Audit

Two anonymous people discussing paperwork at a desk

New SRA Notice Warns Against Funds Missing From Client Account

The SRA has published its new Warning Notice (21 June) warns against funds missing from a firm’s client account. The SRA has made it clear shortages will not be tolerated.

Whilst the SRA hasn’t reported any sanctions decisions relating to this issue in particular recently, the warning notice outlines the risks of firms failing to quickly address a shortage.

Firms will note the relatively recent closure of Axiom Ince last year, where the SRA reported the largest shortage in client account funds of £64m.

SRA's Warnings

The SRA’s warnings are as follows:

  • Firms have an obligation to replace immediately any money missing from a client account
  • Replacement of funds is to be carried out regardless of the underlying reasons – even where there’s been circumstances beyond the firm’s control for example by way of a cyber-attack, or administrative errors or, dishonest acts by employees
  • There’s a clear duty in the accounts rules to replace a deficiency, and managers of a firm are jointly responsible for doing so
  • Firms that continue to transact with a shortfall on their client account risk using other clients’ funds to facilitate those transactions

Employee Behaviour

The SRA provides indicators when identifying behaviour amongst employees that may indicate a problem. This includes failure to deliver bills or a written notification of costs, any suggestion of over-charging, and a sweeping up of residual balances.

Steps To Take

Paul Philip, chief executive at the SRA has said: “Caselaw is very clear that the client account is sacrosanct. However, firms do report shortages on the client account for a variety of reasons. Our rules are also very clear – you must make good on any deficit promptly. A shortage on the client account presents a risk to all clients for whom you hold money.”

  • Managers are advised to immediately investigate and take action against any member of staff who may have acted dishonestly regarding the client account, and to take regular steps to monitor, review and manage risks
  • If you identify that money is missing, you have a duty to take steps to ensure it’s replaced, in full, immediately
  • If you’re a manager of the firm, you have a duty to replace missing client money from your own resources. It may be necessary for you to obtain a loan to do this. It’s irrelevant that fault may not lie with you personally
  • You need to notify your insurer. You may be able to make a claim on your professional indemnity insurance. The obligation to remedy a breach of the SRA Accounts Rules 2011 is treated as civil liability for the purposes of clause 1 of the Minimum Terms and Conditions
  • If you identify a shortage, you should report the matter to the SRA in line with your obligations under paragraph 7.7 of the Code of Conduct for Solicitors, RELs and RFLs and paragraph 3.9 of the Code of Conduct for Firms

Enforcement Action

On enforcement action, the SRA warns that failing to replace client money will usually lead to an intervention. Even if money has been replaced, it may be that an intervention is necessary to deal with what caused the problem, such as dishonesty, in order to protect the clients and the public.

Firm Closures

The SRA has also addressed the issue in the context of firms heading for closure, given this can’t happen if there are client balances remaining in a firm’s account.

The SRA has advised any firms seeking to close that they should send all client money to clients, pay counsel fees and bill for outstanding costs.

The notice adds: “If your client account has a shortage, you cannot undertake any of these actions and therefore you cannot close your firm until the shortage is replaced.”

Get in touch

At Teal, we’re here to support your journey towards compliance that works.

We understand that compliance can be a daunting word, but it’s also the key to unlocking your firm’s full potential.

Our experts at Teal Compliance are here to help. Get in touch today to explore tailored solutions and ensure your firm stays ahead of regulatory requirements.

New SRA Notice Warns Against Funds Missing From Client Account Read More »

Green sheet of paper with tickboxes, one is ticked with green felt tip

Is your law firm’s website compliant with the SRA Price Transparency Rules?

If you’re involved in managing compliance at a UK law firm, you’re probably no stranger to the SRA Price Transparency Rules. But just how compliant is your website? In this blog post, we dive into what you need to know and how you can ensure your firm meets the requirements.

Understanding the SRA Price Transparency Rules

The SRA Transparency Rules, which came into force in December 2018, marked a significant shift in how law firms should communicate pricing and service details to their clients. Instructed by the Solicitors Regulation Authority (SRA), these rules aim to improve transparency within the legal sector enabling clients to make informed decisions about their legal matters.

