Regulatory Compliance

Brown paper torn to reveal the words "lessons learned" underneath

The Case of Nirosha Jayawardena and its Nine Key Lessons

Anti-Money Laundering, Blogs, Legal Compliance, Regulatory Compliance /

In an ever-changing landscape, keeping abreast of new developments is essential in the legal profession. This week, I delved into the intriguing case of Nirosha Jayawardena, a solicitor who recently found herself suspended from practice by the Solicitors Disciplinary Tribunal for one month.

 

The decision was an outcome mutually agreed upon by Ms. Jayawardena and the Solicitors Regulation Authority (SRA). Alongside the suspension, there were several stipulated conditions about her future conduct.

 

The Unraveling of a Complex Case

The case drew me in due to its facts and unique circumstances, which I believe underscore vital points for everyone in the law firm to keep in mind. It serves as a stark reminder of how weak anti-money laundering (AML) controls coupled with non-compliance to Accounts rules can potentially result in substantial losses for small firms.

Within the case, we saw the firm fall prey to fraudulent individuals masquerading as property owners. These fraudsters successfully manipulated the firm into selling properties and directing the proceeds into their pockets. In dissecting what transpired, multiple compliance failures came to light.

 

Nine Key Lessons

 

  1. Small Firms are Targeted

It’s a common misconception that only large firms fall prey to nefarious activities. While it’s true that some criminals target big firms, low-complexity impersonation frauds often zero in on smaller firms. These firms may lack the technological advancements or stringent sign-off procedures that larger firms have invested in, making them an easier target.

 

  1. Repeat Offenders

What’s peculiar about this case is the audacity of the fraudsters. After successfully duping the firm once, they brazenly tried their luck a second time. That’s the unsettling nature of fraudsters. They will often test the waters with a legitimate instruction to gauge the firm’s security measures. If successful, they will exploit the vulnerability repeatedly until caught/detected.

 

  1. Disruptive Methods for ID Verification

In the case of Jayawardena, the client conveniently couldn’t visit the office but was able to arrive in a taxi. Such disruptions to standard protocols serve to distract the lawyer, hindering their ability to spot discrepancies.

 

  1. Passport Errors

In a busy legal environment, it can be tempting to overlook small details. However, every document, especially identification ones, should be meticulously scrutinised. Fraudulent documents are surprisingly accessible and can range in quality. The case underlines the importance of spotting typos or unusual language in documents.

 

  1. Ignoring the AML Policy

Needless to say, adhering to your firm’s policy is crucial. Unfortunately, instances of non-compliance do occur. It’s essential to make sure that all guidelines reflect actual practice. Having procedures in place that are habitually ignored only serves to undermine the entire policy.

 

  1. Breach of Solicitors Accounts Rules

Impersonation frauds often hinge on payments made to third parties. This case underscores the importance of handling such transactions with extreme caution. Reinforce this within your firm and ensure that the rationale behind such payments is captured in writing.

 

  1. Ignoring Warnings in Customer Due Diligence (CDD)

Knowing how to interpret electronic verification search results is a must. Document what your next steps are if the checks don’t pass. Ignoring warning signs can clearly lead to a cascade of issues down the line.

 

  1. Failure to Retain and Verify ID Copies

The Regulations mandate that CDD must be retained for 5 years past the end of the business relationship. This case emphasises the importance of not only keeping a copy of the ID but also following through with verification processes like authenticity checks on passports and driving licenses.

 

  1. Mandatory Training Courses

An intriguing element of this case was the requirement for Jayawardena to undergo training courses on AML and Accounts Rules. This is a prudent move and, as an trainer, one I wholeheartedly endorse.

While this might seem daunting, remember that knowledge is power. Let’s learn together and fortify our defenses against these ‘baddies’.

 

Get in Touch

For more information, simply get in touch and one of our helpful experts will contact you without delay.

 

 

The Case of Nirosha Jayawardena and its Nine Key Lessons Read More »

British pound notes scattered on a table with a calculator, pen and glasses

New SRA fining powers for AML – Be careful as they’re going to use them!

Anti-Money Laundering, Blogs, Legal Compliance, Regulatory Compliance /

The Solicitors Regulation Authority (SRA) has long desired more robust punitive capabilities against traditional law firms. They have historically possessed the ability to impose significant fines on Alternative Business Structure (ABS) firms and can forward cases to the Solicitors Disciplinary Tribunal (SDT) for an agreed decision’s endorsement. However, there are now new SRA fining powers. These powers were broadened, enabling them to impose a fine of up to £25,000 without SDT referral and approval.

Recent case study

A recent noteworthy fine was imposed on an Oxfordshire-based two-partner firm, Ferguson Bricknell, for Anti Money Laundering (AML) breaches. The firm was penalised £20,000 for violations of the Money Laundering Regulations and the SRA’s Standards and Regulations. 

Although £20,000 might appear insignificant to some, for a small firm, it’s a considerable sum! If you consider a £200 hourly rate at 20% profitability, a lawyer would need to work for more than 14 weeks to generate the profit to cover it. This is because fines are paid from profit; there’s no special budget set aside for them!

The full decision is a worthwhile read, providing insights into the firm’s declaration to the SRA of a compliant Practice Wide Risk Assessment. The SRA periodically requests firms to confirm their compliance with certain regulations and verifies this by checking a sample of firms. In this instance, the SRA disagreed with the firm’s assessment of compliance and investigated further into its AML conformity.

