Risk Outlook 2018/19 - Solicitors Regulation Authority
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Risk Outlook
2018/19
Contents Foreword 04 Introduction 05 Access to legal services 06 Cyber security 12 Diversity in the profession 18 Information security 22 Integrity and ethics 26 Investment schemes 30 Managing claims 34 Money laundering 40 Protecting client money 46 Standards of service 52
Foreword by Paul Philip,
Chief Executive
Our annual Risk Outlook sets out what we Cyber security has always featured in the Risk
think are the risks and the challenges faced Outlook as a consideration when protecting
by solicitors and law firms. I know how people’s information and money. But we
fundamental the work of solicitors is to every recognise that this is of increasing concern
part of our society and our communities, so it is to the profession, so we have set it out as a
important that firms and professionals take the separate risk. We have worked with the National
right steps to meet those challenges. Cyber Security Centre to provide you with top
tips on keeping cyber-safe.
As the regulator, we can help by sharing our
view of the risks and what can be done to Our Risk Outlook also updates you on issues
address them. such as accessing legal services, dubious
investment schemes, money laundering,
This year we have 10 priority risks that all information security and diversity. We remind
solicitors and firms need to consider. The Risk you of the importance of not drafting the terms
Outlook suggests what can be done to manage of non-disclosure agreements in a way that
the risks and avoid harm to the public, the rule suggests a person may not report misconduct
of law and the proper administration of justice. to a regulator or a law enforcement agency or
make a protected disclosure.
Many of the risks we are highlighting are
not new, but none of us can afford to be As many of you will know, we are changing
complacent. how we regulate to focus on high professional
standards, removing outdated constraints
We have included two new priority risks this
and helping to tackle the barriers that hinder
year – managing claims and cyber security. We
access to legal services. We are aiming to bring
are increasingly concerned about the practises
in our new Codes of Conduct, Accounts Rules
of some firms that offer personal injury work,
and other changes, including new practising
including holiday sickness claims. Similarly,
flexibility, in spring 2019. In my view, these
some firms bringing payment protection
changes will provide a solid foundation for you
insurance claims may not always be meeting the
to manage risk in your firms, whilst freeing you
high standards we expect.
up to innovate and grow.
4
Introduction
What is the Risk Outlook?
It provides an overview of the priority risks It aims to:
to:
• help solicitors and law firms manage risk
• people who use legal services
• show the priorities we allocate our
• the operation of the rule of law resources to
• the proper administration of justice. • explain how we address these risks.
How to use the Risk Outlook
For each risk, we explain:
• why it matters, based on evidence
• actions that solicitors and firms can take
Look out for:
• what we are doing to help to manage the risk.
Where relevant, we also give details about Case examples
potential changes we see on the horizon.
Solicitors and firms should think about how
the risks apply to them and their own business
Spotlight on
to get the best value out of the Risk Outlook.
We have included case examples and have
highlighted certain areas of work to help
solicitors and firms understand the risks and
the actions they can take. On the horizon
Our assessment of risk is based on a wide
range of input from across the sector. The Risk
Outlook is not guidance and does not contain
exhaustive lists of obligations or actions. It
should be used to raise awareness of the
priority risks that need to be managed.
5
Access to legal services
Many people and businesses do not get the
legal help they need. More can be done to
improve access to legal services.
6
Access to legal services
Why this risk matters
When a person or business needs legal help, it
is important they have access to good quality,
affordable legal services to help them solve their
32%
problems. If they are unable to access support of people had at least
this can lead to a range of poor outcomes and one legal need in
hinder the proper administration of justice. This the last 18 months,
can undermine trust in the profession and the
such as ...
justice system. It can also give the impression
that legal services are for the few that can
afford it.
For some people on very low incomes, public
funding is available for certain legal services.
And regardless of whether legal help is publicly
or privately funded, people should be able to
choose their legal services provider. Therefore, buying a
a competitive market, where people can choose property
from a range of affordable options, will support
family
people to get the best outcome when they need
problems4
legal help.
Legal needs
The needs experienced by different groups vary Changes to society, such as our aging
by amount and type. For example, adults with population and more informal working
a long-standing illness or disability are more practices, are likely to result in different types of
likely to have problems relating to injury or legal needs.
ill-health from an accident or negligence, anti-
social behaviour by neighbours and financial Finding legal help
problems.1 And businesses with black, Asian and
It can be hard for people to know whether
minority ethnic (BAME) owners, or businesses
their problem needs legal help and what sort
run by people with a disability, are significantly
of help that might be. The two main barriers to
more likely to have a legal need.2
accessing legal services are the:
Some people are more likely to experience
negative effects, such as stress, financial
• affordability of services
difficulties and harassment, because of their
• lack of information.
legal need, especially:
For those that do take professional advice,
• people with a limiting illness or disability 27% of people and 22% of small businesses
researched the market before choosing their
• lone parents
legal service provider.5 Only 2% of those
• people on means-tested state benefits that take professional advice use an online
comparison website.6
• people running small businesses.3
7
People want to know the price and have some
indication of quality when choosing a legal Technology to create
service provider.7 But, only 18% of law firms more accessible services
have prices on their website.8 Some 61% of
people using legal services speak to the firm
Technology means the public can access
to find out the price.9 People can also over-
legal help in novel ways, often costing
estimate the cost of services and 28% do not
them less than traditional legal help.
use a solicitor because they think that they
And it gives firms chances to offer their
are unaffordable.10 Firms could be losing new
services differently and more efficiently,
business if their prices are not readily available.