Covering a range of practice areas, law firms must disclose price and service information in a clear and accessible manner.  These areas include:

  • Residential conveyancing
  • Probate (uncontested)
  • Motoring offences (summary offences)
  • Immigration (excluding asylum)
  • Employment tribunals (unfair/ wrongful dismissal)
  • Debt recovery (up to £100,000)
  • Licensing applications (business premises)

Also, it’s crucial to note that even if your firm doesn’t have an online presence through a website, you’re still required to provide this information upon request in alternative formats. This ensures that regardless of the means of communication, clients have access to transparent pricing information.

What the SRA Price Transparency Rules entail

The SRA Price Transparency Rules include a multifaceted approach to transparency and accountability within the legal sector. Beyond the disclosure of pricing and service information, firms have to adhere to additional requirements to enhance clarity and trust. Alongside publishing price and service details, firms must prominently display the SRA’s digital logo on their website, serving as a visual indicator of compliance. This badge reassures clients that the firm operates within regulatory guidelines, instilling confidence in the transparency of legal fees and services offered.

Additionally, the Rules also require firms to publish details of their complaints procedure on their website. This includes comprehensive information on how and when a complaint can be lodged, both to the Legal Ombudsman and directly to the SRA. By offering clear guidance on the complaints process, firms prove a commitment to accountability and client satisfaction.

Teal’s new compliance culture services partnership

As well as ensuring such a damaging and toxic environment doesn’t exist, how can we further test and measure the true culture we have in our workplace?  

At Teal we have always believed culture to be the bedrock of sound firm management and compliance. That’s why it’s the biggest, first, and most vital cog in our six Cs of compliance. Without a good culture, the others ‘Cs’ simply won’t work. It’s the foundation from which thriving firms are possible.

That’s why Teal is delighted to be launching its partnership with Gemma Ellison and the team at Heart Leadership.

Gemma said “I started Heart Leadership after spending 15 years in legal practice and so it is a profession I understand and deeply care about. I am committed to helping organisations create healthy and inspiring working environments, which I know, in turn, leads to enhanced wellbeing and higher performing teams. Often, as we move through the ranks of our industry, we are rarely told to fully consider culture and the fundamental impact it has on the working environment of our people. I want to help change that.” 

Insights from the Year Three Evaluation

The Year Three Evaluation of the SRA Transparency Rules shed light on the full adoption of the rules. While progress has been made, there are still significant challenges that law firms must address to meet the requirements effectively.

The compliance landscape

According to the evaluation, a majority of firms reported compliance with various aspects of the transparency rules:

  • 75% claimed to provide price and service information
  • 88% displayed the SRA clickable logo
  • 88% published complaints procedures
  • 76% detailed how to complain to the SRA/ Legal Ombudsman

However, when it comes to price and service information specifically, only 42% of firms stated they published all required details. This highlights a significant gap in compliance, with more than half of firms falling short in this crucial area alone.

The reality of compliance

In 2021, the SRA took proactive steps by requiring all law firms with websites to complete a mandatory declaration confirming compliance with the transparency rules. Despite these declarations, spot checks conducted by the SRA revealed a different reality.

Common areas of non-compliance identified during spot checks include:

  • Partial compliance with certain aspects of the rules, such as publishing price and service information while omitting complaint information
  • Selective compliance with rules for specific service areas, particularly among firms with multiple websites or sections dedicated to different areas of law
  • Incomplete publication of information regarding how services will be delivered and by whom
  • Improper display of the SRA clickable logo, hindering the dynamic link to firm information on the SRA website

Ensuring compliance

Ensuring compliance with SRA Price Transparency Rules is essential for law firms to maintain trust and transparency with their clients, as well as meet their regulatory requirements.

So, how can your law firm ensure compliance with the transparency rules?

1. Review your website regularly

Regularly review your website to ensure all required information is up-to-date, accurate, and easily accessible to visitors. Keeping a vigilant eye on your online presence ensures that potential clients can find the information they need without any hassle.

