All posts by Yasmin Robinson

Encouraging trends identified in one-year review of SRA’s transparency reforms

The availability of more online information about solicitors and law firms is already making a difference as people start use it to help with decisions about accessing legal services.

Approaching one year on since the SRA Transparency Rules came into full effect, independent research commissioned by the regulator has also found that most firms surveyed said they were publishing the necessary price and service information.

Crucially only 10% of consumers now say, with access to information on price, that they believe instructing a solicitor may be an unaffordable option for them. This compares to more than half presuming this was the case in the past.

At a time when Covid-19 is potentially creating a challenging environment for many businesses, and the public are increasingly shopping online, nearly a third (29%) of law firms also said they recommend proactively publishing more online information as a good way to help win new clients.

The transparency rules were first introduced in December 2018 and further elements came into force in November 2019. The rules mean that all regulated law firms must publish price and information on their websites about certain common legal services, such as conveyancing. Firms without websites should make the information available in other formats.

Firms also have to publish their complaints procedures and display the SRA clickable logo – which proves the practice is genuine and shows people what protections are available to them if they use that firm.

Paul Philip, SRA Chief Executive, said: “Currently only one in ten people who have a legal issue are going to professional providers such as solicitors for help. We know that a lack of easy to find information about the services law firms’ offer and the cost of those services is part of the problem.

“So it is really encouraging to see that, although it is still early days, people and small businesses are looking at the information now available and finding it useful, particularly as they think about the type and costs of the service they need. In these difficult times and with more and more of us relying on shopping around online, it is also welcome that many firms see publishing information as an important part of winning new clients.”

Further key findings from the research included:

  • 77% of the public find information now available online is useful in helping them find and choose potential legal providers
  • The final decision on who to instruct is then ultimately based on experience, recommendations and reputation in 83% of cases
  • 68% of firms said they are now publishing the required information on services and prices, with 90% saying they are displaying the clickable logo

While a majority of firms declared they were following the new requirements, the SRA’s sampling of law firm websites suggests others might need more help in understanding fully all that they are required to publish.

Feedback from consumer groups and other stakeholders also suggests that some firms need to do more to make the information they are publishing more easily accessible for the public, for example by removing legal jargon and presenting information in plainer English.

The one-year review of the transparency rules is the first report published as part of the SRA’s commitment to a five-year programme of evaluation to review the long-term impact of the reforms we introduced alongside the new Standards and Regulations reforms.

A summary of the one-year report, which includes the external research conducted by IRN Research, can be found here:

Go to the report

AML – Updated list of high risk third countries

Under the Money Laundering Regulations firms are required to apply enhanced due diligence on clients and transactions from countries identified by the European Commission as having a high risk of money laundering (“EU Commission High Risk Third Country List”).

From today (1st October 2020), the following countries have been added to this list: Bahamas, Barbados, Botswana, Cambodia, Ghana, Jamaica, Mauritius, Mongolia, Myanmar/Burma, Nicaragua, Panama and Zimbabwe.

The following countries were removed from the list on 9th July 2020: Bosnia-Herzegovina, Ethiopia, Guyana, Lao People’s Democratic Republic, Sri Lanka and Tunisia.

Given the regulatory focus on AML systems and controls, it is important to ensure that your firm’s AML policy is updated to reflect the new 2020 EU Commission High Risk Third Country List. Equally, the changes should also be reflected in your firm’s AML systems, processes and procedures when onboarding new clients and acting for existing ones. For example, the AML risk level you have historically assigned to a client may need to be revised.

The list of high risk third countries is now as follows:

  • Afghanistan
  • The Bahamas
  • Barbados
  • Botswana
  • Cambodia
  • Democratic People’s Republic of Korea
  • Ghana
  • Iran
  • Iraq
  • Jamaica
  • Mauritius
  • Mongolia
  • Myanmar
  • Nicaragua
  • Pakistan
  • Panama
  • Syria
  • Trinidad and Tobago
  • Uganda
  • Vanuatu
  • Yemen
  • Zimbabwe

Solicitors urged to respond to frozen asset list if needed

Solicitors have just over month to check the latest HM Treasury Consolidated List of asset freeze targets to make sure they are not holding monies belonging to a client that is subject to financial sanctions.

HM Treasury has given anyone who is holding frozen assets until 16 October 2020 to submit a report to the Office of Financial Sanctions Implementation (OFSI).