Key take aways from the case

The case provides valuable insights into the SRA fining powers and their approach, and offers seven key takeaways:

Number 1

When the SRA communicates with a firm, ensure a response is made. If your Compliance Officer for Legal Practice (COLP) is the recipient, ensure they’re checking their spam emails as the SRA’s emails often land there.

Number 2

If you claim compliance, be certain that you’re indeed compliant. There is an abundance of guidance, including free templates for Practice Wide Risk Assessments. Never claim compliance if it’s not the case.

Number 3

Keep up with reviews. Set reminders and take action. To show that you’ve reviewed a document, log the date and reviewer’s name (and approval if needed) within a version control table in the document.

Number 4

Consider establishing an independent audit function. Although not mandatory for all firms, it’s crucial for those of significant size and nature. The audit doesn’t have to be external, but in smaller firms, it must be conducted by someone independent of the people who oversee the policies, controls, and procedures.

Number 5

Regularly train your staff. The latest Legal Sector Affinity Group Guidance emphasizes annual refresher training. Additionally, the Money Laundering Reporting Officer (MLRO) and the Money Laundering Compliance Officer (MLCO) should receive specialist training for their roles.

Number 6

Conduct a matter risk assessment, as required by the 2017 Money Laundering Regulations. The SRA expects to see an assessment on every file falling within the regulations’ scope, with enough information to judge the risk assessment’s accuracy.

Number 7

Perform source of funds and wealth checks when necessary. Make sure it’s complete before accepting or moving any transactional money through the client account.

The case underscores the SRA’s commitment to enforcing AML Compliance. They’ll act against non-compliant firms, even if there are no actual money laundering allegations. Firms are expected to take their responsibilities seriously, with disciplinary actions waiting for those who don’t.

Get in touch

If you need advice or guidance with aml compliance or  regulatory compliance, we’re here to help you. Simply get in touch with one of our friendly experts today.

Get in touch

New SRA fining powers for AML – Be careful as they’re going to use them! Read More »

Two women, one advising the other on paperwork

Think you’re not a Tax Adviser? Think again!

Anti-Money Laundering, Blogs, Legal Compliance, Regulatory Compliance /
On 23 November 2020 the SRA released guidance that may have been missed by many of you.
 

What’s the purpose of the SRA Guidance?

The purpose of the guidance was to draw to the attention of firms the need to consider whether they fell within the new definition of a tax adviser under The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (‘the regulations’) which, on 10th January 2020, widened the scope to be:

 

“a firm or sole practitioner who by way of business provides material aid, or assistance or advice, in connection with the tax affairs of other persons, whether provided directly or through a third party, when providing such services.”

What’s the consequence of the SRA Guidance?

The consequence of the guidance issued in November 2020 was that:

“If the change in definition to tax advisers that came into force on 10 January 2020 brought your firm into scope of the regulations, you must tell us and apply for approval of your beneficial officers owners and managers before 10 January 2021”

For those of you who don’t ordinarily provide tax advice, the pertinent words in the new definition of a tax adviser are “provides material aid, or assistance…, in connection with the tax affairs of other persons, whether provided directly or through a third party, when providing such services.”

The SRA defines material aid and assistance as ‘Non-advisory services that are in scope and that will help the client to comply with their tax responsibilities eg filing papers with HMRC on behalf of a client’.

The SRA’s broad definition of through a third party includes the instruction of a tax specialist, accountant etc on behalf of your client.

In short completing and/or filing an IHT form on behalf of your client, instructing an accountant on behalf of your client to advise on the tax implications of a matrimonial or employment settlement, or drafting a trust to manage a PI settlement will all likely fall within the scope of being a tax adviser.

What you need to do

If you believe you fall within the scope you will need to give consideration to whether your CDD processes (particularly within your private client, matrimonial, and litigation and employment departments) satisfy the requirements of the regulations.

If you are a firm that already provides tax advice, and particularly where you are instructed by another professional on behalf of their client, you may be in scope of the regulations to the extent that you will need to consider carrying out appropriate CDD on the underlying client. According to the SRA the question of ‘who is the client’ when services are provided via a third party is clear, it is always the person whose tax affairs are the subject of the advice, assistance or material aid.

And, not forgetting your obligations to the SRA, you should also give consideration to informing the SRA and seeking the appropriate approval of your beneficial officers, owners and managers by completing the FA10 (for firms newly authorised or newly in scope of AML authorisation) or FA10b (for firms who already have AML authorisation) as soon as possible.

Read the full SRA Guidance.

 

Get in touch

If you’re still unsure and would like further guidance or support, why not find out about our Ask Teal service which covers all things compliance. Alternatively contact one of our experts today. 
Get in touch

Think you’re not a Tax Adviser? Think again! Read More »

laptop, phone, mug of coffee and pad on a desk

A look at the new Freelance Solicitor Model

Anti-Money Laundering, Blogs, Legal Compliance, Regulatory Compliance /

In November 2019, the SRA introduced a new model of operating for so-called ‘freelance solicitors’. The intention of the freelance solicitor model was to allow solicitors greater flexibility when providing services. We were told that the changes took place as the regulator felt that the previous arrangements created an unnecessary and restrictive ‘artificial entity’ model around solicitors operating as individuals. Prior to the changes, sole practitioners were required to have their practice authorised as a ‘recognised sole practice’.

 

What is a Freelancer?

A good starting point is to look at what the SRA means by ‘freelance solicitor’. This term is used to describe a self-employed solicitor who:

  • is practising on their own;
  • doesn’t employ anyone else in connection with the services they provide;
  • is practising in their own name (rather than using a trading name or through a service company);
  • is engaged directly by the client with fees payable directly to the solicitor;
  • and without that practice being authorised. So, essentially, we’re talking about individuals who are genuinely self-employed.