2. Utilise SRA templates

Take advantage of the SRA’s provided templates for suggested text. These templates can be invaluable in identifying any missing information on your website, helping you align with the requirements of the Transparency Rules more effectively.

3. Consider user experience

Prioritise the user experience on your website to ensure that clients can easily navigate and find the necessary information. Whether through specific webpages, intuitive online quote tools, or seamless connections to price comparison sites, prioritising accessibility enhances client satisfaction.  

4. Get expert help

If you’re unsure about compliance or need assistance, Teal Compliance offers website audit services. We can provide guidance and help you navigate any non-compliance issues, ensuring your firm remains aligned with regulatory standards.

Moving forward

The findings highlight the importance of ongoing vigilance and proactive measures to achieve full compliance with the SRA Transparency Rules. Law firms must not only ensure that they are meeting the minimum requirements but also strive for transparency and clarity across all aspects of their online presence.

As regulatory scrutiny intensifies and expectations evolve, firms need to review their compliance strategies, address identified gaps, and embrace best practices to uphold the principles of transparency and accountability.

Get in touch

At Teal, we’re here to support your journey towards compliance that works.

We understand that compliance can be a daunting word, but it’s also the key to unlocking your firm’s full potential.

Our experts at Teal Compliance are here to help. Get in touch today to explore tailored solutions and ensure your firm stays ahead of regulatory requirements.

Is your law firm’s website compliant with the SRA Price Transparency Rules? Read More »

Laptop with the Teal Tracker's Root Cause Analysis Process on screen

The Teal Tracker’s New Feature: Root Cause Analysis Process

The Teal ‘Root Cause Analysis Process’, or ‘RCAP’, is a new, groundbreaking feature of the Teal Tracker. Here we explain what it does, how it works and how it can benefit you. 

What does the Root Cause Analysis Process do?

The Root Cause Analysis Process forms part of the Incident Management module in the Teal Tracker, and is a yet another example of how law firms can use their compliance data to help reduce the future risk of claims, complaints and breaches.

At its core, it assists in identifying trends and reducing incidents through identification, analysis and learning, which will in turn protect clients, the firm and the team.

How does the Root Cause Analysis Process work, and how is AI involved?

The RCAP feature uses AI to assist firms in identifying root causes of issues or near misses. It forms part of the Teal Tracker’s Incident Management module, whereby firms can analyse incidents to drill down to root cause.

As with all our new features in the Teal Tracker, we’ve extensively asked our law firm partners how they would best like to see this work in practice, so its design is simple and intuitive.

Teal Tracker subscribers are invited to carry out a Root Cause Analysis Process using the ‘five whys’ methodology principle, which is a standard engineering concept developed way back in the 1950’s for Toyota’s production line. It is, at its core, really simple. The principle is that if you ask ‘why’ something went wrong five times, you’ll likely drill down to arrive at the core answer.

But the Teal RCAP combines this tried and tested practice with AI to generate the next response to each of the ‘five whys’ questions and to confirm the root causes and their weightings. This smartly assists users in drilling to the key root cause or causes, and skillfully assists law firms in getting to the true root cause and the granular detail of issues.

This is then automatically exported to the Teal Tracker’s management reports functionality. In turn, this allows trend analysis to be systematically identified in detail, and reflected back to the firm to ensure they can both learn and improve in the key areas they really need to focus on.

Why has Teal integrated AI into the Root Cause Analysis Process?

Teal has integrated generative AI into the solution so that AI can smartly create the next drill down question to ultimately display what has actually happened and its cause. This means users have smart options to drill down into the issues and figure out what precisely occurred and what contributed to each particular problem.

It will give the firm much more useful and intelligent data on which to make decisions or to deploy resource. This will assist in better use of budgets for training or capacity as well as ultimately reducing the number of claims, complaints and breaches that occur.

How is the Root Cause Analysis Process working in practice?

Teal has been trialling the solution in full, in live environments for some time and it’s working extremely well. That’s why we’re now proud to be able to roll-out this groundbreaking feature to all our Teal Tracker law firm partners. 

Want to know more about the Teal Tracker?

