Blogs

Hand holding a small plant against the sky

SRA Standards and Regulations 2019 – Principle 4 To Act with Honesty

Blogs, Legal Compliance, Regulatory Compliance /

The much-anticipated SRA Standards and Regulations 2019 have been live since 26th November 2019 and I am sure many law firms are still racing around updating policies and training staff on what this means for them.

The Solicitors Regulatory Authority (“The SRA”) have driven this change to the Regulations with a view to enabling innovation, growth and increased competition in the legal market, something which the legal sector seems to be falling behind on compared to other sectors. Not much has changed in the Regulations, as the SRA’s main aims were to make simpler rules which were focused on higher professional standards as well as making it easier for law firms to make their own decisions and have more flexibility in how they deliver their legal services.

The SRA have however made a few significant changes to the Principles. One being the addition of Principle 4 “You Act with Honesty”. But what does this mean for you?

It is important to highlight that the Principles apply to everyone who is employed by a law firm. This includes paralegals, support staff and managers, it does not just apply to Solicitors. This isn’t something new, however I feel this is something that isn’t always communicated to non-qualified staff. I have worked in several law firms and out of all those firms, only once was I made aware that the Principles applied to me. Even then I still didn’t really understand the importance and implications of this. It’s therefore crucial that law firm employees are given the necessary training so that they understand their obligations under the Principles.

The question is, why has the SRA added the Principle to act with honesty when there is already the Principle to act with integrity? The SRA recognises there is an overlap between Principle 4 “You Act with Honesty” and Principle 5 “You Act with Integrity”, however they have explained that a person can lack integrity without necessarily being dishonest and have said “The concept of integrity is wider than just acting dishonestly”.

To act dishonestly is a very serious matter, as a finding of dishonesty is likely to result in a solicitor being struck off. If an employee who is not a solicitor is found to be dishonest, the SRA can disqualify them from working in a law firm.

Only recently, the Head of Operations at international law firm Schillings was disqualified from working in the profession after he was caught selling mobile phones belonging to his employer. 95 mobile phones were sold for a total of £13,547, which the employee kept for himself. He is now disqualified from acting as the head of legal practice, head of finance and administration, or as a manager of any licensed body. He is also disqualified from being employed by any licensed body. A case which makes it clear to all employees that not adhering to the Principles can significantly affect your whole career!

So, what actions do the SRA consider to be dishonest? They have provided a few examples in their guidance which include;

  • Backdating or creating false documents – Whilst the SRA understand there are normally mitigating factors for this type of action, such as inexperience and stress, given its seriousness, the SRA have said that this cannot be a justification to act dishonestly
  • Taking or using someone else’s money without their knowledge or agreement
  • Lying to or misleading someone – In a recent case, a solicitor of 12 years was struck off for misleading his clients. For 6 weeks he told his clients he was awaiting a response from the court in respect of their application, when in fact he hadn’t even submitted the application. In his evidence he said that he was under enormous amounts of pressure and was too ’embarrassed’ to admit he was struggling
  • Giving false information to their firm’s insurer
  • Misleading a court, tribunal, regulator
  • Lying on a CV and misleading partners in their firm – Earlier this year a paralegal was banned from working for any regulated firm without the SRA’s permission after claiming on her CV she had a first class LLB law degree and had completed the Bar Professional Training course, when this was not true.

When considering if conduct is dishonest, the SRA have said that they will apply a two-stage test;

  1. What was the individual’s genuine knowledge or belief as to the facts at the time?
  2. In view of their knowledge or belief at the time, was their conduct dishonest by the standards of ordinary decent people?

BUT….. it is important to remember, even if someone is not found to have acted dishonestly, they may still be considered to have lacked integrity.

Below are a few suggestions to assist your understanding in this area;

  • Read the SRA guidance note on Acting with Honesty which has some useful SRA examples to help understand their approach.
  • Ensure your firm and all your employees are given the necessary training so that they understand their obligations under the Principles. It’s not always made clear to non-qualified staff that the Principles also apply to them.
  • Remember mitigating factors such as stress, inexperience and pressure can change the way in which someone would normally behave. This could be a trigger for them to act in a way that the SRA would deem as “dishonest”. If you are an employer, look after your staff and ensure they have the support they need to avoid this happening. If you are an employee and you feel like you are struggling, don’t feel embarrassed to ask for help, it’s likely there are others who feel the same as you do. Just keep in mind its ultimately your career that is at risk if you don’t speak up.

 

Get in touch

For more information about our services and how we can help, get in touch with one of our experts today.

Get in touch

SRA Standards and Regulations 2019 – Principle 4 To Act with Honesty Read More »

someone calculating bills on a calculator

Don’t forget to pay your ICO fee!

