Legal Compliance

Two anonymous people discussing paperwork at a desk

New SRA Notice Warns Against Funds Missing From Client Account

The SRA has published its new Warning Notice (21 June) warns against funds missing from a firm’s client account. The SRA has made it clear shortages will not be tolerated.

Whilst the SRA hasn’t reported any sanctions decisions relating to this issue in particular recently, the warning notice outlines the risks of firms failing to quickly address a shortage.

Firms will note the relatively recent closure of Axiom Ince last year, where the SRA reported the largest shortage in client account funds of £64m.

SRA's Warnings

The SRA’s warnings are as follows:

  • Firms have an obligation to replace immediately any money missing from a client account
  • Replacement of funds is to be carried out regardless of the underlying reasons – even where there’s been circumstances beyond the firm’s control for example by way of a cyber-attack, or administrative errors or, dishonest acts by employees
  • There’s a clear duty in the accounts rules to replace a deficiency, and managers of a firm are jointly responsible for doing so
  • Firms that continue to transact with a shortfall on their client account risk using other clients’ funds to facilitate those transactions

Employee Behaviour

The SRA provides indicators when identifying behaviour amongst employees that may indicate a problem. This includes failure to deliver bills or a written notification of costs, any suggestion of over-charging, and a sweeping up of residual balances.

Steps To Take

Paul Philip, chief executive at the SRA has said: “Caselaw is very clear that the client account is sacrosanct. However, firms do report shortages on the client account for a variety of reasons. Our rules are also very clear – you must make good on any deficit promptly. A shortage on the client account presents a risk to all clients for whom you hold money.”

  • Managers are advised to immediately investigate and take action against any member of staff who may have acted dishonestly regarding the client account, and to take regular steps to monitor, review and manage risks
  • If you identify that money is missing, you have a duty to take steps to ensure it’s replaced, in full, immediately
  • If you’re a manager of the firm, you have a duty to replace missing client money from your own resources. It may be necessary for you to obtain a loan to do this. It’s irrelevant that fault may not lie with you personally
  • You need to notify your insurer. You may be able to make a claim on your professional indemnity insurance. The obligation to remedy a breach of the SRA Accounts Rules 2011 is treated as civil liability for the purposes of clause 1 of the Minimum Terms and Conditions
  • If you identify a shortage, you should report the matter to the SRA in line with your obligations under paragraph 7.7 of the Code of Conduct for Solicitors, RELs and RFLs and paragraph 3.9 of the Code of Conduct for Firms

Enforcement Action

On enforcement action, the SRA warns that failing to replace client money will usually lead to an intervention. Even if money has been replaced, it may be that an intervention is necessary to deal with what caused the problem, such as dishonesty, in order to protect the clients and the public.

Firm Closures

The SRA has also addressed the issue in the context of firms heading for closure, given this can’t happen if there are client balances remaining in a firm’s account.

The SRA has advised any firms seeking to close that they should send all client money to clients, pay counsel fees and bill for outstanding costs.

The notice adds: “If your client account has a shortage, you cannot undertake any of these actions and therefore you cannot close your firm until the shortage is replaced.”

Get in touch

At Teal, we’re here to support your journey towards compliance that works.

We understand that compliance can be a daunting word, but it’s also the key to unlocking your firm’s full potential.

Our experts at Teal Compliance are here to help. Get in touch today to explore tailored solutions and ensure your firm stays ahead of regulatory requirements.

New SRA Notice Warns Against Funds Missing From Client Account Read More »

Green sheet of paper with tickboxes, one is ticked with green felt tip

Is your law firm’s website compliant with the SRA Price Transparency Rules?

If you’re involved in managing compliance at a UK law firm, you’re probably no stranger to the SRA Price Transparency Rules. But just how compliant is your website? In this blog post, we dive into what you need to know and how you can ensure your firm meets the requirements.

Understanding the SRA Price Transparency Rules

The SRA Transparency Rules, which came into force in December 2018, marked a significant shift in how law firms should communicate pricing and service details to their clients. Instructed by the Solicitors Regulation Authority (SRA), these rules aim to improve transparency within the legal sector enabling clients to make informed decisions about their legal matters.

Covering a range of practice areas, law firms must disclose price and service information in a clear and accessible manner.  These areas include:

  • Residential conveyancing
  • Probate (uncontested)
  • Motoring offences (summary offences)
  • Immigration (excluding asylum)
  • Employment tribunals (unfair/ wrongful dismissal)
  • Debt recovery (up to £100,000)
  • Licensing applications (business premises)

Also, it’s crucial to note that even if your firm doesn’t have an online presence through a website, you’re still required to provide this information upon request in alternative formats. This ensures that regardless of the means of communication, clients have access to transparent pricing information.

What the SRA Price Transparency Rules entail

The SRA Price Transparency Rules include a multifaceted approach to transparency and accountability within the legal sector. Beyond the disclosure of pricing and service information, firms have to adhere to additional requirements to enhance clarity and trust. Alongside publishing price and service details, firms must prominently display the SRA’s digital logo on their website, serving as a visual indicator of compliance. This badge reassures clients that the firm operates within regulatory guidelines, instilling confidence in the transparency of legal fees and services offered.

Additionally, the Rules also require firms to publish details of their complaints procedure on their website. This includes comprehensive information on how and when a complaint can be lodged, both to the Legal Ombudsman and directly to the SRA. By offering clear guidance on the complaints process, firms prove a commitment to accountability and client satisfaction.

Teal’s new compliance culture services partnership

As well as ensuring such a damaging and toxic environment doesn’t exist, how can we further test and measure the true culture we have in our workplace?  

At Teal we have always believed culture to be the bedrock of sound firm management and compliance. That’s why it’s the biggest, first, and most vital cog in our six Cs of compliance. Without a good culture, the others ‘Cs’ simply won’t work. It’s the foundation from which thriving firms are possible.

That’s why Teal is delighted to be launching its partnership with Gemma Ellison and the team at Heart Leadership.

Gemma said “I started Heart Leadership after spending 15 years in legal practice and so it is a profession I understand and deeply care about. I am committed to helping organisations create healthy and inspiring working environments, which I know, in turn, leads to enhanced wellbeing and higher performing teams. Often, as we move through the ranks of our industry, we are rarely told to fully consider culture and the fundamental impact it has on the working environment of our people. I want to help change that.” 