At Teal, we’re here to support your journey towards compliance that works. Our compliance technology platform, Teal Tracker, is the solution to your compliance issues, ensuring you, your firm and your clients are safe. 

To find out more about the Teal Tracker, or to book a demo, contact our team today!

The Teal Tracker’s New Feature: Root Cause Analysis Process Read More »

Business women at desk meeting with laptop and notepad

Legal compliance issues: Embracing legal compliance for success

In the world of law firms, the mere mention of the “C” word tends to send shivers down the spines of many. Partners and owners alike sometimes choose to bury their heads in the sand, hoping that legal compliance issues will resolve themselves. However, the landscape is changing rapidly, and firms are evolving their approaches to business support. The old misconceptions of ‘fee burners’ and ‘fee earners’ are giving way to a proactive stance, where compliance isn’t just a requirement but a fundamental aspect of a firm’s culture. 

We believe that investing in business support is the compass that points your firm in the right direction. In this blog post, we’ll delve into why legal compliance is the cornerstone of your firm’s success. It’s not just about collecting a plethora of accreditations, although staying within the guidelines of these accreditations certainly minimises your risk exposure. 

Asking the right questions and breaking down silos

Are you asking the right questions to stay informed about your firm’s day-to-day activities? Are all departments collaborating to review risk registers and ensure everyone’s on the same page? Avoid the smoke and mirrors approach, which only masks underlying legal compliance issues. Instead, let’s shine a light on the importance of communication. 

Engaging with your employees is key to success. Often, during performance reviews, employees express a lack of communication. It’s not about inundating your team with every minor detail; it’s about involving them in achieving the firm’s objectives. Without effective communication, there’s room for important matters to slip through the cracks. 

Consider a compliance project. How many different team members are involved, and is there a streamlined approach to ensure continuity and prevent duplicate tasks? A joined-up approach is crucial. 

Ground-level knowledge: Your shield against regulatory pitfalls

Ground-level knowledge is your shield against regulatory pitfalls. To truly understand its importance, think of it as a solid foundation based on understanding, vigilance, and adaptability. In this section, we’ll explore why this knowledge is crucial for the well-being and prosperity of your law firm. 

1. A foundation of understanding 

Understanding begins with actively listening to what’s happening within your firm. It means having a finger on the pulse of daily operations, being aware of the challenges your employees encounter, and comprehending the intricacies of your clients’ needs. This understanding extends to the beliefs and values that underpin your firm’s culture, ensuring everyone is aligned with the same vision.  

2. The cost of ignorance 

When it comes to legal compliance issues, ignorance is not a valid defence. Regulators expect firms to be well-versed in the regulations governing their sector, and they won’t accept ignorance as an excuse for non-compliance.  

Ignorance can lead to dire consequences, including hefty fines, damage to your firm’s reputation, and even legal repercussions. In the eyes of the law, not knowing isn’t an excuse. Ground-level knowledge is your safeguard against such risks, as it empowers you to stay informed and take proactive measures to address potential legal compliance issues.  

3. The power of continuous review and analysis

Ground-level knowledge isn’t a static state but an ongoing process. It involves continuously reviewing your firm’s processes and critically analysing essential data. 

Regular process reviews enable you to identify bottlenecks, inefficiencies, or areas where compliance may be at risk. It’s similar to fixing weaknesses to make sure they can handle the challenges of time and close inspection. Additionally, the analysis of critical data allows you to spot emerging trends and potential compliance challenges before they escalate into formidable problems.   

Conducting a full 360 review of your business

The process of conducting a full 360 degree review of your law firm isn’t just a routine task; it’s a transformative journey that aligns your firm with the ever-evolving regulatory landscape. Visualise it as the compass that directs your firm towards its full potential in legal compliance. In this section, we’ll delve into why this comprehensive examination of your business is vital for your law firm’s success, particularly in the context of legal compliance, and how it can lead to meaningful change.

1. Celebrating achievements and strengths

Every law firm possesses unique achievements and strengths, often concealed in plain sight. Taking the time to recognise and celebrate these successes isn’t just about acknowledging your accomplishments in legal compliance; it’s about honouring what’s working exceptionally well within your compliance framework. These are the foundations upon which you can build a robust legal compliance structure for the future.  