Blogs, Data Protection, Legal Compliance /

The UK Information Commissioner’s Office (ICO) has recently launched a campaign to send reminders to all UK registered companies to ensure that they comply with their legal obligation to pay an annual data protection fee, where this applies. This is the start of an extensive project to ensure that the ICO fee is paid by everyone who needs to pay it.

Under the Data Protection Act 2018 organisations processing personal information are required to pay a data protection fee unless they are exempt – this fee replaces the old annual registration fee. If you are an organisation holding personal information for business purposes on any electronic device, including using CCTV for crime prevention purposes, it’s likely that you’ll need to pay the fee. The ICO maintain a public register of those registered, so your clients will be able to check whether you take your data protection obligations seriously.

The amount of the data protection fee depends on a company’s size and annual turnover. There are three tiers of fee ranging from £40 and £2,900, but for most organisations it will be £40 or £60 (you can reduce the cost by £5 if you sign up by direct debit). As it’s a statutory fee, no VAT is payable on the fee. The ICO provides a useful self-assessment tool which will calculate how much you need to pay (see self-assessment) – and is definitely worth using to ensure that you are paying the correct amount. In terms of exceptions, charities pay £40 regardless of size or turnover and public authorities only need to go by staff numbers. There are a number of exemptions. You don’t need to pay a fee if you are processing personal data only for one or more of the following purposes:

  • Staff administration
  • Judicial functions maintaining a public register
  • Accounts and records
  • Not-for-profit purposes
  • Advertising, marketing and PR
  • Personal, family or household affairs
  • Processing personal information without an automated system such as a computer

Since introduction of the latest data protection fee in May 2018, over half a million organisations have registered with the ICO to pay it. However, between 1 July and 30 September 2019 the ICO issued 340 monetary penalties to organisations who haven’t paid the fee. You are breaking the law if, as a controller, you process personal data or are responsible for the processing of personal data, for any of the non-exempt purposes and you have either not paid a fee or not paid the correct fee.

In addition to a fine, the ICO names the majority of those failing to pay. This clearly has reputational implications for your business.

The very fact that GDPR exists at all suggests that data protection is being taken more seriously than before. Although fines tend to be the ICO’S last resort, the data protection fee is going to be vital to the ICO if it’s to function properly as whilst money received from fines is passed to the Government, the data protection fee is used by the ICO to fund its data protection work. Clearly, if organisations ignore the requirement to pay en masse, this could drive the ICO to flex its muscles by making an example of some of them.

If your fee is a renewal you should receive a payment reminder from the ICO – but don’t rely solely on this and ensure you diarise the payment date as a key date, so you don’t end up with fine which could easily have been avoided. If you don’t pay when you need to, you’ll receive a notice of intent from the ICO 14 days after expiry. You’ll then have 21 days to pay or make representations as to why you think you don’t need to. If you still don’t pay or fail to notify the ICO that you no longer need to pay, you may be issued with a fine of up to the maximum penalty of £4,350 (150% of the top tier fee) – so it’s clearly important that you pay the correct fee, if due, and on time.

 

Get in touch

To find out more about our data protection services, contact our experts today. 

Get in touch

Don’t forget to pay your ICO fee! Read More »

Man holding up in front of his face a picture of his face

The Benefits of Electronic Verification

Anti-Money Laundering, Blogs, Legal Compliance /

The world of electronic verification is an ever-evolving industry, with some providers supporting features like facial recognition, authentication of documents, direct access bank account information, and PEP and Sanctions screening.

Electronic verification should provide you with a level of certainty that the individual is who they say they are and, for corporate entities, that a legal entity exists and has an active company status.

Electronic identification can be used either as part of a wider process or, where appropriate, as the only source of identification. Before using any provider, you may want to consider the following:

The information supplied by the data provider is considered sufficiently extensive, reliable, and accurate.The provider allows users to capture and store the information they have used to verify an identity.

There are several benefits achieved by using electronic identification and verification (EV):

Improved Customer Experience

Using EV can assist in streamlining your current verification process. It can lead to enhancing the overall client experience making it easier for the client to submit identity documents securely in a matter of minutes ready for teams to receive and review.

Quicker Onboarding of Clients

Faster access to transmitted documents can reduce the time it takes to conduct Customer Due Diligence (CDD) and onboard the client. Adopting this approach may also help you carry out a risk assessment quickly to decide whether you would like to act for the client . It may even form part of your decision-making process when assessing any risks during the course of the instruction.

Document Verification

Most current providers allow you to verify documents. If you are interested in this feature just remember your provider is verifying the authenticity of the document having been issued using the machine-readable zone (MRZ code). It is important to remember a documentation verification check is not verifying the identity of the person, it is verifying the document.