Insights from the Year Three Evaluation

The Year Three Evaluation of the SRA Transparency Rules shed light on the full adoption of the rules. While progress has been made, there are still significant challenges that law firms must address to meet the requirements effectively.

The compliance landscape

According to the evaluation, a majority of firms reported compliance with various aspects of the transparency rules:

  • 75% claimed to provide price and service information
  • 88% displayed the SRA clickable logo
  • 88% published complaints procedures
  • 76% detailed how to complain to the SRA/ Legal Ombudsman

However, when it comes to price and service information specifically, only 42% of firms stated they published all required details. This highlights a significant gap in compliance, with more than half of firms falling short in this crucial area alone.

The reality of compliance

In 2021, the SRA took proactive steps by requiring all law firms with websites to complete a mandatory declaration confirming compliance with the transparency rules. Despite these declarations, spot checks conducted by the SRA revealed a different reality.

Common areas of non-compliance identified during spot checks include:

  • Partial compliance with certain aspects of the rules, such as publishing price and service information while omitting complaint information
  • Selective compliance with rules for specific service areas, particularly among firms with multiple websites or sections dedicated to different areas of law
  • Incomplete publication of information regarding how services will be delivered and by whom
  • Improper display of the SRA clickable logo, hindering the dynamic link to firm information on the SRA website

Ensuring compliance

Ensuring compliance with SRA Price Transparency Rules is essential for law firms to maintain trust and transparency with their clients, as well as meet their regulatory requirements.

So, how can your law firm ensure compliance with the transparency rules?

1. Review your website regularly

Regularly review your website to ensure all required information is up-to-date, accurate, and easily accessible to visitors. Keeping a vigilant eye on your online presence ensures that potential clients can find the information they need without any hassle.

2. Utilise SRA templates

Take advantage of the SRA’s provided templates for suggested text. These templates can be invaluable in identifying any missing information on your website, helping you align with the requirements of the Transparency Rules more effectively.

3. Consider user experience

Prioritise the user experience on your website to ensure that clients can easily navigate and find the necessary information. Whether through specific webpages, intuitive online quote tools, or seamless connections to price comparison sites, prioritising accessibility enhances client satisfaction.  

4. Get expert help

If you’re unsure about compliance or need assistance, Teal Compliance offers website audit services. We can provide guidance and help you navigate any non-compliance issues, ensuring your firm remains aligned with regulatory standards.

Moving forward

The findings highlight the importance of ongoing vigilance and proactive measures to achieve full compliance with the SRA Transparency Rules. Law firms must not only ensure that they are meeting the minimum requirements but also strive for transparency and clarity across all aspects of their online presence.

As regulatory scrutiny intensifies and expectations evolve, firms need to review their compliance strategies, address identified gaps, and embrace best practices to uphold the principles of transparency and accountability.

Get in touch

At Teal, we’re here to support your journey towards compliance that works.

We understand that compliance can be a daunting word, but it’s also the key to unlocking your firm’s full potential.

Our experts at Teal Compliance are here to help. Get in touch today to explore tailored solutions and ensure your firm stays ahead of regulatory requirements.

Is your law firm’s website compliant with the SRA Price Transparency Rules? Read More »

jigsaw pieces fit together demonstrating a handshake

Our New Compliance Culture Services Partnership

What actually is ‘culture’ and what does it really mean to the employees of your business? Culture can often simply mean ‘working environment’. Taking good care of this fundamental aspect is critical to your firms future success and prosperity. In this article we delve into the importance of culture within law firms and introduce our new compliance culture services partnership.

The importance of compliance culture

In the past ‘culture’ was perhaps seen as a ‘nice to’ task, but behind areas such as fee-earning or cost management. However, nearly all business leaders now accept that caring for your teams wellbeing, and creating and maintaining a supportive and safe environment in which they work, is no longer an optional extra but vital to prosperity.

In fact, Law Care reported on 30 January 2024 that they’d received a 14% increase in the number of people reaching out for mental health support in 2023, and there’s been a massive 95% increase in the number of people saying that workplace bullying, harassment or discrimination was their primary reason for seeking support from Law Care.

What the regulators say about compliance culture

The SRA introduced ‘fair treatment rules’ into its Code of Conduct in 2023 which apply to all SRA-registered lawyers working at law firms. The requirements state that “You treat colleagues fairly and with respect. You do not bully or harass them or discriminate unfairly against them. If you are a manager (such as a partner or director) you challenge behaviour that does not meet this standard’’.

The SRA is recommending that all senior leaders and managers are aware of the steps they must take as individuals to challenge behaviour that doesn’t comply with the new rules.

Teal’s new compliance culture services partnership

As well as ensuring such a damaging and toxic environment doesn’t exist, how can we further test and measure the true culture we have in our workplace?  

At Teal we have always believed culture to be the bedrock of sound firm management and compliance. That’s why it’s the biggest, first, and most vital cog in our six Cs of compliance. Without a good culture, the others ‘Cs’ simply won’t work. It’s the foundation from which thriving firms are possible.

That’s why Teal is delighted to be launching its partnership with Gemma Ellison and the team at Heart Leadership.

Gemma said “I started Heart Leadership after spending 15 years in legal practice and so it is a profession I understand and deeply care about. I am committed to helping organisations create healthy and inspiring working environments, which I know, in turn, leads to enhanced wellbeing and higher performing teams. Often, as we move through the ranks of our industry, we are rarely told to fully consider culture and the fundamental impact it has on the working environment of our people. I want to help change that.” 

Teal’s new compliance culture services

Initially we’ll offer two core products to our law firm partners. Each has a full, or fuller option.

1. Training Workshop

We’re delighted to be able to offer a half-day or full day training workshop based around how best to implement the new SRA fair treatment rules.

2. Culture Audit

We’re also delighted to offer the Heart Leadership ‘culture audit’ which can be tailored to a three or five-day programme to suit your firm.

Get in touch

Never has it been more important to understand your firm’s culture and to understand what actions can be taken to improve whatever situation you have.

Teal is committed to help embed compliance culture within all law firms which is why we’re so thrilled to be offering these services through our new partnership.

Should you wish to find out more about these services, please don’t hesitate to get in touch.