2. Embracing a culture of self-scrutiny 

Genuine growth often necessitates introspection. It involves the willingness to roll up your sleeves and delve deep into the areas of legal compliance that require improvement. Just as a sculptor chisels away at a block of marble to reveal a masterpiece, your firm must be prepared to examine the rough edges within your compliance procedures.  

Scrutinising areas that need improvement isn’t a sign of weakness; it’s a testament to your dedication to legal compliance. It’s about identifying bottlenecks, inefficiencies, or outdated practices that may pose legal compliance issues. This process demands honesty and the willingness to address shortcomings proactively.  

3. Implementing systematic change

The true power lies in translating your observations and insights into systematic changes that enhance legal compliance. Instead of just pinpointing issues, you develop actionable solutions that bolster your compliance efforts. These changes may include streamlining compliance processes, investing in training and development for your compliance team, or adopting new technologies to bolster compliance tracking and reporting.  

This proactive approach creates an environment where your team can excel in legal compliance, your clients receive a top-notch service, and your firm operates with the utmost legal compliance diligence.  

Revisiting key performance indicators (KPIs)

Key Performance Indicators, or KPIs, are not confined solely to your fee earners. They’re a potent tool that can revolutionise your firm’s approach to maintaining compliance standards. In this section, we’ll explore why KPIs are indispensable, how they extend beyond the fee earners, and why regular reviews are essential to ensure they align with your legal compliance objectives. 

1. Expanding the scope of KPIs in legal compliance

While fee earners often take the spotlight, KPIs have a more profound role to play in the broader context of legal compliance. They should encompass every facet of your firm’s operations, from risk management to client service and regulatory adherence. By embracing a holistic perspective, you can foster a culture of compliance that permeates every department. 

KPIs that focus on legal compliance go beyond mere metrics; they become a compass guiding your firm towards a safer, more compliant working environment. They encourage proactive behaviours and decision-making that prioritises adherence to regulations, mitigating risks, and ensuring ethical conduct. 

2. The imperative of regular KPI reviews for legal compliance

KPIs are not static; they should evolve to reflect changing compliance requirements and your firm’s objectives. Regular reviews are the lifeblood of effective KPI implementation in legal compliance. 

During these reviews, you assess whether the KPIs are still relevant, achievable, and aligned with your evolving legal compliance goals. They provide the opportunity to recalibrate your firm’s course, ensuring that you continue to navigate the legal compliance landscape with precision. 

Independent file audits: Elevating legal compliance through insightful evaluation

Consider conducting independent file audits. They can unveil trends that highlight training issues or identify individuals with untapped potential. Striking a balance between micro-management and providing adequate supervision is essential for responsible leadership. 

Conducting independent file audits is a strategic manoeuvre that transcends routine checks; it’s an opportunity to gain unparalleled insights and elevate your firm’s commitment to legal compliance. In this section, we’ll explore why independent file audits are a linchpin in the quest for legal compliance excellence, how they unearth invaluable trends, and their pivotal role in honing the skills of your team.   

1. The power of independent file audits in legal compliance

Independent file audits are not mere paperwork exercises; they’re powerful tools for enhancing legal compliance. These audits provide an unbiased lens through which you can scrutinise your firm’s practices, ensuring they align with regulatory requirements and best practices. Beyond the checkboxes, they offer a holistic view of your firm’s performance in legal compliance. 

One of the key advantages of independent file audits is their ability to spot trends. These audits can unearth patterns that might otherwise remain hidden. For example, they can highlight recurring legal compliance issues or training gaps within your team. By identifying these trends early, you can proactively address them, fortifying your legal compliance framework. 

2. Enhancing training and identifying potential

The insights gained from independent file audits extend beyond compliance issues. They can also help identify individuals within your team who possess untapped potential. By recognising standout performance, you can nurture future leaders or identify team members ready for greater responsibilities. This not only benefits your firm’s growth but also bolsters its commitment to legal compliance, by having capable leaders. 