Rules and Regulations

Freelancers are subject to various rules and regulations. The three key ones to note are as follows:

 

The SRA Authorisation of Individuals Regulations 2019 (the Regulations)

  • You must have practised as a solicitor for a minimum of three years since admission or registration.
  • You are self-employed and practise in your own name, and not through a trading name or service company.
  • You must take out and maintain indemnity insurance that provides adequate and appropriate cover in respect of all of the services that you provide or have provided (this includes both reserved and unreserved legal services), and that takes into account any alternative arrangements you or your clients may make.
  • You are not permitted to employ anyone.
  • You are engaged directly by the client, and the client pays their fees directly to you.
  • You may only hold client money in limited circumstances, i.e. when it’s for payments on account of costs and disbursements that you have not yet billed where:
    1. any money held for disbursements relates to costs and expenses incurred by you on behalf of your client and for which you are liable, and
    2. you have told the client in advance where and how that money will be held.

SRA Code of Conduct for Solicitors, RELs and RFLs (the Code)

Freelance solicitors are regulated in the same way as other solicitors and are subject to the provisions of the Code.

 

The Transparency Rules

Those freelancers providing reserved legal services are also subject to the requirements of the Transparency Rules. This includes publishing costs information where they offer any the services listed in the rules, publishing details of their complaints’ procedure, and telling clients that they will not be covered by insurance on the SRA’s minimum terms and conditions and that alternative arrangements are in place.

As a more general rule, freelance solicitors will need to ensure that clients fully understand the implications of their “freelance” status and any additional risks to the client. This should include informing clients if they are unable to benefit from the SRA Compensation Fund.

 

Other key regulations to think about

Freelance solicitors will also need to consider whether they are an “’independent legal professional” (ILP) for the purposes of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017). The MLR 2017 apply to freelancers providing legal or notarial services to others as part of financial or real property transactions. If you are an ILP, you’ll need to comply with the regulations, which includes having a risk assessment, policies and controls and procedures in place. You’ll also need to separately register with the SRA to comply with the MLR 2017.

 

What activities can Freelancers undertake?

The Regulations differentiate between those performing reserved legal activities and those just providing non-reserved legal activities – essentially differentiating between the areas of law considered riskier and those of low-risk. As you’d expect, the restrictions are more stringent for those undertaking the former. There are six reserved activities which you’ll find listed at Section 12 and Schedule 2 of the Legal Services Act 2007. If you’re planning to work as a freelancer, it’s important that you familiarise yourself with these:

  • Exercise of a right of audience
  • Conduct of litigation
  • Reserved instrument activities (includes conveyancing and linked matters)
  • Probate activities
  • Notarial activities
  • Administration of oaths

Historically, you’ve only been able to provide these types of services as a solicitor through an entity that is authorised to do so. However, if you’re a solicitor practising on your own account, you can now provide these types of services without needing to be authorised as a recognised sole practitioner if you meet the conditions set out in Regulation 10.2(b) of the Regulations.

 

More on the Restrictions in Regulation 10.2(b)

Experience: Whilst solicitors solely providing non-reserved legal activities don’t need to meet the three years’ PQE requirement, newly qualified solicitors will need to be mindful of the need to satisfy the competency requirements set out in the Code, which still apply.

Employing others: Despite this restriction, the SRA Ethics guidance (“Preparing to become a sole practitioner or a freelance solicitor”) clarifies that this isn’t intended to stop freelancers from contracting with others to provide pure administrative support to help them to provide their services, so long as they don’t “employ” those people. This would, for example, enable you to work in a Chambers model where the Chambers provides administration and other business support. It would also enable freelancers to receive similar services from a serviced office type arrangement.

It’s also important to note that if you do decide to employ someone to assist you in connection with the services you provide (including a paralegal or secretary), your clients will not benefit from protection under the SRA Compensation Fund (see Regulation 5.2, SRA Compensation Fund Rules) – you must be genuinely practising on your own.

Professional Indemnity Insurance (PII): Another apparent rational for the introduction of the revised regime was the SRA viewing that the high cost of purchasing PII on minimum terms was deterring entry to the market of sole practitioners wanting to practise independently.

Now, freelancers who carry out purely non-reserved activities are not required to have any PII. However, prudent freelancers should consider whether having no cover is in their own, and indeed their clients’ best interests. Conversely, freelancers carrying out reserved legal activities must have “adequate and appropriate insurance” in place, but do not need to comply with the SRA’s minimum terms. Cover must be for all of the work done as a solicitor and not just any reserved activities. When speaking with insurers or brokers, it’s advisable to let them know if you’ll be seeing clients at home or working from home on a regular basis, to make sure you obtain appropriate cover. When arranging cover, factors to think about may include an assessment of maximum probable loss for each work type, your claims history (if any; number/type/value/frequency of client matters) and likely client profiles. You should also record how you reached your decision on the level of cover so you can produce this if asked to demonstrate that you meet the “adequate and appropriate” requirement.

Although the cost of insurance can sometimes be prohibitive, freelancers should also consider taking out run-off cover if they decide to stop practising – at least until the risk of claims has fallen away. If solicitors decide to move back into private practice, this may be something that new employers will look for.

Insurers will undoubtedly be looking closely at the risk and compliance framework that freelancers put in place to ensure that any risks are being properly managed before they offer cover; so this is likely to be a key focus for those wanting to take advantage of the new model of working. Here at Teal we work closely with insurers and can help you to ensure that you have an appropriate framework in place that will satisfy your insurers’ requirements. Please do not hesitate to contact us if we can assist.