Our New Compliance Culture Services Partnership Read More »

Someone reading and taking notes

Understanding the Anti-Money Laundering Definition of ‘Suspicion’

When it comes to anti-money laundering (AML) regulations, one term that often baffles legal practitioners is ‘suspicion’. Understanding its nuances is crucial for compliance officers to navigate the complex landscape of AML requirements in the UK.

In this blog post, we’ll delve into the anti-money laundering definition of suspicion, exploring its interpretation by the courts, its implications for compliance, and practical considerations for identifying and reporting suspicious activities.

Anti-money laundering definition of ‘suspicion’

When it comes to the anti-money laundering definition of suspicion there are several things to note. 

1. The evolution of suspicion: From undefined term to crucial concept

Over the years, there have been notable developments in legislation and regulations concerning the interpretation of ‘suspicion’ within the context of anti-money laundering (AML) efforts. While the term remains undefined in statutory law or regulatory frameworks, judicial precedents and industry guidance have played a crucial role in shaping its interpretation and application.

2. Understanding the Law Commission's insights on Suspicious Activity Reports

One significant development is the Law Commission’s review and recommendations regarding Suspicious Activity Reports (SARs) regime. In June 2019, following a consultation that began in 2018, the Law Commission published its findings and recommendations, acknowledging the complexity and vagueness surrounding the concept of suspicion.

3. Navigating the ambiguity of suspicion

The report highlighted that the current test for suspicion is often misunderstood and not properly applied by reporters, resulting in a high volume of poor-quality SARs. Despite these challenges, the Law Commission declined to recommend providing a statutory definition of suspicion. Instead, it recommended that the Secretary of State should publish guidance on suspicion and that there should be a prescribed form for the making of SARs.

Additionally, the Law Commission proposed the establishment of an Advisory Board to review the reporting threshold and consider whether it should be increased after conducting further research on the quality of disclosures under the current regime.

4. Implications for compliance

These recommendations reflect ongoing efforts to enhance the effectiveness and efficiency of AML regulations while addressing the challenges associated with interpreting and applying the concept of suspicion. Compliance officers and legal practitioners must stay abreast of these regulatory developments and incorporate them into their compliance strategies to ensure adherence to AML requirements and mitigate the risk of financial crime.

Understanding suspicion within AML

The concept of ‘suspicion’ lies at the heart of AML legislation, compelling lawyers to report any inkling of potential money laundering by their clients. Understanding this fundamental aspect is critical for compliance officers to fulfil their obligations effectively within the anti-money laundering definition.

1. Subjectivity in interpretation

However, despite its pivotal role, the term remains undefined in statutory law or regulatory frameworks. Instead, the courts have been tasked with deciphering its meaning, leading to a subjective and evolving understanding. This lack of a concrete definition underscores the complexity surrounding suspicion within the context of AML compliance.

2. Judicial precedents

In the landmark case of R v Da Silva, the courts established pivotal insights into the nature of suspicion. It was explained that suspicion involves more than a vague feeling of unease but doesn’t necessitate a clear or firmly grounded belief. Rather, it requires a genuine consideration that there exists a possibility, more than fanciful, of illicit activities. This interpretation emphasises the nuanced and contextual nature of suspicion, urging practitioners to exercise judgement in their assessments.

3. Navigating the fine line

This subjective nature of suspicion poses challenges for compliance officers, who must navigate a fine line between vigilance and unfounded accusations. Balancing the necessity to report potential risks, with the need to avoid unjustified allegations, demands a careful approach. Practitioners must weigh available evidence and related factors carefully, ensuring that their suspicions are grounded in reasonable assessments rather than unfounded assumptions.

Reasonable grounds for suspicion in AML

Moreover, the law introduces the concept of ‘reasonable grounds’ for suspicion, raising questions about the necessary mental element for compliance within the anti-money laundering definition.

1. The case of R v Sally Lane & John Letts

The case of R v Sally Lane & John Letts serves as a helpful precedent in understanding the significance of reasonable grounds for suspicion. This landmark case underscored that while actual suspicion isn’t mandatory for culpability, objective evidence providing reasonable grounds for suspicion is sufficient to establish guilt.

2. Compliance implications

The distinction between actual suspicion and reasonable grounds for suspicion emphasises the importance of judgement and diligence in assessing potential risks of money laundering activities. Compliance officers must meticulously evaluate available evidence, ensuring that suspicions are grounded in objective indicators rather than subjective assumptions. By adopting a thorough and evidence-based approach, practitioners can uphold the integrity of AML compliance efforts and effectively mitigate risks within their law firms.

Identifying suspicious activities

Recognising suspicious activities is essential for compliance officers tasked with reporting obligations within the anti-money laundering definition.

Understanding the indicators of potential money laundering is paramount for effective risk mitigation. Several warning signs may signal illicit activities, including:

1. Transactions lacking economic rationale

Transactions that lack a clear economic purpose or appear disconnected from the client’s legitimate business activities should raise red flags. Compliance officers should scrutinise such transactions carefully to assess their legitimacy and potential for money laundering.

2. Unusual client behaviours

Unusual behaviours shown by clients, such as reluctance to provide information or engaging in atypical transaction patterns, may indicate attempts to conceal illicit activities. Compliance officers should remain vigilant and investigate further when encountering such behaviours.

3. Use of offshore accounts without justification

The use of offshore accounts or structures without legitimate business reasons can be indicative of attempts to evade regulatory scrutiny and launder illicit funds. Compliance officers must thoroughly examine the rationale behind offshore transactions and assess their compliance with anti-money laundering regulations.

4. Adhering to industry guidance

Familiarising yourself with industry guidance and best practices is crucial for the effective identification of suspicious activities. Compliance officers should stay updated on regulatory developments and leverage industry resources to enhance their understanding of money laundering risks and mitigate strategies. This is why compliance training is so important!

Document certification considerations

In addition to understanding suspicion within the anti-money laundering definition, compliance officers must also scrutinise clients’ identification documents carefully, and consider the following:

1. Certifier’s reputation and identifiability

Certifying documents requires careful consideration of the certifier’s reputation and identifiability. Compliance officers must ensure that certifiers are reputable professionals or individuals in positions of trust, such as solicitors, bankers, or notaries.  It’s essential to verify the certifier’s credentials and confirm their ability to accurately assess and certify documents.