3. Striking the balance in legal compliance leadership

Achieving legal compliance excellence requires a delicate balance between oversight and empowerment. Micro-management stifles initiative, while inadequate supervision can lead to lapses in compliance. Independent file audits help strike this balance. They provide a mechanism for oversight without suffocating your team’s autonomy. 

Every role matters: A unified framework

In compliance, the significance of every role within your firm cant be overstated. It’s not just the lawyers or compliance officers; it’s every individual, from support staff to partners. Embracing a unified framework is the cornerstone of fostering compliance excellence. In this section, we’ll emphasise the importance of this cohesion where everyone comprehends their responsibilities, and how it results in tangible benefits for your firm. 

1. The power of a unified framework in legal compliance

Legal compliance isn’t a responsibility that falls solely on the shoulders of a select few; it’s a collective effort. Encouraging your entire team to work within an established framework ensures that legal compliance becomes an integral part of your firm’s DNA. This framework provides clarity, defining roles, expectations, and the processes that ensure adherence to regulatory requirements. 

2. Benefits of cohesion in legal compliance

When every team member understands their role within the legal compliance framework, several benefits emerge. First, it minimises the risk of compliance gaps or oversights. Second, it fosters a culture of accountability, where everyone takes ownership of their compliance-related duties. Third, it streamlines communication and collaboration, facilitating smoother compliance processes. 

In addition, a unified approach to legal compliance enhances your firm’s reputation. Clients and regulatory bodies, such as the SRA, perceive your organisation as one that takes its responsibilities seriously, instilling trust and confidence. It also mitigates potential legal risks, reducing the likelihood of legal repercussions or fines. 

Get in touch

At Teal Compliance, we’re here to support your journey towards compliance that works by mitigating the risk of legal compliance issues.  

We understand that compliance can be a daunting word, but it’s also the key to unlocking your firm’s full potential. Don’t hesitate to reach out if you need assistance. Together, we can navigate the compliance maze and ensure your firm’s continued success. 

Legal compliance issues: Embracing legal compliance for success Read More »

Woman on laptop with man in background

What does an AML audit involve?

We love an AML audit and really enjoy reviewing law firms’ policies and procedures to see the different approaches they take in respect of AML. Most of all, we find it extremely interesting to see how a firms’ culture surrounding compliance is changing.

In this blog, we delve into what an AML audit is, and what an AML audit involves. 

What is an AML Audit?

The AML audit process is a way to strengthen or improve a firm’s AML programme. It is a way of assessing whether Firm’s AML policies, controls and procedures are up to date, comply with The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR) and are functioning in practice as intended.

What's the purpose of an AML audit?

The purpose of the Audit is to:

  • Examine and evaluate the adequacy and effectiveness of the policies, controls and procedures adopted by the Firm to ensure compliance with the requirements of the Money Laundering Regulations;
  • Make recommendations in relation to those policies, controls and procedures; and
  • Monitor compliance with those recommendations.

Why conduct an AML audit?

There are two types of audit: 

Mandatory Audit

Regulation 21 of the MLR requires a relevant person, where appropriate to the size and nature of the business, to establish an independent audit function. This does not necessarily need to be an external audit, however, it will need to be conducted by someone in the firm who is independent of the Risk/Compliance/Anti Money Laundering (AML) function, but equally has enough AML knowledge to be able to conduct the audit. It is important to note that any findings in an Audit Report carried out under regulation 21 are disclosable to the Regulator.

Non-Mandatory Audit (Internal Audit)

A Firm may choose to conduct an internal Money Laundering Audit as routine procedure, being a way of checking whether the Firm’s policies, controls and procedures are up to date and comply with the MLR. The Audit report in these circumstances would remain for internal purposes only and confidential to the firm.

What's does an AML audit involve?

There are four stages involved in an AML audit: 

1. Review of policies and procedures

Firstly, a review of all the firm’s AML policies and procedures, Firm Risk Assessment and the Firm’s matter-based Risk Assessment is conducted by the auditor.

When carrying out the review the auditor will assess whether the firm’s AML policies and procedures meet the requirements of the MLR.

