Risk Outlook 2018/19 - Solicitors Regulation Authority

 
Risk Outlook 2018/19 - Solicitors Regulation Authority
Risk Outlook
      2018/19
Risk Outlook 2018/19 - Solicitors Regulation Authority
Risk Outlook 2018/19 - Solicitors Regulation Authority
Contents

Foreword                      04

Introduction                  05

Access to legal services      06

Cyber security                12

Diversity in the profession   18

Information security          22

Integrity and ethics          26

Investment schemes            30

Managing claims               34

Money laundering              40

Protecting client money       46

Standards of service          52
Risk Outlook 2018/19 - Solicitors Regulation Authority
Foreword by Paul Philip,
                 Chief Executive

    Our annual Risk Outlook sets out what we            Cyber security has always featured in the Risk
    think are the risks and the challenges faced        Outlook as a consideration when protecting
    by solicitors and law firms. I know how             people’s information and money. But we
    fundamental the work of solicitors is to every      recognise that this is of increasing concern
    part of our society and our communities, so it is   to the profession, so we have set it out as a
    important that firms and professionals take the     separate risk. We have worked with the National
    right steps to meet those challenges.               Cyber Security Centre to provide you with top
                                                        tips on keeping cyber-safe.
    As the regulator, we can help by sharing our
    view of the risks and what can be done to           Our Risk Outlook also updates you on issues
    address them.                                       such as accessing legal services, dubious
                                                        investment schemes, money laundering,
    This year we have 10 priority risks that all        information security and diversity. We remind
    solicitors and firms need to consider. The Risk     you of the importance of not drafting the terms
    Outlook suggests what can be done to manage         of non-disclosure agreements in a way that
    the risks and avoid harm to the public, the rule    suggests a person may not report misconduct
    of law and the proper administration of justice.    to a regulator or a law enforcement agency or
                                                        make a protected disclosure.
    Many of the risks we are highlighting are
    not new, but none of us can afford to be            As many of you will know, we are changing
    complacent.                                         how we regulate to focus on high professional
                                                        standards, removing outdated constraints
    We have included two new priority risks this
                                                        and helping to tackle the barriers that hinder
    year – managing claims and cyber security. We
                                                        access to legal services. We are aiming to bring
    are increasingly concerned about the practises
                                                        in our new Codes of Conduct, Accounts Rules
    of some firms that offer personal injury work,
                                                        and other changes, including new practising
    including holiday sickness claims. Similarly,
                                                        flexibility, in spring 2019. In my view, these
    some firms bringing payment protection
                                                        changes will provide a solid foundation for you
    insurance claims may not always be meeting the
                                                        to manage risk in your firms, whilst freeing you
    high standards we expect.
                                                        up to innovate and grow.

4
Risk Outlook 2018/19 - Solicitors Regulation Authority
Introduction

  What is the Risk Outlook?

  It provides an overview of the priority risks   It aims to:
  to:
                                                  • help solicitors and law firms manage risk
  • people who use legal services
                                                  • show the priorities we allocate our
  • the operation of the rule of law                resources to

  • the proper administration of justice.         • explain how we address these risks.

How to use the Risk Outlook

For each risk, we explain:

• why it matters, based on evidence

• actions that solicitors and firms can take
                                                                Look out for:
• what we are doing to help to manage the risk.

Where relevant, we also give details about                               Case examples
potential changes we see on the horizon.

Solicitors and firms should think about how
the risks apply to them and their own business
                                                                         Spotlight on
to get the best value out of the Risk Outlook.
We have included case examples and have
highlighted certain areas of work to help
solicitors and firms understand the risks and
the actions they can take.                                               On the horizon

Our assessment of risk is based on a wide
range of input from across the sector. The Risk
Outlook is not guidance and does not contain
exhaustive lists of obligations or actions. It
should be used to raise awareness of the
priority risks that need to be managed.

                                                                                                5
Risk Outlook 2018/19 - Solicitors Regulation Authority
Access to legal services

           Many people and businesses do not get the
           legal help they need. More can be done to
                improve access to legal services.

6
Risk Outlook 2018/19 - Solicitors Regulation Authority
Access to legal services
Why this risk matters

When a person or business needs legal help, it
is important they have access to good quality,
affordable legal services to help them solve their
                                                                        32%
problems. If they are unable to access support                   of people had at least
this can lead to a range of poor outcomes and                       one legal need in
hinder the proper administration of justice. This                 the last 18 months,
can undermine trust in the profession and the
                                                                       such as ...
justice system. It can also give the impression
that legal services are for the few that can
afford it.

