Cpm21 Ltd Terms and Conditions of Business

(Version 23 – 14th August 2020)

Introduction – Experience and Accreditations

Cpm21 Ltd (cpm21) are experienced management consultants and trainers who have a practical and in-depth knowledge of the Legal & Professional Services Sector.

Leadership & Management Training & Development

We deliver effective Leadership & Management Training & Mentoring in line with the National Occupational Standards and are on the (“amber”) approved course provider list of the Welsh Assembly Government. Our training courses are aligned to the SRA Competence Statement.


Our compliance consultants are authorised by the Law Society as LEXCEL consultants or are under training and development to achieve such accreditation.

Legal Aid

Wayne Williams is a Law Society approved Legal Aid Consultant and delivers the LAA mandatory Supervisor course across England and Wales.

Quality Standard & SRA compliance

Most of our Consultants and Associate Consultants (AC) and Associate Course Tutors (ACT) are experienced LEXCEL, CQS, WIQS, SQM, LAA, SRA, OFR or Money Laundering compliance consultants and trainers who provide a high quality and friendly service.

SRA approved Training Provider

Cpm21 is an SRA approved PSC training provider and provides both in-house and external Training to Solicitors, CILEX and Licensed Conveyancers.

The terms and conditions for our training courses (delivered internally or externally) are set out on our course booking forms and our website (www.cpm21.co.uk).


We conduct business with the highest degree of professional probity and confidentiality in line with OFR outsourcing requirements and the GDPR 2018. Anything we see or hear in the firm/organisation remains confidential subject to our legal, statutory and regulatory obligations.

The instructing solicitor’s firm/organisation and cpm21 each agree not to disclose any confidential information provided by the other party during the term of any retainer or at any time thereafter, to any third party save where the law requires.

In agreeing to these terms and conditions, the client firm hereby consents to the engagement of sub-processors listed in Appendix 2

In a post pandemic world, there is an increasing use of technology for the transfer of information and files. For example, cpm21 use the ZOOM platform for online meetings, training and remote audits. The instructing solicitor’s firm/organisation should ensure that any confidential information is transferred to or via cpm21 in a secure way. If the instructing solicitor’s firm/organisation grants cpm21 and its Associates access to their own case management systems (e.g. LEAP, Osprey, SOS etc.) it should ensure that access is given via a secure system (e.g. a VPN) and that user names and passwords are communicated to us in a secure way e.g. NOT by email.

Data Protection and Privacy

The General Data Protection Regulation came into force on 25th May 2018.

We have therefore updated our Privacy Notice which is attached as Appendix 1 and can also be found on our website www.cpm21.co.uk.

When we provide you with consultancy or training services, we will inevitably collect personal data of your partners, directors and other staff.  We will assume that you have obtained the appropriate consents or have other lawful bases for allowing us to access such personal data.

As indicated in our Privacy Notice, we will store the bulk of your documents and information on Dropbox for Business which is therefore outside the EEA, namely in the USA. The EU-US Privacy Shield scheme became operational on 1 August 2016 after the European Commission issued its formal decision that the Privacy Shield provides adequate protection to allow personal data to be transferred to the United States.

Where you or your staff or third parties provide us with sensitive or special category data, we will rely on you to obtain the necessary consents e.g. in relation to medical data or diversity data.

The subject matter and duration of processing will depend on the scope of the consultancy and training that you ask us to deliver.

The nature and purpose of the processing, together with categories of data are set out in our Privacy Notice.

We will hold and process data based on legal obligation and legitimate interest.

We will sub-contract with Associate Consultants, Tutors and Administrators who will have access to the Personal Data you have shared with us. We have contracts in place with each of those individuals that include provisions with regard to confidentiality, security and privacy.

Within cpm21 access to your personal data from you as an individual or client firm is restricted to those personnel of cpm21 that need to access it to fulfill our obligations under any contract.  Appropriate “chinese walls” are in place.

We will assist firms in meeting their GDPR obligations in relation to security of processing, the notification of personal data breaches and data protection impact assessments as appropriate.