2. Competency in document inspection

Compliance officers must ascertain the certifier’s competency in document inspection. Certifiers should possess the necessary skills and expertise to recognise authentic documents and identify any discrepancies or signs of tampering. Thorough training and ongoing professional development are essential to ensure that certifiers can fulfil their responsibilities effectively.

3. Verifying document authenticity

Verifying the authenticity of client identification documents is paramount to keeping the integrity of due diligence processes. Compliance officers should implement robust procedures to verify the authenticity of documents, such as conducting background checks, verifying references, and cross-referencing information with reliable sources. Any suspicions about document authenticity should be investigated promptly and thoroughly.

4. Confirming true likeness

Confirming true likeness, especially for documents containing photographs, is crucial to prevent identity fraud and misrepresentation. Compliance officers must ensure that the individual depicted in the photograph matches the identity of the client presenting the document. This verification process helps mitigate the risk of identity theft and ensures the accuracy and integrity of client identification procedures.

Get in touch

At Teal, we’re here to support your journey towards compliance that works.

We understand that compliance can be a daunting word, but it’s also the key to unlocking your firm’s full potential.

 

Our experts at Teal Compliance are here to help. Get in touch today to explore tailored solutions and ensure your firm stays ahead of regulatory requirements,

Understanding the Anti-Money Laundering Definition of ‘Suspicion’ Read More »

Laptop with the Teal Tracker's Root Cause Analysis Process on screen

The Teal Tracker’s New Feature: Root Cause Analysis Process

The Teal ‘Root Cause Analysis Process’, or ‘RCAP’, is a new, groundbreaking feature of the Teal Tracker. Here we explain what it does, how it works and how it can benefit you. 

What does the Root Cause Analysis Process do?

The Root Cause Analysis Process forms part of the Incident Management module in the Teal Tracker, and is a yet another example of how law firms can use their compliance data to help reduce the future risk of claims, complaints and breaches.

At its core, it assists in identifying trends and reducing incidents through identification, analysis and learning, which will in turn protect clients, the firm and the team.

How does the Root Cause Analysis Process work, and how is AI involved?

The RCAP feature uses AI to assist firms in identifying root causes of issues or near misses. It forms part of the Teal Tracker’s Incident Management module, whereby firms can analyse incidents to drill down to root cause.

As with all our new features in the Teal Tracker, we’ve extensively asked our law firm partners how they would best like to see this work in practice, so its design is simple and intuitive.

Teal Tracker subscribers are invited to carry out a Root Cause Analysis Process using the ‘five whys’ methodology principle, which is a standard engineering concept developed way back in the 1950’s for Toyota’s production line. It is, at its core, really simple. The principle is that if you ask ‘why’ something went wrong five times, you’ll likely drill down to arrive at the core answer.

But the Teal RCAP combines this tried and tested practice with AI to generate the next response to each of the ‘five whys’ questions and to confirm the root causes and their weightings. This smartly assists users in drilling to the key root cause or causes, and skillfully assists law firms in getting to the true root cause and the granular detail of issues.

This is then automatically exported to the Teal Tracker’s management reports functionality. In turn, this allows trend analysis to be systematically identified in detail, and reflected back to the firm to ensure they can both learn and improve in the key areas they really need to focus on.

Why has Teal integrated AI into the Root Cause Analysis Process?

Teal has integrated generative AI into the solution so that AI can smartly create the next drill down question to ultimately display what has actually happened and its cause. This means users have smart options to drill down into the issues and figure out what precisely occurred and what contributed to each particular problem.

It will give the firm much more useful and intelligent data on which to make decisions or to deploy resource. This will assist in better use of budgets for training or capacity as well as ultimately reducing the number of claims, complaints and breaches that occur.

How is the Root Cause Analysis Process working in practice?

Teal has been trialling the solution in full, in live environments for some time and it’s working extremely well. That’s why we’re now proud to be able to roll-out this groundbreaking feature to all our Teal Tracker law firm partners. 

Want to know more about the Teal Tracker?

At Teal, we’re here to support your journey towards compliance that works. Our compliance technology platform, Teal Tracker, is the solution to your compliance issues, ensuring you, your firm and your clients are safe. 

To find out more about the Teal Tracker, or to book a demo, contact our team today!

The Teal Tracker’s New Feature: Root Cause Analysis Process Read More »

Someone going through paperwork on a desk with others

Demystifying the role of a DPO: What is a Data Protection Officer?

At Teal, we’re often asked questions about whether law firms need a Data Protection Officer (DPO). In this blog, we’ll answer the question ‘what is a Data Protection Officer?’ and go through what the guidance says, when a DPO must be appointed, who can be a DPO, and the crucial role they play in ensuring GDPR compliance.

What is a Data Protection Officer (DPO)?

The primary responsibility of a Data Protection Officer is to inform and advise the organisation and staff on GDPR compliance. This comprehensive role encompasses monitoring compliance, raising awareness, training staff, conducting internal audits, and serving as the initial point of contact for supervisory authorities and individuals affected by data processing. The DPO takes centre stage in adopting a risk-based approach, concentrating on high-risk activities and actively participating from the earliest stages in decision-making processes.

Additionally, it’s important to emphasise that a DPO extends beyond their immediate responsibilities. Although not directly accountable for overall compliance – a duty retained by the data controller or processor – the DPO undeniably assumes a key role in the oversight of the implementation of the data protection strategy. Their invaluable contribution becomes instrumental in ensuring the organisation fulfils its data protection obligations, thereby setting up a solid foundation for a robust and compliant approach.

What the guidance says about DPOs

Under the GDPR, the appointment of a Data Protection Officer (DPO) is a nuanced decision. Some organisations find it mandatory, while others may opt for a voluntary appointment or decide it’s unnecessary. The WP29 guidance, which replaced the European Data Protection Supervisor, advises organisations to document internal analyses to determine DPO necessity. The default assumption is that a DPO is needed unless proven otherwise. This commitment to GDPR compliance places specific obligations on the appointed DPO.

GDPR requirements

GDPR outlines scenarios requiring a DPO, including when an organisation is a public authority, engages in regular monitoring of individuals, or processes large-scale special data categories. The flexibility of sharing a DPO between organisations and the possibility of an existing employee taking on the role highlights the pragmatic approach of GDPR.