For some people on very low incomes, public
funding is available for certain legal services.
And regardless of whether legal help is publicly
or privately funded, people should be able to
choose their legal services provider. Therefore,                  buying a
a competitive market, where people can choose                     property
from a range of affordable options, will support
                                                                                          family
people to get the best outcome when they need
                                                                                        problems4
legal help.

Legal needs

The needs experienced by different groups vary       Changes to society, such as our aging
by amount and type. For example, adults with         population and more informal working
a long-standing illness or disability are more       practices, are likely to result in different types of
likely to have problems relating to injury or        legal needs.
ill-health from an accident or negligence, anti-
social behaviour by neighbours and financial         Finding legal help
problems.1 And businesses with black, Asian and
                                                     It can be hard for people to know whether
minority ethnic (BAME) owners, or businesses
                                                     their problem needs legal help and what sort
run by people with a disability, are significantly
                                                     of help that might be. The two main barriers to
more likely to have a legal need.2
                                                     accessing legal services are the:
Some people are more likely to experience
negative effects, such as stress, financial
                                                     • affordability of services
difficulties and harassment, because of their
                                                     • lack of information.
legal need, especially:
                                                     For those that do take professional advice,
• people with a limiting illness or disability       27% of people and 22% of small businesses
                                                     researched the market before choosing their
• lone parents
                                                     legal service provider.5 Only 2% of those
• people on means-tested state benefits              that take professional advice use an online
                                                     comparison website.6
• people running small businesses.3

                                                                                                             7
Risk Outlook 2018/19 - Solicitors Regulation Authority
People want to know the price and have some
    indication of quality when choosing a legal                    Technology to create
    service provider.7 But, only 18% of law firms                  more accessible services
    have prices on their website.8 Some 61% of
    people using legal services speak to the firm
                                                          Technology means the public can access
    to find out the price.9 People can also over-
                                                          legal help in novel ways, often costing
    estimate the cost of services and 28% do not
                                                          them less than traditional legal help.
    use a solicitor because they think that they
                                                          And it gives firms chances to offer their
    are unaffordable.10 Firms could be losing new
                                                          services differently and more efficiently,
    business if their prices are not readily available.
                                                          and potentially reach new markets. Firms
                                                          offering these services should be mitigating
    Using legal services
                                                          any associated risks, such as cybersecurity
    Conveyancing and will writing are the most            and information security.
    commonly used legal services, followed
                                                          There are several digital services that can
    by power of attorney.11 There are regional
                                                          help people with problems before or after
    variations in the use of legal services. For
                                                          getting professional legal advice, such as
    example, people in London are more likely
                                                          those that help people make claims and
    to use immigration and housing services and
                                                          complete legal documents and forms.
    are less likely to use will writing and probate
    services compared with average use across
                                                          For businesses negotiating contracts or
    England and Wales.
                                                          dealing with litigation, there are a range
                                                          of tools. For example, there are artificial
    The way services are delivered is changing, with
                                                          intelligence (AI) systems that support
    more people expecting fixed fees and online
                                                          litigation processes and contract drafting.
    delivery.12 But there is still a strong preference
    for local services, meaning smaller firms are well
                                                          These types of programmes work on
    placed to meet the needs of their communities.
                                                          routine tasks. They free up lawyers’ time
                                                          for more complex work and to meet with
    The market is steadily growing and diversifying,
                                                          clients and potential clients. They can help
    which is leading to greater choice for people
                                                          to improve access for all legal services
    and small businesses. For example, our impact
                                                          users, particularly those in rural areas (with
    evaluation of alternative business structures
                                                          internet access), as well as those on low
    (ABSs) and multi-disciplinary practices (MDPs)
                                                          incomes or in situations that increase their
    shows that people are benefiting from their
                                                          vulnerability.
    services. ABSs are more likely to innovate than
    other firms and increased competition should
    lead to more choice. And MDPs may appeal
    to small businesses so that they can find their
    professional services under one roof.

8
Risk Outlook 2018/19 - Solicitors Regulation Authority
Access to legal services
What solicitors and firms can do

Many solicitors and firms are improving access
by competitive costing and innovative service                Research about better
delivery, such as automating some services.                  information

To address the barriers to accessing legal
services, solicitors and firms can:

• share more information about services and
  prices online, and with relevant organisations
  that support people with legal needs, so it will
  reach a wide variety of people

• keep information clear and concise so it is
  easy to understand

• help people understand services and prices
  by training staff that deal with enquiries from    Our independent research has found
  the public                                         people make better choices when they can
                                                     see the price of a service up-front. It also
• tell people about the Legal Choices website,       found that, when choosing a provider, the
  which offers information on the different          most important factors are their reputation
  types of legal help available                      and the price. Firms that advertise their
                                                     prices say it helps people to understand
• ask for feedback about how the information         their services and attracts more clients.
  has been presented to see if it can be
  improved.                                          A second piece of independent research
                                                     found that people valued regulation and
                                                     were more likely to choose a provider
                                                     whose website included a ‘regulated by the
                                                     SRA’ badge. It also found that people are

       50%
                                                     willing to weigh up price and regulatory
                                                     protections, such as access to the Legal
                                                     Ombudsman and our Compensation Fund.
  of small businesses
                                                     We also commissioned further independent
try to resolve problems                              research about how clear legal costs could
     on their own13                                  help small businesses access legal services.

