Yearly Archives: 2016

Conveyancing theft reported as biggest cybercrime problem for law firms

The SRA have yesterday published figures that have shown that email hacks of conveyancing transactions are the most common cybercrime in the legal sector, with £7m of client losses reported in the last year.

Three-quarters of cybercrimes reported to the SRA in the 12 months are some form of “Friday afternoon” fraud. This involves criminals modifying emails directly, usually by hacking into the email system of an individual.

They then alter the client’s emails to the solicitor or vice versa, altering bank details so funds go to the criminal. The majority of cases involve conveyancing. Such scams often take place on a Friday, as this is the time that completions often take place, while it also buys criminals time to avoid detection.

Firms must inform the regulator if they lose client money or information, but the problem and size of losses may currently be under-reported. Other research has shown that a quarter of firms have been targeted by cybercriminals, with nearly one in ten resulting in money being stolen.

The SRA are reminding firms to ensure they report such cases. By sharing information on cyber attacks, the whole legal sector can work together to be as safe as possible.

The regulator is taking a constructive and engaged approach, particularly if firms take steps to make good any losses to the client, and are looking to learn from the incident. The SRA’s report, IT Security: keeping information and money safe, is targeted at helping law firms manage the risks of cybercrime by offering advice on the latest trends, so they can protect themselves and their clients. The report stresses that as most cybercrime involves some form of deception, firms should protect themselves by focusing not just on technology but also people and training.

Paul Philip, SRA Chief Executive, said: “Cybercrime is now the most prevalent crime in the UK. Cybercriminals are not just after money but sensitive information, so law firms are an obvious target. It is the job of firms to take steps to protect themselves and their clients’ money. That means training staff and staying vigilant, as well as maintaining up to date technology protections. We all know threats in this area change rapidly. By working together to share information on the latest cyber attacks, we can help the legal sector stay safe, protecting firms and clients.

“Conveyancing fraud can see people lose their life-savings. We also want to see firms making sure their clients are aware of the risks. For instance, we would recommend that people avoid sharing bank details over email, or transferring money before confirming the source of any request.”

The report can be found here:

Go to the report

Professional indemnity insurance research undertaken by the Law Society shows that a quarter of firms have been targeted by cyber criminals, with nearly one in ten resulting in money being stolen. The research is available here:

Go to the research

SRA warns law firms about investment schemes

The SRA has repeated its warning to the profession about involvement in high-yield investment schemes.

A warning notice has been published telling solicitors about the risks of involvement in such schemes after a number of reports were received of law firms being linked to potentially fraudulent incidents where clients have lost substantial amounts of money. The warning reiterates a previous notice from September 2013, as well as a notice issued last year on allowing client accounts to be used as bank accounts.

Those operating dubious schemes seek the involvement of solicitors to give their scams an impression of credibility or security. Investors believe that because a scheme uses a law firm, and monies are paid through a law firm, it is a genuine investment and they will receive the returns they are promised.

Some schemes are also used by money launderers, with funds paid into client accounts by investors before being transferred to the operators.

SRA Chief Executive Paul Philip said: “The involvement of law firms in dubious investment schemes is not new. We have disciplined many solicitors because of this, and some have been prosecuted and imprisoned.

“This is not the first time we have warned the profession about such schemes. We will continue to deal quickly and decisively with any solicitor who becomes involved in them.

“Fraudsters have certainly paid attention to our warnings and adapted their schemes to avoid suspicion. Solicitors asked to use their client account, or any other account, for this purpose should be extremely careful. In normal circumstances, there is no good reason for investors to pay money to a law firm which could be paid direct to an investment company.

“Firms should also remember that, even if they are acting for an investment company, they have a duty not to take unfair advantage of others.”

The SRA are carrying out further analysis of cases involving solicitors and high-yield investment schemes in light of this increase in reports and have promised to share these insights, as well as issuing further information to highlight this risk directly to the public, in due course.

The warning notice can be seen here:

Go to the warning notice

The notice from 2013 can be seen here:

Go to our 2013 warning

The warning notice on allowing the client account to be used as a bank account can be seen here:

Go to the 2014 warning

Bogus firms problem not going away as numbers double since 2012, says the SRA

The SRA is advising law firms – and the public – to be vigilant, with reports of bogus firms doubling since 2012.

In its annual Risk Outlook report launched today (25 July), the SRA caution that bogus firms and cyber security continue to be widespread issues for the legal sector.

Bogus firm reports to the SRA have doubled since 2012 to more than 700 per year in 2014 and 2015, with almost half of these involving criminals copying the identity of an existing law firm. Bogus law firms can directly target the public, or genuine law firms with a view to deceiving them into sending money or information. Earlier this year the SRA launched a law firm search to help people confirm whether a firm is legitimate.

Likewise, a quarter of firms have also been targeted by cyber criminals, with nearly one in ten attacks resulting in money being stolen. In the Risk Outlook, the SRA stress that firms must understand that protecting themselves is as much about people and training, as is technology. Most cybercrime involves an element of trickery such as the use of fake emails or phone calls to access information such as passwords.

