Regulatory Compliance

Paparazzi in car snapping a photograph

What is a Politically Exposed Person (PEP) and how do I know if my client is one?

Anti-Money Laundering, Blogs, Legal Compliance, Regulatory Compliance /

The SRA expect solicitors and firms to continue to meet the high standards the public expect (which includes upholding the rule of law). It’s therefore important to ensure that all staff are aware of their obligations when onboarding clients, and this includes understanding what a politically exposed person is.

On a number of occasions, we’ve seen panic set in as soon as someone sees the words “match” for their client on a politically exposed person screening request, but there’s no need to panic! Just because someone is classified as a politically exposed person does not necessarily mean they are a “baddie”!

 

What is a politically exposed person and why are they considered high risk?

A politically exposed person is a person who is or, within the last year, has been a:

  • Head of State/Government
  • Minister
  • Assistant Minister
  • MP
  • Member of judiciary
  • Member of Courts
  • Member of Auditors
  • Member of boards
  • Member of central banks
  • Ambassador
  • High-ranking officer in the armed forces
  • Member of administrative management
  • Member of supervisory bodies
  • Member of state-owned enterprises Member of governing body of a political party
  • Board of an international organisation (for e.g. FIFA)

In addition, a person will also be classified as a politically exposed person if they are:

  • A member of a politically exposed person’s family
  • A known close associate of a politically exposed person (whom the politically exposed person is in business with)
  • A beneficial owner of the politically exposed person’s property (someone who enjoys the benefits of ownership even though the title of the property is in another person’s name)

 

Why is a politically exposed person deemed high risk?

A politically exposed person is deemed high risk because they generally present a higher risk for potential involvement in bribery and corruption due to their position and the influence that they may hold.

Therefore, the main aim of applying Enhanced Due Diligence (EDD) to work involving a politically exposed person is to mitigate the risk that the proceeds of bribery and corruption may be laundered.

A politically exposed person is also an easy target for identity theft due to a great deal of their personal information being publicly available.

 

How do you find out if your client is a politically exposed person?

The best way to check whether someone is a politically exposed person is through politically exposed person screening solutions (PEP screenings) online. Many firms already have electronic verification which will normally include PEP screening as part of the checks that are carried out. Some online screening solutions will also provide additional information, such as adverse media and any criminal conduct – a good way to check whether your politically exposed person is a “baddie” or not!

Don’t forget Google, it is amazing what information you might find from a Google search.

 

The Regulations  

Regulation 33 (1)(d) of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) states that EDD is required in situations where the client is a politically exposed person, or a family member or known close associate of a politically exposed person. Therefore, it is important to establish whether or not your client is a politically exposed person at the outset.

In addition, under Regulation 35 of the MLR 2017, if your client is a politically exposed person you must:

  • Get senior management approval for the business relationship
  • Take adequate measures to establish the source of wealth and source of funds
  • Closely monitor the business relationship throughout

 

Get in touch

If you need any assistance when dealing with a  politically exposed person,  please get in touch and we would be happy to help.

Take a look at the compliance services we can offer or alternatively, get in touch with one of our experts. 

Get in touch

What is a Politically Exposed Person (PEP) and how do I know if my client is one? Read More »

someone typing on laptop on wooden desk

The SRA Transparency Rules – Is your website compliant?

Blogs, Legal Compliance, Regulatory Compliance /

As you’re no doubt aware, the SRA Transparency Rules (the Rules) came into force back in December 2018 requiring firms to publish price and service information for various practice areas. It’s important that you check this regularly, to ensure it’s up-to-date. 

What areas of law does it cover?

You need to publish the price and service information on your website if you publicise that you work in the following areas of law: 

  • Residential conveyancing
  • Probate (uncontested)
  • Motoring offences (summary offences)
  • Immigration (excluding asylum)
  • Employment tribunals (unfair/wrongful dismissal)
  • Debt recovery (up to £100,000)
  • Licensing applications (business premises)

If your firm doesn’t have a website, you must still have this information available upon request in other formats.

Information about the SRA requirements

The Rules also require all firms to publish details of their complaints procedure on their website, including how and when a complaint can be made to the Legal Ombudsman and to the SRA. From 25 November 2019 firms were also required to display the SRA’s digital logo in a prominent place on their website.

You may also be aware that the SRA has been conducting a programme of random sweeps of firm websites to monitor on-going compliance with the Rules. 