and potentially reach new markets. Firms
offering these services should be mitigating
Using legal services
any associated risks, such as cybersecurity
Conveyancing and will writing are the most and information security.
commonly used legal services, followed
There are several digital services that can
by power of attorney.11 There are regional
help people with problems before or after
variations in the use of legal services. For
getting professional legal advice, such as
example, people in London are more likely
those that help people make claims and
to use immigration and housing services and
complete legal documents and forms.
are less likely to use will writing and probate
services compared with average use across
For businesses negotiating contracts or
England and Wales.
dealing with litigation, there are a range
of tools. For example, there are artificial
The way services are delivered is changing, with
intelligence (AI) systems that support
more people expecting fixed fees and online
litigation processes and contract drafting.
delivery.12 But there is still a strong preference
for local services, meaning smaller firms are well
These types of programmes work on
placed to meet the needs of their communities.
routine tasks. They free up lawyers’ time
for more complex work and to meet with
The market is steadily growing and diversifying,
clients and potential clients. They can help
which is leading to greater choice for people
to improve access for all legal services
and small businesses. For example, our impact
users, particularly those in rural areas (with
evaluation of alternative business structures
internet access), as well as those on low
(ABSs) and multi-disciplinary practices (MDPs)
incomes or in situations that increase their
shows that people are benefiting from their
vulnerability.
services. ABSs are more likely to innovate than
other firms and increased competition should
lead to more choice. And MDPs may appeal
to small businesses so that they can find their
professional services under one roof.
8
Access to legal services
What solicitors and firms can do
Many solicitors and firms are improving access
by competitive costing and innovative service Research about better
delivery, such as automating some services. information
To address the barriers to accessing legal
services, solicitors and firms can:
• share more information about services and
prices online, and with relevant organisations
that support people with legal needs, so it will
reach a wide variety of people
• keep information clear and concise so it is
easy to understand
• help people understand services and prices
by training staff that deal with enquiries from Our independent research has found
the public people make better choices when they can
see the price of a service up-front. It also
• tell people about the Legal Choices website, found that, when choosing a provider, the
which offers information on the different most important factors are their reputation
types of legal help available and the price. Firms that advertise their
prices say it helps people to understand
• ask for feedback about how the information their services and attracts more clients.
has been presented to see if it can be
improved. A second piece of independent research
found that people valued regulation and
were more likely to choose a provider
whose website included a ‘regulated by the
SRA’ badge. It also found that people are
50%
willing to weigh up price and regulatory
protections, such as access to the Legal
Ombudsman and our Compensation Fund.
of small businesses
We also commissioned further independent
try to resolve problems research about how clear legal costs could
on their own13 help small businesses access legal services.
as do
35%
of people14
9
What we are doing
We work with others to understand how to • more flexibility in how solicitors can practise,
best help improve access to legal services. including allowing:
For example, the Legal Choices website helps
people to better understand the problems that ◊ solicitors to practise reserved legal
may need professional legal advice and how activities on an individual freelance basis
they can resolve them. We work jointly with the
◊ non-authorised businesses to employ
other legal regulators to run and develop the
solicitors to offer non-reserved activities
website, liaising with advocacy groups and the
to the public.
public to make sure it meets people’s needs. We
have also been working with the Commission on
We believe our reforms will allow more
Justice in Wales to support their work on access
growth and innovation, while maintaining high
to justice.
standards and public protection for those that
need it most.
Regulatory reform
We have consulted on changes to make sure
We are making it easier for people to choose
people get the right level of protection when
the legal service they need by sharing our
using a solicitor or firm.
information and requiring firms to provide more
information. We are introducing a wide package
• Our professional indemnity insurance (PII)
of reforms. And our Better information, more
proposals will give firms more flexibility to
choice proposals will require firms to publish
choose the right level of insurance to suit
information on prices and what this covers
their business and clients.
for a range of legal work. This information
will help people find legal services that better • Our Compensation Fund proposals are
meets their needs and should also encourage designed to make sure financial support is
competition. focused on those most in need of help.
We will develop an SRA digital badge for use on And, in turn, people should benefit from a more
firms’ websites, which links to a digital register competitive marketplace and increased choice.
to help the public understand who we regulate
and the protections that come with it. The Educational reform
digital register will also include information
about the disciplinary action we have taken The Solicitors Qualifying Examination (SQE)
against a firm or person. We will also publish will mean that future solicitors will all have to
market-level data on complaints made to firms. meet the same standard regardless of their
training route. It will also help support diversity
Our Looking to the Future proposals will in the profession; helping people to find a
introduce: solicitor who understands their community and
problems.
• new, clear principles that solicitors must
follow And our training requirements will be more
flexible when the SQE is introduced. This may
• a short Code of Conduct for individuals and mean that university law clinics and other places
firms where the public can access support might
expand their reach, as law students will be able
• less prescriptive Accounts Rules
to use a wider range of work experience to
prepare for the SQE.
10Access to legal services
SRA Innovate
Our SRA Innovate initiative can provide a safe
space for firms who want to provide new
services in new ways that could benefit the
users of legal services. We have also launched
a new policy, so we can grant waivers to our
rules if a firm’s idea is in line with our regulatory
objectives and has a public benefit.
We will evaluate the impact of all our proposed
changes15 to understand if access to legal
services has improved. And we will publish
the results to help firms understand how their
services can improve access to legal services.