Restrictions on holding client money: Given the limitations on holding client money, if a client needs to pay or is due to receive other types of client money (such as damages or money from an estate), a freelance solicitor will need to make alternative arrangements to safeguard these funds – for example via a third party managed account such as Shield Pay.

 

Structures

As a freelancer solicitor you’re strictly prohibited from adopting any kind of entity structure, such as a limited company, limited liability partnership or partnership and can only operate under your own name. This means that you’ll be personally liable for your actions in the same way as a sole trader.

Law Society guidance (see link below) envisages that individuals may consider working together with other like-minded solicitors in a Chambers-style arrangement, with practices complementing one another. Each freelancer in the arrangement remains individually regulated and may, for example, just offer non-reserved legal activities, whilst others may offer reserved activities or perhaps offer both.

 

The process for getting set up as a freelancer

To get started, you will need to notify the SRA that you intend to practise on your own and whether or not you will be providing reserved legal services. If so, the SRA will then check whether you meet the conditions set out in the Regulations mentioned above.

 

Risks for law firms

Law firms should consider training staff on freelance solicitors and the implications for firms – for example, given the restrictions on holding client money, freelancers will be limited in the undertakings that they will be able to give.

Given the requirements for freelancers to contract personally for services, and the ban on freelancers holding client money, the SRA considers that the arrangements are unlikely to appeal to a sole practitioner who is currently running a business and employing staff and instead, are more likely to appeal to those who wish to undertake ad hoc freelance work or set up in a chambers style model.

When the new model for freelancers was first discussed, it received a considerable amount of negative commentary in the press, mostly relating to lack of regulation. However, as mentioned above, the Code still applies to all freelancers.

The Gazette reported back in early March 2020 just prior to lockdown, that 71 solicitors had already registered with the SRA as freelancers. The model is likely to be attractive to solicitors with a good client following or with small practices – so clearly poses a threat to firms, although quite how extensive the threat will be, only time will tell.

 

Useful links

Here are some useful links

  • Law Society Practice Notes – Click here
  • SRA Freelancer Notification – Click here
  • SRA Guidance – Preparing to become a sole practitioner or SRA regulated solicitor – Click here
  • SRA Guidance – Third party managed accounts – Click here
  • SRA Compensation Fund Rules 2021 – Click here

Get in touch

If you’d like to know more about our regulatory services, please contact one of our experts today.

Get in touch

A look at the new Freelance Solicitor Model Read More »

Two train tracks merging

Merging under pressure and compliance due diligence

Blogs, Legal Compliance, Regulatory Compliance /

There are firms that, for one reason or another, are finding themselves in unexpected commercial difficulties that make their longer term viability questionable. Radical reconstruction by consolidation through merger may be the only alternative to closing doors for good, with all the unsavoury knock-on consequences that this entails. 

So now – more than ever – there are likely to be opportunities for merger to the potential benefit of both parties and compliance due diligence is extremely important.

 

Compliance due diligence 

In any potential merger situation, it is becoming increasingly clear that compliance needs to be at the top of the priority list. Overall, it is a great indicator as to the overall management style of the merger target as, on a broader scale, the major regulatory standards are placing an increasing significance on the wider principles of good governance as an underpinning ethos to the compliance that they foster.

So… if you’re an ‘acquiree’, what do you need to do to prepare the firm for marketing, and as an ‘acquirer’ what do you need to look for?

They are actually two sides of the same coin. If you are the firm looking for help through merger, it’s similar to a job interview – prepare, prepare, prepare, and then prepare. This applies to training all levels of staff in what we are doing and why. Make sure that everyone is on board as their future employment may depend on it.

As an acquirer, the due diligence cannot be too thorough, especially in the current climate when many personnel are likely to be dispersed.

 

The SAR Principles

The overarching standard is of course the SAR Principles, revised and reduced from ten to seven in November 2019. They are as follows and should be thoroughly interrogated:

“You act:

  1. in a way that upholds the constitutional principle of the rule of law, and the proper administration of justice.
  2. in a way that upholds public trust and confidence in the solicitors’ profession and in legal services provided by authorised persons.
  3. with independence.
  4. with honesty.
  5. with integrity.
  6. in a way that encourages equality, diversity and inclusion.
  7. in the best interests of each client.”

In support of these Principles the firm needs to have a COLP and COFA and you should check that the roles are filled by someone who is appropriately qualified and trained – and takes the role seriously.

You are seeking to adduce evidence that the firm not only talks a good talk but actually delivers on those verbal assurances. There will usually be two aspects to the proof needed that there is such delivery.

You will need to check that there are Standard Operating Procedures that are encapsulated in systematised written format. These will, or should, form recognisable parts of the firm’s Operations Manual.

It maybe that there are a number of different manuals though e.g. the Data Protection or Lexcel Manuals. If the Manuals are stored electronically the fact that they’re all in the same ‘Compliance’ area is indicative of how orderly the firm’s management processes are. Hopefully the Manuals will all be assembled ready for inspection – a well organised firm should have sufficient confidence in its systems to know what a merging firm will be looking for.

You will need empirical evidence. This will take the form of findings from interviews, both formal and informal, and from written records relating to inductions, training and Personal Development Reviews or Appraisals. There will be clues as to the effectiveness of the firms’ governance with such items as structural organograms and procedures for escalating responses for incident handling.

Minutes from meetings of all types, and policy review schedules can also be very helpful aside from broader good governance you should check for clear documentation of the firm’s supervisory structures.