In November 2019 they reported that during a sweep of 447 live websites conducted in March/April 2019, only 25% of firms were fully compliant with the Rules. Of the remaining 75%, 58% were partially compliant and 17% were not compliant with the Rules at all. However, the SRA did provide useful feedback on the most common areas of non-compliance which were:

  • Failing to publish the required complaints information
  • Failing to specify the amount of VAT applied to costs and disbursements
  • Failing to display information on key stages and/or timescales
  • Failing to provide a description or costs of likely disbursements

We’re aware that the SRA has more recently been contacting firms with the results of their sweep. Several firms we’ve spoke to were surprised to learn that they’re only partially compliant, despite undertaking considerable work on their respective websites. In our experience, whilst the SRA will indicate to a firm the service areas that they consider non-compliant in terms of the information provided, unfortunately they don’t provide exact details of the non-compliance(s), but instead state “insufficient information” has been provided.

When assisting clients to identify the missing information, we’ve found the SRA templates of suggested text to be very helpful.

Our own research

We undertook our own survey of 10 websites for compliance with the Rules and found the following:

  • Fully compliant: 1
  • Partially compliant: 8
  • Non-compliant in all areas: 1

When looking at the websites, we noticed that the issues flagged by the SRA after their first ‘sweep’ still featured high on the list of areas of non-compliance. We located the SRA’s digital badge on 8 out of the 10 websites reviewed.

Get in touch

At Teal, we offer firms a website audit service. We provide guidance on whether we consider that your website is compliant with the Rules and can assist with any remedial action needed. We can also provide guidance and assistance if you’ve received an SRA Notice informing you of non-compliance and directing you to take remedial action.

If you’d like to know more, or if we can assist, please get in touch.

Get in touch

The SRA Transparency Rules – Is your website compliant? Read More »

UK Passport camera icon

Who should certify client identification documents and what should they check?

Anti-Money Laundering, Blogs, Legal Compliance, Regulatory Compliance /

Some of the certifications I’ve seen on client identification documents that fee earners have uploaded as part of their client due diligence checks, have led me to raise an eyebrow.

One of my favourites was a document certified by someone whose occupation was detailed as “Retired”!

Having worked in Risk and Compliance for over 7 years, one question I would regularly hear was “who can certify my client’s identification documents?”.

Firms will have different policies and procedures in respect of this. However, it is worth considering the following points when deciding whether you are happy to accept the certification on a document:

  • Is the person certifying the documents a professional person or ‘of good standing’ i.e. are they regulated, or do they work in a position of trust?
  • Is the certifier easily identifiable?
  • Would you be able to contact the certifier if needed to verify their certification? A bank, building society or post office official could move jobs/professions, making it difficult for you to contact them.
  • Does the certifier have the relevant skills to know whether what they are certifying is a true original document?
  • Has the document also been certified as a true likeness?

The majority of firms only accept certified client due diligence documents from a professional regulated person for example a solicitor, a banker or a notary. The reason for this being that they are then able to demonstrate to the relevant authorities, if necessary, that the person in question who certified the documents was of “good professional standing”, easily identifiable to contact if necessary and competent at document inspection and imposter detection.

We had a query a couple of months ago as to whether documents must also be certified as a “true likeness”. My view is that this wording should be used where the document being certified contains a photograph. If the certifier does not stamp a document containing a photograph with the wording a “true likeness”, and states a “true copy” then they are suggesting that they have ONLY seen the original document and therefore the individual who the document relates/belongs to was not present at the time the document was certified. This, to me, defeats the whole point of getting documents containing a photograph certified in the first place!

If you come across documents containing a photograph that are only certified as a “true copy” it is worth double checking with the certifier that the individual was present at the time the document was certified or that the certifier has met the individual in person previously and can confirm that it is a true likeness.

Don’t forget to make sure the document being certified is in date – It’s surprising the number of times I have seen client identification documents that have expired but have been recently certified.

 

Get in touch

If you’d like to know about how our services can help, please get in touch with our experts today. 

Get in touch

Who should certify client identification documents and what should they check? Read More »

Keyboard with a large yellow button which says 'Data Protection' and has an image of a padlock

Do you need a data protection officer under the GDPR?

Blogs, Data Protection, Regulatory Compliance /

At Teal, one of the questions we often get asked is whether or not an organisation needs a Data Protection Officer (DPO).

 

What the guidance says

Under the GDPR, it’s mandatory for some organisations to appoint a person to act as their DPO – others may choose to either appoint a DPO on a voluntary basis or decide that one is not required for the purpose of the Regulations and instead, they’ll just appoint someone to deal with data protection matters. In each case, your business will need to consider who this person should be, what their duties will be and what your business’s obligations are in relation to this person.

