholesale tech adoption?
Pearl: It's really interesting because I've followed the whole technology debate for quite a long time and am quite fascinated by it. Right from when people were thinking about things like robots replacing lawyers and so on. This conversation goes all the way to the Risk and Compliance conference earlier this year when Chris Green was a speaker. He stood up with his phone in hand and began to look up different sorts of solutions on various matters. It was quite interesting because it was a room full of senior compliance people who had to make critical decisions and sign on the dotted line. It was fascinating to see whether they would be convinced by the answers he was getting from the device he was using at the time.
Some of it was quite exciting regarding what technology could do, while some responses were mildly scary. I really thought this was a conversation that could keep going for some time. When it comes to what we are doing, I believe there will always be aspects of technology that do things better or faster than a human being can, such as compiling data or generating insights quickly. However, there's also the human tendency to rely on technology—sometimes perhaps too heavily.
IIt's important to communicate to our people that a red flag is just that: a flag. It doesn’t mean these people are money-laundering criminals who need to be locked up immediately. It’s a mixture of saying, “OK, this is the data; this is how we understand it; this is how it works.”
I’ve always been a fan of understanding the implications of our actions. As a former adjudicator for the Law Society, I believe that before you sanction or reprimand someone, you need to ensure that you’ve taught them how to do things properly. Have you communicated what “good” looks like? For me, a big part of this involves bringing our people through proper understanding, training, and appreciation so they can effectively use the technology. We need to know that it is truly a benefit and an asset.
I think I said it earlier: if we have to sit down later to defend what happened, can we comfortably maintain our confidence, or will our voice trail off as we realise that we didn’t fully understand the situation and probably should have examined it more closely?
So, that's what I would say. I'm a fan; I'm quite geeky and like gadgets and toys. But I also believe in fully understanding what we're dealing with and giving it the weight it deserves. Sometimes, from watching a lot of Doctor Who, people think technology is doing more than it actually is. But it may also be doing a lot more than many appreciate.
Jess: So it's about the balance. It's clear where the responsibility lies and therefore the onus is on the practitioners to understand it. Carry, what's your perspective on the implementation of tech and the risks?
Cary: I wrote down the line: "Technology is a tool that you use to achieve an outcome. It's not the provider of the outcome." You still need to use these tools to get to where you need to go, but it's your own analysis that matters. That's the key thing. One of the problems that I'm sure most of the people on this webinar will see is false positives.
We've identified Pearl as a PEP (Politically Exposed Person) when, in fact, she's not a PEP because she hasn't held public office for three or four years. Therefore, she doesn't qualify as a PEP anymore. But equally, there are also instances where individuals are missed because of their status. For example, if you think of Tony Blair, he hasn't been Prime Minister for a long time, but he still holds international offices, which makes him qualify as a PEP.
These are examples of both false positives and individuals being overlooked. All these facilities and tools are great, but you still have to do that analysis yourself to understand the information provided.
Jess: I guess the regulator is looking for you to have the right systems and processes in place. The mission isn't to catch bad guys, it's to have systems and processes that enable you to do that.
Cary: The mantra is you set up a system and make sure the system works. Any system is going to stuff off at some point in time, but if you can justify the system that you have and show that most of the time it works, you're going to be fine. There will be examples where things fall through the net, but that's just life.
Jess: And applying the appropriate risk-based approach. Nick, What's your recommendation on how humans can adopt AI?
Nick: To use Cary’s technology, we built an AI tool that is very much designed to help humans better understand what's out there. The key really is that we want to help you do the heavy lifting. We can't do it all for you because there are things hidden out there that simply cannot be found by a solution. But what we do is search all of that open-source information and a load of structured data as well to help form opinions.
Taking your PEP example, Cary, there are instances where structured data simply states that they are no longer a PEP when, in fact, they hold a huge amount of data still. The system is able to generate insight into why they might still be considered a PEP, even where listings don't quantify that information. So, being able to have that interplay between structured and unstructured data in a singular body is important. I think that's where we're trying to empower the compliance team as analysts to do a huge amount of work upfront for them.
More importantly, it allows them to make strategic decisions, so that they can spend their time helping fee-earners and helping the firm better protect itself and understand the risk profile and categorisation of a client.
I think that's really important. Now, that's not to say that AI is perfect, and we do not claim that our system is 100% perfect. What we try to help the client do, though, is inform them what the next steps in the investigation may be. We will surface as much as we possibly can, but where there are gaps or where there is a dead end, say, in the Cayman Islands, you will know that you need to start looking at private registries there because you're not going to get it from open-source data.