We typically hold data for 18 months after our contract with you ends.

We are happy to submit to reasonable GDPR audit and inspections provided 28 days’ notice is given.

We will co-operate with supervisory authorities such as the ICO

We will keep records of processing activities.

We have decided not to appoint a DPO, but any Data Protection enquires should be addressed in writing to Wayne Williams, our Data Protection Manager.

We do not provide any indemnity for GDPR breaches.

We take the matter of confidentiality, security and privacy of data very seriously and we have for example achieved the Cyber Essentials accreditation.


We obviously cannot guarantee that your firm/organisation’s audits, plans and projects will be successful but most of our clients achieve successful audit outcomes where they follow our guidance.

The buy-in and commitment of all the firm/organisation’s partners/directors/ members/ managers/leaders, is in our experience, critical to success.


It remains the responsibility of the solicitors’ firm/organisation to comply with deadlines and make the appropriate applications to, and obtain the necessary approvals from, the Law Society/Recognising Excellence for SQM/Approved Audit Body and to book auditors. cpm21 will, of course, assist firms with this process.

It remains the responsibility of the firm/organisation to ensure that all directors, partners, members and staff comply with its policies, procedures and processes.

Even if cpm21 suggest that the firm/organisation is ready to apply for accreditation etc., it remains the firm/organisation’s responsibility to decide if and when to submit its application.

The instructing solicitor’s firm/organisation undertakes to provide clear and precise instructions to cpm21 as to its requirements and intentions in relation to work which it wishes cpm21 to undertake on its behalf. It will provide such information or additional information as cpm21 reasonably requires for this purpose when requested.

Legal, GDPR, Tax & Financial Advice

Cpm21 does not provide legal, tax or financial advice.  Also, we do not provide legal advice on the interpretation of legislation or regulations issued by Regulatory Bodies.  The firm/organisation/individual should seek appropriate legal and/or financial advice from relevant expert advisers.

We will provide firms with general guidance, information and in-house training, to enable them to prepare for the General Data Protection Regulations (GDPR) that came into force on 25th May 2018. This may include for example updates to procedures and forms required for LEXCEL compliance. We are not qualified to offer specialist/expert advice in relation to the General Data Protection Regulations 2018 and the legal requirements that will be placed on you and your organisation as a result of those regulations. Also, we will not provide an outsourced Data Protection Officer service. You should seek appropriate advice from a legal adviser or suitably qualified specialist GDPR consultant.

We provide forms and precedents to help firms comply with the Law Society’s Conveyancing Quality Scheme.  It is for the firm to decide whether the use or completion of such forms and precedents provides adequate safeguards against negligent legal and/or tax advice on issues such as, for example, SDLT/LTT or with regard to Leasehold title and Freehold service charges etc. If not, then it is for the firm to identify any gaps and take appropriate steps to minimise risk. Cpm21 is not qualified to offer any legal, tax or financial advice.

Audits & Due Diligence

We do not carry out audits but will conduct “mock audits” (pre-audit health checks) to prepare you for a real audit or monitoring visit.

We do not provide a due diligence service. However, we may provide some initial exploratory compliance or management questions for the firm/organisation to ask with regard to strategic and operational fit. Beyond this you should seek appropriate due diligence support from an accountant or appropriate specialist adviser before proceeding.

In the course of providing guidance and support, cpm21 may be asked to comment on contingency plans e.g. on potential strategic alliances and mergers. Cpm21 is happy to provide general strategic guidance but does not provide any service, support or advice, for example, on mergers and acquisitions, and advice from specialist advisers such as accountants and specialist lawyers should be sought, as appropriate, by the firm/organisation.


It is ultimately for the client firm/organisation to satisfy itself that it is compliant with all SRA and ICO regulatory requirements.  It should also, if applicable, ensure compliance with Legal Aid Agency (LAA) contractual requirements and that it meets regulatory and contract deadlines.

It is for the firm/organisation to ensure accurate information and full disclosure is made to its Professional Indemnity Insurers, Regulators, the LAA and the Law Society etc.