The Data Protection Bill

The Data Protection Bill seamlessly incorporates GDPR into UK legislation, addressing general processing and the Law Enforcement Directive. While not all businesses are obligated to appoint a DPO, adhering to best practices suggests appointing someone solely responsible for data privacy matters. 

Embracing the GDPR principles of privacy by design, having a dedicated data protection champion within your business is considered essential. This strategic move aligns with the evolving legal landscape, emphasising proactive measures for privacy and data protection.

When must a Data Protection Officer be appointed?

Under the GDPR, a DPO must be appointed if the organisation is a public authority, engages in large-scale monitoring of individuals, or processes large-scale special categories of data or data related to criminal convictions.

The definition of ‘large scale’ isn’t outlined, but the guidelines say you should consider the following factors:

  • The number of data subjects concerned
  • The volume of personal data being processed
  • The range of different data items being processed
  • The geographical extent of the activity
  • The duration or permanence of the processing activity

Should you decide not to appoint a DPO, GDPR requires organisations to maintain records of their processes and any data breaches. Ensuring your business has adequate staff and resources is crucial to effectively fulfil its obligations under the GDPR.

Who can and can't be a Data Protection Officer?

The GDPR stance on appointing a DPO centres on their ability, experience, and knowledge of data protection law. While the regulations don’t suggest specific credentials, they stress that these qualifications should align with the type of processing undertaken, considering the necessary level of protection of personal data. A DPO having familiarity with your industry, sector, and the intricacies of your data protection needs enhances their effectiveness.

Opting for an external DPO is a strategic move to avoid potential conflict issues. This approach proves invaluable when an internal candidate isn’t readily available within your business to undertake the role.

The WP29 guidance offers valuable insights into individuals within a firm who are ill-suited for the DPO role due to potential conflicts of interest. This includes high-ranking positions like:

  • Chief Executive Officer
  • Chief Operating Officer
  • Chief Financial Officer
  • Head of Marketing
  • Head of Human Resources
  • Head of IT

Lesser senior roles may also pose conflicts if they involve deciding the purpose and means of processing.

For law firms, the Compliance Officer for Legal Practices (COLP) may be a suitable DPO, depending on their other responsibilities. The GDPR ensures DPOs receive the necessary support, maintain independence, and enjoy protected employment status, shielding them from unjust actions for performing their duties.

Law firms and Data Protection Officers

According to insights from the Law Society, the consensus is that most law firms might not require the appointment of a Data Protection Officer (DPO), because they typically don’t engage in systematic monitoring of data subjects on a large scale. This viewpoint was first outlined in a March 2018 article and then recapped in August 2019 “Appoint a Data Protection Officer (DPO)”.

Exceptions arise when law firms handle special categories of data, such as health, ethnicity, political or religious beliefs, trade union membership, or the sexual orientation of their clients. In such cases, especially if processing occurs on a large scale, the consideration for a mandatory DPO appointment gains significance.

Opting for a voluntary DPO appointment can be beneficial, particularly when uncertainty exists. Seeking specialist advice is advisable for firms lacking expertise in data protection. Law firms are encouraged to keep a concise record of their decision-making process.

The decision to appoint a Data Protection Officer (DPO) is important, but regardless of your choice, promoting awareness amongst all staff about the individual handling data protection matters is crucial. This person, whether a DPO or another designated individual, should have a direct line to top-level management.

It’s important to clarify that, if appointed, a DPO isn’t directly responsible for overall compliance – that responsibility lies with the data controller or processor. Nevertheless, the DPO, along with other appointees, plays a key role in overseeing the implementation of the data protection strategy and fulfilling the organisation’s obligations.

Get in touch

At Teal, we’re here to support your journey towards compliance that works.

We understand that compliance can be a daunting word, but it’s also the key to unlocking your firm’s full potential.

Get in touch with our experts to find out how we can help with data protection compliance.

Demystifying the role of a DPO: What is a Data Protection Officer? Read More »

Image of laptop on a desk, with the Teal Tracker on the screen

Why we built the Teal Tracker compliance technology

The Teal Tracker compliance technology platform is the solution for all law firms’ compliance needs. Here, we explain why we built the Teal Tracker, and how it’s benefiting law firms. 

What is the purpose of the Teal Tracker?

The Teal Tracker compliance technology has two core purposes.

1. Keeping track of all your records

The Teal Tracker’s first core purpose is to make the activity of collating law firm compliance information easier.

Firms know when there are issues, and there’s usually a procedure for notifying someone. However, it’s often done via email, or by filling in a form and then emailing it to someone. This is how control can be lost and it becomes just another email stuck in someone’s inbox. This makes such records extremely hard to demonstrate to a regulator.

Examples might be a list of complaints, where somebody then has to sit down for hours, scrolling through emails and trying to find the relevant ones.

In practice, and in reality, there are still examples of printing off documents and putting them in paper files. However, this is inefficient, lacks security and could compromise confidentiality.

So, this is the primary reason the Teal Tracker was built.

2. Analysing the data to help you make informed decisions

The second core reason we built the Teal Tracker compliance technology is because there’s a lot of beneficial information contained within the data that you collect as a result of breaches, file reviews or training records. This data holds the answers to enable you to start to identify when there are problems with a particular person, or a particular area within the firm.

Because the data is fragmented, normally across the firm in emails, folders or on bits of paper, it usually can’t be analysed. As a result, firms don’t really have a good handle on whether their compliance is working or not.

The Teal Tracker is the solution. Once the data is collected in the Teal Tracker, it can then start to analyse and report on it. This will enable you to identify issues and let you know where the areas of focus need to be.

For example, if there’s a spike in complaints as a result of somebody not getting back to people, that may be a capacity issue. Through the Teal Tracker, we can let you know that a particular department appears to be quite busy, needs more people, or needs less work.

With the methods law firms currently use, this can be guesswork to a degree. The Teal Tracker provides evidence for these things, so that you can make informed decisions.

How do law firms benefit from the Teal Tracker?

Law firms can benefit from the Teal Tracker in a number of ways. However, here are the top 5 benefits of the Teal Tracker:

1. Collecting all information in one place, without duplication

First of all, the activity of collecting information from the business in relation to their compliance can be streamlined. A really simple example of that is what we collect through our ‘Incident Management’ module, called ‘what’s happened?’.