The auditor will use a list/table of each specific regulation and check this against the firm’s AML policies and procedures to confirm whether or not the firm has met that requirement.

2. Test

As part of the audit the auditor should test the knowledge, understanding and application of the firm’s processes. This is normally tested through staff interviews and matter file reviews.

Interviews

Interviewing staff will help the auditor assess the staff’s knowledge and understanding of money laundering, money laundering red flags and the firm’s processes.

File reviews

The auditor will carry out a review of files and assess whether the matters comply with the firm’s AML policies and procedures.

The auditor may also request to review some closed files. Reviewing a closed matter will assist the auditor in assessing whether there was on-going monitoring of risk and whether the completion instructions to accounts included information as to risk.

3. The Audit Report

The audit will result in a written report on whether:

  • The firm’s risk assessment and AML policies, controls and procedures comply with the minimum requirements of the MLR.
  • Changes which are required as a result of deficiencies identified (if any).

The audit report should:

  • Set out the law (what specific regulations of the MLR were checked against).
  • Explain what was examined for that specific regulation.
  • Document findings of areas of compliance and non-compliance as well as identifying areas for recommended improvement in behaviour and practice. It should be made clear which areas the firm is compliant, non-compliant or partially compliant.
  • Include an indication of where there are potential failings and a recommended course of action.

4. Review

The firm should conduct a review following an implementation period to establish compliance with the recommendations. As part of the review the auditor will be assessing whether the recommendations have been carried out and whether there is any evidence to show whether they are effective.

Get in touch

If you would like to discuss this further or feel your firm requires an independent AML audit, please get in touch and we’ll be happy to help.

What does an AML audit involve? Read More »

two people working on laptops

Anti-Money Laundering – What to expect from an Independent Audit

 

Regulation 21 of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (otherwise known as the Money Laundering Regulations) requires that regulated firms implement certain controls where it is appropriate to the size and nature of the firm. One of those controls is to establish an independent audit function. 

The size and nature test requires some objective thought and firms are directed by the Legal Sector Affinity Group’s Guidance to consider a number of factors including the number of staff and offices your firm has, your client demographic, and the nature and complexity of work you undertake. The Solicitors Regulation Authority’s take on it is that most firms (but not all) will need an independent audit. In its latest AML Report of October 2021, the Regulator found that a high number of firms visited (49 out of 69) failed to implement an independent audit where required. For those firms where an audit had been carried out, some common areas of concern were that the reviews were not sufficiently thorough or lacked an element of testing, they weren’t independent, and firms had not implemented the recommendations in a timely way. Such concerns could lead to firms being referred to the SRA’s Investigations Team. 

 

So if you have considered the size and nature test and determined that you need an independent audit, what should you expect from your review? It is key that your audit: 
    • Is independent from the people in your firm who are involved in setting and following the policies. The Regulations don’t prescribe that your audit must be carried out by a third party; but consider whether you are of a sufficient size to be able to resource a truly independent audit. Do you have staff with the right knowledge and capacity to carry out the audit? Even larger firms who have an audit function may find they do not have the necessary experience in AML. 
    • Is adequate in its scope and depth in order to give the firm assurance that the policies, controls and procedures they have in place are working. It should include a review of the existing documentation including firm and matter risk assessments and training plans, and a detailed review of how those processes have been implemented through file reviews and interviews with staff members to test understanding. The frequency of the audit should also be considered. Many firms decide to carry out an annual audit based on the size and nature test, but you may also consider focusing more frequent audits on higher risk areas as identified in your firm-wide risk assessment. 
    • Effectively identifies where processes are working well and roots out any problems with the process or where the process is not being followed. This means having the right person with the right expertise to carry out the audit so they know what they are looking for. It means carrying out an adequate number of interviews and file reviews across all locations and matter types so the Auditor can get a good feel for the firm and the types of issues that are occurring. Staff members from your fee earning teams, finance and any centralised onboarding teams should expect to be interviewed, along with the firm’s MLRO/MLCO. You may also consider focusing more frequent audits on higher risk areas as identified in your firm-wide risk assessment 
    • Provides feedback on where the firm’s current policies and procedures are not meeting the requirements of the Regulations and makes recommendations for improvement. A written report will provide you with the evidence that an independent audit has been carried out should the Regulator ever ask you for that information. The report should clearly set out the actions that should be taken to rectify any non-compliance. Recommendations should be implemented in a timely way and you should keep a record of the actions taken to meet the recommendations. 
    • Is part of an ongoing monitoring process to help you continually evaluate and improve compliance with the Regulations. Keep records of independent audits carried out for future reference and to evidence a robust auditing regime. 