There is increasing emphasis being placed on this in the SRA principles as well as the GDPR / DPA legislation.

 

How do you find it? 

The paper (or electronic equivalent) trail is self-explanatory – time consuming but worthwhile. Gathering empirical evidence is more challenging but probably more revealing.

The firm’s COLP and COFA will always be interviewed. Further interviews should be carried out with a good cross-section of all staff and include front and back office staff at all levels. Remember that conversations solely with partners/senior management will give a slanted perspective.

Insurances – Appropriate levels of PII insurance will be checked together with the firm’s Complaints and Claims registers in support of this. How these are administered is a good indicator of the general management style of the firm and attitude towards compliance. Appropriate cover in other areas to complement the firm’s Business Continuity Planning will also be checked.

Supervision – From the point of view of supervision checks you should speak to both supervisors and supervisees on whether issues are dealt with on a one-to-one basis or in teams; whether training needs are formally identified and how the training is delivered and monitored. This is especially important in the new era of remote working in which firms are currently operating. This topic has been explored in other recent blogs on the Teal Compliance website.

File Reviews – These are another rich source of data and are a vital part of delivering the quality required by the SAR. Check how often they are carried out and by whom and what happens to the results of the reviews.

Training Schedules and Attendance Records – These are very revealing about the firm’s overall attitude towards compliance and its effective implementation especially when read in conjunction with staff interviews for cross-referencing. The firm’s approach towards conflicts avoidance should be carefully monitored.

The firm’s management of its central Key Dates diary should be similarly examined.

 

How do you evaluate it?

It is advisable not to rely on just one opinion and to apply some sort of consistent level of scoring on how compliance is being managed.

Results from interviews are likely to be more subjective so a structured series of open questions contained in a questionnaire will help towards achieving consistency.

 

What is it telling you? 

Working on a “RAG” (Red, Amber, Green) method of assessing levels of compliance it would be highly unusual and deeply suspect to come up with a full pack of Greens. It is a useful indicator but not the whole story. What you are really looking for is the overall style of approach to the whole portfolio of regulatory compliance.

Every firm will have setbacks or issues occurring that expose actual or potential weaknesses in a firm’s breach prevention armoury. These are of themselves not necessarily the most important thing. What really matters is, how the firm approaches dealing with the actual or potential issues, and the overall compliance-embracing culture of the firm, and how the firm works to embed and keep embedded this culture at all levels.

If you are in any doubt about carrying out this sort of exercise then you shouldn’t hesitate to ask for outside help. A third pair of eyes can in any event add an element of objectivity that may be difficult to maintain internally when people are either enthusiastically – or unenthusiastically – polarised about a merger project.

Get in touch

If you’d like to know more about how Teal’s compliance services can help, simply contact our experts today. 

Get in touch

Merging under pressure and compliance due diligence Read More »

Paparazzi in car snapping a photograph

What is a Politically Exposed Person (PEP) and how do I know if my client is one?

Anti-Money Laundering, Blogs, Legal Compliance, Regulatory Compliance /

The SRA expect solicitors and firms to continue to meet the high standards the public expect (which includes upholding the rule of law). It’s therefore important to ensure that all staff are aware of their obligations when onboarding clients, and this includes understanding what a politically exposed person is.

On a number of occasions, we’ve seen panic set in as soon as someone sees the words “match” for their client on a politically exposed person screening request, but there’s no need to panic! Just because someone is classified as a politically exposed person does not necessarily mean they are a “baddie”!

 

What is a politically exposed person and why are they considered high risk?

A politically exposed person is a person who is or, within the last year, has been a:

  • Head of State/Government
  • Minister
  • Assistant Minister
  • MP
  • Member of judiciary
  • Member of Courts
  • Member of Auditors
  • Member of boards
  • Member of central banks
  • Ambassador
  • High-ranking officer in the armed forces
  • Member of administrative management
  • Member of supervisory bodies
  • Member of state-owned enterprises Member of governing body of a political party
  • Board of an international organisation (for e.g. FIFA)

In addition, a person will also be classified as a politically exposed person if they are:

  • A member of a politically exposed person’s family
  • A known close associate of a politically exposed person (whom the politically exposed person is in business with)
  • A beneficial owner of the politically exposed person’s property (someone who enjoys the benefits of ownership even though the title of the property is in another person’s name)

 

Why is a politically exposed person deemed high risk?

A politically exposed person is deemed high risk because they generally present a higher risk for potential involvement in bribery and corruption due to their position and the influence that they may hold.

Therefore, the main aim of applying Enhanced Due Diligence (EDD) to work involving a politically exposed person is to mitigate the risk that the proceeds of bribery and corruption may be laundered.

A politically exposed person is also an easy target for identity theft due to a great deal of their personal information being publicly available.

 

How do you find out if your client is a politically exposed person?

The best way to check whether someone is a politically exposed person is through politically exposed person screening solutions (PEP screenings) online. Many firms already have electronic verification which will normally include PEP screening as part of the checks that are carried out. Some online screening solutions will also provide additional information, such as adverse media and any criminal conduct – a good way to check whether your politically exposed person is a “baddie” or not!

Don’t forget Google, it is amazing what information you might find from a Google search.

 

The Regulations  

Regulation 33 (1)(d) of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) states that EDD is required in situations where the client is a politically exposed person, or a family member or known close associate of a politically exposed person. Therefore, it is important to establish whether or not your client is a politically exposed person at the outset.

In addition, under Regulation 35 of the MLR 2017, if your client is a politically exposed person you must:

  • Get senior management approval for the business relationship
  • Take adequate measures to establish the source of wealth and source of funds
  • Closely monitor the business relationship throughout

 

Get in touch

If you need any assistance when dealing with a  politically exposed person,  please get in touch and we would be happy to help.

