Senior business executives attending Iberia’s first ever conference on compliance, hosted recently in Madrid by Recoletos, spoke publicly for the first time about the new wave of regulation which is, some say, causing them a business headache.

Spain and Portugal – along with the rest of the European Union (EU) – are facing a wave of new regulation intended to bring greater consistency, transparency and security to the financial and corporate markets – including new antimoney laundering (AML), market abuse, data protection and corporate governance legislation, while many are also facing up to the requirements of Basel II and the Markets in Financial Instruments Directive (MiFID).

Iberian Lawyer attended Iberia's first compliance conference, held recently in Madrid, and heard for the first time how some businesses are not only sinking with the weight of the new requirements, but also how they are struggling even to define the nature of the challenge. Above all, is compliance a business issue or a legal challenge, which should fall to in-house lawyers and their external legal advisers?

If we view compliance as a legal issue, opinions differ however as to whether it is a great opportunity or merely an additional problem for the legal profession.

Birth of a new profession?

MiFID is the EU’s initiative to create a single market in financial services and will apply to all regulated markets and companies that provide investment services to third parties.

Brokers have to prove that they have given their client the best possible deal, either in terms of price or speed of execution.

MiFID introduces a monitoring methodology to ensure that clients’ interests are protected. Entities must identify conflicts (real or potential) and then manage them. In extremis, it would have to disclose them.

There are also requirements for ensuring business continuity in the event of interruptions to corporate systems, how outsourcing operations should be managed, and the need to keep all records for five years.

When MiFID comes into effect Europewide in November, it will be obligatory for financial services companies to have a designated Compliance Officer (CO). While some Iberian and international companies have introduced such a post already, to help manage compliance issues in a coordinated way, many however have not. Such a role might ultimately, for example, also extend to data protection, notably given the ramifications of recent changes to the Spanish Law on the Protection of Data (see box Data Protection below)

But as there are no formal guidelines as to who is best placed to take on the role of a Compliance Officer (CO) there are mixed opinions as to what professional background and experience a CO should hold, and even where such a position should sit.

Many suggest that basic skill sets such as organisational capabilities, strong leadership and a managerial track record are clearly required. But the individual must also communicate well and instil in management the confidence that the necessary compliance obligations are covered.

João Lourenço, Head of Legal at BCP Bank and head of the Portuguese Association of In-House Lawyers, believes a lawyer is the natural choice. “I think that for a CO, it is necessary to know the law and be able to practise the law, in particular in relation to the company’s business. The CO should be familiar both with that business and its culture, as well as being determined and technically independent,” he says.

Michael Peter, of IKB Deutsche Industriebank’s Spanish branch, however holds a broader view. “In my opinion the compliance officer doesn’t have to be a lawyer. Of course, lawyers are predestined for a position in the Compliance Department due to their knowledge of the regulatory and legal requirements, but economists, psychologists, communication science experts and IT specialists could fit the post,” he says.

But as Conchita Cornejo, of the Directorate General Treasury and Political Finance at the Spanish Ministry of Economy and Tax, observes a necessary skill of any CO is the ability to spot irregularities. Specialist knowledge is therefore important. “It would be difficult to recruit a CO for an investment company if they didn’t already know the sector,” she says.

Gloria Hernández, Director of Finance Law at Deloitte would go further, a business understanding may be more important than legal skills: “Increasingly in the market place compliance jobs are being occupied by other professionals, such as engineers and consultants. These people are familiar with setting up effective working plans and monitoring schedules.”

New approaches?

While financial services companies clearly have an immediate need for COs, the compliance function, clearly extends much farther.

For Alvaro Ejica, managing partner at ECIJA, the initial task is to gain an idea of what ‘compliance’ issues demand. “Compliance concerns three sides of a business: legal, organisational and technical,” he says. “The legal side is concerned with ensuring conformity with laws and regulations; the organisational side is concerned with how compliance affects business processes; and the technical side is concerned with how these processes are supported by technological tools.”

The future therefore lies in the ability of companies and law firms to combine their distinct technical and legal know how, he believes.

“The whole compliance process should be approached as a project, phases need to be laid down, and tasks assigned to professionals with legal, organisational and technical knowledge.”

Such an approach he says requires defined work methodologies, timetables, and the correct supervisory oversight, which extends to external legal advisers. But also perhaps clear opportunities for the use of technology to help clients “tick” the necessary boxes, and for law firms to effectively commoditise advice and processes.

The trend in the US and UK however is for companies not to manage compliance issues internally, but to look to technology to help them do so, and for outside counsel to advise when issues become significant.