The WP29 guidance (the WP29 was an advisory body made up of representatives from the data protection authorities of each EU member state, the EU Commission and the European Data Protection Supervisor, which has now been replaced by the European Data Protection Board) recommends that organisations document the internal analysis carried out to determine whether or not they need to appoint a DPO. This can, for example, be via a memo to your governing body making recommendations as to whether a DPO should be appointed or not, as well as noting any decisions flowing from the recommendations. Whilst the appointment of a DPO isn’t always essential, the guidance states that organisations should assume that one is necessary unless they can demonstrate otherwise.

Although a DPO appointment will show your commitment to complying with the GDPR, you need to bear in mind that once you appoint one, they’ll have to comply with the obligations of a DPO contained in the regulations.

 

Under the GDPR, when must a DPO be appointed?

Under the GDPR, controllers and processors must appoint a DPO if:

  • They are a public authority or body
  • Their core activities involve large scale, regular and systematic monitoring of individuals
  • Their core activities consist of large scale processing of special categories of data or data relating to criminal convictions and offences

So, it’s the nature of processing undertaken by you, as a data controller or processor, that determines whether or not you need a DPO and you need to consider to what extent you need to process personal data to function properly as an organisation. If it is essential, it is likely that you will need a DPO.

Whilst what constitutes “large scale” isn’t defined, the guidelines say that when determining if processing is on a large scale, you should take the following factors into consideration:

  • The numbers of data subjects concerned
  • The volume of personal data being processed
  • The range of different data items being processed
  • The geographical extent of the activity
  • The duration or permanence of the processing activity

Even if you decide not to appoint a DPO, the GDPR require organisations to keep records of their processes and any data breaches and it’s important to ensure that your business has sufficient staff and resources to enable it to discharge its obligations under the GDPR.

 

Who can and can’t be a DPO?

The GDPR requires appointment of a DPO to be on the basis of a person’s ability to carry out those tasks, in particular, their experience and knowledge of data protection law. The regulations don’t specify the precise credentials a DPO is expected to have, but they do state that they should be proportionate to the type of processing being carried out and take into consideration the level of protection the personal data requires. Clearly it would be an advantage for a DPO to have a good knowledge of the relevant industry or sector, as well as your data protection needs and processing activities.

You can appoint an external DPO which would avoid any conflict issues and this is useful where there is no-one suitable within your business to take on the role. The WP 29 guidance provides useful suggestions regarding the individuals within a firm that shouldn’t be the DPO given that they are likely to be in a position of conflict as they may be responsible for determining the purposes and means of processing personal data, this includes the Chief Executive Officer, Chief Operating Officer, Chief Financial Officer, Head of Marketing, Head of Human Resources and Head of IT. Other less senior roles may also be conflicted if they lead to determination of the purposes and means of processing. In many law firms, for example, it is likely that the Compliance Officer for Legal Practice (COLP) would be a suitable DPO. However, you would need to consider any other roles that the COLP fulfils for the firm, in particular if the COLP is also managing partner or has another senior management role.

The GDPR contains a number of protections for DPOs and places obligations on the data controllers and processors regarding their DPO, a key one being to support the DPO by providing resources to enable them to carry out their tasks. DPOs must be independent, avoid conflicts of interest and cannot receive instruction regarding the performance of their tasks. The GDPR provides DPOs with protected employment status, meaning that you cannot dismiss or sanction a DPO simply for doing their job.

 

What’s the DPO’s role?

The DPO’s main responsibility is to inform and advise your organisation and staff about your obligations to comply with GDPR and other data protection laws. They are responsible for monitoring compliance with the law and regulation and with your data protection policies and also for raising awareness of data protection issues. This includes training staff and conducting internal audits where necessary. They are also responsible for advising on and monitoring any data protection impact assessments that you may undertake, and are the first point of contact for supervisory authorities and the individuals whose data you process. The ICO expects a DPO to take a risk based approach and, for example, to focus on the more risky activities that a business may undertake (e.g. if you process special category data).

The DPO, or his/her team, should be involved from the earliest stage possible in all issues relating to data protection., This should include regular participation in senior management meetings and involvement in any decision which has a data protection implication, with all relevant information being provided to them as early as possible. You should ensure that due weight is given to the DPO’s opinion and, in case of disagreement, the reasons for not following the DPO’s advice should be documented.

 

Law Firms

The Law Society in its March 2018 advice article (Appointing a Data Protection Officer) took the view that most law firms will not need to appoint a DPO given that they would not be systematically monitoring data subjects on a large-scale and reiterated this view in further advice in August 2019 (Appoint a Data Protection Officer). At the same time they acknowledged that some firms might need to appoint a DPO where they are processing special categories of data, e.g. concerning health, ethnicity, political or religious beliefs, trade union membership, or sexual orientation of the firm’s clients, or relating to their criminal convictions and offences, and such processing might be conducted on a large scale.