Take a look at the compliance services we can offer or alternatively, get in touch with one of our experts. 

Get in touch

What is a Politically Exposed Person (PEP) and how do I know if my client is one? Read More »

someone typing on laptop on wooden desk

The SRA Transparency Rules – Is your website compliant?

Blogs, Legal Compliance, Regulatory Compliance /

As you’re no doubt aware, the SRA Transparency Rules (the Rules) came into force back in December 2018 requiring firms to publish price and service information for various practice areas. It’s important that you check this regularly, to ensure it’s up-to-date. 

What areas of law does it cover?

You need to publish the price and service information on your website if you publicise that you work in the following areas of law: 

  • Residential conveyancing
  • Probate (uncontested)
  • Motoring offences (summary offences)
  • Immigration (excluding asylum)
  • Employment tribunals (unfair/wrongful dismissal)
  • Debt recovery (up to £100,000)
  • Licensing applications (business premises)

If your firm doesn’t have a website, you must still have this information available upon request in other formats.

Information about the SRA requirements

The Rules also require all firms to publish details of their complaints procedure on their website, including how and when a complaint can be made to the Legal Ombudsman and to the SRA. From 25 November 2019 firms were also required to display the SRA’s digital logo in a prominent place on their website.

You may also be aware that the SRA has been conducting a programme of random sweeps of firm websites to monitor on-going compliance with the Rules. 

In November 2019 they reported that during a sweep of 447 live websites conducted in March/April 2019, only 25% of firms were fully compliant with the Rules. Of the remaining 75%, 58% were partially compliant and 17% were not compliant with the Rules at all. However, the SRA did provide useful feedback on the most common areas of non-compliance which were:

  • Failing to publish the required complaints information
  • Failing to specify the amount of VAT applied to costs and disbursements
  • Failing to display information on key stages and/or timescales
  • Failing to provide a description or costs of likely disbursements

We’re aware that the SRA has more recently been contacting firms with the results of their sweep. Several firms we’ve spoke to were surprised to learn that they’re only partially compliant, despite undertaking considerable work on their respective websites. In our experience, whilst the SRA will indicate to a firm the service areas that they consider non-compliant in terms of the information provided, unfortunately they don’t provide exact details of the non-compliance(s), but instead state “insufficient information” has been provided.

When assisting clients to identify the missing information, we’ve found the SRA templates of suggested text to be very helpful.

Our own research

We undertook our own survey of 10 websites for compliance with the Rules and found the following:

  • Fully compliant: 1
  • Partially compliant: 8
  • Non-compliant in all areas: 1

When looking at the websites, we noticed that the issues flagged by the SRA after their first ‘sweep’ still featured high on the list of areas of non-compliance. We located the SRA’s digital badge on 8 out of the 10 websites reviewed.

Get in touch

At Teal, we offer firms a website audit service. We provide guidance on whether we consider that your website is compliant with the Rules and can assist with any remedial action needed. We can also provide guidance and assistance if you’ve received an SRA Notice informing you of non-compliance and directing you to take remedial action.

If you’d like to know more, or if we can assist, please get in touch.

Get in touch

The SRA Transparency Rules – Is your website compliant? Read More »

UK Passport camera icon

Who should certify client identification documents and what should they check?

Anti-Money Laundering, Blogs, Legal Compliance, Regulatory Compliance /

Some of the certifications I’ve seen on client identification documents that fee earners have uploaded as part of their client due diligence checks, have led me to raise an eyebrow.

One of my favourites was a document certified by someone whose occupation was detailed as “Retired”!

Having worked in Risk and Compliance for over 7 years, one question I would regularly hear was “who can certify my client’s identification documents?”.

Firms will have different policies and procedures in respect of this. However, it is worth considering the following points when deciding whether you are happy to accept the certification on a document:

  • Is the person certifying the documents a professional person or ‘of good standing’ i.e. are they regulated, or do they work in a position of trust?
  • Is the certifier easily identifiable?
  • Would you be able to contact the certifier if needed to verify their certification? A bank, building society or post office official could move jobs/professions, making it difficult for you to contact them.
  • Does the certifier have the relevant skills to know whether what they are certifying is a true original document?
  • Has the document also been certified as a true likeness?

The majority of firms only accept certified client due diligence documents from a professional regulated person for example a solicitor, a banker or a notary. The reason for this being that they are then able to demonstrate to the relevant authorities, if necessary, that the person in question who certified the documents was of “good professional standing”, easily identifiable to contact if necessary and competent at document inspection and imposter detection.

We had a query a couple of months ago as to whether documents must also be certified as a “true likeness”. My view is that this wording should be used where the document being certified contains a photograph. If the certifier does not stamp a document containing a photograph with the wording a “true likeness”, and states a “true copy” then they are suggesting that they have ONLY seen the original document and therefore the individual who the document relates/belongs to was not present at the time the document was certified. This, to me, defeats the whole point of getting documents containing a photograph certified in the first place!

If you come across documents containing a photograph that are only certified as a “true copy” it is worth double checking with the certifier that the individual was present at the time the document was certified or that the certifier has met the individual in person previously and can confirm that it is a true likeness.

Don’t forget to make sure the document being certified is in date – It’s surprising the number of times I have seen client identification documents that have expired but have been recently certified.

 

Get in touch

If you’d like to know about how our services can help, please get in touch with our experts today. 