Sanctions are an important foreign policy and national security tool and solicitors should be aware of their ongoing responsibilities. The profession needs to comply with financial sanctions in place in the UK and to report frozen assets and other relevant information to OFSI immediately.

Juliet Oliver, SRA General Counsel, said: “Solicitors should be aware of their obligations under financial sanctions legislation and make sure they are not helping anyone with dubious funding streams. This risk exists for every single solicitor and law firm, whether conveyancing on the high street or handling global transactions.

“We would urge all of you to look at the review and, if a client is listed and you hold any of their assets, make a report as necessary.”

All completed reports should be emailed to ofsi@hmtreasury.gov.uk using the template on the GOV.UK website, which also feature more information on financial sanctions.

Greater than ever need for law firms to remain cybersecure

With Covid-19 meaning huge numbers are now working remotely and carrying out both personal and business affairs online, a new report has highlighted the need for law firms to remain extra vigilant over the threat posed by cybercriminals.

The SRA’s Cybercrime Thematic Review takes an in-depth look at 40 incidents of cybercrime reported by law firms to the regulator over a three-year period. While not all resulted in financial loss, the cases reviewed did collectively see more than £4million stolen by criminals. These figures do not include the wider impact and costs the crimes had on both law firms and their clients.

The review, which considered incidents that occurred between 2016 and 2019, found that law firms and legal transactions were still a common target for cybercriminals. Two of the larger firms visited reported that they were targeted by hundreds of different cyberattacks every year.

Most of the firms visited said they were aware of the dangers posed by cybercrime and felt that the most important factor in defending against it was the knowledge and behaviours of their staff. Despite this, the SRA still found that only around two-thirds of staff in the firms they visited claimed to be ‘knowledgeable’ about cybersecurity and IT issues, with some senior figures even unable to answer basic questions about terminology.

Although human error was identified as their biggest risk, more than a quarter of firms visited did not have adequate cybersecurity policies and controls in place, while a fifth did not provide specific training on IT and cybersecurity.

Paul Philip, SRA Chief Executive, said: “It will be some time before the implications of the Covid-19 pandemic for the legal sector are fully understood, but we all know that millions more people than ever before are working from home, be they law firm employees or clients. That means the need for everyone to remain cybercrime vigilant has never been higher. Law firms should make sure that they have effective cyber security policies in place, and, crucially, that everyone in the firm understands and follows these day-to-day.”

Good practice identified during the visits included the widespread use of anti-virus software, two-factor authentication for many sensitive interactions, regular backing up of data, and nearly a third of firms holding specific cybercrime insurance.

However common incidences of worrying practice included:

  • More than half of firms allowed external USB sticks to be plugged into company devices
  • Two firms were using out-of-date Windows operating systems, with a further 16 using systems soon to become unsupported
  • Firms did not necessarily report/know when they had to report incidences of data theft to the Information Commissioner’s Office

In April the SRA published dedicated Covid-19-themed cyber security advice and Q&As.

The thematic review, published today, can be found here: Go to the thematic review

New report highlighting dubious investment risks leads to warning for solicitors

Law firms have once again been warned about the need to be vigilant when advising on investment schemes, as a new report published today highlights examples of poor practice which is leaving people at risk of falling victim to dubious schemes.

The report looked at past cases where law firms had been found to acted on behalf of sellers of potentially dubious investment schemes. It found that in more than half (63%) of cases, solicitors had failed to carry out proper due diligence on those who ran the schemes, with no checks carried out at all in 20% of cases.

The SRA also found that firms working on such schemes were too often focusing just on the interests of the scheme promoter and were failing to properly protect the interest of the consumers.

Following the findings of the report, and with losses reported to the SRA linked to dubious investment schemes over recent years running into hundreds of millions, the SRA has issued a new warning notice to the profession. This notice further updates previous warnings issued in 2013, 2017 and 2019.

The latest warning notice makes it clear, among other issues, that solicitors must watch out for:

  • Transferring funds through their client account, without the transactions being connected to any underlying legal work
  • Doing no real legal work and legal fees are being generated when they are not necessary
  • Dubious or risky schemes being presented as routine conveyancing or investment in “land” when the reality is very different
  • Schemes labelled as for example mini-bonds, but are in fact speculative investments promising a high return and the buyers’ money is not being used in the way the seller it says it will

Paul Philip, SRA Chief Executive, said: “Dubious investment schemes result in very significant financial losses for consumers and we will continue to take robust action where we find solicitors are involved. While most solicitors would never willingly participate in such schemes, those that do, whether knowingly or not, lend a veneer of credibility which sellers can exploit to help persuade people that their offer is legitimate. Not only does that harm those who buy into these schemes, it undermines confidence in the profession as a whole.