The report highlights one of the newest of these tricks, CEO fraud, where senior law firm figures are impersonated and staff, such as people in the accounts team, are ordered, often by email, to transfer money to pay an invoice. Such scams often take place on a Friday, so as to give the criminals more time to avoid detection.

Also for the first time, the SRA are showcasing access to legal services as a key risk. Research shows that only a third of people with a legal problem seek professional advice. And only one in ten will take advice from a solicitor or barrister.

Paul Philip, SRA Chief Executive said: “Many of the risks we are highlighting will be familiar to those in the legal sector. However, this does not make them old news – the challenges around areas such as cybercrime are changing rapidly and require constant vigilance. Well informed staff and good processes are just as important as antivirus systems in staying cyber secure.

“We want to see firms proactively making sure their clients are also aware of the risks in this area. For instance, we would recommend that people avoid sharing bank details over email, or transferring money before confirming the source of any request.

“We also know there are far too many people who either cannot afford, or choose not, to access legal services, with 63 percent saying they do not think legal advice is affordable. We are reforming the way we regulate to free up solicitors, and open up the market to healthy competition. We want providers to respond by playing their part in creating new, more affordable services that respond to the needs of the public and small businesses.”

The Outlook highlights seven priority risks including money laundering, protecting client money, and a diversity in the profession.

The SRA also publish Risk Outlook updates on specific areas of interest. The next update is scheduled for Autumn 2016 and will be on the implications of Brexit for law firms.

SRA updates Handbook with new consumer credit regime

The SRA has published the latest version of our Handbook, which includes changes to the regulation of consumer credit work.

Version 16 of the Handbook – which sets out the rules and regulation for solicitors in England and Wales – marks the beginning of a new regime for consumer credit. Transitional arrangements put in place by the Financial Conduct Authority have ended. Solicitor firms are now covered by our regulation as long as the consumer credit activities they carry out are central to the legal services they are provide.

Firms carrying out consumer credit work that cannot rely on our regulatory arrangements should have sought separate regulation from the FCA or stopped this activity. Further information on this area is available here:

Go to the consumer credit page

The other change to version 16 of the Handbook involves simplifying the process of approval for firms. The rule requiring firms applying for authorisation to explain what reserved legal activities they will be carrying out has been removed. That will make it easier for new firms to obtain authorisation, and support flexible business models.

Paul Philip, SRA Chief Executive, said: “We have been working on the changes to consumer credit for two years. The new arrangements have been developed in conjunction with the profession and are a proportionate approach.

“The change in authorisation rules is yet another step toward removing unnecessary bureaucracy that does nothing to protect the public interest. We have already removed more than 40 such rules in the last two years, and we are committed to doing more. Part of that is our wider Looking to the Future review, which will produce a shorter, simpler handbook, free up solicitors to work flexibly and make it easier for the public to know what to expect.”

The SRA is due to consult on wider changes to simplifying the Handbook in the summer. The Handbook can be found here:

Go to the Handbook

SRA launches new online database

The SRA has launched a searchable, online law firm database as a first step to improving access to information about the 10,000 plus law firms it regulates.

Law firm search allows anyone wanting to use a law firm to check whether it is authorised by the SRA. The service provides limited firm data, such as contact details, but does not include disciplinary or service information.

The SRA says that it is embracing the Government’s Public Data Principles by making information on the firms it regulates freely available to all re-publishers, for example comparison websites.

Paul Philip, SRA Chief Executive, said: “We know that consumers look to regulators for authoritative and reliable information. Open data is not just about transparency and availability—above all, the information we provide has to be useful.

“We want to help people to make informed decisions when buying legal services. This first step makes our basic data freely available but we are looking at how best to open up access to more information.”

The data is updated daily and is free to access, re-publish and share. Prior to this service, the SRA provided data directly to comparison websites that met the criteria set by the Legal Services Consumer Panel.

A web service for data re-users is scheduled to be launched in April.

SRA warns solicitors over personal injury fraud

The SRA has issued a warning notice on potential fraud in personal injury cases, reminding the profession of its obligations.

The notice has been issued following publication of a report by the Insurance Fraud Task Force in January, calling for more to be done to ensure solicitors were not involved in bogus insurance claims. The SRA has drawn up a list of areas where there may be concerns for solicitors dealing with personal injury work and is asking firms to make sure they are fully compliant.

These include:

  • Cold calling
  • Breaching the ban on referral fees
  • Acting on instructions without client approval
  • Paying damages to third parties
  • Bringing claims without clients’ knowledge

The SRA has also produced a series of case studies highlighting how these issues can arise in practice.

Paul Philip, SRA Chief Executive, said: “As we said in January, insurance fraud is a serious matter and we welcome the Task Force’s report and its recommendations. We have made good progress on combating financial crime, but we know we have more to do.

“In particular, we want to remind solicitors of their responsibilities when conducting personal injury work. The consequences of failing to adhere to the Code of Conduct could be severe both for the client and to the profession.

“We will also be carrying out a comprehensive review of the personal injury market this year and that will contribute further to our understanding of this area of the market.”

The warning notice can be found here:

Go to the warning notice

The SRA’s response to the Insurance Fraud Task Force report can be found here:

Go to the SRA’s response