SRA publishes spring update for Risk Outlook

The spring update for the SRA’s Risk Outlook was published this week. Included in the update is information on an increase in cybercrime reports. The majority of reports received in the past have involved email interceptions in a bid to steal client money. There is now an increase in law firms reporting other types of cybercrime attacks. You can also get the latest information on other risks such as money laundering and the use of non-disclosure agreements.
Read more about: Risk outlook

SRA warns profession needs to be alert to money laundering

The SRA has today published its autumn update of the Risk Outlook and warned that the legal profession remains a high risk for money laundering, with phony investment schemes one of the biggest dangers.

The SRA produces the Outlook every year to outline the key risks that could affect law firms so that they can take action to prevent them affecting clients. The update emphasises the ongoing risks around money laundering. The recent National Risk Assessment of Money Laundering and Terrorist Financing 2017 says the legal sector remains at high risk of exploitation for money laundering. The level of risk varies by type of legal transaction, with trust and company formation, conveyancing, and misuse of client accounts being assessed as the biggest risks. The National Crime Agency’s latest Suspicious Activity Reports Annual Report meanwhile says that while the overall the number of reports has gone up by 10 percent in 2016, legal sector submissions have reduced by almost 10 percent.

The fifth Outlook, which came out in July, identified eight priority risks for the sector, including challenges such as dubious investment schemes, IT security (involving cybercrime and identity fraud) and access to legal services. The autumn update provides new information on these risks. Paul Philip, SRA Chief Executive, said: “Keeping the profession free of money laundering is in everyone’s interest. It means that we can disrupt serious crime – crime that funds everything from terrorists to people traffickers. “Solicitors have an important role to play and the majority want to do the right thing, but no one afford to be complacent. This is a high risk for the profession and we must all step up to deal with the challenge.” The new money laundering regulations place new requirements on supervisors to hold information about those they supervise. Although the SRA already holds information about the profession, they now require further information and will be sending out a questionnaire in due course.

The Outlook’s autumn update can be found here:
Go to the update
The National Risk Assessment of Money Laundering and Terrorist Financing 2017 can be found here:
Go to the assessment
The National Crime Agency’s latest Suspicious Activity Reports Annual Report can be found here:
Go to the annual report

Find a Solicitor scam – update

Law Firms are still being targeted by scammers who want to infiltrate their IT systems.
The SRA reported in March that firms had been sent emails through the Law Society’s Find a Solicitor site saying their services were required. After the firms responded, the scammers sent attachments or links to websites.

These attachments and links might have contained malware, which allows the scammers to control or undermine IT systems. Some of the emails related to the sale of a property or the purchase of a business.

While genuine potential clients might indeed send information in this way, law firms should be wary of the risks of malware infecting their IT systems, and take action appropriate to their business. At the time, nearly 500 firms had been contacted in this way through the Law Society’s Find a Solicitor.

SRA issues warning notice to PI firms handling Holiday Sickness claims

According to the Association of British Travel Agents, there has been a 500 percent increase in compensation claims for holiday sickness since 2013. The Government is considering the introduction of fixed costs for such claims.

Genuine claims for holiday sickness can of course be pursued, but the SRA is concerned that claims are being submitted without proper analysis of the evidence or understanding of the legal position.

The SRA is investigating more than a dozen firms in connection with holiday claims, including over potentially improper links with claims management companies and payment for referrals of holiday sickness claims. The SRA is also seeing firms pursuing claims without the proper instructions of claimants.

Holiday claims provide an example of the SRA’s concern that some law firms fail to engage properly, or sometimes at all, with the merits of their clients’ cases. This is of particular concern where there is evidence to suggest that the claim is false or dubious in some way. The SRA is clear in their view that lawyers should not bring cases, or continue with them, where there is a serious concern about the honesty or reliability of the evidence.

The extent to which law firms should verify their clients’ cases is risk-specific. For example, there seems to be a serious risk that many holiday sickness claims are not genuine. Examples of risk factors in holiday sickness claims would include:

  • The claim is made some time after the alleged incident
  • There was no report of the claim to the hotel
  • There was no extensive sickness amongst others in the same accommodation – see Wood v TUI Travel [2017] EWCA Civ 11 mentioned below
  • The claim comes from or involves people generating claims in the resort
  • The client’s contemporaneous report of the holiday was positive
  • The client drank or ate excessively

The difficulties of holiday sickness claims are clearly evident from the case of Wood v TUI Travel [2017] EWCA Civ 11 in which the Court of Appeal commented:

…it will always be difficult (indeed, very difficult) to prove that an illness is a consequence of food or drink which was not of a satisfactory quality, unless there is cogent evidence that others have been similarly affected and alternative explanations would have to be excluded.”