So, we're helping push you in the right direction so that you know how to further your investigation and ensure that you capture all of the right information. There’s so much that can be done. There’s so much more that we will try to do for our client base and our future client base because we see a huge opportunity here to help you all be more efficient and empowered in your roles to help the firm protect itself.
So, there's a huge amount we can do today, but a huge amount more that we want to achieve as well, and we look forward to hearing from all of you about how we might better do that.
Jess: It's about using AI to sift through the vast constitutional information that other tooling can provide. Coming back to how to help improve the relationship. Aside from tech Pearl, you mentioned various dialogues and advisories that you set up. I think you also mentioned adding a risk management risk assessment form?
Pearl: What I found, and I’m sure any lawyers out there would probably endorse, is that nothing focuses the mind of a lawyer more than having to sign something. The minute you say, "I haven't read this," people almost have a sense of, "Yeah, I'll get there. It’s on top of my to-do list." And then when you ask, "Have you read it?" they might say, "Yeah, I kind of scanned it. I’m good with it."
But if you say, "Can you sign it, please?" suddenly it's, "Hang on a moment." They bring out the pen, and in some cases, they even bring out a ruler. There's a different kind of reading that comes with that.
So, we do have a risk assessment form, which effectively states something along the lines of this: this is the assessment that this file has been given in terms of its risk and where we think it sits. Continuing to work on the file is deemed acceptance of this level of risk and of your determination to continue to assess the risk as you go along—something of that nature. Then that form gets signed. What happens is that it’s great in the sense that it provides a moment of clarity.
Of course, our systems are centralised, so all files are opened by our central team and then worked on as the work progresses. But this form serves as a flag to indicate that I appreciate just how important risk assessment is, and I am the owner of this file. I am the person working on it, and I have my finger on what the risk level of this matter is. And, as any good compliance team would do, we conduct reviews and audits. We also perform external audits. If you have signed one of those forms, it's a little bit like when you're travelling and you get to the airport. They ask, "Did you pack this bag?" They don’t care whether you packed the bag or not; it’s just that if you say yes and something interesting turns up in your bag, it becomes very difficult to then say, “I don’t know how it got there."
So that's what this form is really about. It's about acknowledging that this is your matter. You are the closest to the client; you are the one receiving all the information, and you have access to any level of support you want. Therefore, you should be comfortable with your assessment of the risk on the matter. So yes, that is something we put in place. I’m not going to say people love it; they’re not swinging from the chandeliers about it. There are probably people trying to throw things at me through the online system. But it is a very helpful tool.
Jess: I guess it's got to be a combination. Cary, what about you?
Cary: We have a centralised business intake team that prepares the client risk assessment for the client partner and the matter risk assessment for the matter partner. Crucially, it’s a partner who signs off on these assessments. You may be an associate or a senior associate dealing with the matter, but a matter partner has to sign off on the particular matter, while the client partner has to sign off on the client and the cost.
I like the idea of people signing something. However, in a business that operates across multiple jurisdictions and locations, it can be a difficult process to manage. So, we use a technology solution for that sign-off. But I think the other thing is that I don’t like the idea of signing off, because it implies it’s done.
When it comes to risk assessment, it needs to be a living document. If we’re looking at a client now, we need to continually assess the risk of that client throughout the lifetime of the business relationship, not just for the matter in question. Similarly, with a matter, things change during a business relationship. For example, they might have told us the money was coming from Mum and Dad, but it now turns out it’s coming from this villain.
Both the client and matter risk assessments need to be considered living documents. They are dynamic; things change. Yes, it is helpful to have that sign-off, but I don’t think that should detract from the fact that the data and information need to form part of your overall ongoing monitoring under Rule 2011. I keep going on about that one, but it’s also critical in your ongoing assessment of risk. So, you don’t have that cutoff point to a certain extent. You do have a cutoff point, but because that’s how life is, you need to consider the continual risks that are present. That’s what your ongoing assessment does for you.
Jess: I guess to come to this sort of discussion about some of the benefits, though, of course, if the fee earners have a relationship with the client that they should, and that they will want to have, they've got that genuine understanding. So that should feed in, right? And as that understanding evolves, then compliance needs to be updated. I think it’s just that compliance often drops off, right?