Identity Verification

If you are a firm looking to verify the identity of a person some providers offer a different feature which includes biometric data and facial recognition. Here the client is usually asked to take a live photo of themselves using an app and identity documents are uploaded. The picture and identity documents are compared by the system and all including the results are transmitted electronically to the firm as a pass/fail. The system is verifying the identity of the individual, which can help firms address issues where obtaining a correctly certified identity is a concern.

Clear Audit Trail

UK/EU providers are usually GDPR compliant, offering you a secure place to save all searches for a period of time, and helping you demonstrate a clear audit trail. Remember to check that your terms and data protection statements specify the use of authorised third parties to process personal data.

Increased Accuracy

Automating your CDD process can make a manual task easier to manage and give increased accuracy. Politically exposed persons and sanctioned designated individuals/entities are automatically highlighted as risks. In addition, automating your take-on process by using digital technology to compare documents can improve quality and eliminate human error when comparing documents using the untrained eye.

 

Get in touch 

For more information about how our services can help, contact our experts today.

 

Get in touch

The Benefits of Electronic Verification Read More »

3 office workers sat around desk working on laptops

What happens to GDPR on exit day?

Blogs, Data Protection, Legal Compliance /

GDPR during the transition period

As we’re all well aware, the UK will finally leave the European Union later today. The UK and the EU will then have until 31 December 2020 (the “transition period”, provided for in the withdrawal agreement) to negotiate an agreement setting out their future relationship. This raises the question: will the UK still be bound by the GDPR post-Brexit? In short, yes. During the transition period, GDPR will continue to apply and the data protection landscape will remain unchanged.

The current regime consists of the EU GDPR, supplemented by the UK Data Protection Act 2018 (DPA). As well as modifying the EU GDPR, the DPA applies a similar data protection regime (referred to as the “applied GDPR”) to areas falling outside the scope of EU GDPR. So for now you should continue to follow the current rules and regulations and ICO guidance.

During the transition period, if you are offering goods and services to customers in the EU, the ICO has confirmed that you do not yet need to appoint a European representative but may need to do so from the end of the transition period.

What happens at the end of the transition period?

Following through on its commitment to incorporating EU GDPR into domestic UK law on exit day, the UK government has issued a statutory instrument – the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (the “Exit Regulations”), which will apply changes needed to the EU GDPR so that it remains relevant to the UK after Brexit (such as removing references to the UK’s participation as a member state), and merges the EU GDPR with the DPA to ensure that the UK data protection framework continues to function correctly. This regime will be known as the UK GDPR.

The EU GDPR will continue to apply in the UK until the end of the transition period – from this point on UK GDPR will apply. What the exact data protection landscape will look like post 2020 will depend upon the negotiations that take place during the transition period, but we believe, based on the information available to us now, that it’s unlikely there will be any change to the existing main data protection principles.

Currently all personal data moving from the UK to the US is governed under the Privacy Shield framework agreed to by the EU and the US. The good news is that the Exit Regulations will ensure that this arrangement will continue so that data still flows from the UK to the US. However, US entities will need to update their privacy notices to expressly extend protection to transfers from the UK.

Adequacy Decisions

What we also know is that from the end of the transition period, the UK may be classified as a “third country” for the purposes of EU GDPR. The EU GDPR places restrictions on data transfers to third countries (i.e. countries other than EU member states and the three EEA states that have adopted a national law implementing GDPR (Norway, Iceland and Liechtenstein)). To date, the EU has granted a number of adequacy decisions, where they determine whether a country offers personal data an adequate level of protection, including in favour of the Isle of Man, Jersey and Guernsey.

It’s highly likely that the UK will apply for adequacy status from the EU and the EU has already indicated that it’s prepared to consider this but won’t do so until after exit day. But unless this happens before 31 December 2020, UK businesses processing data on behalf of EU data controllers will only be able to transfer data if appropriate safeguards are in place to protect the data transfer to the UK. This includes putting in place some form of data transfer agreement with the EU business incorporating the standard data protection contractual clauses (known as “Model Clauses”) approved by the EU, as a legal basis to protect the transfer of personal data to the third country.

However, once adequacy status is granted, the UK would no longer be classified as a third country and the need for Model Clauses or other safeguards to be put in place would fall away. Just how long this process will take is unknown, but it’s unlikely to happen quickly and there’s no guarantee it’ll happen before 31 December. Businesses dealing with third countries should therefore follow developments regarding the granting of an adequacy decision closely, as breaches of the requirements relating to this particular area of EU GDPR are subject to the higher level of fines (up to €20 million or 4% of annual global turnover, whatever is higher).

If your business transfers data to countries outside of the EU where the EU has already made an adequacy decision, then the position will remain unchanged and your data can continue to flow. The UK government has confirmed that it will recognise existing EU adequacy decisions made prior to exit date. However, you should still keep a close eye on developments as you may see the situation where the EU subsequently grants an adequacy decision to a country and the UK takes a different stance and chooses not to adopt it.