Solicitors must engage with this and properly assess all of the evidence before submitting claims.

The SRA has also seen failures to ensure that all documentary evidence is collated and analysed. The SRA has seen highly improper advice to clients to delete evidence.

In all litigation, firms must immediately inform clients of their duty to preserve evidence and require it all to be provided for the firm to review. This is a critical duty to the administration of justice, including to prevent or reduce the public cost of unmeritorious claims. Firms must of course also be rigorous in storing, retrieving, analysing and acting upon evidence they hold, including disclosure where appropriate. Claims should not be submitted until the client has been properly advised on all relevant evidence and on the merits of their case – and when the client has given clear instructions and authority, on a fully informed basis, that the case should be pursued.

A narrow approach to this by the firm is liable to be treated as ‘turning a blind eye’ which of course can lead to dishonesty findings. In Barlow Clowes v Eurotrust [2005] UKPC 37 it was noted that a dishonest state of mind “may consist in suspicion combined with a conscious decision not to make inquiries which might result in knowledge”.

These principles apply to all litigation. The impact of unmeritorious claims on the administration of justice and indeed on those who are subjected to such claims means that solicitors must not pursue them or continue with them where there is evidence that they are false or clearly unmeritorious.

If there are allegations or concerns about a case, law firms must not turn a blind eye, but instead must engage with them and objectively assess whether the case can properly be pursued.

An example of this might be allegations that claims are being generated or co-ordinated by organised criminals, as the SRA has seen in ‘cash for crash’ cases. Law firms cannot simply ignore such allegations and nor can they simply assert that they consider them unproved or unfounded. They must engage properly with them and bear in mind their duty to the administration of justice.

The SRA is concerned that firms are failing in their duties to act in accordance with the Principles and Outcomes of the Code by:

  • failing to ensure that they do not accept cases from introducers who are cold calling
  • entering into improper referral arrangements
  • bringing a claim acting without first investigating whether it is valid
  • failing to objectively assess and investigate adverse evidence
  • submitting false or dubious claims in the hope of a settlement without further investigation by the defendant
  • failing to properly identify clients and confirm client instructions
  • seeking unreasonable costs for a limited amount of work contrary to their fiduciary and regulatory duties – either from the client or the defendant

Firms who conduct cases which demonstrate one or more of these features may face regulatory action for breach of the SRA’s Principles.

The SRA’s expectations

The SRA expects that all those regulated by us comply with the Principles and Outcomes of the SRA Handbook 2011. The SRA expects that law firms and solicitors do not conduct fraudulent or questionable cases and that all costs charged to a client are explained, agreed and set at a reasonable rate.

The SRA Principles

Principle 1: Uphold the rule of law and the proper administration of justice. You have obligations not only to clients but also to the court and to third parties with whom you have dealings on your clients’ behalf (Part 1 – SRA Principles para 2.5).

Principle 2: Act with integrity. Personal integrity is central to your role as the client’s trusted adviser and should characterise all your professional dealings with clients, the court, other lawyers and the public (Part 1 – SRA Principles para 2.6).

Principle 4: You must act in the best interests of each client. You should always act in good faith and do your best for each of your clients (Part 1 – SRA Principles para 2.8).

Principle 5: You must provide a proper standard of service to your clients. You should provide a proper standard of client care and of work. This would include exercising competence, skill and diligence, and taking into account the individual needs and circumstances of each client (Part 1 – SRA Principles para 2.9).

Principle 6: You must behave in a way that maintains the trust the public places in you and in the provision of legal services. Members of the public should be able to place their trust in you. Any behaviour either within or outside your professional practice which undermines this trust damages not only you, but also the ability of the legal profession as a whole to serve society (Part 1 – SRA Principles para 2.11).

SRA Code of Conduct 2011 mandatory outcomes

You should have regard to the specific outcomes under the SRA Code of Conduct 2011, in particular those highlighted below.