The ‘what’s happened’ form is what you’d usually call an ‘incident reporting form’. We’ve named it ‘what’s happened’ on purpose, to engage people, so that they use it more freely. 

We’re curious about why things are happening and encourage everyone in the business to use it for anything they see that’s not going to plan, without any inherent blame attached. In the ‘what’s happened?’ form, you select the category of what’s happened, for example, a complaint, a potential claim, a breach, or a near miss. It then automatically populates a register. If you’re currently collecting that information by email from people within your firm, you’ll have to copy it onto a register. 

2. Easy access to reports and analytics

Once that information is properly captured within the Teal Tracker, it can start to easily analyse the data and reflect that back to you to let you know. On the first page of the Teal Tracker, you’ll find the ‘heat map’. The heat map is designed so that you have access to instant and continuous visibility of the situation. You’ll instantly be able to recognise if you have any emerging issues that you need to start dealing with, and you can run various reports which you can also tailor.

The reports will show up on your desktop enabling you to know what to prioritise, as we understand that budgets and compliance resources are always really tight.

3. Helps prioritise your budget

Firms spend a lot of money on compliance interventions. If you’re looking for solutions, training, writing a new policy or rolling out a new procedure, you might not feel confident that it’s actually working. The Teal Tracker solves this problem.

It shows you what is and what isn’t working, both systemically and individually. As the Teal Tracker is reflecting back into the business, you can then make informed decisions as to where to put your money to derive the highest impact and benefit, reduce the highest risks, and affect your highest priorities.

4. Protecting sensitive compliance information

When we collect compliance information, it’s sensitive by its very nature. You need to ensure access rights are robust, as it could be training records, training plans, staff development needs, suspicious circumstances, or reports that the business is surfacing. You need to control who has access to that information and where it sits.

If a suspicious circumstances report is sent via a paper form or an email to the MLRO, it can end up setting in an inbox or being filed on the client file. This means other staff may have access to it.

If a suspicious circumstances report is submitted, it’s likely that you’ll stop working on that file for a period of time. If the client gets frustrated and makes a complaint, there’s a number of potential serious consequences that can occur if the report is on the client file. 

For example, if you’ve made a report out to the police, the tipping off events under the Proceeds of Crime Act could kick in. If the client calls to ask why is nobody ringing them back, and one of your staff sees on the file that you’re waiting to hear from the National Crime Agency, they could accidentally reveal this to the client. This is something that’s so easily done in innocence. 

When building the Teal Tracker, we thought about how can we give firms a safe place to put that information, where they can limit and control the access to who can see it, and prevent it from accidentally be filed anywhere it shouldn’t.

5. Access to a wealth of compliance training

If you choose the Teal Tracker compliance technology for your law firm, you’ll also have access to Teal College

Teal College has a vast amount of training courses in AML, GDPR and Regulatory Compliance in addition to Teal TV, which hosts webinars and videos to help your law firm stay compliant and protected. 

Get in touch

The Teal Tracker is here to revolutionise the way compliance works in law firms, keeping you, your firm and your clients safe. For more information or to book a demo, simply get in touch with our experts today.

Why we built the Teal Tracker compliance technology Read More »

Image of laptop on a desk, with the Teal College on the screen

Launch of our brand new compliance training technology, Teal College

At Teal, we’re thrilled to launch our brand new compliance training technology, Teal College! Find out what Teal College is, and how it can benefit your law firm. 

What is Teal College?

Teal College is home to all the compliance training courses that we write and deliver.  

From new starter training and staff needing to update their knowledge, to specialist training for those wishing to become a compliance officer, there’s a full curriculum for everyone in a compliance year to get the training they need. 

Teal College is available for anyone with the Teal Tracker, or can be subscribed to as a stand-alone product. 

What compliance disciplines does Teal College cover?

Teal College is home for all of our compliance courses, which are split into three disciplines: 

  1. AML Compliance
  2. Regulatory Compliance 
  3. Data Protection Compliance

You’ll never need to worry about staff falling behind in these areas with our courses, as you’ll have all the training you need at your fingertips. 

What other courses are available on Teal College?

Teal College doesn’t just have training courses in the three compliance disciplines. Users of Teal College can access learning on a wide variety of subjects not just compliance, but other risk management tools, services, theories and practices.

What is Teal TV?

Teal College is also the home of Teal TV. Teal TV provides a wide range of education videos on areas such as AML, regulatory compliance, data protection and risk management. These are all contained in one place on Teal TV, so your staff have easy access all year round. 

We also have guests on Teal TV, talking about related subjects that we think are going to be interesting for law firms.

Who are the courses in Teal College for?

Teal College has courses available for everyone, so you can feel rest assured that each person in your business is up-to-date on their compliance responsibilities. These include: 

1. Courses to update all staff

Teal College is home to a range of courses for all staff, to ensure they’re fully up-to-date with regulations and are fully compliant. 

2. Courses for new starters

We’ve made the onboarding process for new starters as easy as possible when it comes to training, and provide essential courses for all of your new starters. 

3. Courses for specialist roles

Teal College also keeps your compliance specialists up-to-date, such as compliance officers, MLROs, MLCOs, etc. We even provide training courses for staff who want to become compliance officers.

How can you access Teal College?

Teal College is accessed via the Teal Tracker. However, you don’t have to subscribe to Teal Tracker to benefit from Teal College. 

That being said, if you do subscribe to the Teal Tracker, the two work together seamlessly. 

The unique courses delivered on Teal College have interactive test functions to ensure the training has hit home. Passing the tests will automatically update the training records of the staff who’ve undertaken them.

You’ll have total control over who takes what course and when, and this all syncs perfectly with the Training Needs Questionnaire, Individual Training Plan and Records on the Teal Tracker.

Are Teal College Courses up-to-date?

There’s no need to worry that Teal College courses are out-of-date. We’re continuing to develop new courses all the time, and refresh existing courses whenever the landscape requires us to. This means your staff will always have the most up-to-date training available.

Get in touch

Teal College is here to revolutionise the way compliance training works in law firms. Keeping everyone up-to-date and compliance safe. For more information or to book a demo, simply get in touch with our experts today.