Summing Up

At the current time, whilst we’re in the transition period, there shouldn’t be too much for businesses to do with the majority of data protection rules staying the same, but it’s important that businesses follow developments as we move towards the end of the transition period. As the ICO says in its guidance on post Brexit data protection, your best preparation at this point in time is to ensure you comply with GDPR now.

Get in touch

To find out more about our data protection services, simply get in touch with one of our experts today.

 

What happens to GDPR on exit day? Read More »

Two front doors. One with a correct number and one with a made up number

Preventing a repeat of Dreamvar

Anti-Money Laundering, Blogs, Legal Compliance, Regulatory Compliance /

Dreamvar – more than a year on …….. so, what has changed?

It’s likely most conveyancers will shudder when they hear the name Dreamvar. It’s the case that changed the liabilities and responsibilities of lawyers and conveyancers when dealing with residential property transactions. But in practice, what has actually changed since this case?

Firstly, a brief background for those unfamiliar with the details of the case. The case involved the liability of solicitors in cases of identity fraud. A fraudster posed as the seller of a property in London worth about £1million and succeeded in selling the property to an innocent buyer, Dreamvar. Once the property was sold the fraudster seller and the purchase monies disappeared. Dreamvar went on to sue his solicitor, for negligence (in contract and tort) and for breach of trust. He also sued the fraudster seller’s solicitor in negligence, for breach of warranty and breach of trust.

The High Court ruled that only Dreamvar’s solicitor could be liable and dismissed all claims against the fraudster’s solicitors. This seemed a little harsh given the solicitors acting for the fraudster had not taken sufficient steps to verify their client’s identity as required by the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.

The case therefore eventually made its way to the Court of Appeal. The Judge ruled the solicitors representing the fraudulent property vendor should share responsibility along with those representing the duped buyer of any losses. The Court of Appeal ordered both firms involved to make financial contributions.

However, it wasn’t just the solicitors involved that were in the firing line, the Law Society was also criticised. The case discussed the Law Society’s Code for Completion by Post (“The Code”) and argued that its processes did not consider the prospect that a sale is not genuine.

The Law Society agreed that their Conveyancing Protocol (“The Protocol”) and The Code needed updating and confirmed they intended to take the courts comments into account when making the amendments. And true to their word, the Law Society updated The Code and The Protocol this year.

The Law Society have made it clear that there are no changes in substance to the Code. Their revisions to the Code aim to make it clearer that the seller’s solicitor only gives undertakings where there is a genuine sale, thereby providing better protection for purchasers.

Similarly, with The Protocol the Law Society confirmed the number of steps have been reduced, however the obligations under the Protocol remain the same. They have made some procedural changes that you should be aware of, especially if are acting for the seller. In particular, the Protocol now states that Solicitors in CQS firms who are acting for the seller must

Obtain instructions for dealing with remittance of gross/net sale proceeds and details provided by the seller of UK bank account for remittance of proceeds. Obtain evidence that the bank account is properly constituted as an account conducted by the seller for a period of at least 12 months. Confirm that remittance will be made to that account only.

This means the solicitor must, if they are a CQS firm, request details of the bank account for the sale proceeds and they must also obtain evidence that the account belongs to the seller, showing that they have had and been using the account for at least 12 months.

This is a great way to ensure the purchase funds are going to the correct person! Only last month a woman named Sarah Broadbelt was jailed for 20 months for fraud and possessing a false identity document, after she sold a property for £75,000 back in 2015, without the real owner knowing. This case shows the lengths criminals are willing to go in order to commit this type of crime. Broadbelt went as far as changing her name by deed poll to that of the property owner’s so that she could apply for a passport and open bank accounts! That is real dedication!

Had the new Protocol and Code been in place (and been followed) it would have been far more difficult for Broadbelt to pose as the real owner of the property given that she, as the seller, would have been required to provide at least 12 months bank statements to show that not only was the bank account in her name, but it had also been in use by her for those 12 months.

So, what should you be doing now?

If you haven’t already, review The Protocol and The Code and ensure you have the right policies and procedures in place to enable your staff to follow them – do your firm and staff know about the need for further details about the seller’s bank account?

Don’t forget to communicate the changes to the relevant staff – there’s no point in updating policies and procedures if no one is told they have changed (they don’t have a crystal ball!)

Even if you are not CQS Accredited, it is good practice to follow The Protocol and The Code, it is not only there to protect your client and your firm but you as their solicitor/conveyancer too!

Get in touch

If you’d like to know more about the services we have to offer, get in touch with one of our experts today.

Preventing a repeat of Dreamvar Read More »

Woman's hands typing on laptop

Conflict checking – Are law firms getting it right?