Cold calling

There have been reports of introducers and claims farmers approaching holiday makers to generate sickness claims. Outcome (8.3) requires that you do not make unsolicited approaches in person or by telephone to members of the public in order to publicise your firm or in-house practice or another business. Outcome (9.4) requires you to be satisfied that any client referred by an introducer has not been acquired as a result of marketing or other activities which, if done by you, would be contrary to the Principles or any requirements of the Code.

Referral fees

Outcome (9.8) requires you not to pay a prohibited referral fee.

You should terminate any arrangement with an introducer or fee-sharer which is causing you to breach the Principles or any requirements of the Code (IB (9.3)).

Please see the SRA’s previously published guidance on the Legal Aid, Sentencing and Punishment of Offenders Act 2012 (LASPO).

Where you have a referral arrangement that is not in breach of LASPO, you still need to comply with chapters 6 and 9 of the SRA Handbook when making or receiving any referrals.

Dishonest claims and taking unfair advantage

O (11.1) provides that you must not take unfair advantage of third parties.

Acting in the following way may tend to show that you have not achieved outcomes and therefore complied with the principles.

IB (11.8) demanding anything for yourself or on behalf of your client that is not legally recoverable.

You should not pursue claims or continue with claims where you do not have the claimant’s clear and express authority to do so.

When taking instructions, you should ensure you have clear details of the client’s identity. You should analyse the evidence rigorously. No claim should be made unless there is a sound basis for the claim and you have valid instructions. You should not demand anything from a third party, such as compensation for holiday sickness, where there is no legal right to recovery.

There are now a number of reports of cases where claims have been dismissed as dishonest, leading to costs orders against claimants and even a criminal prosecution. Solicitors do not help clients by bringing claims that have not been rigorously investigated, including consideration of adverse evidence.

Seeking improperly high costs from defendants may also constitute an attempt to take unfair advantage. Submitting such a claim to the court may also involve misleading the court.

Enforcement Action

Failure to have proper regard to this warning notice is likely to lead to disciplinary action.

 

Solicitors urged to check frozen asset list

Solicitors have been urged to check the HM Treasury frozen assets review to make sure they are not holding monies belonging to a client that is subject to financial sanctions.

The review will be published on Monday (4 September). Any professional who discovers they are holding assets belonging to someone listed in the review should report this to the Treasury. Checks needs to be made by Friday 13 October 2017, with reports sent to the Treasury’s Office of Financial Sanctions Implementation (OFSI).

The request to check clients comes hot on the heels of the Treasury’s European Union Financial Sanctions Regulations 2017, which meant solicitors are now among those businesses that could face enforcement action if they fail to report information that could undermine UK financial sanctions.

Crispin Passmore, SRA Executive Director, Policy, said: “Increasingly, solicitors are being asked to make sure they are not helping anyone with dubious funding streams – being ‘professional enablers’. This risk exists for every single solicitor and law firm, whether conveyancing on the high street or handling global transactions, and each should be thinking about their responsibilities for tackling these issues.

“We would urge all of you to look at the review when it is published and, if a client is listed and you hold any of their assets, make a report as necessary. The publication of this list, the new financial sanctions regulations and the approaching Financial Action Task Force inspection are further reminders of the importance the UK and global community places on tackling terrorist financing.”

The OFSI website can be found here:

www.gov.uk/government/organisations/office-of-financial-sanctions-implementation

The Treasury has provided an example of what the Annual Review involves, which can be found here:

www.gov.uk/government/publications/annual-frozen-asset-review-and-reporting-form

Solicitors warned about PPI claims

With exactly two years to go until the deadline for mis-sold payment protection insurance (PPI) compensation claims to be submitted, law firms have been told to make sure any applications they work on adhere to the rules.

The SRA has reminded the profession of its responsibilities when helping the public seek compensation. A cut-off for such requests has been set for 29 August, 2019 by the Financial Conduct Authority (FCA).

While some PPI claims can be straightforward, some people find the process difficult to navigate, or have a particularly complex situation. Solicitors can help with the application process in these types of circumstances. However, the SRA has told the profession that the Code of Conduct obliges them to make sure the claims they work on are valid and that the advice they provide represents value for money.

