Working in Risk & Compliance: Bea Berry
At AJ Fox Compliance, we work with thousands of candidates and have seen a huge array of different paths into the world of law firm risk and compliance. So, we're speaking with risk and compliance professionals who arrived in this space in various different ways, discussing the paths they took, and why.
We spoke to Bea Berry, Risk & Compliance Advisor at Stevens & Bolton, who fell into this rewarding career path by chance and chose to stay!
There are so many different paths in to Law Firm Risk & Compliance. What was your path like? How did you first find out about this career path? Why did you take this path?
I did an Events Management degree and spent 7 years working in corporate hospitality. Deciding I wanted to change career and pursue law, I completed the GDL and LPC and was looking to gain experience in a law firm. I applied for typical roles - legal secretary, paralegal, training contracts, and came across a legal compliance role. I applied and fortunately landed the job!
I therefore fell into Risk & Compliance by complete chance (like many) and didn’t know much about the industry. At the time, I thought it would be a good stop gap before qualifying as a solicitor, but my eyes were opened to a whole new field of work that I have developed a real passion for. Risk & Compliance offers an exciting, fulfilling career path with ample progression opportunities.
Would you recommend the path you took? Why, or why not?
I am really grateful for my time in hospitality as I developed many transferable skills. Completing the GDL and LPC provided a solid foundation of legal knowledge, which has proved useful when needing to quickly get to grips with queries received from different practice groups. Prior experience of reading legal documents and jargon has also been helpful but I feel strongly that a legal education is not fundamental to a successful Risk & Compliance career.
I would be surprised to hear anyone say they had always dreamt of working in compliance when they grow up! I would love to see more general awareness of Risk & Compliance careers as there are many degrees and work backgrounds that would be a great fit for the industry.
What do you enjoy about working in law firm risk and compliance?
The highlights for me:
- The sheer variety of work I get to be involved with means limitless learning and development opportunities.
- To feel I am making a valuable contribution to the firm, by implementing or refining mechanisms that enable the business to be compliant and operate with confidence.
- Making a positive difference to the wider community by proactively combatting against the threats of the most serious and damaging organised crimes.
- Exposure to all practice areas, departments, and other third parties. I really enjoy working with a range of different people.
What skills do you think are needed in order to be a good risk and compliance professional?
It depends on the role. For example, an AML or conflicts analyst demands specialist knowledge and advanced investigative skills. As an adviser, my role requires a much broader scope of general knowledge – anything from application of SRA Codes to Accounts Rules, from data protection legislation to money laundering regulations, or from policy reviews to contract work (the list goes on!).
Key skills in my opinion:1. Be comfortable with change (and prepare for it) – compliance obligations are constantly evolving, so keeping up to date, monitoring market developments and how they may impact a firm’s operations is essential.
2. Communication (cliché, I know) – Risk & Compliance is a business support function that filters into every area of a law firm. The ability to collaborate well with different teams is imperative to driving a positive culture of compliance awareness. Lawyers in particular are under increased pressures of their own.
3. Be pragmatic – the sheer spread of Risk & Compliance means there are often many projects to juggle simultaneously, which can be overwhelming. It is important to be organised and evaluate what needs doing today and what can progress slowly in the background. The all-important ‘risk-based approach’ should not only apply to work delivery, but also to workload.
4. Research – regulations, legislation and other legal documents must be read in detail (there’s no escaping!) to be able to interpret and apply them to a different set of facts in every case. There is rarely a black and white answer available, so the ability to understand what is required and problem-solve with your risk hat on is a key skill.
What are the current challenges facing risk and compliance professionals?
The commercial spotlight on compliance practices is intensifying, it has never been more important to ensure your firm has its ‘house in order’. Key themes include having robust AML controls, cyber and data security, third-party risk management/integrity and establishing a resilient compliance culture. The breadth of risk elements to consider and uncertainty on how the compliance landscape may change is challenging.
The regulatory environment is becoming increasingly complex and fast paced. For example, 2022 saw an unprecedented volume and speed of sanction regimes imposed following Russia’s invasion of Ukraine. The UK Government and other regulatory bodies are ramping up scrutiny of compliance efforts and we are seeing greater enforcement powers being granted and exercised against organisations that fail to demonstrate compliance. Legislation and guidance are continuously being issued to help support certain initiatives, but allocating sufficient resource to translate changes or updates into engrained processes can present capacity challenges.
The ever-changing nature of regulations is certain, but what they might entail and command of businesses is less so. A current example of this is in the data protection sphere. The UK’s long anticipated overhaul of its data protection regime could significantly impact a law firm’s data obligations, particularly if its EU adequacy decision is threatened as a result. Globally, data privacy frameworks are evolving, with many countries either reviewing existing models, such as Australia – or implementing comprehensive data legislation for the first time, seen in China and some states of America. India, however, recently scrapped its planned privacy bill entirely. This illustrates the difficulty in tracking privacy movements across multiple jurisdictions that affect a law firm’s ability to manage cross-border data transfers.
An exciting era of technological advancements also brings a level of uncertainty. New legal work streams are being generated as the use and management of digital assets and currencies become more mainstream. New technologies, such as DLTs, have the ability to transform the way legal services are delivered altogether. Gaps in legal and regulatory guidance can make navigating digital innovation more difficult from a risk perspective.
What do you find most exciting about your job?
Being instrumental to change and improvement.
What do you find least exciting about your job?
Most jobs carry a level of admin and some compliance requirements are very procedural – anyone working in Risk & Compliance knows that if it isn’t recorded, it didn’t happen!
What is the hardest part of your job?
Sometimes not having enough hours in the day.
Is working in risk and compliance what you expected it to be? Is there anything that has surprised you?
It is not at all what I expected. I was under the misconception that the words ‘Risk and Compliance’ meant rules, rules and more rules – yawn! But it is anything but dull. The diversity of work has been a welcome surprise, not to mention its value in facilitating ethical work which is really important, not only to me, but increasingly to law firms’ prospective employees, clients and even suppliers.
Get all the latest Law Firm Risk & Compliance news in your inbox with our free monthly newsletter. We're here to keep you in the loop!