Blogs, Legal Compliance, Regulatory Compliance /

Having worked in several different law firms over the past 10 years, it has been interesting to see how each firm has dealt with conflict checking differently.

Many medium to large law firms have teams running conflict checks for the firm. From my experience however in many of these firms the individuals running these conflict searches are simply looking for a match in data. But…. are they given enough training on the legal concepts surrounding conflicts of interest to really know what to look out for and to identify conflicts and potential conflicts.

Most smaller firms don’t have the resources to have a dedicated team to deal with conflict checking and it is therefore the responsibility of the fee earner to conduct a conflict check themselves. However, as a fee earner, is this “non-chargeable time” spent actually checking all the relevant parties? In some cases I fear not!

When I first started my legal career I worked as a paralegal dealing with debt recovery matters. I worked for a smaller firm so responsibility for conducting conflict checks was on me, which, having never been given any real training, proved quite difficult. Because of the lack of training I ended up opening a file and suing one of our client’s subsidiaries … whoops!

It is important to remember however that a conflict check is only as good as the data stored in a firm’s case management system. Firms need to make sure they have enough controls in place to ensure they are capturing the correct data for a conflict check to be properly carried out and have any value.

It then comes down to how a potential conflict of interest is dealt with. When I was buying my first property, I was informed by the estate agent that the Seller had instructed the same solicitor as me, but that this was “fine” because the Seller’s solicitor was based in a different office. Thinking back to this now with the legal experience I have, it is clear that, this was a conflict of interest and more should have been done by my Solicitor to make me aware of the possible implications and risks (rather than leaving it to the estate agent to tell me). I can’t really complain, they did a great job, however I do wonder what safeguards they actually had in place.

In November 2018, Sleigh Son & Booth solicitors were fined £2k and ordered to pay £20k in costs for acting where a conflict of interest breach may have arisen. The firm had acted for both vendor and purchaser in 9 conveyancing transactions where they had failed to advise either the vendor or purchaser that it was acting for the other and in 8 conveyancing transactions without obtaining either clients’ consent to do so. . The worst part was they had controls and protocols in place, they were just simply breached or forgotten.

This begs the question, should law firms be thinking more about what happens if they get it wrong?

Here are a few points I think Law Firms should consider when looking at conflict checking;

1. Training – Make sure your employees receive the training they require for their role and level of experience in respect of conflicts of interest and that they are aware of any internal systems, policies and procedures. It is always worth doing refresher training, as things do change!

2. Related Parties – Make sure all the relevant parties have been checked (You wouldn’t want to go suing one of your client’s subsidiaries!)

3. Data – It is important that all client and matter related parties are added to the case management system so they can be picked up in future conflict checks.

4. Potential conflict of interest? – Make sure you deal with any actual or potential conflict of interests appropriately. Do you require client consent, information barriers or do you simply have to decline to act? Remember the consequences if you get it wrong!

Get in touch

If you’d like to know more about our services, simply get in touch with one of our experts today.

Conflict checking – Are law firms getting it right? Read More »

Money notes piled up with the face of a man on the notes peering through

Suspicious minds – What’s the definition of suspicion in AML?

Blogs /

The AML legislation imposes a positive duty on lawyers, in certain circumstances, to report any suspicion that their client is engaged in money laundering. Given that such a duty is, on the face of it, in conflict with fundamental obligations on solicitors to act in the best interests of their clients and keep what they say confidential, one would be forgiven for thinking that the law would provide a clear definition and guidance as to the meaning of suspicion. “Suspicion” in AML is a key concept in the proceeds of crime legislation in establishing the mental element required not only to prove there has been a failure to report offence, but also to prove the commission of the substantive money laundering offences. Given the severity of the consequences of a conviction under the money laundering legislation, it is crucial that those in practice understand what suspicion means.

You may be surprised to learn that, despite its significance, “suspicion” is not defined anywhere within the proceeds of crime legislation, nor within the recommendations of the Financial Action Task Force, not in any of the Money Laundering Directives from the European Union. Instead, it has been left for the courts to interpret and define the concept.

How have the courts interpreted “suspicion”? The courts have made clear that in criminal law, ordinary words should be given their ordinary meaning and their definition is not a question of law.

So far so good. But considering the dictionary definition of the word does not give a straightforward answer. Different dictionaries each give slightly different definitions. The word “suspicion” does not describe one state of mind. It actually covers a range of states of mind ranging from a mere inkling to believing something is highly probable or even true.

Which definition of “suspicion” has the courts adopted? Many judges have grappled with the question and there have been several cases over the years, many of which make interesting reading. The leading case is that of R v Da Silva where Longmore LJ said the essential element was that “the [person that suspects] must think that there is a possibility, which is more than fanciful, that the relevant facts exist. A vague feeling of unease would not suffice. But the statute does not require the suspicion to be “clear” or “firmly grounded and targeted on specific facts”, or based upon “reasonable grounds”.

