Monthly Archives: March 2020

Client care in times of COVID-19

These are stressful times for all of us. As everyone is scrambling to reorganise themselves and get work done, forward thinking may well take a back seat. As it becomes more and more evident that COVID-19 will continue for some time, having a strategy in terms of client service is essential.

Below are some points you may wish to consider when it comes to maintaining good levels of client care:

Updates

Keep clients and potential clients updated via your website. Explain what they can, and cannot, expect during this period in terms of operating arrangements. Things will change from day to day and your website is a great means of updating people, as are social media channels such as Twitter and LinkedIn. Explain to clients, for example, what your arrangements will be if their fee earner is sick. Manage expectations in terms of the fact that there may be breaks in service. 

Manage expectations of existing clients. Maintain contact on individual files, even with holding emails.

More broadly, you should also consider how best to inform clients so they are aware work is happening outside the office and what safeguards in respect of confidentiality you have put in place. This gives clients the opportunity to raise objections if they have concerns.

Identify service areas most likely to be severely impacted

If you have not already done so, consider doing a “heat map”. Think about the legal services that you offer, and which will/could be most affected during this period. For each firm this will be different. Focus your business continuity planning on the areas most severely impacted.

Client lifecycle

Consider at what points in the lifecycle of different work types the service to the client is going to be most impacted and what you can do to mitigate that impact. It may be that on-boarding is one of the greatest points of impact. Are there other ways that you can “meet” clients, e.g. via Facetime, Skype or Zoom, to enable them to have the experience of meeting you without being in the same room. If you rely on documentation for AML, could you switch to electronic identification? We need to be aware that criminals will continue to exploit the situation.

Identify areas that may experience increased demand

Think about any services you provide that might experience a surge in interest. Do you have the capacity to manage a surge? You might want to contact commercial clients and explain how you can help them through this time. You might also need to determine your policy on declining new instructions if circumstances mean you do not have the capacity to take on more work.

Complaints handling

If you experience significant numbers of absences (even from remote working), consider whether you will be able to deal with complaints effectively. Again, the issue is about managing expectations. If those investigating complaints cannot access files remotely, how could you get files to them? Keep complainants informed and LeO, where matters have been referred to them.

Keep updating your plans as circumstances change

Senior managers should confer very regularly to monitor the impact of the virus and to keep staff informed of the actions the firm is taking.

Manage your risk

In times of stress and where large numbers of staff work remotely, there is a risk that compliance standards may drop. Concern has already been expressed about the mental and emotional impact on staff of new ways of working in response to the virus, e. g. the challenge of working whilst looking after children at home and caring for sick family members. Keep reinforcing the “business as usual” message in terms of compliance with internal policies and offer points of contact for queries and reassurance.

Record your decisions

The SRA have said that you should keep records of the actions that you are taking to ensure compliance and manage your firm’s exposure to risk. It may become vital for you to proof at a future point that you have thought about the issues and taken appropriate action.

Remember, you are not alone. Our team of compliance specialists is here to help you through this. Call or email us if you require assistance, such as:

  • advising on your firm’s new risk management measures and preparing a detailed record of the changes you have made to the way you operate and how compliance risks are being managed;
  • contingency planning – helping you determine your response to the virus;
  • producing communications for your employees and clients;
  • support for staff who are working from home and need guidance on internal policies and procedures;
  • remote training on data protection and confidentiality, anti-money laundering and the SRA Standards and Regulations in the context of remote working;
  • remote file reviews and other compliance checks;
  • assisting with practical risk management.

 

COVID-19 – Advice for safe home working

As the UK Government moves to slow down the spread of the COVID-19 virus and following yesterday’s guidance, many of you will now be asking your staff to work from home or are looking to introduce increased home working.

It is of course important that any devices used for remote access are password protected and encrypted, with a fully updated anti-virus system in place and up-to-date security software.

At the same time though, in what are unsettling and stressful times for everyone, staff may easily overlook basic data protection and security measures.

Clear plans should be put in place to ensure that staff and their managers communicate effectively and appropriately. As part of this, you may wish to issue a reminder to staff of your firm’s relevant policies. This would typically include your data protection, confidentiality and ICT policies (and, if applicable, use of own devices policy). You might want to re-circulate these policies to staff and ask them to confirm that they have read them.