Whilst firms might conclude that their processing falls outside the criteria for the mandatory DPO appointment, they may still wish to appoint a DPO on a voluntary basis – particularly if they are in any doubt on the matter. Some firms might also benefit from taking specialist advice on the matter, if they do not have the necessary expertise in their practice. Firms should keep a full record of their decision-making.

Whether you decide to appoint a DPO or not, you should ensure that all staff are aware of the existence of the person responsible for dealing with data protection matters within your organisation and the importance of their role. They must have a direct feed into your top-level management. It’s important to note that a DPO, where appointed, is not responsible for your business’s compliance with data protection law – this remains the responsibility of you as data controller or processor. However, a DPO, and indeed any other person appointed to deal with data protection matters clearly play a crucial role in being responsible for overseeing your data protection strategy and its implementation and helping you to fulfill your data protection obligations.

 

Get in touch

To find out more about our data protection and GDPR services, contact one of our helpful experts today.

Get in touch

Do you need a data protection officer under the GDPR? Read More »

Hand holding a small plant against the sky

SRA Standards and Regulations 2019 – Principle 4 To Act with Honesty

Blogs, Legal Compliance, Regulatory Compliance /

The much-anticipated SRA Standards and Regulations 2019 have been live since 26th November 2019 and I am sure many law firms are still racing around updating policies and training staff on what this means for them.

The Solicitors Regulatory Authority (“The SRA”) have driven this change to the Regulations with a view to enabling innovation, growth and increased competition in the legal market, something which the legal sector seems to be falling behind on compared to other sectors. Not much has changed in the Regulations, as the SRA’s main aims were to make simpler rules which were focused on higher professional standards as well as making it easier for law firms to make their own decisions and have more flexibility in how they deliver their legal services.

The SRA have however made a few significant changes to the Principles. One being the addition of Principle 4 “You Act with Honesty”. But what does this mean for you?

It is important to highlight that the Principles apply to everyone who is employed by a law firm. This includes paralegals, support staff and managers, it does not just apply to Solicitors. This isn’t something new, however I feel this is something that isn’t always communicated to non-qualified staff. I have worked in several law firms and out of all those firms, only once was I made aware that the Principles applied to me. Even then I still didn’t really understand the importance and implications of this. It’s therefore crucial that law firm employees are given the necessary training so that they understand their obligations under the Principles.

The question is, why has the SRA added the Principle to act with honesty when there is already the Principle to act with integrity? The SRA recognises there is an overlap between Principle 4 “You Act with Honesty” and Principle 5 “You Act with Integrity”, however they have explained that a person can lack integrity without necessarily being dishonest and have said “The concept of integrity is wider than just acting dishonestly”.

To act dishonestly is a very serious matter, as a finding of dishonesty is likely to result in a solicitor being struck off. If an employee who is not a solicitor is found to be dishonest, the SRA can disqualify them from working in a law firm.

Only recently, the Head of Operations at international law firm Schillings was disqualified from working in the profession after he was caught selling mobile phones belonging to his employer. 95 mobile phones were sold for a total of £13,547, which the employee kept for himself. He is now disqualified from acting as the head of legal practice, head of finance and administration, or as a manager of any licensed body. He is also disqualified from being employed by any licensed body. A case which makes it clear to all employees that not adhering to the Principles can significantly affect your whole career!

So, what actions do the SRA consider to be dishonest? They have provided a few examples in their guidance which include;

  • Backdating or creating false documents – Whilst the SRA understand there are normally mitigating factors for this type of action, such as inexperience and stress, given its seriousness, the SRA have said that this cannot be a justification to act dishonestly
  • Taking or using someone else’s money without their knowledge or agreement
  • Lying to or misleading someone – In a recent case, a solicitor of 12 years was struck off for misleading his clients. For 6 weeks he told his clients he was awaiting a response from the court in respect of their application, when in fact he hadn’t even submitted the application. In his evidence he said that he was under enormous amounts of pressure and was too ’embarrassed’ to admit he was struggling
  • Giving false information to their firm’s insurer
  • Misleading a court, tribunal, regulator
  • Lying on a CV and misleading partners in their firm – Earlier this year a paralegal was banned from working for any regulated firm without the SRA’s permission after claiming on her CV she had a first class LLB law degree and had completed the Bar Professional Training course, when this was not true.

When considering if conduct is dishonest, the SRA have said that they will apply a two-stage test;

  1. What was the individual’s genuine knowledge or belief as to the facts at the time?
  2. In view of their knowledge or belief at the time, was their conduct dishonest by the standards of ordinary decent people?