This case makes it clear that suspicion is a relatively low threshold and is subjective – while it has to be genuinely held, it doesn’t have to be reasonably held. Although the courts have declined to introduce a reasonableness test, or set a standard for the strength of suspicion needed, the statement that it needs to be more than fanciful suggests that the suspicion does need to have some basis in fact. One of the difficulties is what is the boundary between unease and suspicion – it’s not an easy concept to define.

Reasonable grounds for Suspicion

The eagle eyed amongst you will notice that the failure to report offence in S 330 of the Proceeds of Crime Act applies not only if a person knows or suspects, but if a person has “reasonable grounds” for knowing or suspecting that another is engaged in money laundering. Does this mean that a person can be guilty of the failure to report offence even without any mental element, in other words that it is a strict liability offence? The recent case of R v Sally Lane & John Letts (AB & CD) [2018] UKSC 36 sheds some light on this. This case was concerned with the suspicion of one of the principal offences under the Terrorism Act and asked the question of whether the phrase “reasonable cause to suspect” in s17(b) of the Terrorism Act 2000 has the same meaning as “reasonable suspicion” – in other words did the Prosecution have to establish actual subjective suspicion. The Supreme Court concluded that there was no requirement for proof of actual suspicion – so as long as the Prosecution could establish there were reasonable grounds to suspect, it did not also have to establish actual suspicion. Applying this to the money laundering regime and the failure to report offence if the Prosecution can show that the person was aware of facts which, when considered objectively, would provide reasonable grounds for knowledge or suspicion, that would be enough to establish guilt even if the person didn’t have actual knowledge. The requirement to prove what was actually known to the person rather than what they ought to have known shows that the offence cannot be committed by negligence alone, but recklessness rather than intention would be enough to establish the mental element.

Suspicion of What?

In the context of the reporting offences, fee earners are generally encouraged to report to the MLRO any suspicions they have, even if just a vague feeling of unease or something they can’t put their finger on, and I don’t think anyone would want to discourage that. But if you are the MLRO considering making an external report, something more concrete is needed, namely that you suspect that money laundering (or terrorist financing) is taking place. And for money laundering there must be criminal property.

In the 2008 case of R v Anwoir the court held that money laundering could be proved in two ways:

by showing that property derives from conduct of a specific kind and that that conduct is unlawful, orby evidence of the circumstances in which the property is handled, which are such as to give rise to the irresistible inference that it can only be derived from crime.

In essence the relevant threshold will be reached if either you know or suspect a specific type of criminal conduct has taken place such as fraud or tax evasion and that it has generated criminal property. This is likely to be the case if you have received information, either from the client themselves, or a third party, or a law enforcement agency, or if it has been reported in the media. Alternatively, you may not have received any information but if there are a series of warning signs which can’t be satisfactorily explained and taken together give the irresistible inference that the funds must be criminal.

What are some of the warning signs?

The following are the type of things that may give rise to a suspicion that a person is engaged in money laundering:

  • Transactions which have no apparent purpose and which make no obvious economic sense
  • Transactions outside the ordinary range of services normally requested by the client
  • A client who refuses to provide information without reasonable explanation
  • A client who uses a business relationship for a single transaction or for a very short period of time
  • Routing of funds through third party accounts without reason
  • Use of offshore accounts, companies or structures in circumstances where the client’s needs do not support such economic requirements
  • Attempts to launder proceeds through a cash intensive business (as criminals often do) where the cash-flows appear too large or the profit margins too high
  • Unusual settlement requests, for example where unusually large sums of cash are offered or cash is being sent by persons who are not clients of the firm or where the source of funds or the way in which settlement is to take place is unusual
  • Using the firm for banking services only, e.g. receipts of funds into client account, all or some of which prove not to be needed for any subsequent transaction, followed by a request by the client for onward transmission of the funds through the banking system to a third party
  • Formation of companies without any apparent commercial or other purpose
  • Property Transactions – fictitious buyers, payment of deposit direct to seller, sales at undervalue

This is not a complete list and my suggestion would be to familiarise yourself with the Law Society guidance in relation to this.

In June 2019, following a consultation which began in 2018, the Law Commission published its review and recommendations in respect of the SARs regime. That report acknowledged that suspicion is a complex and knotty concept, that the test is often misunderstood and not properly applied by reports, and that this has resulted in high volume poor quality SRAs, many of which are made for defensive reasons rather than because of genuinely held suspicion. However, having analysed responses to the Consultation, the Law Commission declined to recommend providing a statutory definition of suspicion. It did recommend that the Secretary of State be required to publish guidance on suspicion and that there be a prescribed form for the making of SARs (the format to be left to an advisory group). It stopped short of recommending the raising of the reporting threshold to require reporting only where there are reasonable grounds to suspect money laundering. It did however recommend that an Advisory Board should undertake a review as to whether to increase the threshold after carrying out further research on the quality of disclosures under the current regime.