Get in touch

Who should certify client identification documents and what should they check? Read More »

Keyboard with a large yellow button which says 'Data Protection' and has an image of a padlock

Do you need a data protection officer under the GDPR?

Blogs, Data Protection, Regulatory Compliance /

At Teal, one of the questions we often get asked is whether or not an organisation needs a Data Protection Officer (DPO).

 

What the guidance says

Under the GDPR, it’s mandatory for some organisations to appoint a person to act as their DPO – others may choose to either appoint a DPO on a voluntary basis or decide that one is not required for the purpose of the Regulations and instead, they’ll just appoint someone to deal with data protection matters. In each case, your business will need to consider who this person should be, what their duties will be and what your business’s obligations are in relation to this person.

The WP29 guidance (the WP29 was an advisory body made up of representatives from the data protection authorities of each EU member state, the EU Commission and the European Data Protection Supervisor, which has now been replaced by the European Data Protection Board) recommends that organisations document the internal analysis carried out to determine whether or not they need to appoint a DPO. This can, for example, be via a memo to your governing body making recommendations as to whether a DPO should be appointed or not, as well as noting any decisions flowing from the recommendations. Whilst the appointment of a DPO isn’t always essential, the guidance states that organisations should assume that one is necessary unless they can demonstrate otherwise.

Although a DPO appointment will show your commitment to complying with the GDPR, you need to bear in mind that once you appoint one, they’ll have to comply with the obligations of a DPO contained in the regulations.

 

Under the GDPR, when must a DPO be appointed?

Under the GDPR, controllers and processors must appoint a DPO if:

  • They are a public authority or body
  • Their core activities involve large scale, regular and systematic monitoring of individuals
  • Their core activities consist of large scale processing of special categories of data or data relating to criminal convictions and offences

So, it’s the nature of processing undertaken by you, as a data controller or processor, that determines whether or not you need a DPO and you need to consider to what extent you need to process personal data to function properly as an organisation. If it is essential, it is likely that you will need a DPO.

Whilst what constitutes “large scale” isn’t defined, the guidelines say that when determining if processing is on a large scale, you should take the following factors into consideration:

  • The numbers of data subjects concerned
  • The volume of personal data being processed
  • The range of different data items being processed
  • The geographical extent of the activity
  • The duration or permanence of the processing activity

Even if you decide not to appoint a DPO, the GDPR require organisations to keep records of their processes and any data breaches and it’s important to ensure that your business has sufficient staff and resources to enable it to discharge its obligations under the GDPR.

 

Who can and can’t be a DPO?

The GDPR requires appointment of a DPO to be on the basis of a person’s ability to carry out those tasks, in particular, their experience and knowledge of data protection law. The regulations don’t specify the precise credentials a DPO is expected to have, but they do state that they should be proportionate to the type of processing being carried out and take into consideration the level of protection the personal data requires. Clearly it would be an advantage for a DPO to have a good knowledge of the relevant industry or sector, as well as your data protection needs and processing activities.

You can appoint an external DPO which would avoid any conflict issues and this is useful where there is no-one suitable within your business to take on the role. The WP 29 guidance provides useful suggestions regarding the individuals within a firm that shouldn’t be the DPO given that they are likely to be in a position of conflict as they may be responsible for determining the purposes and means of processing personal data, this includes the Chief Executive Officer, Chief Operating Officer, Chief Financial Officer, Head of Marketing, Head of Human Resources and Head of IT. Other less senior roles may also be conflicted if they lead to determination of the purposes and means of processing. In many law firms, for example, it is likely that the Compliance Officer for Legal Practice (COLP) would be a suitable DPO. However, you would need to consider any other roles that the COLP fulfils for the firm, in particular if the COLP is also managing partner or has another senior management role.

The GDPR contains a number of protections for DPOs and places obligations on the data controllers and processors regarding their DPO, a key one being to support the DPO by providing resources to enable them to carry out their tasks. DPOs must be independent, avoid conflicts of interest and cannot receive instruction regarding the performance of their tasks. The GDPR provides DPOs with protected employment status, meaning that you cannot dismiss or sanction a DPO simply for doing their job.

 

What’s the DPO’s role?

The DPO’s main responsibility is to inform and advise your organisation and staff about your obligations to comply with GDPR and other data protection laws. They are responsible for monitoring compliance with the law and regulation and with your data protection policies and also for raising awareness of data protection issues. This includes training staff and conducting internal audits where necessary. They are also responsible for advising on and monitoring any data protection impact assessments that you may undertake, and are the first point of contact for supervisory authorities and the individuals whose data you process. The ICO expects a DPO to take a risk based approach and, for example, to focus on the more risky activities that a business may undertake (e.g. if you process special category data).

The DPO, or his/her team, should be involved from the earliest stage possible in all issues relating to data protection., This should include regular participation in senior management meetings and involvement in any decision which has a data protection implication, with all relevant information being provided to them as early as possible. You should ensure that due weight is given to the DPO’s opinion and, in case of disagreement, the reasons for not following the DPO’s advice should be documented.

 

Law Firms

The Law Society in its March 2018 advice article (Appointing a Data Protection Officer) took the view that most law firms will not need to appoint a DPO given that they would not be systematically monitoring data subjects on a large-scale and reiterated this view in further advice in August 2019 (Appoint a Data Protection Officer). At the same time they acknowledged that some firms might need to appoint a DPO where they are processing special categories of data, e.g. concerning health, ethnicity, political or religious beliefs, trade union membership, or sexual orientation of the firm’s clients, or relating to their criminal convictions and offences, and such processing might be conducted on a large scale.