BUT….. it is important to remember, even if someone is not found to have acted dishonestly, they may still be considered to have lacked integrity.

Below are a few suggestions to assist your understanding in this area;

  • Read the SRA guidance note on Acting with Honesty which has some useful SRA examples to help understand their approach.
  • Ensure your firm and all your employees are given the necessary training so that they understand their obligations under the Principles. It’s not always made clear to non-qualified staff that the Principles also apply to them.
  • Remember mitigating factors such as stress, inexperience and pressure can change the way in which someone would normally behave. This could be a trigger for them to act in a way that the SRA would deem as “dishonest”. If you are an employer, look after your staff and ensure they have the support they need to avoid this happening. If you are an employee and you feel like you are struggling, don’t feel embarrassed to ask for help, it’s likely there are others who feel the same as you do. Just keep in mind its ultimately your career that is at risk if you don’t speak up.

 

Get in touch

For more information about our services and how we can help, get in touch with one of our experts today.

Get in touch

SRA Standards and Regulations 2019 – Principle 4 To Act with Honesty Read More »

Two front doors. One with a correct number and one with a made up number

Preventing a repeat of Dreamvar

Anti-Money Laundering, Blogs, Legal Compliance, Regulatory Compliance /

Dreamvar – more than a year on …….. so, what has changed?

It’s likely most conveyancers will shudder when they hear the name Dreamvar. It’s the case that changed the liabilities and responsibilities of lawyers and conveyancers when dealing with residential property transactions. But in practice, what has actually changed since this case?

Firstly, a brief background for those unfamiliar with the details of the case. The case involved the liability of solicitors in cases of identity fraud. A fraudster posed as the seller of a property in London worth about £1million and succeeded in selling the property to an innocent buyer, Dreamvar. Once the property was sold the fraudster seller and the purchase monies disappeared. Dreamvar went on to sue his solicitor, for negligence (in contract and tort) and for breach of trust. He also sued the fraudster seller’s solicitor in negligence, for breach of warranty and breach of trust.

The High Court ruled that only Dreamvar’s solicitor could be liable and dismissed all claims against the fraudster’s solicitors. This seemed a little harsh given the solicitors acting for the fraudster had not taken sufficient steps to verify their client’s identity as required by the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.

The case therefore eventually made its way to the Court of Appeal. The Judge ruled the solicitors representing the fraudulent property vendor should share responsibility along with those representing the duped buyer of any losses. The Court of Appeal ordered both firms involved to make financial contributions.

However, it wasn’t just the solicitors involved that were in the firing line, the Law Society was also criticised. The case discussed the Law Society’s Code for Completion by Post (“The Code”) and argued that its processes did not consider the prospect that a sale is not genuine.

The Law Society agreed that their Conveyancing Protocol (“The Protocol”) and The Code needed updating and confirmed they intended to take the courts comments into account when making the amendments. And true to their word, the Law Society updated The Code and The Protocol this year.

The Law Society have made it clear that there are no changes in substance to the Code. Their revisions to the Code aim to make it clearer that the seller’s solicitor only gives undertakings where there is a genuine sale, thereby providing better protection for purchasers.

Similarly, with The Protocol the Law Society confirmed the number of steps have been reduced, however the obligations under the Protocol remain the same. They have made some procedural changes that you should be aware of, especially if are acting for the seller. In particular, the Protocol now states that Solicitors in CQS firms who are acting for the seller must

Obtain instructions for dealing with remittance of gross/net sale proceeds and details provided by the seller of UK bank account for remittance of proceeds. Obtain evidence that the bank account is properly constituted as an account conducted by the seller for a period of at least 12 months. Confirm that remittance will be made to that account only.

This means the solicitor must, if they are a CQS firm, request details of the bank account for the sale proceeds and they must also obtain evidence that the account belongs to the seller, showing that they have had and been using the account for at least 12 months.

This is a great way to ensure the purchase funds are going to the correct person! Only last month a woman named Sarah Broadbelt was jailed for 20 months for fraud and possessing a false identity document, after she sold a property for £75,000 back in 2015, without the real owner knowing. This case shows the lengths criminals are willing to go in order to commit this type of crime. Broadbelt went as far as changing her name by deed poll to that of the property owner’s so that she could apply for a passport and open bank accounts! That is real dedication!

Had the new Protocol and Code been in place (and been followed) it would have been far more difficult for Broadbelt to pose as the real owner of the property given that she, as the seller, would have been required to provide at least 12 months bank statements to show that not only was the bank account in her name, but it had also been in use by her for those 12 months.

So, what should you be doing now?