Conclusion

In conclusion, it looks as though the current position, whilst arguably less than ideal, is set to remain for a while longer. In these circumstances, our best advice is to ensure that firstly, when considering whether you are obliged to make a report, you make a full note of the factors and the information you have considered and your reasoning in arriving at your conclusion as to whether you suspect or not, and secondly, that your grounds for suspicion and identification of the criminal property are clearly set out in any external SAR.

Get in touch

If any of our AML services can be of assistance, please get in touch with one of our helpful experts today.

Suspicious minds – What’s the definition of suspicion in AML? Read More »

Woman looking at screen in office, contemplating

The ICO has teeth, and is not afraid to use them!

Blogs, Data Protection, Legal Compliance /

So, we all knew that the ICO had been equipped with a fine set of gnashers by the GDPR and DPA legislation. What we didn’t know was what it would take to get them to bare them or actually use them. Or what the consequences of an ICO mastication would look like when the bits had been spat out.

Well this last week has given us some strong clues in the shape of the BA and Marriott International reports giving details of proposed penalties. Both proposed fines are, in real terms, huge at £183M and £99M respectively. Both organisations are considering appeals.

But are the fines in line with expectations? They certainly fall well short of the maximum possible under the GDPR. Speculation when the BA breach first hit the headlines was that the total damage could end up well north of £1bn once damages paid to individual data subjects and costs had been taken into account, with the fine fines accounting for up to half the final sum. In the event, the proposed fine amounts to more like 1.5% of their world-wide turnover rather than the 4% maximum permitted by the Act.

It will therefore be very interesting to read the decision notice in each case once they are issued. In previous reports published by the ICO it appears that it is the attitude of the firm to the handling of the breach, the levels of co-operation in dealing with the fallout, and the data protection culture of the firm as a whole that are the influential factors when the level of punishment for a breach is considered.

What is clear though is that even if the punishment thermometer can be reduced to a factor of, say, 1.5% of turnover this is a highly significant sum to bear for any size of firm. Would your firm be able comfortably to digest it?

For fines aren’t the whole story. There may well be other costs to pay in damages to affected data subjects, not to mention the reputational damage to the firm as a whole. And this is without taking into account the often significant time expenditure in investigating and reporting on the breach, working on putting it right with possibly large numbers of data subjects, working with the ICO in their investigation, and retraining of staff in data protection awareness and minimisation of risk. How many organisations have made provision in their financial statements for the possibility of breach related fines?

So, in analysing the events of the past few days: –

Don’t…

  • Think that the GDPR and DPA don’t apply to you? They Do!
  • Think that the ICO won’t act if you have a breach? They clearly will!
  • Relax in the mistaken belief that to have a set of paper policies alone is sufficient to demonstrate compliance? It’s not!
  • Forget to keep your Statement and Data Protection related policies and procedures under regular review and updated? The Regulation requires it!
  • Ignore the importance of regular awareness training for all staff at all levels and for new staff inductions to place an appropriate level of emphasis on the firm’s data protection culture? It’s a vital contributor to effective breach recognition and management!
  • Afraid of enlisting outside help? A third pair of eyes can assist objectively and save huge amounts of valuable internal time!

Do…

  • Ensure that DPOs/persons responsible for data protection or Heads of Compliance are fully aware of their responsibilities.
  • Ensure that your Privacy Statement is up to date and the internal contact details are accurate.
  • Ensure that your DP policies are up to date and regularly reviewed, and the reviews documented.
  • Ensure that your IT systems are up to the task and, if appropriate regularly “pen” tested and the findings acted upon.
  • Ensure that your DP team is meeting regularly, and their meetings and action plans documented.
  • Ensure that a regular refresher awareness and breach awareness and management training programme is in place for all levels of staff.
  • Ensure that your outsourced contracts contain provisions dealing with the Controller/Processor elements of DP and that their own DP operation is compatible with your requirements.
  • Ensure that there is an embedded data protection culture in the firm that is perceived to be – and is – led from the top.

Get in touch

The ICO’s actions this week have issued a statement of intent to be ignored at our peril – how does your DP package shape up?

If you’d like more information on data protection, or would like to find out how we can help, simply get in touch with our experts today.

The ICO has teeth, and is not afraid to use them! Read More »

Someone speaking at a conference with a room full of delegates

Ark Group Conference Panel

Anti-Money Laundering, Blogs, Legal Compliance /

I attended the Ark Group Annual AML Conference in London yesterday to speak on the panel about the challenges for MLROs who are also fee earners in their firm.

