Purpose: Prevent the firm entering into a relationship with unsuitable, prohibited or high-risk clients.

Workflow:
– Matter partner submits new client request in PMS/Intapp Intake
– Client name normalisation (aliases, trading names, corporate group)
– Check against internal databases (prior representations, conflicts record, closed matters)
– Preliminary risk screen: sanctions, PEP, adverse media
– Client classification: private individual / corporate / government / financial institution
– Jurisdictional review (prohibited/embargoed countries)
– Initial risk score assigned (low/medium/high)

Controls:
– Mandatory MLRO review for high-risk geographies
– Automatic blocks for embargoed entities
– Evidence stored in client onboarding record (audit ready)

Purpose: Comply with legal obligations to avoid conflicts of interest that could compromise independence or confidentiality.

Scope:
– Client conflicts
– Party conflicts
– Corporate family conflicts
– Past representations
– Confidentiality conflicts (Chinese Walls)

Conflict Check Steps:
– Conflicts team receives search terms (client, parent, subsidiaries, directors, counter-parties)
– System search across PMS, DMS, CRM and legacy systems
– Conflicts team logs all matches (positive/negative/partial)
– Partner reviews and provides context
– Ethical wall creation where required
– COLP sign-off for complex cases

Controls:
– Automated searches with alias matching
– Conflict waiver workflow for joint engagements
– Full audit trail

Purpose: Ensure all clients and relevant parties meet AML/CTF requirements across the jurisdictions in which the firm operates.

CDD Steps:
– Collect identity documents (individuals) / corporate filings (companies)
– Verify beneficial ownership (UBO/PSC checks)
– Sanctions, PEP, adverse media screening
– Employment/industry risk assessment
– Geography risk scoring
– Matter purpose assessment (nature of work, transaction type, counter-parties)
– EDD for high-risk clients: source of funds, source of wealth, business model review

Controls:
– MLRO review for high-risk cases
– Block matter opening until CDD complete
– Annual refresh for certain matter types (e.g. ongoing transactions)

Purpose: Define scope, fees, responsibilities, confidentiality and liability for each client engagement.

Workflow:
– Draft prepared by matter partner
– Standard clauses (confidentiality, liability caps, jurisdiction, billing terms)
– Conflict waiver integrated where applicable
– Client approval and signature
– Upload into DMS
– Link to matter record in PMS

Controls:
– Mandatory engagement letter before time entry allowed
– Automated reminders for missing letters
– Version-controlled templates maintained by GC team

Purpose: Create compliant matter structures in the Practice Management System for timekeeping, billing and reporting.

Steps:
– Client and matter codes created
– Workflows assigned (Litigation, Corp, Real Estate, Investigations)
– Billing structure attached (hourly, fixed, blended, contingency)
– Cost centres and reporting groups defined
– Fee earners assigned with rates

Purpose: Ensure non-standard fee arrangements are authorised and profitable.

Approval Types:
– Discounted rates
– Success fees
– Portfolio pricing
– Retainers
– Contingency agreements
– Alternative fee arrangements (AFAs)

Workflow:
– Partner submits fee proposal
– Finance reviews profitability modelling
– Pricing committee approval (for larger deals)
– Upload into PMS

Purpose: Ensure that the firm accepts only appropriate work, in line with capacity, expertise and regulatory expectations.

Criteria:
– Is the matter within expertise?
– Are there capacity/resource constraints?
– Are there red-flag risks (political exposure, sanctions adjacency, reputational risk)?
– Does the matter require COLP approval?

Purpose: Manage the full lifecycle of legal documents from drafting to archiving.

Stages:
– Drafting in DMS (iManage, NetDocs)
– Version control
– Partner/Client review cycles
– Secure collaboration and redlining
– Finalisation and execution (DocuSign)
– Retention and disposition per jurisdiction

Controls:
– Mandatory metadata classification
– Document access based on ethical wall rules
– Retention policies (5/7/10+ years depending on practice area)

Purpose: Ensure that all client and matter data complies with GDPR, CCPA and other privacy regimes.

Key Data Controls:
– PII identification and tagging
– Special category data handling (criminal, health, political beliefs)
– Data minimisation
– Client consent tracking
– Transfer risk assessments for cross-border transfers
– DPO review for sensitive matters

Purpose: Protect client PII and ensure firm-wide compliance with GDPR rights.

Responsibilities:
– Respond to data subject access requests
– Manage right-to-erasure requests
– Restrict access when required
– Maintain Article 30 ROPA records

Purpose: Prevent unauthorised data movement internally and externally.

DLP Controls:
– Email scanning for PII/privileged information
– Blocking/approval for external file sharing
– USB/block device restrictions
– Alerts to Security Operations team
– Approval workflow for exceptions

Purpose: Ensure sensitive matter files are shared securely with clients, counsel and regulators.

Workflow:
– Upload to secure workspace (ShareFile, HighQ, Kiteworks)
– Expiry rules for links
– Multi-factor authentication
– Access logging and anomaly detection
– Data room creation for large matters

Purpose: Ensure serious compliance, political, reputational or financial risks are escalated.

Triggers:
– Representing sanctioned-adjacent clients
– Criminal defence with financial crime adjacency
– PEP clients
– Government or state-owned entities
– Media-sensitive matters
– Cross-border matters in high-risk jurisdictions

Escalation Chain:
Partner → Risk Team → MLRO → COLP/COFA → Board Risk Committee

Purpose: Prevent breaches of OFAC, UK HMT, EU and UN sanctions regimes.

Scope:
– Clients
– Counterparties
– Directors/officers
– Jurisdictions
– Payments under client accounts

Controls:
– Real-time sanctions updates
– Mandatory screening for every new matter
– Escalation to MLRO for close matches

Purpose: Ensure PEP clients receive heightened scrutiny.

Workflow:
– Identify PEP or RCA (close associate)
– Enhanced due diligence (SOW, SOF)
– Ongoing monitoring for changes
– MLRO sign-off before matter acceptance

Purpose: Protect confidentiality where conflicts exist but representation is allowed.

Implementation:
– Access control in DMS
– Segregated matter workspace
– Restricted personnel lists
– Automated monitoring for access breaches

Purpose: Manage internal and reportable compliance breaches.

Workflow:
– Staff reports breach (confidential channel)
– Risk team triage (minor/major/reportable)
– Investigation
– COLP/COFA notification
– Regulator submission if required
– Corrective action plan

Purpose: Ensure accurate, timely and compliant billing.

Workflow:
– Time entry by fee earners
– Automated validation rules (narrative quality, client restrictions)
– Pre-bill review by partner
– Adjustments (write-offs, write-downs)
– Final invoice issue
– Delivery through secure channels

Purpose: Maintain complete traceability for invoice edits.

Controls:
– Logs of every adjustment
– Reason codes for write-offs
– Partner approval for large adjustments
– COFA review for non-standard items

Purpose: Ensure receivables are collected promptly and disputes are escalated.

Steps:
– Invoice aging analysis
– Reminders and client chasers
– Partner escalation for overdue accounts
– Credit risk review for repeat offenders
– Hold on new matters if outstanding balances exceed limits