If you haven’t already, review The Protocol and The Code and ensure you have the right policies and procedures in place to enable your staff to follow them – do your firm and staff know about the need for further details about the seller’s bank account?

Don’t forget to communicate the changes to the relevant staff – there’s no point in updating policies and procedures if no one is told they have changed (they don’t have a crystal ball!)

Even if you are not CQS Accredited, it is good practice to follow The Protocol and The Code, it is not only there to protect your client and your firm but you as their solicitor/conveyancer too!

Get in touch

If you’d like to know more about the services we have to offer, get in touch with one of our experts today.

Preventing a repeat of Dreamvar Read More »

Woman's hands typing on laptop

Conflict checking – Are law firms getting it right?

Blogs, Legal Compliance, Regulatory Compliance /

Having worked in several different law firms over the past 10 years, it has been interesting to see how each firm has dealt with conflict checking differently.

Many medium to large law firms have teams running conflict checks for the firm. From my experience however in many of these firms the individuals running these conflict searches are simply looking for a match in data. But…. are they given enough training on the legal concepts surrounding conflicts of interest to really know what to look out for and to identify conflicts and potential conflicts.

Most smaller firms don’t have the resources to have a dedicated team to deal with conflict checking and it is therefore the responsibility of the fee earner to conduct a conflict check themselves. However, as a fee earner, is this “non-chargeable time” spent actually checking all the relevant parties? In some cases I fear not!

When I first started my legal career I worked as a paralegal dealing with debt recovery matters. I worked for a smaller firm so responsibility for conducting conflict checks was on me, which, having never been given any real training, proved quite difficult. Because of the lack of training I ended up opening a file and suing one of our client’s subsidiaries … whoops!

It is important to remember however that a conflict check is only as good as the data stored in a firm’s case management system. Firms need to make sure they have enough controls in place to ensure they are capturing the correct data for a conflict check to be properly carried out and have any value.

It then comes down to how a potential conflict of interest is dealt with. When I was buying my first property, I was informed by the estate agent that the Seller had instructed the same solicitor as me, but that this was “fine” because the Seller’s solicitor was based in a different office. Thinking back to this now with the legal experience I have, it is clear that, this was a conflict of interest and more should have been done by my Solicitor to make me aware of the possible implications and risks (rather than leaving it to the estate agent to tell me). I can’t really complain, they did a great job, however I do wonder what safeguards they actually had in place.

In November 2018, Sleigh Son & Booth solicitors were fined £2k and ordered to pay £20k in costs for acting where a conflict of interest breach may have arisen. The firm had acted for both vendor and purchaser in 9 conveyancing transactions where they had failed to advise either the vendor or purchaser that it was acting for the other and in 8 conveyancing transactions without obtaining either clients’ consent to do so. . The worst part was they had controls and protocols in place, they were just simply breached or forgotten.

This begs the question, should law firms be thinking more about what happens if they get it wrong?

Here are a few points I think Law Firms should consider when looking at conflict checking;

1. Training – Make sure your employees receive the training they require for their role and level of experience in respect of conflicts of interest and that they are aware of any internal systems, policies and procedures. It is always worth doing refresher training, as things do change!

2. Related Parties – Make sure all the relevant parties have been checked (You wouldn’t want to go suing one of your client’s subsidiaries!)

3. Data – It is important that all client and matter related parties are added to the case management system so they can be picked up in future conflict checks.

4. Potential conflict of interest? – Make sure you deal with any actual or potential conflict of interests appropriately. Do you require client consent, information barriers or do you simply have to decline to act? Remember the consequences if you get it wrong!

Get in touch

If you’d like to know more about our services, simply get in touch with one of our experts today.

Conflict checking – Are law firms getting it right? Read More »

keyboard with the pound sigh key under a magnifying glass

Price Transparency: An opportunity not to be missed!

Blogs, Legal Compliance, Regulatory Compliance /

As part of the recently launched Teal Compliance Officer Training Programme, I ran a webinar session running through all the requirements in relation to Price Transparency and the impact it is having on firms.

The first thing I would say is that the new rules create a market of opportunity on which you can take stock and look at your pricing structure, how you price and the services you offer to your clients. The stated aim of the new rules is to provide good quality information to potential and existing consumers to enable them to make the best decision for the type of service they require and within their budgets.

A lot of firms are focusing on the perceived negative impact, e.g. that it is “big brother” or that other competitors will undercut their fees and poach clients. But by focusing on that firms risk missing opportunities. The research which was commissioned in 2016 by the Competition & Market’s Authority (“CMA”) concluded that generally speaking there is insufficient information available to consumers and small business, in relation to the price, range and quality of legal services on offer. This was particularly evident in relation to the conveyancing market.