Reports received by the regulator raise concerns that solicitors have:

  • acted in matters without first investigating whether there is a valid claim
  • made claims without the knowledge of the client
  • failed to properly identify clients and confirm client instructions
  • submitted false claims in the hope of a settlement without further investigation by the lender
  • charged unreasonable costs for a limited amount of work

The warning notice also reminds solicitors that they should make sure that the claims they are handling have not been brought through cold calling – where the client is approached and invited to make a claim.

Paul Philip, SRA Chief Executive, said: “Making a claim for compensation over mis-sold PPI can be confusing, and people might want to seek professional advice. The vast majority of solicitors provide a good service, helping to make sure their clients are properly compensated.

“A tiny minority however fall below the high standards we and the public expect of them. Our warning notice sets out what solicitors should and should not be doing when handling these claims. If we find evidence that solicitors have not acted in the way they should, we will take action to protect the public.”

The warning notice can be found here:

Go to the warning notice

SRA warns profession to watch language in emails and tweets

Amidst an increase in cases involving solicitors being reprimanded for their use of offensive language in electronic media, the SRA has today published a warning notice about ‘offensive communications’ reminding the profession of its responsibilities when sending emails or letters, and when using social media. The notice was issued following an increase in reports of solicitors falling below the standards expected of them.

Specifically, the SRA have warned that online comments posted in a personal capacity and which might be deemed offensive or inappropriate could be classed as misconduct if the poster can be identified as a solicitor.

According to the notice, examples of the types of behaviour include:

  • Making offensive or pejorative comments relating to another person’s race, sexual orientation or religion;
  • Referring to women in derogatory terms and making sexually explicit comments;
  • Making comments which harass or victimise the recipient;
  • Using language intended to shock or threaten;
  • Making offensive or abusive comments to another firm about that firm or its client, or to individuals who are unrepresented.

Paul Philip, SRA chief executive, said: “We expect solicitors to act at all times with integrity, including on social media and when commenting in what may seem to be a personal capacity. Public confidence in the profession is undermined by offensive or inappropriate communication and the misuse of social media can be a real problem.”

“But this is also about communication within an office or to clients. Solicitors cannot justify their conduct by saying that the communication was private, or they did not intend to cause offence, or that recipients were not offended. There is a risk that if you send an email which has the potential to cause offence and that email subsequently comes to light, we might take action.”

The warning notice reminds solicitors not only of the need to uphold the rule of law and proper administration of justice, and to act with integrity, but also to act in a way that maintains the trust the public places in the profession.

It can be found here: Go to the warning notice.

Compliance with the new Money Laundering Regulations – Where to start?

The Money Laundering Regulations 2017 have been in force since 26th June. While the SRA have said that they are taking a proportionate and pragmatic approach as firms take steps to comply with the new requirements, there is no indication of what this means in practice and is likely to be of little comfort if your firm comes under scrutiny.

Most firms will have systems, policies and procedures in place that already go a long way towards complying with the new regulations. There are, however, new obligations that require additions and amendments to your AML regime.

It is now mandatory to undertake a documented, firm-wide money laundering and terrorist financing risk assessment to identify, monitor and address weaknesses. It is the ideal way for you and other individuals throughout the firm to actively consider the risks your firm faces and the role each and every fee earner has to play in preventing the firm getting into difficulties.

The risk assessment exercise should be owned and led by the MLRO. However, involving fee earners from across the firm will lead to a better assessment of the risks facing the firm and how accurately these are currently perceived and acted upon.

The findings of your risk assessment should feed into all of your efforts and act as a reference point in reviewing your AML policy and procedures, the content of training sessions, internal controls, your matter risk assessment procedure and file auditing. You should be able to present it to the SRA on request – an additional reason for its necessity.

Whilst Regulation 18 gives you an indication of the risks take into consideration, each firm’s risk profile will be different. It is also worth considering the following questions when undertaking the risk assessment, in relation to your clients, your services, your firm and your staff:

Your clients

  • Do you act for clients who have connections with countries which are high risk for money laundering?
  • Do you meet most of your clients face to face or is there a high percentage of clients where the only contact is through email and telephone correspondence?
  • Where do your clients’ funds come from? How do you carry out source of funds checks?
  • Do you have clients that operate in sectors that, by their nature, pose a higher risk of money laundering, for example because they involve handling large sums of cash?
  • Do you act for politically exposed persons (PEPs), members of their families or close associates??
  • Do you have a fairly stable client base or a high client turnover?
  • Through what channels do you acquire work?