Launch of our brand new compliance training technology, Teal College Read More »

One page of a calendar and a pencil

Compliance Planning: Are you ‘regulator ready’ for 2024?

In 2023 we saw increased levels of guidance and new directives from our industry regulators along with new legislation and ongoing changes in areas such as sanctions. Therefore, it’s never been more important to be on top of your compliance. Choosing the right partner to assist you is an important part of developing ‘Compliance that Works’ for law firms in 2024. Here, we consider some of the things you might want to contemplate when compliance planning, to ensure you feel confident, safe and ‘Regulator Ready’.

Preparing an annual compliance plan will allow you to breakdown and design an ongoing effort that’s more likely to permeate the whole firm and its behaviours, rather than having the sugar rush and panic of concerted efforts or crisis avoidance.

Where to start compliance planning

Before you prepare your annual plan, you need to ensure you’re up-to-date with the following: 

1. Guidance and legislation

Have you got round to reading the LSAG Guidance including the March and November updates and the significant areas covered including the 36 Principles and Proliferation Financing? Much has changed since the last version. There’s also been an update to some Sectoral AML Risk Assessments which you need to take account of, in addition to other guidance, including the results of Thematic Reviews.

Are you up to speed with the requirements of Sanctions legislation? Regulators are beginning to assess firms compliance, visiting them to see how they are coping, what their policies and procedures are.

So, make sure you’re up-to-date with these changes. 

2. Policies and procedures

Another great way to start the year is giving your AML policies and procedures a health check.

Don’t forget to provide updated training (another area subject to Regulatory scrutiny at present) and ensure that changes you make are embedded in processes, particularly as we know the SRA, Law Society of Scotland and CLC are committed to carrying out audits and are testing against LSAG Guidance as well as the Regulations.

3. Audits

Carrying out audits is a a good way to start a year. Are people appropriately documenting source of wealth and funds, are matter risk assessments completed appropriately and do they reflect the new guidance and policies, is there documented ongoing monitoring of matters? How about undertaking AML file audits to get the year off to a good start?

4. Risk assessments

You may need to revise your firm wide risk assessment if its more than a year old and record your risk assessment relating to Proliferation Financing. Don’t forget to keep copies of the old one, to evidence it is a living document.

A Sanctions risk assessment would be good idea too!

Compliance planning

It’s now time get the diary out and plan your compliance activity for the year ahead.

January

Now might be a good time to remind everyone of the importance of ensuring that file reviews and supervision are done. Don’t let this drift. Ensure any trends are identified and dealt with. Is training up to date? As well as AML and information security, what about equality and diversity? Have you only undertaken your Bribery Act training just the once, all those years ago? 

Regulators are now looking at how firms are dealing with a wide range of Economic Crime, not just AML – there’s Tax Evasion and Fraud too. Don’t forget recent recruits who might not have had all the required training. The Teal Tracker is designed to make this easy for firms to collate and track. Get in touch if you’d like to know more.

February

Are your information security measures adequate? They may well be tested – we know of firms that have been the victims of sophisticated hacking and ransomware, and it has lasting effects, taking many months (and disruption and expense) before things return to normal. 

This isn’t simply ensuring homeworkers are updating their anti-virus software. More essentially, are they carefully checking emails and client instructions in order to spot attempts by fraudsters to intercept the movement of completion monies? Is your accounts team in the loop?

March

We know that March is year end for lots of firms, so much of this month could be used up ensuring time is recorded, bills are raised, and general housekeeping dealt with to ensure the figures look as good as possible. However, there are some things to consider if time allows:

  • If you have the CQS standard, now would be a good time to review your compliance with it. Why not also check your Lexcel compliance if it’s also a standard you have obtained. Remember the requirements for training.
  • It’s a year since the latest LSAG guidance was published. It might be worth giving it a once over, just to remind yourself what it says.

April

New financial year means a new budget. This is where training should be considered, especially if you haven’t done anything recently.

You may also want to consider that independent AML audit that you’ve been putting off. Regulators are of the opinion that the vast majority of firms need one, no matter how small the firm may be. If you do a reasonable amount of AML regulated work, you need one. If you do conveyancing, you will be caught.

May

May should be a good time to consider your risk management. Do you have a disaster recovery (business continuity) plan? Now would be a good time to test it and learn from the experience. If you can’t test the whole process, you should consider checking one of the greatest risks, such as cybersecurity. Consider:

  • Is all your IT running the most recent updates?
  • Have you arranged a Penetration Test with your external IT support?
  • Have you arranged a mock phishing exercise to see how many colleagues click on dubious links?
  • Have you considered ‘Friday Afternoon Fraud’? 
  • Have you done any training?
  • Have you set training reminders?

June

Now’s the time to get to grips with all of that unbilled WIP. Close files, send them to storage, and destroy the really old records that went past their destroy date years ago.

Alongside this, ensure any client monies you have no reason to keep hold of are sent back to clients. You don’t want to get fined for failing to deal with residual client money

July

Since you did get round to checking CQS issues in March, how about going one step further and organising an independent CQS audit? Contact us to organise one.

Perhaps consider training for your COFA. It’s a good idea to ensure they get specific training. Remember training is a hot topic for Regulators, so make sure the COFA gets some too.

August

Staff will no doubt want a well-earned break which can present additional risks which you should now consider. How will you deal with holiday cover? How will you adapt to people being unavailable?

For those needing to get away from the same four walls, foreign travel might well be on the cards, and they could be venturing to where mobile reception is poor, and Wi-Fi is not secure. 

September

If you have spare time, you could look at improving your information security status by checking how you compare against the CyberEssentials standard, or CyberEssentials+. 

However, renewal time is likely to keep you busy all month.

October

It’s the anniversary of the SRA Transparency Rules each December and it’s something the Regulator is keeping its eye on. So, now would be a good time to start your review. 

Have staff changed? What about fee rates and other costs? Not just changes to your own firm, but think about delayed responses from third parties, busy Courts and other factors. Does your website need a review?

Remember, firms are being fined for lack of compliance.

November

It’s nearly the end of the year, so make sure those file reviews done.

If you have a considerable backlog, your colleagues really aren’t going to be grateful for another round of chasing them to get them done.