“Our new review looks at the types of schemes we are seeing, what sort of firms get involved and how that happens. It sets out how schemes change and who they target. We are also publishing an updated Warning Notice. In my view, these are required reading for all firms.

“Importantly, we know that dubious scheme operators look at the warnings we and other regulators issue and adapt accordingly. Solicitors must never be complacent – stay up to date, do your due diligence and if in any doubt, do not get involved.”

The report looked at a sample of 40 cases where a solicitor’s involvement in dubious investment schemes had reported to it up to 2019. Based on common characteristics found among these, the warning notice has highlighted a series of ‘red flags’ which law firms should watch out for when considering investment opportunities. These include:

  • high deposits paid in instalments before exchange
  • overly complex and unfair agreement terms
  • sellers asking to namecheck firms in marketing material
  • sellers asking firms to hold buyers’ funds in their client account
  • buyers being mainly from a different country to the location of the scheme

In the last five years, the SRA has taken 48 solicitors and two firms to the Solicitors Disciplinary Tribunal for involvement in investment schemes, resulting in 16 strike offs, eight suspensions and £870,000 worth of fines.

Cybercrime warning for law firms during lockdown

Law firms and their employees have been urged to be extra vigilant during the coronavirus lockdown amid increased reports of cyber attacks against businesses whose staff are working remotely.

Cybercriminals are trying to take advantage of lower levels of security brought about by increased remote working, IT challenges, and the different mindset people may have when working from home. The SRA has received specific reports about law firms being targeted. In one such example criminals attempted to create a standing order for £4,000 a month from a firm’s client account.

With huge numbers of law firm employees working from home, possibly for the first time, the SRA has published information at the start of the month advising firms on key cybersecurity issues. Law firms and solicitors handle sensitive information and large amounts of money, so are an attractive target for criminals.

Paul Philip, SRA Chief Executive, said: “Cybercrime is a priority risk for the legal sector and it’s not going away during the Covid-19 pandemic.

“Criminals are always looking to take advantage and they know that security arrangements are likely to have changed as people move to homeworking. Several agencies have reported a spike in cyberattacks and we are beginning to get reports from firms that have been targeted.

“We have published information for law firms on the risks during lockdown, and I urge everyone to be particularly vigilant at this time.”

The SRA’s coronavirus cyber security information includes targeted advice from the NCSC and has a useful checklist for firms to reassure themselves about eliminating risks. The advice is part of wider support for the profession during the coronavirus lockdown that includes answers to common questions around Accounts Rules, completing proper due diligence and renewing indemnity insurance.

The NCSC has this week launched a Cyber Aware campaign to help keep workers and the public safe.

NCSC’s takedown services have already removed more than 2,000 online scams related to coronavirus in the last month, including:

  • 471 fake online shops selling fraudulent coronavirus-related items
  • 555 malware distribution sites set up to cause significant damage to any visitors
  • 200 phishing sites seeking personal information such as passwords or credit card details
  • 832 advance-fee frauds where a large sum of money is promised in return for a set-up payment

You can also read Action Fraud’s warning for small businesses based on coronavirus confusion.

Covid-19 and preventing Money Laundering/Terrorist Financing in Legal Practices

The Legal Services Affinity Group, of which the SRA is a member and includes regulators across the UK, has drawn up more detailed guidance below on dealing with anti-money laundering compliance during the coronavirus pandemic.

Legal Sector Affinity Group (LSAG) – Advisory Note

Legal practices and practitioners should be aware that criminals will continue to operate throughout, and look to take advantage of, the Covid-19 outbreak. This includes laundering the proceeds of crime and terrorist financing, so it is important that everyone is aware of the changing risks.

Legal Sector Anti- Money Laundering (AML)/ Counter-Terrorist Financing (CTF) supervisors understand the particular challenges currently facing legal practices and practitioners. This includes the difficulties associated with undertaking customer due diligence (CDD), including appropriate levels of identification and verification (ID&V) – particularly where clients cannot be met face-to-face.

Please note legal practices and practitioners in scope of The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (as amended) (the MLRs) must still comply with their statutory requirements at all times.

However, in line with a risk-based approach, the MLRs provide flexibility in the application of their requirements. There exist options for practices seeking to comply while also observing requirements such as social distancing.