Innovation Space allows new
practising flexibility
We allowed a solicitor to offer legal services Without the waiver, the business would have
in a business that was not regulated by to outsource legal services, which results
us or by another legal regulator. We did in a disjointed customer experience and
this by granting them a waiver to one of potentially extra costs for domestic staff and
our rules. The services the business offers their employers. The business is piloting
are non-contentious employment matters these services in our Innovation Space.
and commercial legal advice for families
employing domestic help. It also advises
domestic staff so they understand their
working rights and make sure they are
treated fairly.
11Cyber security
Solicitors face increasing threats from
cybercriminals. Secure IT systems and well-
informed staff are the best ways to protect
their firms and their clients.
12Cybercrimes and
scams
Why this risk matters
Cyber security
Cybercrime is an ever-growing risk and is now
widespread in the UK. Cybercriminals target law Email modification fraud
firms because of the money and information
The most common type of
they hold. Attacks can also threaten a firm’s own
cybercrime against solicitors,
operations or its reputation.
where criminals intercept
In the first quarter of 2018, email modification and falsify emails between a
fraud accounted for more than 70% of all client and the firm, leading to
cybercrime reports. Almost all other cybercrime bank details being changed
reports also involve some form of forgery to and money being lost.
deceive targets into responding, rather than
explicit hacking of the firm’s systems.
Phising and vishing
In 2016, £9.4m of client money was reported
Criminals email or phone
as lost to cybercrime, increasing to £10.7m in
to obtain confidential
2017. We suspect there is some underreporting,
information, such as a
particularly where money is replaced promptly
password, through gaining
by the firm or their insurer. This is because we
the trust of a solicitor or
are seeing fewer reports than we would expect
other member of staff.
given media reporting of the frequency of these
attacks.
We are receiving more reports of cybercrimes. Malware
Harmful software that
includes viruses and
ransomware programs, which
encrypt files and demand
a ransom in return for
157 decrypting the files.
reports to us about CEO fraud
cybercrime Criminals impersonate
in 2017 a senior figure at a firm
through hacking, or having a
very similar email address, to
103
CEO
impose authority and order
money transfers.
in 2016
Identity theft
Bogus firms copy the identity
and brand of a firm.
13
13Email modification fraud
This fraud happens when criminals We also see cases where the criminal
impersonate someone going through a impersonates the firm and tells the client
process involving the transfer of money, that the firm has new bank details. In these
such as a property transaction. They do cases, the client sends the deposit and other
this by breaking into that individual’s email money directly to the fraudster’s account.
system or forging emails from it.
This fraud is relatively common in firms
The criminals contact the solicitor through and often accounts for at least half of all
the stolen or falsified address to tell them cybercrimes. During 2017, email fraud
the bank account details have changed. reported to us fell to an average of 46% of all
They usually do this at short notice and cybercrimes but in the first quarter of 2018
when there is time pressure, for example, had risen to 71%.
on the afternoon of a property completion.
The solicitor sends money to the new bank
account and this is quickly moved on by the
criminals. When used to steal conveyancing
money, it is also known as 'Friday afternoon
fraud', as many of these transactions take
place on Friday afternoons.
14Cyber security
Remote working
Firms are increasingly using systems to
help their employees work on the move.
This includes ‘bring your own device’,
which allows people to work from home
or anywhere on their own devices while
connected to a cloud-based server. This can
£10.7m
offer security if updates to the system are
made automatically and data is backed-up.
We are also seeing more use of video
client money reported conferencing systems and smart, connected
to us as lost to devices, such as internet connected
cybercrime in 2017 printers.16 However, the connected devices
are often not fully secured or updated.
Malware targeting these devices increased
six-fold in 2017. This can be a serious, but
subtle threat, such as:
£9.4m • a compromised smart alarm or thermostat
could tell a criminal when a building is
unoccupied
in 2016
• a compromised video conferencing
system, printer or home assistant could be
used to steal sensitive data.
15What solicitors and firms can do
We want firms to benefit from the Our paper on IT security: keeping
advantages IT can bring. However, they information and money safe gives more
need to take care that their system keeps detailed advice on how to defend against
client information and money safe. The cybercrime. The National Cyber Security
best defences against many cyberattacks Centre (NCSC) also give advice and
are to: information, including specific guidance for
smaller businesses.
• keep systems updated
Losses of client data and money that
• use antivirus software on desktops and amount to, or may be, serious breaches
laptops or misconduct should be reported to us
through report@sra.org.uk. Reports will
• backup important information frequently
be dealt with in line with our enforcement
and securely, and learn how to restore
strategy.
the system from a backup
We are also interested in evidence of
• encrypt mobile devices and install a
near misses and other scams that target
system to track and delete the data if
firms or their clients. These can be sent
they are lost
to us through fraud@sra.org.uk. Our
Professional Ethics team can provide more
• make sure everyone in the firm knows
advice on what to report.
how to create secure passwords
• avoid using administrator accounts
(those with the privilege to access other
users’ accounts and install software)
for regular work that does not involve
maintaining the IT system
• make sure everyone in the firm knows
how to recognise the signs of email
modification fraud and common
phishing scams
• plan how to respond to an attack or
other incident.