It is the responsibility of the firm/organisation to ensure that they meet any application deadlines set by their audit body, the Lexcel Office, the Law Society, the SRA or the LAA.

The role of cpm21

In assisting the firm/organisation with LEXCEL/CQS/WIQS/SQM/LAA/SRA and regulatory compliance, cpm21 will typically carry out the following types of activity:

    • ·  Provide a gap analysis report of the firm/organisation’s systems against the relevant standard/contract.
    • Provide guidance and precedents to help the firm/organisation close the gap.
    • Act as a “sounding board” as the firm/organisation implements the systems.
    • Provide facilitation support at audits and monitoring visits.
    • Provide management guidance as to business planning and quality management systems.
    •  Amend and update Office Manuals if requested
    • Conduct/Assist with Appraisals.
    • Assist with Compliance Plans.
    • Assist with analysis of complaints and providing a view on root cause of such complaints and apparent trends requiring corrective action.
    • Assist with Diversity analysis.
    • Assist with File Reviews.
    • Provide in-house training.
    • Provide coaching and mentoring to staff, managers, partners, and directors

When cpm21 provides precedents forms and templates, they are provided by way of guidance only and it is for a client firm to ensure that they are tailored in such a way as to comply with their legal and regulatory obligations.

File Reviews

If we provide a file review service to your firm/organisation, then we do so subject to these entire terms and conditions and specifically subject to the following terms:

Your risk managers and supervisors remain responsible for compliance and supervision
You must ensure that you comply with any regulatory and contractual obligations you may have with regard to file review

We are not providing commentary on your files as practising or category- specialist solicitors/supervisors. We will highlight potential issues we identify in our file review notes and comments. It is for your supervisors and specialist lawyers to consider this commentary and decide whether any legal or procedural issues should be addressed by way of corrective action or training.

We will (where requested) complete a detailed trends analysis but again it remains the responsibility of the senior managers, partners, directors or members to decide whether legal or procedural issues need to be addressed by a change in procedures or training and development.

If we are asked to review Legal Aid files against either contract compliance criteria or peer review criteria we will do so with reference to the relevant criteria and guidance. However, any “score” we arrive at is only an opinion and given there is a degree of subjectivity to each type of “audit” the LAA contract managers, auditors and peer reviewers may score the files differently. In relation to “peer review” health checks we do not hold ourselves out as qualified peer reviewers in any category of law but will express an opinion based on our experience of examining and assisting firms to appeal peer review reports.

If our file review includes a review of your SRA Accounts Rules compliance, then the additional report is only intended as an alert to your COFA of potential breaches. It is not a comprehensive review of the organisation’s compliance with the SRA Accounts Rules and for that you should rely on advice and audits from your external accountants.

If our file review (or an outsourced AML “independent audit function”) includes a review of your Anti-Money Laundering (AML) compliance, we will only be checking whether your files comply with your firm’s AML policies and procedures. Any issues identified will be reported back to the relevant manager for consideration by the MLCO, MLRO and COLP. We will include in our report reference where appropriate to Law Society and Affinity AML Legal Sector Guidance. It remains the responsibility of these officers and the partners/directors to ensure that such policies and procedures are compliant with current legislation, directives and regulations. It also remains their responsibility to ensure that all staff receive appropriate training in relation to AML and Financial Crime.

Cpm21 is not qualified to offer any legal, tax or financial advice and nothing stated in or during file reviews or in resultant reports should be relied upon in relation to your obligations to provide such advice to your clients (see also the section on CQS above).

