There are four emerging risks that the SRA has identified in the Sectoral Risk Assessment which was published in July 2023. One of these emerging risks is technology risks. Here, we explain the SRA’s update on technology risks, and advice on what actions you should take.
What technology risks are identified in the SRA's Sectoral Risk Assessment?
It’s not the first time that the SRA has mentioned technology risks that are emerging in the legal sector. There are several areas which are in discussion.
1. FinTech - Payment platforms
Recently, there’s been news about one payment platform allegedly allowing transfers from accounts that are identified for money laundering. This raises concerns about what checks are in place for these emerging industries. If they’re not traditional banks, how do we know that they’ve got safeguards in place for AML?
2. FinTech - Crowdfunding platforms
The SRA also talks about crowdfunding platforms, which is also mentioned in the National Risk Assessment. There are instances when people are genuinely crowdfunding in order to pay for their legal fees. However, there’s a risk that people may be using crowdfunding platforms as a way to obscure the source of wealth.
There’s a lot of new legal technology out there, but if law firms don’t know how to use it, they won’t know how to protect it. This could lead to being exploited by the ‘baddies’ and becoming a victim of cybercrime, by them stealing personal information from your clients, infiltrating your bank accounts, etc.
A cyber-attack is an economic crime if the criminals access something that’s valuable, or if they want you to pay them with crypto-currency. So, this is no doubt on your radar already and you’re aware that you’ve got to have procedures in place to prevent cyber-attacks, and that those procedures are tested and working properly.
Over-reliance of technology
The SRA does make the point in their risk assessment about overuse of, and over reliance on, technology to do things like ID&V, with people relying on the big green tick on the report or the pass on the ID&V report as opposed to understanding what CDD has actually been checked and whether you have to do anything else.
With the increase in source of funds/source of wealth technology, understanding how it works and making sure that you’re satisfied with any conclusions that it’s drawing is extremely important.
What actions can be taken to mitigate the technology risks?
Firstly, review the work types that may be exposed to FinTech such as payment platforms and crowdfunding platforms and carry out a risk assessment.
Take a look at recent cyber-attacks of law firms that have resulted in fines from the ICO. You’ll see what investigations have been made and the disciplinary outcomes as a result. The investigations will likely include questions like:
- When was last time you trained everybody?
- What system do you have in place?
- How do you know it works?
Although we’re discussing AML, there’s also an obligation in the Money Laundering Regulations that when you introduce new technology into your law firm, you need to have conducted a risk assessment about it.
When it comes to introducing new technology, you should make it easy for your law firm to comply by communicating exactly what the tech is doing and exactly how it works. If the SRA is doing an inspection, they’ll expect a good level of knowledge from the person responsible for AML on how the tech works.
Consider any tech you’ve introduced and carry out a risk assessment if you’ve not already done so. Also include any tech that you’re considering introducing. We often find that policies don’t include details of the process of any introduction of any new tech. What it should confirm is that a risk assessment will be conducted as to whether it increases or decreases the risk of money laundering or terrorist financing, and it will be recorded in the Practice Wide Risk Assessment.
Whether you’ve got a new case management system; changed your CDD provider; or got a new accounting system, as auditors we’d be asking to see your risk assessment in relation to each piece of new tech.
As with all things compliance, making sure everything is recorded in your assessment is essential!
Get in touch
At Teal Compliance, we’re here to support your journey towards regulatory and AML compliance.
If you’re looking to ensure that you, your firm and your clients are safe, simply contact our experts today.