16What we are doing
Cyber security
We are working with the NCSC and the
IT security sector to regularly update the Firm’s data stolen and
information we provide to firms. spread through social media
No defence is perfect, and some organised
cybercrime activity can be hard for even In March 2018, a firm was attacked with
technology companies to stop. As such, we ransomware. The criminals left a ransom
take a proportionate approach to breaches note on the firm’s system, saying that
reported to us. When we have taken regulatory they had obtained sensitive information
or disciplinary action against firms, it has been and would publish it unless the firm paid
where the firms did not: £3m. The firm declined to do this and the
criminals began publishing the firm’s data
• take reasonable steps to protect themselves through Twitter.
or check their client’s instructions
The firm worked with computer forensics
• follow basic security guidance specialists to deal with the breach and find
out how their system was accessed. And
• report the incident, where appropriate they obtained an injunction from the High
Court to bar anyone from further sharing the
• act to remedy the losses. information that the hackers had published,
as well as successfully securing the removal
Our Accounts Rules reforms include options
of information from websites. They reported
to use third-party-managed accounts instead
the breach to the National Crime Agency and
of a traditional client account, giving firms
to us.
the option to avoid the exposure that a client
account brings. Money held in these accounts It is not yet clear how the firm’s systems
is not subject to the Accounts Rules, but firms were infected with ransomware, but
need to act in the best interests of each client many of these attacks rely on fake links or
and decide whether a managed account is attachments in emails.
appropriate in each case.
We will be publishing more information on how
firms are using advanced IT, including artificial
intelligence. We are also working with the NCSC
to include the latest recommendations on how
to protect systems from attack.
17Diversity in the
profession
Law firms, solicitors and the public all
benefit from a diverse and inclusive legal
profession.
18Diversity in the profession
Why this risk matters
The legal profession is changing and starting to Research into diversity in the profession
reflect the diversity of wider society. More needs
to be done to improve the representation of all Our law firm diversity tool shows that entry
groups, particularly in senior roles. into the profession is diverse but women, black,
Asian and minority ethnic (BAME) and disabled
Equality, diversity and inclusion in the legal lawyers continue to be under-represented at
profession is important for many reasons, partner level, particularly in large firms. And
including: BAME and disabled solicitors are more likely
to work in smaller firms. Solicitors that went to
• the effective administration of justice, as a state schools, and were the first generation to
diversity of views and approaches, whether go to university, are also more likely to work in
in firms or in the judiciary, supports an small firms.
independent justice system and maintains the
rule of law Independent analysis of the diversity data we
collected about the people working in firms
• allowing the most talented people to become found that:
solicitors and progress in their careers which
helps to maintain high standards • the prospects of becoming a partner are
higher for white men than any other group
• improving access to services, as some people across all types of firms
may be more likely to seek legal help from
solicitors they share some social or cultural • women and BAME men are more likely to be a
characteristics with. partner in small firms
There are also business benefits of a diverse • BAME women are particularly disadvantaged
and inclusive workforce, including:17 in progressing to partner level in the
profession.
• a better understanding of the market and a
wider customer base
• more informed decision-making and more
innovative solutions to business problems
and market changes
• attracting and retaining the best staff at all
21%
levels of seniority
of all partners
• cost efficiencies and better productivity from are BAME
improved staff morale and retention.
8%
of partners in
large firms
are BAME
19What solicitors and firms can do
Firms have a responsibility to promote and • support different routes to the profession,
encourage diversity at all levels by nurturing, including apprentices, paralegals and legal
valuing and developing all the talent they executives, so talented people from all
recruit. Embedding diversity and inclusion into backgrounds can access the profession
their culture allows firms to realise the benefits
that different people can bring. • consider the wellbeing of staff and help staff
manage their stress levels.
Career paths are influenced by people’s social
background and education as well as barriers Our report, The business case for diversity, and
to entering, and progressing in, professions. our diversity resources have more practical
There are different barriers for different groups. examples about how to promote a diverse and
And some people face multiple barriers if they inclusive workplace.
are a member of more than one disadvantaged
Networks such as Women in Law, the Black
group. It is best for firms to take more than one
Solicitors Network, the Society of Asian Lawyers,
approach to improving diversity and evaluate
the Lawyers with Disabilities Division and the
the success of their initiatives.
lesbian, gay, bisexual and transgender (LGBT)
To improve diversity and inclusion firms can: Lawyers Division run business and social events,
and offer career support and networking.
• create a culture where people feel able to talk
about diversity and staff feel included and
valued
• offer mentoring schemes, which can improve Making flexible working
access to the profession and diversity at available for all staff
management levels – initiatives such as
Inspired by Law, Aspiring Solicitors, Sponsors
for Educational Opportunity and the Social “We changed the culture by shifting the
Mobility Business Partnership can help firms onus. We began by assuming all flexible
working requests could be agreed. Instead,
• use our law firm diversity tool to benchmark managers had to prove why flexible working
their diversity, and encourage all staff to couldn't work.”
respond to all questions
Law firm
• carry out pay audits to identify any pay gaps
“The benefits are that you retain a greater
between different groups of people
number of people, especially those returning
• consider unconscious biases and help staff from maternity leave. It helps you attract
overcome these to make objective decisions staff and gives rise to continuity as staff stay
about recruitment and selection and therefore clients deal with the same
people that understand their business.”18
• offer flexible working, such as home working Law firm
to help the work-life balance of all staff,
particularly those with caring responsibilities
• ask senior managers to lead by example, such
as challenging any offensive behaviour in the
workplace
20Diversity in the profession
What we are doing
We continue to work with firms and other
organisations to encourage a diverse and Mentoring scheme to
inclusive profession. We have: promote LGBT inclusion
• had our diversity data independently analysed
to explore solicitors' career progression We are working with Stonewall and several
firms to promote LGBT inclusion through
• reviewed how firms are promoting equality,
a cross-firm mentoring programme. Some
diversity and inclusion
of the legal sector’s top-ranking firms in
• worked with solicitor groups to improve the the Stonewall Workplace Equality Index are
representation of women and BAME solicitors offering mentoring to small and medium
in senior roles, such as Women in Law, the sized firms in England and Wales. They
Society of British Bangladeshi Solicitors and share best practice and give guidance about
the British Nigeria Law Forum creating an LGBT-friendly workplace.