Many general counsel have therefore found themselves directly responsible for the compliance function, and with a significantly extended portfolio of responsibilities – regulatory compliance is one of the fastest growing areas of in-house legal expertise.

Law firm opportunity?

Nonetheless, the breadth of compliance, data protection, and other regulation, and the limited jurisdictional expertise of in-house legal departments continue to present law firms with opportunities, say some – they just need to understand in what way.

Law firms contacted by Iberian Lawyer explained, off-the-record, that they are not quite sure how to approach the compliance “opportunity”.

“When we were first asked by a client to advise on compliance we were not sure what they meant – we had assumed that all the legal advice we were giving them was compliance,” says one Madrid managing partner.

After in-depth discussions with their clients this firm now believes that compliance is much wider, and brings a much greater challenge, than purely legal issues – incorporating regulation, business processes and best practice.

“While we can assist them, and learn more about their internal systems, I am not sure however that it will be the most cost effective or rewarding approach for either of us,” he adds.

The sentiment is a common one. While law firms are keen to handle clients’ complex, highpaying work, there is less enthusiasm for the technical know-how, or box-ticking, that many perceive compliance to be.

In addition, the broad and multi-disciplinary nature of the role also requires very different approaches to managing how their lawyers work. While lawyers are very comfortable advising businesses on data protection issues, they may not be equipped to discuss the consequential software and hardware issues with the in-house IT professionals.

Business consultants, some suggest, are best placed to handle compliance matters although they lack important legal knowledge. Also, law firms are not accustomed to adopting a holistic approach that develops and delivers a single client service across all of the firm’s practice areas.

Others however see the depth and breadth of compliance issues as a useful means of getting closer to clients, and getting to know their business better. Some therefore suggest that a useful investment would be firms offering clients compliance audits.

“Compliance presents a dichotomy, while much of the work can be routine and low level, when an issues strikes it can be very big – it can present a risk to the entire organisation, and therefore gets the attention of those at the very top. For a firm to be able to recognise and raise a potentially significant issue in advance, is clearly of considerable value,” says one Madrid-based senior lawyer.

“We believe that this type of work is indeed profitable for law firms as it constitutes an important area which affects an organisation in a horizontal way,” agrees Alvaro Ecija, “There are regulatory authorities involved with the power to impose substantial fines and sanctions when these laws and regulations are not complied with.”

In a highly unusual move, last year his firm merged with a group of IP / IT business consultants – enabling them to advise on both legal and technical aspects in tandem. Combined, the firm has also now developed a range of compliance software tools.

Law firm compliance

But compliance obligations do not only affect corporates. While Iberia’s law firms, are technically outside the scope of MiFID, the data protection, anti-money laundering, know your client and insider trading obligations, affect them as much as any other business. Many believe they will inevitably follow the global trend towards recruiting specialist compliance officers.

Cuatrecasas has recently received a lawsuit alleging vicarious liability in the collapse of the philatelic investment specialist Afinsa, which filed for insolvency in May – claims it strenuously denies.

But probably the biggest day-to-day issue facing law firms however is conflicts, yet many still do not operate rigorous avoidance systems, and the responsibility has often nominally fallen to the senior partner.

“With a simple email to partners being the most common way of researching potential client conflicts, the best solution for many firms is to have a good insurance policy,” says one Barcelona law firm partner.

And as partnerships get bigger, with offices in different countries, the compliance risks inevitably increase.

“Spain has yet to see lawyers sued on the same level as elsewhere in Europe, but as with other countries it seems likely that professional negligence will become a more specialist and growing area of law,” says another law firm partner.

With the joint and several liability of law firm partnerships, perhaps the most obvious indication of how serious firms perceive the problem, will be the number of firms opting for limited liability status – for all its tax ramifications, it is the strategy adopted now by most of the major international UK and US law firms.

Coordination

With little doubt that we will likely see more not less regulation in the way that companies, including law firms, do business, all businesses will need to consider how to manage and coordinate their own compliance, regulatory and conflicts concerns. Whether they look to lawyers to do so, remains to be seen.

“Compliance clearly presents an opportunity, especially for firms with a regional practice with offices where their clients have operations,” says one partner at the Madrid office of a UK firm. “The ability to offer a wider overview, to present areas of concern across an organisation’s sphere of operations, is of obvious value, and something I think clients particularly in the financial sector, would clearly pay for.”

The model as adopted by Ecija aims to provide both expertise and commodity-type legal and business advice in one service, but it suggests business approaches that may be inappropriate for most law firms.

It is perhaps inevitable that most firms say that they are happy with the current status quo. Whether corporations would continue to pay uniform high legal fees for what in some areas may be more process-type advice remains to be seen.