Risks that may arise due to Covid-19

As well as changes to how we live our lives, Covid-19 is also changing the economy. An economic downturn may make legal practices more susceptible to financial difficulties or other pressures, which creates risk and potential weaknesses for criminals to exploit. As the UK economy enters a period of uncertainty, practitioners and practices should be particularly alert to the following risks in new or prospective customers:

  • Being asked to work with unusual types of client or on unusual types of matter
  • Resistance from a client regarding compliance with due diligence checks, for example being pressured to forego necessary due diligence checks or to “speed up” the process.
  • Becoming involved in work that is outside of the practice’s or practitioner’s normal area of experience/expertise – without full understanding of the money laundering and counter terrorism risks associated with the new area of work
  • Any attempt to gain access to your client account where not accompanied by the provision of legal services
  • Transactions where the business rationale for the transaction is not clear.

Always ensure that you are comfortable as to your understanding of the matter, including its purpose and why it is happening in the particular way it is happening.

Identification and Verification

ID&V, is often undertaken in person, on the premises of the legal practice using suitable identification documents. This can provide a strong level of assurance, but this may no longer be possible in the current circumstances and you should consider what risks this may create.

An inability to conduct in person ID&V does not mean you cannot complete CDD, but you may need to consider using other methods that give you the necessary assurance that the person is who they say they are.

Practices and practitioners are reminded to adopt a risk-based approach, taking into account the contents of their practice-wide risk assessment, policies and procedures (and where necessary updating them) and the circumstances of individual clients/matters. As an alternative to face-to-face documentary verification, legal practices and practitioners may adopt or further utilise electronic means of ID&V where appropriate to the risks present in the client/transaction.

Such methods may include (but are not limited to) using independently or in combination:

  1. Digital ID&V services that meet the requirements of the MLRs (R28(19) – “secure from fraud and misuse and capable of providing an appropriate level of assurance that the person claiming a particular identity is in fact the person with that identity.”)
  2. Gathering and analysing additional data to triangulate the evidence provided by the client, such as geolocation, IP addresses, verifiable phone numbers etc.;
  3. Verifying phone numbers, e-mails and/or physical addresses by sending codes to the client’s address to validate access to accounts
  4. Using live and/or recorded digital video (many reliable and free options exist for this) of the customer showing their face and original photo identification documents so that you can compare them to a scanned copy of the same document (e.g. passport or driving license).

No matter what ID&V service or procedure is used, the responsibility to make sure the ID&V is undertaken correctly, is with the relevant practitioner and practice. If you are placing reliance on others to conduct CDD under Regulation 39, e.g. an instructing solicitor or accountant, you should ensure that you understand how they have adapted their CDD procedures to the different circumstances.

Make sure that you keep a record and evidence of the processes you follow; for example, of any video calls you make.

These methods alone may not be appropriate or sufficient where the money laundering and terrorist financing risks inherent in the particular client or matter are greater. In higher risk situations, further verification (including verification of source of funds/wealth) will likely be required.

Where you need to update ID&V records for existing clients, you should not rely on old ID just because you cannot currently meet them face-to-face.

Further, information and advice may be available on your Supervisors website. You are also referred to the HM Treasury approved LSAG Anti-Money Laundering Guidance for the Legal Sector (March 2018) and LSAG Key Changes Document issued January 2020.

Digital Identification and Verification Services

If you are considering whether to use a digital ID&V service, you must carefully consider whether it provides the assurance needed. In order to make this judgement, you may have regard to the Financial Action Task Force (FATF) guidance on Digital Identity (PDF 107 pages, 4.1MB), particularly recommendations 22-27 in the Executive Summary (PDF 8 pages, 347KB) as summarised below.

  1. Understand what the service actually does i.e. what checks is it doing and what databases is it checking, if any.
  2. Take a risk-based approach to relying on the service including understanding the assurance level provided and that it is appropriate to the risk.
  3. Understand whether the service provides levels of assurance and how these may be appropriately used in different circumstances.
  4. Consider whether using the service,  negates the idea that all non- face to face transactions are high risk.
  5. Use anti-fraud and other cyber security processes to support the service.
  6. Engage with the service provider to ensure the practice has access to the information it may need to prove its compliance to its supervisor or to law enforcement.

Another important consideration is whether the service has attained any accreditation or certification from any of the bodies listed in Appendix D of the FATF guidance (PDF 3 pages, 235KB).