• measured the impact of removing the
minimum salary for trainees, which found
that the average pay gap between different
ethnic groups has reduced
• engaged with firms, academics and others
about the Solicitors Qualifying Examination
(SQE) and innovative routes into the
profession while maintaining standards. On the horizon
An independent review of the SQE proposals
found that it should open up opportunities to Gender pay gap reporting is currently
access the profession, increasing the potential required for firms that have 250 or more
for social mobility and support diversity. employees.
We promote good practice in equality and It is possible that pay gap reporting is
diversity in our own work. For example: likely to extend to ethnicity. Some firms
are already taking a lead on this. The
• We have Disability Confident accreditation, as Government has commissioned research
we make sure that disabled people have the into what steps employers have taken to
opportunities to fulfil their potential. promote diversity in the workplace and
how they are trying to reduce the ethnicity
• We are a Stonewall Diversity Champion, as we pay gap. And the Hampton-Alexander
have an inclusive workplace. Review calls for one-third of FTSE leadership
positions to be held by women by 2020.
• We have staff networks around diversity,
wellbeing and inclusion. These support staff
and organise our attendance at professional
and community events, such as Pride and the
UK Diversity Legal Awards.
21Information security
The information that clients share with
their solicitors can have great financial and
personal value. Solicitors must know how to
protect the information they are holding.
22Information security
Why this risk matters
Solicitors hold sensitive and confidential Solicitors have always needed to work on
information about their clients and must the move, as they need to visit clients and
protect it. Any loss of that information can courts. This means that they must work with
have financial, reputational or personal confidential materials outside the safety of a
consequences for the client and for the solicitor secure office. It is important that solicitors take
that loses it. care to keep information safe and confidential
while working remotely.
Information security is not just about technology
and protecting electronic information. It is also
about protecting printed data and sensitive
discussions.
Data from the Information Commissioner’s
512
Office (ICO)19 shows that:
• for all sectors in the first quarter of 2018, they
received:
reports to us about
◊ 97 reports of cyber security incidents
breaches of
◊ 119 reports of lost paperwork confidentiality
in 2017
◊ 284 reports of data being sent to the
wrong person by email, post or fax.
• There has been an increase in the reports
of all data security incidents, which may
122
be because of the increased awareness of first quarter
data protection and the launch of the ICO’s
2018
Personal Data Breach helpline.
• The most common legal sector breaches
are confidential emails and letters being
sent to the wrong person, and lost or stolen
paperwork.
23General Data Protection
Regulation (GDPR)
Solicitors must comply with the GDPR and There are additional obligations that may
the Data Protection Act 2018. apply to some firms, such as appointing a
Data Protection Officer. There is also the
Law firms will need to be sure that they are requirement for enhanced internal record
meeting GDPR requirements, including: keeping where a business has more than
250 employees or its activities relate to
• telling people how their data is being used higher risk processing, such as:
• training staff and promoting awareness • processing personal data that could result
in a risk to the rights and freedoms of an
• understanding what data they hold and
individual(s)
how this is managed
• processing special categories of data or
• transferring data in line with GDPR
criminal convictions and offences.
requirements
The ICO has an advice line and accessible
• making sure suppliers have appropriate
guidance to help small businesses comply
controls in place and are carrying out
with GDPR. The Law Society also has a guide
proper due diligence checks
for solicitors on GDPR compliance.
• conducting an impact assessment when
any new data processing or systems might
lead to a high risk, such as when they
introduce a new technology.
24Information security
What solicitors and firms can do What we are doing
Firms can protect information by focusing on Our report, Information security: keeping
simple steps, including: information and money safe, provides more
detail on common information security threats
• double-checking emails and letters are being and on the best practices for how to deal with
sent to the right address. Some email systems them.
will flag an external email address is being
used When we learn about criminal activities or frauds
targeting those we regulate, we issue scam
• protecting physical documents, for example alerts to warn the public and firms about known
by locking filing cabinets at night and taking threats. There is also a quarterly round up of
precautions when transporting documents these alerts to show the high-risk scams for both
members of the public and solicitors.
• using privacy screens for laptops to protect
information for mobile workers When a loss of client data is reported to us, we
take action where needed, considering the facts
• making sure that sensitive conversations are of the case. We expect solicitors and firms to
not overheard
take reasonable steps to protect information,
and to promptly report to us any loss that may
• keeping electronic data backed up securely
amount to a serious breach or misconduct.
• using appropriate encryption when storing While we recognise that no defences are perfect,
and transferring personal data we are likely to act where client information is
exposed and the firm did not take appropriate
• understanding and meeting their GDPR and steps to protect it.
Data Protection Act 2018 obligations.
When there is a serious breach of confidentiality,
firms need to report it to us and consider
whether a referral should be made to the ICO by
following their guidance on reporting a breach.
25Integrity and ethics
Solicitors are responsible for meeting
high professional standards. The business
culture in law firms should reflect this.
26Integrity and ethics
Why this risk matters
Solicitors owe duties to: The Advertising Standards Authority is also
investigating advertising by tax advisers and
• the court has made findings against those advertising
avoidance schemes.
• the wider public interest
We warned firms about facilitating tax
• their clients avoidance schemes that go beyond the
intentions of Parliament.
• their colleagues
• third parties.