The session posed questions to the audience, and we, the panel, put our two penneth in.

Joining me on the panel was Alex Ktorides from Ince Gordon Dadds, Colette Best from the SRA and the chair was my Taskforce colleague Guy Wilkes

The first question was about how challenging MLROs find combining their compliance obligations and fee earning roles.

Most voted very challenging, (4 out of 5), which I absolutely agree it can be. Interestingly, if unsurprisingly, nobody voted it not challenging!

The main points I shared were:

Culture is key – without strong support and a culture of buying into Compliance you will fail. If we fail to tackle non compliance in firms, our compliance programmes will collapse! Colette agreed, where a firm has a person who refuses to comply, they will expect a firm to deal with it and may themselves deal with that individual.

Don’t put things in your policies which you know don’t work – don’t set yourself up to fail. Check things work, introduce controls so you know things work. Don’t leave things for the SRA to discover. Make sure people can make an assessment of risk when you ask them to, don’t say people can’t open a file without the client ID if you know that’s impossible.

Have controls so you aren’t caught out. Audit the controls. If you let fee earners open a file before client ID is completed, make sure you’ve set a deadline and that that is monitored and enforced.

Litigation need to know too! Don’t forget to make sure your litigation teams also have AML training and appreciate the risk that on boarding a client they are happy to deal with may cause AML issues if they also instruct the firm to carry out transactions.

Get a process in place for source of funds and source of wealth. Tell your teams they won’t spot money laundering if they think the extent of their obligations is to get a passport and utility bill, that’s doesn’t prevent money laundering #baddieslivesomewhere!

Get in touch

If you’d like to know more about our AML services, simply contact one of our experts today.

Ark Group Conference Panel Read More »

keyboard with the pound sigh key under a magnifying glass

Price Transparency: An opportunity not to be missed!

Blogs, Legal Compliance, Regulatory Compliance /

As part of the recently launched Teal Compliance Officer Training Programme, I ran a webinar session running through all the requirements in relation to Price Transparency and the impact it is having on firms.

The first thing I would say is that the new rules create a market of opportunity on which you can take stock and look at your pricing structure, how you price and the services you offer to your clients. The stated aim of the new rules is to provide good quality information to potential and existing consumers to enable them to make the best decision for the type of service they require and within their budgets.

A lot of firms are focusing on the perceived negative impact, e.g. that it is “big brother” or that other competitors will undercut their fees and poach clients. But by focusing on that firms risk missing opportunities. The research which was commissioned in 2016 by the Competition & Market’s Authority (“CMA”) concluded that generally speaking there is insufficient information available to consumers and small business, in relation to the price, range and quality of legal services on offer. This was particularly evident in relation to the conveyancing market.

The majority of consumers looking for legal services said that if better information about price, quality and range of legal services was available online that would help them in making a decision as to which firm to approach.

Consumers also said that firms with a “digital badge” displayed on their website, would give them greater confidence about the services on offer and could in fact be the deciding factor on whether or not to use a firm.

To recap on what is required under the new rules:

I have done some of my own research looking at how firms have improved price transparency on their websites. Some firms have absolutely got it spot on, however I have to say I am quite surprised by the number of firms who are not yet publishing transparent information and those whose attempts to be compliant have fallen short of what is required. The CLC and SRA have already started to undertake reviews of firms regulated by them. Whether firms want to accept the rules or not, you still have to comply.

If you are not sure how to ensure you are compliant with the new rules, or you just need a sense check then we are here to help, for example by running pricing workshops to give you the opportunity review and update all the services that you charge for.

The new rules are designed to stop those firms who add on the “hidden” costs at the end of a transaction, leaving the client confused, and uncertain as to how they are going to pay for those additional fees. Introducing transparency, guidance on services offered, what is and isn’t included will assist clients in assessing what is right for them from both a personal and financial perspective.

A lot of firms are using online calculators, and these are a great way of providing an estimate where the onus is on the client to provide the correct information. Again, if this information changes you can make it clear the fee may change accordingly. There is evidence to suggest that, particularly in conveyancing, the use of online calculators is assisting in winning business. Some firms have platforms which also automatically send the terms of business letter out, so you could arrive in the office in the morning with new clients already committed to working with you. These are fantastic examples of what you can do to be compliant under the new rules and maximise business potential. What’s not to like?

My top tips for making sure you are up to speed with price transparency include:

  • Use price transparency as an opportunity to revisit your current fee structure and prices
  • Ensure that your website contains all relevant information about the range, quality and price of your services
  • Obtain and display your digital badge
  • Communicate and provide training in price transparency to all staff
  • Remember to update relevant policies and marketing materials

Get in touch

If you’d like to know more about our website audit service, simply get in touch with one of our helpful experts today.

Price Transparency: An opportunity not to be missed! Read More »