Outsourced File Reviews Process

The following process will be adhered to for the provision of Outsourced File reviews:

  1. The File Reviewer will choose files from an open file list provided by the firm/organisation for each of the selected fee earners.
  2. File reviews will be conducted on the basis of one procedural review and one substantive review per fee earner, and where the substantive review is conducted a copy of the ledger entries for the selected file must be provided to the file reviewer.
  3. Any corrective action identified will be communicated to the fee earner and their supervisor by the file reviewer, normally by email.
  4. Corrective actions will be tracked by the file reviewer, however responsibility for ensuring they are closed out will always rest with the fee earner and supervisor.
  5. To ensure closure of corrective actions, the file reviewer will need to see the file review form has been properly signed off by the supervisor who has established that the corrective action has been undertaken.
  6. After file reviews have been conducted for 3 months, the file reviewer will identify any trends and communicate them to the fee earner and supervisor. It will be the supervisors’ responsibility to determine what action is to be taken on identification of trends of corrective actions which may include:
  • ·         Informal discussion with the fee earner
  • ·         The creation of a learning and development plan
  • ·         Provision of training for the fee earner
  • ·         Discipline of the fee earner
  • ·         Liaison and reporting with the firm’s/organisation’s COLP/HOLP to determine whether the trend constitutes a series of breaches of the SRA Standards and Regulations 2019 which is either recordable by the COLP/HOLP or reportable “a serious concern” by the COLP/HOLP to the SRA.

Copyright & Intellectual Property

Where cpm21 provides (by way of illustration only and not limitation): templates, precedents, forms, training & development materials or diagnostic tools (cpm21 documents), in whatever medium (hardcopy, electronic or any other type) and whether or not bearing the cpm21 logo, then cpm21 retains the copyright and all other intellectual property rights (collectively the IPRs) in the cpm21 documents. The instructing solicitor’s firm/organisation shall not acquire any IPRs in the cpm21 documents or in the cpm21 logo. The cpm21 logo must not be removed from any provided cpm21 documents. We grant you a firm-wide perpetual and royalty-free licence to use the cpm21 documents, but they must not under any circumstances be copied to any third-party individuals or organisations or be used outside your organisation. Cpm21 reserves the right to require the instructing solicitor’s firm/organisation to return cpm21 documents to cpm21 where the instructing solicitor’s firm/organisation has knowingly breached this obligation in respect of cpm21’ s intellectual property.


Cpm21 does not hold itself out as a procurement advice expert and does not provide legal advice. It is therefore for the firm/organisation to satisfy itself with regard to procurement law and process.

It is the responsibility of the solicitors’ firm/organisation to comply with deadlines and to ensure that any tender or appeal is entered correctly on any electronic portal/or delivered in accordance with any rules and guidance published by the procuring organisation.

The firm/organisation is responsible for checking and verifying that all data on which the tender is based is correct whether internally or externally obtained, including information provided by cpm21.

The firm/organisation must verify all data received from the procuring organisation is correct based on the tender they have submitted.

Cpm21 will assist the firm/organisation, if requested, to prepare delivery plans and supporting financial budgets. Before final submission of a bid, however, the firm/organisation should have the final budget and financial analysis independently verified by an accountant to ensure, for example, that the firm/organisation complies and can continue to comply with the Financial Stability requirements of its SRA authorisation.

In the event of a price competitive tender, the firm/organisation is requested not to disclose the details of their final £price bid to cpm21 or its consultants or staff. This helps reduce the risk of any perception of conflict of interest arising.

Cpm21 obviously cannot guarantee that the firm/organisation’s tender will be successful even where we provide guidance and support.

Unsuccessful Tenders

In assisting the firm/organisation with the lodging of any appeal, cpm21 will typically carry out three stages of activity;

  1. Gap analysis of the result
  2. Highlighting potential areas of appeal (if any)
  3. Acting as a “sounding board” in the review of appeal papers prepared by the firm/organisation.

It is the responsibility of the firm/organisation to ensure that all relevant material is submitted with its tender/appeal whether or not such material is considered by cpm21

Even if cpm21 suggests that there is limited scope for appeal on a criterion, it remains a matter for the firm/organisation to decide whether or not to submit an appeal based on that criterion.

Attendance at Management Meetings

Where one of our consultants attends a management/partners/directors/Board meeting they do so only as a consultant to help structure and refine the management process.

The decisions made at those meetings are entirely those of the internal managers and our consultants will play no part in making those decisions. They will of course provide an external perspective which may assist with the decision-making process.

