Building compliance through everyday habits: insights from across the profession

Compliance is often framed as rules, policies and audits, but across the fourth series of Osprey Approach’s Build Better Habits webinars, another picture emerged: compliance is shaped not just by regulations, but by the everyday habits embedded within a firm. With contributions from experts across pricing, business development, cybersecurity and leadership, one theme became clear throughout the series: effective risk management is also impacted by culture, leadership, and strategy.

Pricing habits: transparency, trust and financial resilience

The opening webinar explored one of the profession’s most enduring debates: the billable hour versus alternative pricing models. While often seen as commercial, pricing also carries clear risk management implications.

Simon McCrum, former managing partner and author, noted that rising costs and falling margins mean firms can no longer avoid difficult conversations: “Law has never been better, but the business of law has probably never been worse. Something has to change – and pricing is one area where a real difference can be made.”

Scott Simmons of Legal Balance reinforced that clients value outcomes, not hours: “Clients don’t value a lawyer’s time. They value results, expertise, and service. You can have a huge impact in five minutes and no impact in five hours.” Pricing models that fail to reflect this can distort behaviour and expectations, putting both client satisfaction and lawyer wellbeing at risk.

From a risk management perspective, clear scoping, transparent fee discussions, and confidence in articulating value reduce disputes improve cash flow, and support informed client decision-making. Consistency and clarity matter more than a single “correct” pricing model.

Business development: data, culture and oversight
The assumption that business development sits outside the governance conversation was challenged in the second webinar session, with lack of structure, measurement, and visibility potentially creating operational and reputational risk.

Lara Squires of Consortium More Than Marketing noted: “Many firms say their work comes from referrals, but they don’t actually track it. Without data, you’re guessing.” Sam Holden of Katchr highlighted that measurement is key, and tracking referrals, conversion rates, and client feedback provides both commercial insight and a clearer picture of risk.

Culture also matters. Shaun Cremins of Insight6 emphasised that effective BD starts internally: “Before we talk about clients, we need to talk about the team. Their insights, wellbeing and alignment with the firm’s goals are what drive meaningful growth.” Firms that empower individuals, encourage curiosity, and align activity with values reduce operational and reputational risk while supporting stronger oversight and governance.

Cybersecurity: embedding awareness into daily practice
With attacks on law firms continuing to rise, the panel for episode three stressed that cybersecurity cannot be treated as a technical issue alone; it needs to be a cultural and operational priority.

Gary Hibberd of Consultants Like Us described cybercrime as “organised, well-funded and strategic,” while Kerrie Machin of Mitigo Cybersecurity cautioned against relying solely on internal IT teams, highlighting the need for independent oversight. Jonathan Stock of Pure Cyber added that many incidents start with simple, preventable mistakes: “Basics like verifying callers or testing backups can prevent major incidents.”

The panel emphasised habits such as slowing down, understanding data, simplifying policies, and reinforcing awareness through regular, bite-sized learning. Firms that encourage staff to report mistakes or near-misses without fear of blame are better placed to adapt and demonstrate mature risk management.

Leadership and supervision: sustaining compliance over time
The final session explored leadership and talent, which served to highlight the role people play in sustaining compliance frameworks.

Jonathan Worrell of Barbri shared research showing that junior lawyers are motivated by purpose and development, rather than pay: “Engagement drivers aren’t about pay – they’re about feeling invested in, receiving mentoring and coaching, and having opportunities for growth.”

As AI becomes more embedded, the speakers stressed the importance of digital fluency and professional scepticism. Nusrat Siddique of Birketts noted the need for training on AI risks, including data security and validation of outputs.

Firms that develop leadership capability early, embed mentoring, and recognise positive behaviours, are better equipped to manage key person risk, succession planning, and regulatory expectations around competence and supervision.

Compliance as a natural outcome of good habits
Across all four Build Better Habits webinars, the same conclusion surfaced repeatedly: compliance and risk management are most effective when embedded in everyday operations. Clear pricing reduces friction; measured business development improves oversight; cyber awareness lowers risk; and strong leadership sustains standards.

For law firms navigating increasing complexity and scrutiny, focusing on small, consistent habits means compliance is less burdensome and more achievable — not as a separate task, but as a by-product of running a sustainable, resilient, and people-focused business.

The Build Better Habits series, which is available to watch on demand, was hosted by Amy Bruce, marketing director of Osprey Approach.