Acting without integrity and ethics can lead to
poor outcomes and undermines the proper
administration of justice.
Cases where solicitors put their clients’ interests
above all other considerations can also harm
public trust in legal services, which ultimately
undermines the rule of law. 2,090
Tax avoidance schemes reports to us about acting
without integrity
Solicitors advising on taxation need to be aware
of the legal position of artificial tax avoidance or ethics in
arrangements. The Government does not view 2017
tax arrangements that do not meet the spirit of
tax law as being legitimate.
Solicitors should be aware of the penalties that
439
apply to ‘enablers’. Enablers include: first quarter
2018
• solicitors involved in developing and advising
on schemes
449
• those involved in implementing the scheme
by creating companies or trusts first quarter
2016
• those involved in marketing schemes.20
HM Revenue & Customs will impose a penalty
where they defeat a tax avoidance scheme that
has abused the tax law. The penalty is the full
payment received by each enabler.
27Harassment and non-disclosure
agreements (NDAs) Immigration solicitor
abuses the appeals process
The role of solicitors in drafting NDAs in relation
to allegations of harassment has received public The Solicitors Disciplinary Tribunal (SDT)
and political attention. struck a solicitor off the roll for abusing the
court system by bringing hopeless appeals
While we recognise that NDAs have legitimate to immigration decisions. The solicitor had
uses, solicitors must not draft agreement terms made a practice of bringing last minute
in a way that suggests a person may not report challenges to removal decisions. In one of
misconduct to a regulator or a law enforcement these challenges, they left out important
agency or make a protected disclosure. information which would have meant the
submission would have been rejected.
We will act against any firm that uses NDAs to
cover criminal activity or serious professional The Immigration Tribunal found that the
misconduct. Our warning notice provides appeals had no legal merit and that the
solicitor had designed them to exploit
further detail, and our paper on balancing
a “weak spot” in the judicial system to
duties in litigation includes warnings about
delay deportations where there was no
the use of unenforceable litigation threats to
justification.
prevent legitimate criticism.
The SDT found that the solicitor’s actions
As with many other forms of poor conduct, had shown a lack of integrity. The solicitor
preventing harassment in firms themselves appealed but the High Court upheld the
can be tackled through the business culture decision of the Tribunal. It found that
communicated through business leaders. An the solicitor’s actions had been an abuse
effective tool is to encourage staff networks that of process and that it was suitable that
help people discuss issues. It is also important deterrence was a consideration when
that staff affected by issues such as harassment making their decision.
feel able to report problems. Some firms have
launched confidential helplines for this purpose.
28Integrity and ethics
What solicitors and firms can do What we are doing
Solicitors must always act with integrity. As well We are reforming our regulations with
as being honest, this includes having sound shorter, less prescriptive rules that focus on
morals and following the ethical codes of the ethical standards. This lets solicitors use their
legal profession.21 Solicitors are expected to professional and ethical judgment in their work.
follow high standards in both what they say and
what they do.22 Where we see ethical problems, we warn
solicitors and may conduct research and analysis
Solicitors must put their ethical obligations first of the issues. Our paper on balancing duties in
and keep their independence. This means that litigation provides more detailed advice on how
they must not and should not put their own, to manage situations where solicitors’ ethical
or their clients’, interests above their wider duties may conflict. We will be updating this
professional obligations to the administration of paper soon.
justice, the rule of law and the courts. Given their
professional responsibilities, this means that
they should be prepared to decline instructions
that would conflict with their obligations.
When handling litigation, solicitors must be
sure to bring cases honestly and professionally,
without allowing themselves to become complicit
in misleading the court. For example, solicitors
must:
• not abuse the court system by using
proceedings to delay a legal process
• make sure they have full information and
make the court aware of any limitations in
their case.
29Investment schemes
The promoters of questionable investment
schemes often try to legitimise them by
involving solicitors and law firms.
30Investment schemes
Why this risk matters
Questionable investment schemes offer The financial losses for people can be high. If
unrealistically high returns for investors and solicitors are involved in such schemes they risk
often lead to significant losses of money. Very harming public trust in the profession. We are
few solicitors would ever knowingly become likely to take action including making a referral
involved in the promotion or administration of a to the Solicitors Disciplinary Tribunal (SDT).
dubious investment scheme.
In March 2018 we were investigating 51 reports
We have seen cases where solicitors and firms of investment fraud. There had also been
have become involved by: 106 applications made to the Compensation
Fund relating to investment schemes, totalling
• acting for the promoter £47.4m since 2015.
• acting for potential investors The Financial Conduct Authority (FCA) found
that people over 65, with savings of more than
• acting for both £10,000, are three and a half times as likely to
fall victim to investment fraud.
• passing people’s money through their client
account.
The schemes that concern us are those that
take advantage of people, with the solicitor’s Rule 14.5 of our Accounts
reputation being used to persuade people Rules 2011
to invest. Schemes can include potential
investment in, for example:
"You must not provide banking facilities
through a client account. Payments into,
• off-plan property
and transfers or withdrawals from, a client
• hotel room leasing account must be in respect of instructions
relating to an underlying transaction (and
• car park spaces the funds arising therefrom) or to a service
forming part of your normal regulated
• bank instrument trading activities."
• carbon credits Our warning notice and case studies on Rule
14.5 should be read by all solicitors holding
• fine wines, art and diamonds. client money.
The promoters often move money through the
solicitor’s client account and tell people that
the solicitor’s insurance and the Compensation
Fund will protect their money. But it is very
unlikely that this will be the case. And the
people that give their money to the promoter
of a questionable investment scheme are not
usually the solicitor’s client.