Grant Funding

If the firm/organisation obtains grant funding to support payment for consultancy support or training that we provide, then it is for the firm/organisation to ensure that they comply with the terms and conditions of that funding. We will provide appropriate training certificates if and when requested.

The firm/organisation remains responsible for payment of all cpm21’s fees even if the firm/organisation has to repay all or any of its funding or has their funding suspended, withdrawn or recouped.


To ensure availability of our consultants at the time your firm/organisation wants them, dates should be planned at least 4 weeks in advance. We reserve the right to substitute an equally skilled consultant where necessary.

We recognise that in running a firm/organisation there are always unforeseen circumstances which may cause re-scheduling of dates, and in those circumstances, we would endeavour where possible not to charge cancellation fees.

However, should cancellations take place within 10 working-days of the scheduled date, they may be subject to a charge of 50% of our daily rate/agreed fee and if within 5 working-days 100%.

Invoice and Payment

We usually charge for support/training in 1 day or ½ day units. 1 day’s consultancy is equivalent to 6 chargeable hours and therefore our hourly charge-out rate is normally calculated by dividing our daily rate by 6. In addition, travelling, hotel and subsistence expenses will be re-charged at cost. Mileage will be charged at 49p per mile. Sometimes we will agree a fixed fee with you e.g. for in-house training.

We will invoice you after each visit/day/event, and payment terms are payment on or before 30 days of the date of that invoice. Invoices for one-off in-house training must (except where otherwise agreed) be paid in full not later than 10 days before the training event.

We reserve the right to charge interest on a daily basis at the Statutory Rate (currently 8% p.a.) if our invoice is not paid within 30 days of the date of the invoice.

We may increase our fee rates from time to time (e.g. to reflect increases due to inflation). Any such increase will be shown in the next invoice following the increase.

Rights and Liabilities

The liability of cpm21 to the instructing solicitor’s firm/organisation under or in connection with any retainer for the provision of services, whether arising in contract, tort, negligence, breach of statutory duty or otherwise howsoever, shall not exceed a refund of the fees paid by the instructing solicitor’s firm/organisation to cpm21 in the preceding 3 months.

Cpm21 shall not be liable to the instructing solicitor’s firm/organisation for any indirect, consequential or economic loss, including but not limited to damages, costs or expenses of any description, loss of profit, business, goodwill, turnover or any other loss arising from its performance or non-performance of its obligations in connection with the agreement between the parties, and whether arising from breach of contract, tort, breach of statutory duty, negligence or any other cause of action.

This agreement supersedes and replaces any previous agreement between the parties whether oral or in writing in relation to the provision of services by cpm21. The parties agree that in entering into an agreement they have not relied upon any warranty or representation made by or on behalf of the other party save where expressly stated in this agreement. The parties agree the terms and conditions herein constitute the whole agreement between the parties in respect of services provided by cpm21 to the instructing solicitor’s firm/organisation.

During the currency of any retainer the instructing solicitor’s firm/organisation will ensure that its staff, agents and suppliers co-operate and assist the consultants and employees of cpm21 in the performance of services under this agreement, including but not by way of limitation, all necessary passwords, key codes and such information as cpm21 reasonably requires for the performance of its services.

Neither party is for any purpose the agent or partner of the other as a result of anything arising from the agreement between the parties for the supply of services by cpm21.

The parties agree that it is not hereby intended that any rights should be inferred upon, or be enforceable by, any third party as defined in the Contracts (Rights of Third Parties) Act 1999.

Storage and Retention of Documents

Cpm21 will use “Dropbox for Business” to store your documents and data.

We will normally delete your documents 18 months after we cease working for you.

We also use File Maker Pro as a database to store details of your firm and staff. The database is stored on a secure UK based server. It is used for marketing purposes including news and updates. You or your staff have the right to ask to be removed from the database and/or to unsubscribe from any e-shots.


In asking us to assist you, now and in the future, you are deemed to accept these terms and conditions and any changes, from time to time, issued to you.

We will issue you with updated versions of these terms and conditions as and when appropriate.


Wayne Williams LLB MBA,

Managing Director

cpm21 Ltd.