Pearl: When I think about the number of times people have said to me, "I’ve known the person for X number of years. We’ve got an ongoing relationship. We know each other very well." These are very common positions that people hold. Of course, the nature of business is that we build relationships and we want long-term business and repeat business. I think the regulators are very clear about the potential risks when we get to know people, become more familiar with them, and establish a longer-term relationship. There’s the possibility of our judgment becoming, shall we say, softer than it might otherwise be.
Cary: I think Prince Andrew said he knew Mr. Epstein for many years but claimed he didn't know anything about what he was doing. So, I think you need to consider the fact that just because someone says they know somebody for a long time, you might know somebody, but you don’t know everything about them. It’s crucial to consider the information in the round. You know things about them, but you don’t know everything you need to know.
Jess: And I think that is an area where technology comes in. That provides third-party information and enables you to do exactly that: consider the information in the full context in which that person exists. It’s not just about what you know about them; it’s about what the rest of the world knows about them.
Pearl: I think I've heard of knowledge identification rather than verification.
Jess: It's not just verifying what they've said to you; it's actually about understanding what the rest of the world knows about them. To summarise what I've taken from you guys so far: Ultimately, it's all about providing the full picture and building up a genuine understanding of the client and the technology. Open source can enable you to do that but to embed that and a culture of compliance, it's both the carrot and the stick approach. It's like what we spoke about earlier, "Help me to help you."
Pearl: Help me say yes. That is exactly it. You might find some issues in whatever data has been collected, but saying to the fee-earner, "Help me say yes. Help me build up a bigger contextual understanding, which is why this is OK." Ultimately, then, the second sort of carrot is that figure. I hope to say, "Yeah."
Jess: By contextual understanding, it needs to be better business engagements. Good compliance equals good business, right? You understand more about the client, so you can find other ways of better servicing them. I think those are the sort of carrots that drive home. Then, as necessary, bang the drum and get signatures where you can to reinforce the fact that ultimately that's where the responsibility lies. The lawyers are responsible for truly understanding their clients. One question has come through: Can you sympathize with fee-earners seeing their compliance-related duties as just admin? OK, Pearl, you're nodding.
Pearl: Oh yes, I think one of the beautiful things about it is the sort of webinars and seminars we do. We have something called the BSRA Regulatory Toolkit, and I know we assume everybody should know what's in the toolkit, what the principles are, and all of that sort of information. But the truth is that on a day-to-day basis, when people are doing their work, they don't necessarily always remember it.
When we do scenario-based training that works through the different principles and the different aspects, we often use examples that come out of the SDT and the legal press and say, "This could be you." It really becomes more real because it's easy to see something as administrative until you see somebody like you who has been picked up.
I've showed people in the past what a regulating letter can look like. You might think it's just this one thing that happened. But when you see the number of rules and principles, and parts of the code that were breached, you start thinking this person has committed something major. I was saying to them, "Look, this is how it can go down if we don't do these things properly."
In our firm, we've got a mixture of what we call solicitors regulated by the SRA. We do have the odd barrister, but we also have people regulated by the CLC. So, as lawyers in a broader term, it really makes people focus their minds.
Jess: Yeah, sharing examples. Cary?
Cary: I understand why people think it's mean, but I don't have much sympathy for that view. I think it's really important that you know who your clients are, where they're from, what you're doing for them, how they're going to pay for it, and how you're going to deliver it. That's all good customer service. That's all about the everyday nuts and bolts of being a solicitor in an SRA-regulated law firm. I think the other thing is that the SRA for the last few years has been banging on about how they're going to be focusing on ethics. If you treat your compliance obligations as an admin nightmare, you are not really buying into your ethical responsibilities. You need to have a good think about making sure that you understand the obligations that are placed on you and the ethical responsibility that is placed on you as well.
Jess: It's so much more than just admin, so I can just tick boxes. Nick, do you have something to add on how with the right technologies you have insight that moves away from that?
Nick: It's a challenge because ultimately, how do you present that data concisely to ensure it isn't perceived as admin? I think leveraging things like AI allows you to draw together that information and summarise it in a meaningful way. There's an opportunity to support fee earners in that ability to consume data much faster. I think there's a lot that we can all do to help support that journey for the fee earners, as well as for the compliance teams because it's ultimately a firm-wide process that needs to be respected. I appreciate where fear is coming from in this question. But, ultimately, by taking on technology and solutions to help consolidate this information, it should be considered much less of an administrative burden. The time to consume, the time to analyse, and the time to ultimately review should be significantly reduced.