SRA’s Sectoral Risk Assessment: Technology Risks

Laptop keyboard with symbols of AI, email and social media

Date

There are four emerging risks that the SRA has identified in the Sectoral Risk Assessment which was published in July 2023. One of these emerging risks is technology risks. Here, we explain the SRA’s update on technology risks, and advice on what actions you should take.  

What technology risks are identified in the SRA's Sectoral Risk Assessment?

It’s not the first time that the SRA has mentioned technology risks that are emerging in the legal sector. There are several areas which are in discussion.

1. FinTech - Payment platforms

Recently, there’s been news about one payment platform allegedly allowing transfers from accounts that are identified for money laundering. This raises concerns about what checks are in place for these emerging industries. If they’re not traditional banks, how do we know that they’ve got safeguards in place for AML?

2. FinTech - Crowdfunding platforms

The SRA also talks about crowdfunding platforms, which is also mentioned in the National Risk Assessment. There are instances when people are genuinely crowdfunding in order to pay for their legal fees. However, there’s a risk that people may be using crowdfunding platforms as a way to obscure the source of wealth.

3. Cybercrime

There’s a lot of new legal technology out there, but if law firms don’t know how to use it, they won’t know how to protect it. This could lead to being exploited by the ‘baddies’ and becoming a victim of cybercrime, by them stealing personal information from your clients, infiltrating your bank accounts, etc.

A cyber-attack is an economic crime if the criminals access something that’s valuable, or if they want you to pay them with crypto-currency. So, this is no doubt on your radar already and you’re aware that you’ve got to have procedures in place to prevent cyber-attacks, and that those procedures are tested and working properly.

Over-reliance of technology

The SRA does make the point in their risk assessment about overuse of, and over reliance on, technology to do things like ID&V, with people relying on the big green tick on the report or the pass on the ID&V report as opposed to understanding what CDD has actually been checked and whether you have to do anything else.

With the increase in source of funds/source of wealth technology, understanding how it works and making sure that you’re satisfied with any conclusions that it’s drawing is extremely important.

What actions can be taken to mitigate the technology risks?

Firstly, review the work types that may be exposed to FinTech such as payment platforms and crowdfunding platforms and carry out a risk assessment.

Take a look at recent cyber-attacks of law firms that have resulted in fines from the ICO. You’ll see what investigations have been made and the disciplinary outcomes as a result. The investigations will likely include questions like:

  • When was last time you trained everybody?
  • What system do you have in place?
  • How do you know it works?

Although we’re discussing AML, there’s also an obligation in the Money Laundering Regulations that when you introduce new technology into your law firm, you need to have conducted a risk assessment about it.

When it comes to introducing new technology, you should make it easy for your law firm to comply by communicating exactly what the tech is doing and exactly how it works. If the SRA is doing an inspection, they’ll expect a good level of knowledge from the person responsible for AML on how the tech works.

Consider any tech you’ve introduced and carry out a risk assessment if you’ve not already done so. Also include any tech that you’re considering introducing. We often find that policies don’t include details of the process of any introduction of any new tech. What it should confirm is that a risk assessment will be conducted as to whether it increases or decreases the risk of money laundering or terrorist financing, and it will be recorded in the Practice Wide Risk Assessment.

Whether you’ve got a new case management system; changed your CDD provider; or got a new accounting system, as auditors we’d be asking to see your risk assessment in relation to each piece of new tech.

As with all things compliance, making sure everything is recorded in your assessment is essential!

Get in touch

At Teal Compliance, we’re here to support your journey towards regulatory and AML compliance.   

If you’re looking to ensure that you, your firm and your clients are safe, simply contact our experts today. 

Get in touch

More
articles

Testimonial from Right Legal
"We have been using Teal to support our compliance frameworks, and every aspect of our experience with them has been fantastic. From the training to the audits, and especially the ‘Ask Teal’ helpline, nothing is too much trouble, and you get quick support from some of the industry’s best compliance experts. Just having them there to support our continued growth takes a huge weight off my mind. Highly recommend to firms of all size and structure!"
Get in touch
Testimonial from Constantine Law
"We rely on Teal Compliance to provide responsive, practical compliance services to Constantine Law (we do not have an in-house compliance officer/function). I would encourage all solicitor firms without their own resource to engage with Teal: they know what they are doing and they provide peace of mind regarding day-to-day compliance matters as well as responses to unforeseen (tricky) compliance matters. They have become an indispensable partner to Constantine Law in our growth journey."
Get in touch
Testimonial from Streathers Solicitors
"We have worked with Teal for several years. They have provided us with AML training and also helped us put together our firm-wide AML risk assessment and our updated AML policy, along with assisting us with various issues as and when they arose. We have always found them to be very helpful, friendly, responsive and knowledgeable, and are happy to recommend them."
Get in touch
Testimonial from Streathers Solicitors
"We have had a relationship with Teal for a number of years and they have provided a valuable resource to our compliance team. Teal combine the delivery of a personal and friendly service with city level expertise."
Get in touch