31What solicitors and firms can do What we are doing
Solicitors and firms must not become involved in Guidance
questionable investment schemes and should:
Our report about questionable investment
• read and follow our warning notices on schemes and warning notices provide
investment schemes and the client account information about the signs of investment fraud
and investment schemes and conveyancing and the consequences for those who become
involved.
• carry out due diligence on any promoter of an
investment scheme Acting in the public interest
• not allow the client account to be used as a Where solicitors have allowed their client account
banking facility to be used as a banking facility, or have become
directly involved in questionable schemes, we
• not provide advice or services that would give will act to protect the public. Solicitors who act
the appearance of a false underlying legal dishonestly, or without integrity, can expect us to
transaction take disciplinary action and for their case to be
referred to the SDT.
• not allow regulatory protections, such as
insurance and access to the Compensation
Fund, to be used to persuade or reassure
people
• not give anyone the impression that they are a
client if they are not
• not take unfair advantage of people
• carefully analyse any complaints or contact
from people who are not clients but are
affected by a transaction, as this may help
uncover a questionable scheme
• get help and advice from our Professional
Ethics team to understand obligations and help
with dilemmas.
The FCA’s Scam Smart page contains advice on
recognising the warning signs of investment
fraud.
32Investment schemes
Three solicitors suspended for Strike off for involvement in
involvement in scheme diamond and art trading
The SDT suspended three solicitors for A solicitor was struck off and ordered to pay
their involvement in a questionable £67,000 costs after acting for companies that
investment scheme. The firm had acted for offered investments in diamond and fine art
the promoters of a scheme involving social trading.
housing developments in Brazil. The firm held
the investors’ money in their client account People paid money into the client account
and distributed it as instructed by the totalling more than £400,000 thinking they
investment company. were investing in a legitimate investment
scheme.
The scheme folded, leaving debts of £21m.
One person said: "I took reassurance from
The SDT found that the solicitors had failed to the fact that my monies were paid into a
act with integrity and had acted in a conflict solicitor's client account and would be dealt
of interest. The scheme had not needed a with in an ethical fashion. In fact, it was
solicitor to be involved, and their role had explained to me that by paying the money
been to add credibility for investors. The to a solicitor, this would give me the same
Tribunal suspended the solicitors from safeguards as buying a house and using a
practice for one year, which was increased solicitor."
to three years’ suspension for two of the
solicitors after an appeal to the High Court. However, some people did not receive the
goods that they had paid for. The solicitor
also deducted fees from their funds, even
though there was no agreement in place for
them to be clients.
The SDT said that it had no doubt that the
involvement of a solicitor lent a “veneer of
respectability” to the transactions. And the
SDT said the solicitor should have read the
warning notices issued by us but had not. Had
the solicitor done so, they would have realised
these transactions were dubious.
33Managing claims
Solicitors and law firms must make sure that
claims are made properly and honestly. They
must also meet their duties to the court and
the proper administration of justice.
34Why this risk matters
Managing claims
Solicitors and firms play a critical role in • There was no report of the claim to the hotel.
delivering access to justice for people who
have been harmed. But while they must act in • There was no extensive sickness among
the best interests of each client, they also have others in the same accommodation.
duties to the court, the rule of law, and the
proper administration of justice.
• The claim comes from or involves people
generating claims in the resort.
When several people have a valid claim in law,
many firms will use claims handling processes
• The client’s report of the holiday at the time
of them being away was positive.
to help meet demand. This can include
employing non-legally qualified staff, working
• The client drank or ate excessively.
with introducers and using the latest technology
to speed up the process. Solicitors and firms It is difficult to verify holiday sickness claims.
must competently progress all claims and meet
the high standards expected of them. Solicitors must engage with case law and
properly assess all evidence before submitting
There are particular concerns in areas of work claims.
such as holiday sickness claims and payment
protection insurance (PPI) claims, but also in the
wider personal injury market.
Holiday sickness claims
We have warned solicitors and firms about
the conduct of some holiday sickness claims. ...it will always be difficult (indeed, very
Genuine claims for holiday sickness can be difficult) to prove that an illness is a
pursued, but we are concerned that some are consequence of food or drink which
being submitted without proper analysis of was not of a satisfactory quality, unless
the evidence or an understanding of the legal there is cogent evidence that others have
position. been similarly affected and alternative
explanations would have to be excluded.
We have investigated and acted against firms
over potentially improper links with claims The Court of Appeal commented in the case
management companies and payment for of Wood v TUI Travel [2017] EWCA Civ 11
referrals of claims. We are also seeing firms
pursuing claims without proper instructions.
The extent to which firms should verify their
clients’ cases is risk-specific. For example, there
seems to be a serious risk that many holiday
sickness claims are not genuine. Examples of
risk factors in holiday sickness claims would
include:
• The claim is made some time after the alleged
incident.