The majority of consumers looking for legal services said that if better information about price, quality and range of legal services was available online that would help them in making a decision as to which firm to approach.

Consumers also said that firms with a “digital badge” displayed on their website, would give them greater confidence about the services on offer and could in fact be the deciding factor on whether or not to use a firm.

To recap on what is required under the new rules:

I have done some of my own research looking at how firms have improved price transparency on their websites. Some firms have absolutely got it spot on, however I have to say I am quite surprised by the number of firms who are not yet publishing transparent information and those whose attempts to be compliant have fallen short of what is required. The CLC and SRA have already started to undertake reviews of firms regulated by them. Whether firms want to accept the rules or not, you still have to comply.

If you are not sure how to ensure you are compliant with the new rules, or you just need a sense check then we are here to help, for example by running pricing workshops to give you the opportunity review and update all the services that you charge for.

The new rules are designed to stop those firms who add on the “hidden” costs at the end of a transaction, leaving the client confused, and uncertain as to how they are going to pay for those additional fees. Introducing transparency, guidance on services offered, what is and isn’t included will assist clients in assessing what is right for them from both a personal and financial perspective.

A lot of firms are using online calculators, and these are a great way of providing an estimate where the onus is on the client to provide the correct information. Again, if this information changes you can make it clear the fee may change accordingly. There is evidence to suggest that, particularly in conveyancing, the use of online calculators is assisting in winning business. Some firms have platforms which also automatically send the terms of business letter out, so you could arrive in the office in the morning with new clients already committed to working with you. These are fantastic examples of what you can do to be compliant under the new rules and maximise business potential. What’s not to like?

My top tips for making sure you are up to speed with price transparency include:

  • Use price transparency as an opportunity to revisit your current fee structure and prices
  • Ensure that your website contains all relevant information about the range, quality and price of your services
  • Obtain and display your digital badge
  • Communicate and provide training in price transparency to all staff
  • Remember to update relevant policies and marketing materials

Get in touch

If you’d like to know more about our website audit service, simply get in touch with one of our helpful experts today.

Price Transparency: An opportunity not to be missed! Read More »

Stack of paperwork with 2 stamps on top. One marked "Regulations" and one marked "Rules"

The Data Protection Regulations Amendment 2019

Blogs, Data Protection, Regulatory Compliance /

Draft Regulations to create a ‘UK GDPR’ were published by the Government this week to ensure that the UK is ready for Brexit. The Data Protection Regulations Amendment 2019 introduce a large number of technical amendments to the GDPR, Data Protection Act 2018 (DPA18) and the Privacy Electronic Communications Regulations 2003 (PECR). The Withdrawal Act makes provision for the GDPR to form part of UK domestic law from 30th March 2019 as a ‘UK GDPR’.

But what does this mean in practice?

  • The text of UK GDPR is fundamentally the same as the GDPR which came into force on 25th May 2018, but it will correct language deficiencies from the European text
  • Extra-territorial application is retained – non-UK controllers and processors that sell into the UK or monitor UK residents online will have to comply with the UK GDPR
  • In some circumstances, non-UK controllers will need to appoint a representative within the UK
  • Previous EU adequacy decisions are revoked BUT the UK will deem EEA countries, EU and EEA Institutions and Gibraltar as having adequacy decisions
  • The ICO will be responsible for standard contractual clauses to facilitate the export of personal data from the UK and will not need EU Commission approval
  • The ICO will continue to be able to authorise new binding corporate rules
  • The ICO will be responsible for any tasks previously undertaken by other EEA Supervisory Authorities for processing of personal data or UK residents
  • PECR will be amended to align the definition of consent with the UK GDPR

UK based businesses that deal solely with UK based personal data will largely remain unaffected. But, if your business deal with non UK business partners and there is a transfer of UK personal data then you will need to review carefully whether any of the changes will affect you (don’t worry Team Teal can help!).

The Regulations still need to be approved by Parliament so watch this space.

Get in touch

If you need help with data protection and GDPR, get in touch with our experts today.

The Data Protection Regulations Amendment 2019 Read More »

Couple signing an agreement with professional person

Ten point plan for IDD compliance

Blogs, Legal Compliance, Regulatory Compliance /

This may appeal to those of you who like me are a little lost when someone talks to you about the Insurance Distribution Directive. Let’s start from the basics, The Insurance Distribution Directive (IDD) is a new European directive that has replaced the Insurance Mediation Directive (IMD). It applies to Firms who conduct insurance distribution activities and its introduction will change the way relevant firms work. The SRA recently announced the approval by the Financial Conduct Authority and the Legal Services Board of its rules to comply with the directive, reflected in the changes made to the SRA Handbook 2011on 1 October 2018.