Other issues to Consider

Government guidance and requirements will also require practices to reconsider other aspects of their compliance, including training. Training may be deliverable remotely or via digital means (e.g. via webinar) and you should consider what adaptations your practice can make to ensure compliance while staff are working remotely.

You should consider whether your policies, controls and procedures remain appropriate and whether they need adjustment to reflect what you or your practice is doing. If your CDD or EDD processes change then you should consider updating your Practice-Wide Risk Assessment, any matter risk assessment, and relevant policies.

If staff are working away from the office, you should ensure they have access to the necessary CDD documentation to be able to consider the risks of any client or matter.

If you are using digital video or photography to support your CDD, or obtaining other personal information, you should obtain consent from the data subject for the capture and storage of this information and have due regard to data protection requirements.

If you are requesting that personal or sensitive information be sent by email or other electronic means in support of CDD, due consideration should be made to the associated information security risks. You should consider and record the necessary steps to mitigate such risks (e.g. encryption).

If you have questions about whether a specific ID&V method is allowable or any other aspect of the above, contact your supervisor. If necessary, obtain independent legal advice from an experienced legal practitioner.

It is not for your supervisor to provide specific legal advice and/or confirmation on the application of the MLRs. You are required to satisfy yourself on your legal/regulatory obligations under the MLRs and that you have complied with them.

While care has been taken to ensure that this Advisory Note is accurate, up to date and useful, members of the LSAG will not accept any legal liability in relation to this Advisory Note (which has not been HM Treasury approved).

Client care in times of COVID-19

These are stressful times for all of us. As everyone is scrambling to reorganise themselves and get work done, forward thinking may well take a back seat. As it becomes more and more evident that COVID-19 will continue for some time, having a strategy in terms of client service is essential.

Below are some points you may wish to consider when it comes to maintaining good levels of client care:

Updates

Keep clients and potential clients updated via your website. Explain what they can, and cannot, expect during this period in terms of operating arrangements. Things will change from day to day and your website is a great means of updating people, as are social media channels such as Twitter and LinkedIn. Explain to clients, for example, what your arrangements will be if their fee earner is sick. Manage expectations in terms of the fact that there may be breaks in service. 

Manage expectations of existing clients. Maintain contact on individual files, even with holding emails.

More broadly, you should also consider how best to inform clients so they are aware work is happening outside the office and what safeguards in respect of confidentiality you have put in place. This gives clients the opportunity to raise objections if they have concerns.

Identify service areas most likely to be severely impacted

If you have not already done so, consider doing a “heat map”. Think about the legal services that you offer, and which will/could be most affected during this period. For each firm this will be different. Focus your business continuity planning on the areas most severely impacted.

Client lifecycle

Consider at what points in the lifecycle of different work types the service to the client is going to be most impacted and what you can do to mitigate that impact. It may be that on-boarding is one of the greatest points of impact. Are there other ways that you can “meet” clients, e.g. via Facetime, Skype or Zoom, to enable them to have the experience of meeting you without being in the same room. If you rely on documentation for AML, could you switch to electronic identification? We need to be aware that criminals will continue to exploit the situation.

Identify areas that may experience increased demand

Think about any services you provide that might experience a surge in interest. Do you have the capacity to manage a surge? You might want to contact commercial clients and explain how you can help them through this time. You might also need to determine your policy on declining new instructions if circumstances mean you do not have the capacity to take on more work.

Complaints handling

If you experience significant numbers of absences (even from remote working), consider whether you will be able to deal with complaints effectively. Again, the issue is about managing expectations. If those investigating complaints cannot access files remotely, how could you get files to them? Keep complainants informed and LeO, where matters have been referred to them.

Keep updating your plans as circumstances change

Senior managers should confer very regularly to monitor the impact of the virus and to keep staff informed of the actions the firm is taking.

Manage your risk

In times of stress and where large numbers of staff work remotely, there is a risk that compliance standards may drop. Concern has already been expressed about the mental and emotional impact on staff of new ways of working in response to the virus, e. g. the challenge of working whilst looking after children at home and caring for sick family members. Keep reinforcing the “business as usual” message in terms of compliance with internal policies and offer points of contact for queries and reassurance.

Record your decisions

The SRA have said that you should keep records of the actions that you are taking to ensure compliance and manage your firm’s exposure to risk. It may become vital for you to proof at a future point that you have thought about the issues and taken appropriate action.