There is no doubt that an independent audit requires some forwarding planning and investment in resources, whether that be internal resource or if you plan to engage an independent firm to carry out the audit on your behalf. It’s not a tick box exercise. Senior level commitment to the importance of implementing good anti-money laundering controls is therefore crucial and sets the tone for the firm and for the staff whose files may be reviewed or who may be interviewed as part of the audit process. But the reward for your investment is obtaining a real learning opportunity to understand what your firm is doing right and where it can make improvements and effectively manage money laundering risks.

 

Get in touch

For more information about our independent audit service, get in touch with our experts today.

 

 

Photo by Scott Graham on Unsplash

Anti-Money Laundering – What to expect from an Independent Audit Read More »

Two screens on a desk containing data spreadsheets

Time to audit data compliance?

We’re nearly a year since the frantic preparations for GDPR. How is it all going? Should we be checking? Should we audit data compliance?

Why do I need to complete a data compliance audit?

An audit allows an organisation to understand whether it is complying with the requirements of the Data Protection Act 2018, GDPR and PECR. Art 5(2) of GDPR states that

“The Controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 [the principles]”.

This is often referred to as the ‘accountability’ principle – completing and audit will allow an organisation to demonstrate accountability with the principles.

If the worst happens, and your organisation does suffer a data breach, the ability to demonstrate that you have completed regular audits and reviews of your data protection arrangements may assist in mitigating against a GDPR fine.

Data protection compliance is an ever evolving journey and not a destination. Audits allow organisations to assess any gaps in compliance and any improvements that can be made.

Initial Audit/GAP Analysis

If you haven’t already completed one, its a good idea to start with a full audit/GAP Analysis to benchmark the current level of compliance within your organisation. This audit will then form the basis of any improvements.

You should consider:

  • Do you have the relevant policies and procedures?
  • Have you completed a data audit, clearly documenting what personal data you process and the legal basis for processing it?
  • Do you have up to date data flow maps showing how data moves through your organisation?
  • Do you have a process for dealing with data subject requests within one month?
  • Do you have a process for dealing with data breaches and incidents?
  • Have you updated your contracts of employments and issued a privacy notice to all employees detailing how their data will be processed?
  • Do you have contracts in place with anyone who processes data on your behalf?
  • Do you have training scheduled or already completed?
  • Do you have a culture of privacy by design and default including a DPIA process?

Annual Compliance Audit

Once you have completed the work identified in your initial audit, the annual audit should be a much shorter exercise. The aim of this exercise is to test your process and controls to provide assurance that your organisations policies are being followed and to identify any improvements that can be made.

For an annual audit you should consider:

  • Are your policies and procedures up to date?
  • Do they reflect any process changes which have taken place?
  • Refresh your data audit – are your data flow maps up to date?
  • Is your Data Retention Policy being followed – ask IT to check whether you are holding data that should have been deleted?
  • Are data subject requests being responded to within one month?
  • Are data subject complaints being responded to promptly?
  • Is training up to date?Is there a good level of employee awareness?
  • Do you have contracts in place with all your data processors?

Report to the Board

Following the annual audit, you may want to complete a report to the Board detailing the findings together with MI on the number of data subject requests, data related complaints, breaches, incidents and any contact with the ICO.

How can Teal Compliance help?

Our Teal experts can help you with any aspect of data protection compliance, from carrying out a gap analysis, assisting you with a data audit or creation of policies/procedures to carrying out an independent annual audit. This can be done as a stand alone piece of work or as part of our DPO support service. Get in touch with our experts today.

Time to audit data compliance? Read More »