In summary the Directive aims to enhance consumer protection when buying insurance – including general insurance, life insurance and insurance-based investment products (IBIPs). It also focuses on supporting competition between insurance distributors by creating a level playing field. Like the IMD, the IDD covers the authorisation, passporting arrangements and regulatory requirements for insurance and reinsurance intermediaries. However, the application of the IDD is wider, covering organisational and conduct of business requirements for insurance and reinsurance undertakings. It’s also important to mention in order the demonstrate firms and employees possess appropriate knowledge to perform their duties, CPD of at least 15 hours are required to complete this.

In practical terms the definition of ‘insurance distribution’ in the new directive has been defined as the activities of advising on, proposing, or carrying out other work preparatory to the conclusion of contracts of insurance, of concluding such contracts, or of assisting in the administration and performance of such contracts, in particular in the event of a claim. That means Law firms involved in personal injury, conveyancing and probate will most likely be carrying on insurance distribution activities e.g. arranging for clients’ after the event insurance in a personal injury matter or insurance for defective title in a conveyancing matter.

Another important reference are the SRA rules particularly regarding the SRA Financial Services (Scope) Rules 2001 (Scope rules) and the SRA Financial Services (Conduct of Business) Rules 2001 (COB rules). The specific requirements which relate to insurance distribution activities are set out in Appendix 1 of the COB rules.

Here are 10 steps you may consider when you deal with IDD compliance:

Step 1

Notify the SRA using a FA8 form if you propose to conduct insurance distribution services. The SRA will inform the FCA on your behalf who maintains a register of firms which includes those that are carrying on insurance mediation activities. Before submitting the completed form be sure to provide some basic information like details of your firm’s insurance distribution officer, the identities of shareholders or members that have a holding in your firm that exceeds 10%, and the amounts of those holdings, the identities of persons who have close links with your firm as per close links definition under Article 13 point 17 of Directive 2009/138/EC and information that those holdings or close links will not prevent you exercising your supervisory or regulatory functions. Failing to register when required to do so is likely to be breaching the general prohibition which is a criminal offence under section 23 of the Financial Services and Market Act 2000 and you may find that the contracts of insurance arranged for clients are invalid.

Step 2

When appointing an insurance distribution officer, you must make sure that they are competent and understand the terms and conditions of policies offered, laws covering the distribution of insurance products, claims and complaints handling requirements, how to assess a customer’s needs.

Step 3

Make sure that you do not carry on any insurance distribution activities unless you have in place a policy of qualifying professional indemnity insurance. More information about the obligations on you can be found in the SRA Indemnity Insurance Rules 2013.

Step 4

Consider Rule 3 of the COB rules setting out the sort of information that you must provide about you, your firm and the services you can provide when arranging insurance e.g. inform the client you are regulated by the Solicitors Regulation Authority for this work and the scope of your services, i.e. that you can only carry on insurance distribution activities limited to those not prohibited by your Scope Rules.

Step 5

Set out information that you will need to give to your clients about any remuneration you receive for arranging the insurance and any fees that might be payable by the client in accordance with Part 8 and 9 of Appendix 1 of the COB rules.

Step 6

If you collect a fee from a client, you must disclose the exact amount of that fee (not an estimate or range). If the exact amount is not known, then the method of calculation must be provided. Any information you give to the client must be in a “durable medium” being fair, transparent and not misleading.

Step 7

In addition to providing information about the status of your firm, you must provide your clients with information confirming, that you are an insurance intermediary, as opposed to an insurer and that you cannot manufacture insurance products; whether you provide a personal recommendation in respect of the insurance products offered; whether you act on behalf of the client and/or the insurer. If you act for both you will need to explain in what circumstances you can act for each party, and if you have “10% or more” of the voting rights in an insurer (for example, as a shareholder).

Step 8

You must in comply with chapter 1 SRA Code of Conduct 2011 “honestly, fairly and professionally in the client’s best interests”.

Step 9

Comply with outcomes in Chapter 8 of the SRA Code of Conduct 2011 by making sure that your marketing communications, addressed to clients or potential clients are fair, clear and not misleading. Marketing communications should always be clearly identifiable as such.

Step 10

Ensure you have sent the client a summary document for general insurance products in the form of an Insurance Product Information Document (IPID) before you conclude a contract. The insurer is required to draw up the IPID and must set out the key information a client will need to make an informed decision about the product.

Get in touch

If you have any questions at all about IDD compliance, insurance generally or regulatory compliance, then get in touch with one of our experts today. An initial call is always free.

Ten point plan for IDD compliance Read More »