35We regulate more than The personal injury
10,000 market
firms23
7% of these ... 16%
of all firms specialise in are an alternative
personal injury business structure (ABS)
Easier to Existing In the last 12
become an relationships why? months this has
ABS with insurers increased by
5%
Top 5 reasons for investigations about
personal injury services
Alleged Client care Prohibited
insurance and referral
fraud competence fees
Misleading Cold
court calling
2X
as likely
SDT
Misconduct relating to personal injury services is almost twice as likely to
be referred to the Solicitors Disciplinary Tribunal than other work
36Managing claims
Personal injury Payment protection insurance claims
We continue to have concerns about some We are concerned that some firms are failing to
solicitors and firms involved in bringing claims meet high professional standards when bringing
for personal injury. We have warned solicitors claims for mis-sold PPI and other financial
and firms that we are concerned some firms products. We have seen some firms:
are:
• acting in matters without first investigating
• allowing third parties to cold call potential that there is a valid claim
clients
• making claims without knowledge of the
• entering into referral arrangements that are policy holder
in breach of the Legal Aid Sentencing and
Punishment of Offenders Act 2012 • failing to properly identify clients and confirm
their instructions
• taking and acting on instructions from
third parties, without making sure that the • submitting false claims in the hope of a
instructions originate from the client settlement without further investigation by
the defendant
• settling claims without a medical report
• charging unreasonable costs for a limited
• paying damages or sending cheques to third amount of work, contrary to their trustee and
parties without accounting properly to the regulatory duties.
client
Our warning notice explains that firms who
• in some extreme cases, bringing claims conduct cases which have one or more of these
without the knowledge of the person named features may face regulatory action.
as the claimant
The Financial Guidance and Claims Act 2018
• not training and supervising their staff has introduced an interim cap on the fees that
adequately. solicitors can charge when undertaking PPI
work. Solicitors and firms can only charge 20%
Firms that carry out cases with one or more of
of the claimant’s damages in fees, if the claim is
these features will face regulatory action.
settled without court proceedings.
37What solicitors and firms can do
Solicitors and firms must make sure that in
following their client’s instructions they do not
compromise their duty to the court and the
proper administration of justice.
They should also comply with any relevant
legislation applicable to the claim, such as the:
• referral fee ban in personal injury cases (Legal
Aid Punishment of Offenders Act 2012)
• interim fee cap in PPI claims (Financial
Guidance and Claims Act 2018).
Solicitors should read our warning notices to
keep up-to-date with common risk factors when
bringing claims.
38What we are doing
Managing claims
Our report on the importance of balancing
duties in litigation can help solicitors recognise Action taken against firms
situations where their duties conflict. paying referral fees
We reviewed firms conducting PPI claims, before
the interim fee cap, to find out more about the We will take action where solicitors do not
work and raise awareness of good and poor act with integrity or in line with the rules of
practice. We found that 16 out of the 20 firms professional conduct. For example, in 2018
we visited were routinely charging fees of more the SDT fined two solicitors and their firm
than 25%, with some charging as much as 50% £12,000 for paying prohibited referral fees,
of the total claimed for clients. which they were falsely recording on their
firm's ledger as ‘marketing fees’.
We are investigating multiple allegations
about the conduct of firms involved in PPI and
personal injury, including holiday sickness
claims.
Where solicitors do not comply with their
professional obligations, we will investigate and
take action as appropriate. Solicitors who act
dishonestly or without integrity can expect us to
take disciplinary action, including referral to the
SDT.
39Money laundering
Law firms can be attractive to those
looking to launder the proceeds of crime
and finance terrorism. Solicitors play an
important role in preventing and detecting
money laundering.
40Money laundering
Why this risk matters
The legal market can be an attractive target for Suspicious Activity Reports (SARs)
money launderers. Criminals want to instruct
legal professionals to hold or transfer money One of the tools against money laundering is
because of the perceived legitimacy this offers. the suspicious activity reporting system. Legal
Solicitors and firms are at an increased risk professionals submitted less than 1% of the
because they: total SARs to the National Crime Agency (NCA) in
2017.24
• regularly hold large sums of client money in
pooled client accounts The creation of the Office for Professional Body
Anti-Money Laundering Supervision (OPBAS)
• advise and transfer money in relation to shows the Government's focus on legal and
property and financial transactions financial professionals as important to the
defence against money laundering.
• have access to financial markets.
Money laundering is not a victimless crime as
it helps fund terrorism, drug trafficking and
people smuggling. And serious and organised
crime costs the UK an estimated £24bn each
year.
Organised crime can only operate if the
criminals can move their money into the
legitimate financial world. Solicitors who
67%
make money laundering possible, whether
deliberately or unknowingly, can face serious
consequences including criminal prosecution
and regulatory sanctions.
increase in money
laundering reports to us
over the last
18 months
36
last quarter
2016
60
first quarter
2018
41Solicitors are at the front line of the
Conveyancing
detection mechanism for money laundering
but are worse than any other financial
services sector in reporting suspicions.
We get some very good quality reporting
from the legal profession, but we get some
that focuses very carefully on the identity,
but not at all on the source of the funds
– one half of the due diligence. Solicitors
are a crucial source of information and
intelligence on how criminals hide their
assets. We have a very, very few who are
criminally complicit, some who are careless
and others who are unsure about their
responsibilities.
Conveyancing is particularly attractive to
money launderers because of the large sums
Director of the National Crime Agency,
involved. The Government’s National Risk
Donald Toon speaking at our Compliance
Assessment views conveyancing transactions
Officer Conference, 2017.
as a serious risk, although it accepts that few
solicitors are knowingly involved in illegal
activity.
Four in ten of the SARs from the legal
sector relate to conveyancing. In particular,
residential conveyancing SARs have risen by
66% across the past two years. The faster
turnover of house sales makes residential
property a more common target for money
launderers than commercial property. It is
more usual for complex trusts to be involved
in commercial conveyancing transactions.
Solicitors working in this field should take
extra care, particularly when the transaction
has the warning signs of potential money
laundering, such as:
• purchases of very high value properties by
overseas companies and trusts
• purchases involving money from high risk
countries.
42You can also read