 

Your services

  • What practice areas does your firm operate in?
  •  How much of your work is high risk?
  • Do you act in complex or high value transactions?
  • What types of transactions do you handle?
  • Do your clients ask you to handle financial transfers unrelated to the matter on which you are instructed?

 

Your firm

  • What is the size and nature of your firm?
  • What internal systems, policies and procedures do you have in place?
  • When were your systems, policies and procedures last reviewed and updated?
  • What arrangements are in place for monitoring the firm’s compliance with anti-money laundering requirements in practice?

 

Your staff

  • What is the awareness amongst staff of your systems, policies and procedures?
  • When were staff last trained on anti-money laundering? Is training given on induction?
  • What checks do you carry out when employing a new fee earner?
  • Is any member of staff displaying ignorance or indifference to their AML obligations?
  • Is there a lack of appropriate oversight of anyone working in the firm, at any level?
  • Do you carry out “screening” of your staff (a new requirement under Regulation 21(b)), i. e. an assessment of their skills, knowledge and expertise together with their conduct and integrity?

As well as considering the risks, your assessment should also list the steps you have taken and measures you have in place to mitigate the risks.

Once the MLRO has drafted the risk assessment, it should be presented to and agreed by the partners. Your systems, policies, procedures and controls should then be amended to reflect the risk assessment, focusing in particular on the areas that present the greatest threats to your firm. All this should then be communicated to everyone in the firm.

It is important that the risk assessment is a living document which is kept under regular review (at least annually) and updated as and when material changes occur.

What else do you need to do?

  • review, amend and implement your systems, policies, procedures and controls in the light of the risk assessment;
  • ensure you have in place an independent audit function to examine and evaluate adequacy and effectiveness of policies, controls and procedures adopted;
  • make recommendations in relation to those policies, controls and procedures and monitor compliance with those recommendations;
  • implement staff screening;
  • provide training to staff on the new requirement and ensure staff are made aware of updated systems, policies, procedures and controls;
  • ensure you have adapted to the changes to the CDD regime, in particular in relation to the new prescriptive requirements regarding corporate bodies;
  • comply with new requirements relating to PEPs;
  • ensure record keeping and data protection systems, policies and procedures meet the new requirements;
  • comply with new obligations relating to record keeping and the provision of information about beneficial ownership if you act as a trustee of a relevant trust;
  • apply for approval to the SRA by 26th June 2018 if you are a beneficial owner, officer or manager of a firm (the SRA will announce how this is to be done).

SRA publishes 2017/18 Risk Outlook amongst reports that cybercrime against law firms is higher than ever

The SRA has today published its 2017/18 Risk Outlook emphasizing that there has been a record number of reports of cyber thefts from law firms reported in the first quarter of this year, with house moves the main target, according to the SRA’s latest report.

The SRA has received more than double the amount of reports of cyber theft in the first quarter of this year compared to last year, with triple the amount (£3.2m) stolen. Overall, in the last year (April 2016 to March 2017), there have been cases involving around £11m of losses.

Around three-quarters involve some form of email hacking fraud, where criminals modify emails and alter bank details so funds go to the criminal.

Around half of cases involve money being used for house moves. The National Fraud Intelligence Bureau has also reported increased risks in this area, with an 85 percent increase in theft of property deposits in 2016. Other targets for cybercriminals include inheritance money and law firm’s own money.

Paul Philip, SRA Chief Executive, said: “The threats of criminals using IT to steal client’s funds is an increasing problem. It is important that law firms develop a culture where cyber security is treated as a serious priority, and take sensible steps to warn their clients about the risks.”

New Money Laundering Regulations come into force today

The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 come into force today. This means a number of new obligations:

  • You must undertake a risk assessment, based on a number of factors such as client types, work types and geographic reach. This risk assessment must be documented and provided to the SRA on request.
  • You must set up and operate an independent audit function to monitor compliance and the effectiveness of systems.

Our experts help firms in meeting these requirements and their obligations in respect of AML compliance. We put in place systems, policies and procedures, undertake independent auditing of your firm’s systems and monitor compliance in practice. We also provide comprehensive training for your MLRO and staff at all levels.