Remember, you are not alone. Our team of compliance specialists is here to help you through this. Call or email us if you require assistance, such as:

  • advising on your firm’s new risk management measures and preparing a detailed record of the changes you have made to the way you operate and how compliance risks are being managed;
  • contingency planning – helping you determine your response to the virus;
  • producing communications for your employees and clients;
  • support for staff who are working from home and need guidance on internal policies and procedures;
  • remote training on data protection and confidentiality, anti-money laundering and the SRA Standards and Regulations in the context of remote working;
  • remote file reviews and other compliance checks;
  • assisting with practical risk management.

 

COVID-19 – Advice for safe home working

As the UK Government moves to slow down the spread of the COVID-19 virus and following yesterday’s guidance, many of you will now be asking your staff to work from home or are looking to introduce increased home working.

It is of course important that any devices used for remote access are password protected and encrypted, with a fully updated anti-virus system in place and up-to-date security software.

At the same time though, in what are unsettling and stressful times for everyone, staff may easily overlook basic data protection and security measures.

Clear plans should be put in place to ensure that staff and their managers communicate effectively and appropriately. As part of this, you may wish to issue a reminder to staff of your firm’s relevant policies. This would typically include your data protection, confidentiality and ICT policies (and, if applicable, use of own devices policy). You might want to re-circulate these policies to staff and ask them to confirm that they have read them.

We suggest that you also re-emphasise the importance of maintaining client confidentiality and data security and remind staff that:

  • telephone calls with clients should not be capable of being overheard;
  • any documents printed out must be shredded (and printing should in any event be kept to a minimum);
  • secure connections must be used for accessing your systems;
  • the firm’s information should only be stored in the designated area and documents should not be stored on staff members’ own devices (unless previously permitted with appropriate safeguards);
  • they should ensure information is properly backed up;
  • the firm’s information remains the property of the firm at all times, no matter what format it is in, where it is stored or how it is accessed.

Criminals are trying to benefit from the current situation. There has already been an increase in phishing attacks. We therefore strongly advise against mixing work and personal activities on the same device. Staff should be particularly careful with any e-mails that make reference to the Corona/COVID-19 virus and be reminded to be extra vigilant and to look out for phishing e-mails and scams as attackers are trying to exploit the situation. Even if an e-mail appears to come from a known and trusted source, if there is any doubt over the authenticity of the request, it is best to verify it via other means first and not to click on any suspicious links or open attachments.

Remind staff to be very suspicious and verify the authenticity of

  • e-mails from people they don’t know, especially if they ask to connect to links or open files;
  • e-mails that create an image of urgency or severe consequences;
  • e-mails that appear to come from a known and trusted source but ask unusual things.

We also recommend that you consider your obligations regarding your insurance as you may need to notify your insurer of the change to your working arrangements.

Please do not hesitate to get in touch if you would like further advice. We will continue to remain at your disposal should you need assistance. In the meantime, we hope that you, your colleagues and families stay safe and well.

City firm rebuked by SRA over AML training failures

Top 50 firm Withers LLP has been rebuked by the regulator after failing to adequately train staff in anti-money laundering measures.

The Solicitors Regulation Authority said the firm failed between June 2017 and October 2019 to ensure employees were given regular training to recognise and deal with potentially suspect transactions.

A decision notice published today states that the SRA asked in 2018 whether staff had been trained in money laundering, terrorist financing and transfer of funds regulations in the previous year. New regulations had come into force the previous year and all firms were obliged at that stage to train staff about them. It was established that just two-thirds of relevant employees had been trained by the end of 2018. The training of the remaining one-third was completed by early October 2019.

When the SRA brought formal allegations, Withers confirmed that employees had been made aware of regulations as part of a wider review of policy, but training had taken ‘longer than anticipated’.

The firm has admitted its failing and accepted it breached SRA rules to comply with regulatory obligations, maintain public trust and train workers to maintain an appropriate level of compliance.

Opting to rebuke the firm rather than pursue any financial penalty, the SRA said the agreed sanction was a ‘proportionate outcome in the public interest’, creating a credible deterrent to other firms and showing the risk of not providing adequate training.

The SRA said there was no evidence of lasting harm to third parties, the breach had been remedied and there was a low risk of repetition. Withers’ early admissions were also taken into account.

The firm said it did take some other steps to make relevant employees aware of the relevant anti-money laundering legislation, and has now trained all relevant employees.

The firm has also agreed to the publication of the notice and to pay £1,350 costs.

(The Law Society Gazette, 16 March 2020)

We provide regular tailored AML training to staff at different levels and support MLROs with independent auditing. Please click here for further information.