Why not get in touch with Teal to undertake some for you? We can help with both AML reviews and Regulatory ones, client care letters, conflict checking, costs updates and the like.

December

Now is as good a time as any to carry out a review of your risk register. If you don’t have one, it’s a good time to create one.

Your risk register should cover things like:

  • Complaints and claims
  • Identified trends from file audits and supervision
  • Business Continuity Plan review outcomes
  • SARs submitted (or not)
  • DSARs and information security issues
  • What went wrong and what went right
  • The year ahead – what are your audit and training plans for example?

It’s then back to that compliance planning for next year! 

Get in touch

At Teal, we’re here to support your journey towards compliance that works by mitigating the risk of legal compliance issues. 

Whatever time of year, if you need compliance assistance, our team of experts are on hand. We offer a range of compliance services to ensure you’re on track to achieve compliance success.

Compliance Planning: Are you ‘regulator ready’ for 2024? Read More »

Hand holding a pen completing a checklist

AML compliance checklist: Strengthening your defence against money laundering

It’s important for law firms to embrace due diligence as a key tool in preventing money laundering. In this blog post, we’ll explore the top tips and essential considerations to bolster your AML efforts, ensuring your firm remains vigilant in the fight against money laundering. We’ll highlight the significance of maintaining a robust AML compliance checklist to maximise your defence against the ‘baddies’. 

The significance of an AML compliance checklist

As law firms navigate the intricate landscape of anti-money laundering (AML) compliance, having a robust checklist is extremely important. Let’s delve into specific measures that constitute this checklist, and strengthen your defences against money laundering risks.

1. Incorporating your Supervisor’s Risk Assessment

Ensure your AML compliance checklist is crafted to incorporate the critical step of integrating your Supervisor’s Risk Assessment. This step isn’t just a formality, but a strategic move to align with Regulation 18(2), underlining the importance of fostering a comprehensive understanding of potential risks and discrepancies. 

By seamlessly integrating your Supervisor’s Risk Assessment into your checklist, you can create a unified approach enabling your firm to proactively identify, assess, and mitigate any potential threats related to money laundering.

2. Client account in Firm Risk Assessment

Within your AML compliance checklist, place significant emphasis on the inclusion of client accounts in your Firm Risk Assessment. Clearly explain how your firm actively identifies and mitigates risks associated with these accounts, providing a granular insight into the specific protocols and monitoring mechanisms employed. 

In addition, stress the importance of cross-referencing these account procedures within your overarching AML policy. This dual-focused strategy not only ensures a comprehensive approach to risk mitigation, but also establishes a cohesive framework that aligns your AML efforts with both regulatory standards and internal operational practices.

3. Source of funds and wealth

Within your AML compliance checklist, it’s important to place a robust emphasis on the documentation of the source of funds and wealth. Encourage a meticulous approach towards recording every step taken, conducting thorough reviews of pertinent information, and undertaking comprehensive risk assessments. 

Actively promoting a culture of precision in documenting these aspects not only defends your AML efforts, but also ensures a detailed trail for auditing purposes. Also, consider increasing your educational initiatives by hosting informative webinars that delve into the intricacies of source of funds and wealth.

4. Client communication strategies

Within your AML compliance checklist, it’s crucial to equip it with highly effective client communication strategies. Clearly outline to your staff the importance of client due diligence (CDD) checks, particularly those relating to the source of funds and wealth. 

Clearly explain the rationale behind these checks, emphasising their critical role in preventing money laundering and fostering a deeper understanding of the legal obligations.

5. Timing of verification

Within your AML compliance checklist, pay attention to timing in your verification processes. Whether opting for the completion of identity and verification (ID&V) before establishing a business relationship, or following the initial interaction, the key lies in the monitoring and comprehensive documentation of the entire process to meet stringent regulatory requirements.

6. CDD on existing clients

Within your AML compliance checklist, it’s essential to discourage over-reliance on existing client due diligence by advocating for the implementation of a proactive ‘shelf life’ approach.

Emphasise the significance of regularly refreshing client due diligence (CDD) to ensure its relevance and effectiveness. Encourage fee earners to take an active role in this process by consistently assessing and reassessing changes in the Matter-Based Risk Assessment.

7. “Purpose of Act” verification

Incorporate ‘purports to act’ verification within your AML compliance checklist. While certain approaches may hinge on Regulation 28(10), it’s wise to go beyond and advocate for ID&V specifically for at least one director. This strategic inclusion ensures a tangible and individual connection to the corporate client, surpassing regulatory compliance.

8. Providing information to clients

Integrate information dissemination into your AML compliance checklist. Ensure your clients receive the required information under The Money Laundering and Terrorist Financing (High-Risk Countries) (Amendment) Regulations 2023, amended by the Data Protection Act 2018.

9. Understand electronic verification

Enhance your AML compliance checklist by proactively educating your team about electronic verification processes. Clearly outline the steps, checks, and match requirements involved in this technology-driven aspect of anti-money laundering measures. 

This educational initiative not only promotes an understanding amongst your team members, but also ensures that electronic verification is seamlessly integrated into your compliance protocols. 

Additionally, emphasise the importance of staying well-informed about the details of your chosen service providers, particularly if agreements were made with a previous money laundering reporting officer (MLRO).

10. Certifying copy ID

Exercise thorough caution within your AML compliance checklist when it comes to selecting individuals for certifying copy ID. Prioritise engaging professionals who aren’t only well-versed in AML legislation, but also possess a understanding of the intricacies involved in the certification process. 

This strategic selection ensures not only compliance with regulatory requirements, but also contributes to the creation of a reliable and robust paper trail. 

Additionally, it highlights the importance of providing clear and comprehensive explanations to both clients and certifiers regarding the specific requirements for accurate and traceable documentation.

Why is an AML compliance checklist important?

An AML compliance checklist is your strategic defence against the damaging effects of money laundering. Through the implementation and continual refinement of these checklist items, your law firm not only enhances its regulatory defence, but also positions itself as a resolute participant in the battle against financial crime.

Get in touch

At Teal, we’re here to support your journey towards compliance that works. 

We understand that compliance can be a daunting word, but it’s also the key to unlocking your firm’s full potential.

Get in touch with our experts to find out how we can help. 

AML compliance checklist: Strengthening your defence against money laundering Read More »