We suggest that you also re-emphasise the importance of maintaining client confidentiality and data security and remind staff that:

  • telephone calls with clients should not be capable of being overheard;
  • any documents printed out must be shredded (and printing should in any event be kept to a minimum);
  • secure connections must be used for accessing your systems;
  • the firm’s information should only be stored in the designated area and documents should not be stored on staff members’ own devices (unless previously permitted with appropriate safeguards);
  • they should ensure information is properly backed up;
  • the firm’s information remains the property of the firm at all times, no matter what format it is in, where it is stored or how it is accessed.

Criminals are trying to benefit from the current situation. There has already been an increase in phishing attacks. We therefore strongly advise against mixing work and personal activities on the same device. Staff should be particularly careful with any e-mails that make reference to the Corona/COVID-19 virus and be reminded to be extra vigilant and to look out for phishing e-mails and scams as attackers are trying to exploit the situation. Even if an e-mail appears to come from a known and trusted source, if there is any doubt over the authenticity of the request, it is best to verify it via other means first and not to click on any suspicious links or open attachments.

Remind staff to be very suspicious and verify the authenticity of

  • e-mails from people they don’t know, especially if they ask to connect to links or open files;
  • e-mails that create an image of urgency or severe consequences;
  • e-mails that appear to come from a known and trusted source but ask unusual things.

We also recommend that you consider your obligations regarding your insurance as you may need to notify your insurer of the change to your working arrangements.

Please do not hesitate to get in touch if you would like further advice. We will continue to remain at your disposal should you need assistance. In the meantime, we hope that you, your colleagues and families stay safe and well.

City firm rebuked by SRA over AML training failures

Top 50 firm Withers LLP has been rebuked by the regulator after failing to adequately train staff in anti-money laundering measures.

The Solicitors Regulation Authority said the firm failed between June 2017 and October 2019 to ensure employees were given regular training to recognise and deal with potentially suspect transactions.

A decision notice published today states that the SRA asked in 2018 whether staff had been trained in money laundering, terrorist financing and transfer of funds regulations in the previous year. New regulations had come into force the previous year and all firms were obliged at that stage to train staff about them. It was established that just two-thirds of relevant employees had been trained by the end of 2018. The training of the remaining one-third was completed by early October 2019.

When the SRA brought formal allegations, Withers confirmed that employees had been made aware of regulations as part of a wider review of policy, but training had taken ‘longer than anticipated’.

The firm has admitted its failing and accepted it breached SRA rules to comply with regulatory obligations, maintain public trust and train workers to maintain an appropriate level of compliance.

Opting to rebuke the firm rather than pursue any financial penalty, the SRA said the agreed sanction was a ‘proportionate outcome in the public interest’, creating a credible deterrent to other firms and showing the risk of not providing adequate training.

The SRA said there was no evidence of lasting harm to third parties, the breach had been remedied and there was a low risk of repetition. Withers’ early admissions were also taken into account.

The firm said it did take some other steps to make relevant employees aware of the relevant anti-money laundering legislation, and has now trained all relevant employees.

The firm has also agreed to the publication of the notice and to pay £1,350 costs.

(The Law Society Gazette, 16 March 2020)

We provide regular tailored AML training to staff at different levels and support MLROs with independent auditing. Please click here for further information.

Get ready for AML swoops – SRA

The Solicitors Regulation Authority is ’chasing a number’ of law firms which have failed to disclose the safeguards they have implemented to combat money laundering, after the regulator ordered them to do so by letter last December.

A rolling monthly programme of anti-money laundering spot checks on firms will be undertaken this year, Colette Best, the SRA’s director of anti-money laundering, told the Law Society’s annual risk and compliance conference in London this morning. The spot checks will involve the regulator calling in a batch of firms’ anti-money laundering risk assessments, with additional details likely to be required concerning a firms’ AML procedures and controls.

Where the regulator does call on a firm, she said, it will interview the firms’ relevant compliance officers, the MRO and MLCO. Best stressed that the SRA is comfortable with the same person performing both roles.

Amasis Saba, chair of the Law Society’s AML taskforce, urged firms to consider the number of suspicious activity reports they have submitted over the last 18 months. Firms need a plan to explain to regulators where their numbers are low, or they risk not being considered to be taking their responsibilities seriously, he said.

(The Law Society Gazette, 13th March 2020)