Whilst firms might conclude that their processing falls outside the criteria for the mandatory DPO appointment, they may still wish to appoint a DPO on a voluntary basis – particularly if they are in any doubt on the matter. Some firms might also benefit from taking specialist advice on the matter, if they do not have the necessary expertise in their practice. Firms should keep a full record of their decision-making.

Whether you decide to appoint a DPO or not, you should ensure that all staff are aware of the existence of the person responsible for dealing with data protection matters within your organisation and the importance of their role. They must have a direct feed into your top-level management. It’s important to note that a DPO, where appointed, is not responsible for your business’s compliance with data protection law – this remains the responsibility of you as data controller or processor. However, a DPO, and indeed any other person appointed to deal with data protection matters clearly play a crucial role in being responsible for overseeing your data protection strategy and its implementation and helping you to fulfill your data protection obligations.

 

Get in touch

To find out more about our data protection and GDPR services, contact one of our helpful experts today.

Get in touch

Do you need a data protection officer under the GDPR? Read More »

Hand holding a small plant against the sky

SRA Standards and Regulations 2019 – Principle 4 To Act with Honesty

Blogs, Legal Compliance, Regulatory Compliance /

The much-anticipated SRA Standards and Regulations 2019 have been live since 26th November 2019 and I am sure many law firms are still racing around updating policies and training staff on what this means for them.

The Solicitors Regulatory Authority (“The SRA”) have driven this change to the Regulations with a view to enabling innovation, growth and increased competition in the legal market, something which the legal sector seems to be falling behind on compared to other sectors. Not much has changed in the Regulations, as the SRA’s main aims were to make simpler rules which were focused on higher professional standards as well as making it easier for law firms to make their own decisions and have more flexibility in how they deliver their legal services.

The SRA have however made a few significant changes to the Principles. One being the addition of Principle 4 “You Act with Honesty”. But what does this mean for you?

It is important to highlight that the Principles apply to everyone who is employed by a law firm. This includes paralegals, support staff and managers, it does not just apply to Solicitors. This isn’t something new, however I feel this is something that isn’t always communicated to non-qualified staff. I have worked in several law firms and out of all those firms, only once was I made aware that the Principles applied to me. Even then I still didn’t really understand the importance and implications of this. It’s therefore crucial that law firm employees are given the necessary training so that they understand their obligations under the Principles.

The question is, why has the SRA added the Principle to act with honesty when there is already the Principle to act with integrity? The SRA recognises there is an overlap between Principle 4 “You Act with Honesty” and Principle 5 “You Act with Integrity”, however they have explained that a person can lack integrity without necessarily being dishonest and have said “The concept of integrity is wider than just acting dishonestly”.

To act dishonestly is a very serious matter, as a finding of dishonesty is likely to result in a solicitor being struck off. If an employee who is not a solicitor is found to be dishonest, the SRA can disqualify them from working in a law firm.

Only recently, the Head of Operations at international law firm Schillings was disqualified from working in the profession after he was caught selling mobile phones belonging to his employer. 95 mobile phones were sold for a total of £13,547, which the employee kept for himself. He is now disqualified from acting as the head of legal practice, head of finance and administration, or as a manager of any licensed body. He is also disqualified from being employed by any licensed body. A case which makes it clear to all employees that not adhering to the Principles can significantly affect your whole career!

So, what actions do the SRA consider to be dishonest? They have provided a few examples in their guidance which include;

  • Backdating or creating false documents – Whilst the SRA understand there are normally mitigating factors for this type of action, such as inexperience and stress, given its seriousness, the SRA have said that this cannot be a justification to act dishonestly
  • Taking or using someone else’s money without their knowledge or agreement
  • Lying to or misleading someone – In a recent case, a solicitor of 12 years was struck off for misleading his clients. For 6 weeks he told his clients he was awaiting a response from the court in respect of their application, when in fact he hadn’t even submitted the application. In his evidence he said that he was under enormous amounts of pressure and was too ’embarrassed’ to admit he was struggling
  • Giving false information to their firm’s insurer
  • Misleading a court, tribunal, regulator
  • Lying on a CV and misleading partners in their firm – Earlier this year a paralegal was banned from working for any regulated firm without the SRA’s permission after claiming on her CV she had a first class LLB law degree and had completed the Bar Professional Training course, when this was not true.

When considering if conduct is dishonest, the SRA have said that they will apply a two-stage test;

  1. What was the individual’s genuine knowledge or belief as to the facts at the time?
  2. In view of their knowledge or belief at the time, was their conduct dishonest by the standards of ordinary decent people?

BUT….. it is important to remember, even if someone is not found to have acted dishonestly, they may still be considered to have lacked integrity.

Below are a few suggestions to assist your understanding in this area;

  • Read the SRA guidance note on Acting with Honesty which has some useful SRA examples to help understand their approach.
  • Ensure your firm and all your employees are given the necessary training so that they understand their obligations under the Principles. It’s not always made clear to non-qualified staff that the Principles also apply to them.
  • Remember mitigating factors such as stress, inexperience and pressure can change the way in which someone would normally behave. This could be a trigger for them to act in a way that the SRA would deem as “dishonest”. If you are an employer, look after your staff and ensure they have the support they need to avoid this happening. If you are an employee and you feel like you are struggling, don’t feel embarrassed to ask for help, it’s likely there are others who feel the same as you do. Just keep in mind its ultimately your career that is at risk if you don’t speak up.

 

Get in touch

For more information about our services and how we can help, get in touch with one of our experts today.

Get in touch

SRA Standards and Regulations 2019 – Principle 4 To Act with Honesty Read More »