                                as do

                            35%
                            of people14

                                                                                                    9
Risk Outlook 2018/19 - Solicitors Regulation Authority
What we are doing

     We work with others to understand how to             • more flexibility in how solicitors can practise,
     best help improve access to legal services.            including allowing:
     For example, the Legal Choices website helps
     people to better understand the problems that           ◊ solicitors to practise reserved legal
     may need professional legal advice and how                activities on an individual freelance basis
     they can resolve them. We work jointly with the
                                                             ◊ non-authorised businesses to employ
     other legal regulators to run and develop the
                                                               solicitors to offer non-reserved activities
     website, liaising with advocacy groups and the
                                                               to the public.
     public to make sure it meets people’s needs. We
     have also been working with the Commission on
                                                          We believe our reforms will allow more
     Justice in Wales to support their work on access
                                                          growth and innovation, while maintaining high
     to justice.
                                                          standards and public protection for those that
                                                          need it most.
     Regulatory reform
                                                          We have consulted on changes to make sure
     We are making it easier for people to choose
                                                          people get the right level of protection when
     the legal service they need by sharing our
                                                          using a solicitor or firm.
     information and requiring firms to provide more
     information. We are introducing a wide package
                                                          • Our professional indemnity insurance (PII)
     of reforms. And our Better information, more
                                                            proposals will give firms more flexibility to
     choice proposals will require firms to publish
                                                            choose the right level of insurance to suit
     information on prices and what this covers
                                                            their business and clients.
     for a range of legal work. This information
     will help people find legal services that better     • Our Compensation Fund proposals are
     meets their needs and should also encourage            designed to make sure financial support is
     competition.                                           focused on those most in need of help.

     We will develop an SRA digital badge for use on      And, in turn, people should benefit from a more
     firms’ websites, which links to a digital register   competitive marketplace and increased choice.
     to help the public understand who we regulate
     and the protections that come with it. The           Educational reform
     digital register will also include information
     about the disciplinary action we have taken          The Solicitors Qualifying Examination (SQE)
     against a firm or person. We will also publish       will mean that future solicitors will all have to
     market-level data on complaints made to firms.       meet the same standard regardless of their
                                                          training route. It will also help support diversity
     Our Looking to the Future proposals will             in the profession; helping people to find a
     introduce:                                           solicitor who understands their community and
                                                          problems.
     • new, clear principles that solicitors must
       follow                                             And our training requirements will be more
                                                          flexible when the SQE is introduced. This may
     • a short Code of Conduct for individuals and        mean that university law clinics and other places
       firms                                              where the public can access support might
                                                          expand their reach, as law students will be able
     • less prescriptive Accounts Rules
                                                          to use a wider range of work experience to
                                                          prepare for the SQE.

10
Access to legal services
SRA Innovate

Our SRA Innovate initiative can provide a safe
space for firms who want to provide new
services in new ways that could benefit the
users of legal services. We have also launched
a new policy, so we can grant waivers to our
rules if a firm’s idea is in line with our regulatory
objectives and has a public benefit.

We will evaluate the impact of all our proposed
changes15 to understand if access to legal
services has improved. And we will publish
the results to help firms understand how their
services can improve access to legal services.

          Innovation Space allows new
          practising flexibility

   We allowed a solicitor to offer legal services       Without the waiver, the business would have
   in a business that was not regulated by              to outsource legal services, which results
   us or by another legal regulator. We did             in a disjointed customer experience and
   this by granting them a waiver to one of             potentially extra costs for domestic staff and
   our rules. The services the business offers          their employers. The business is piloting
   are non-contentious employment matters               these services in our Innovation Space.
   and commercial legal advice for families
   employing domestic help. It also advises
   domestic staff so they understand their
   working rights and make sure they are
   treated fairly.

                                                                                                         11
Cyber security

          Solicitors face increasing threats from
       cybercriminals. Secure IT systems and well-
       informed staff are the best ways to protect
                their firms and their clients.

12
Cybercrimes and
                                                              scams
Why this risk matters

                                                                                                  Cyber security
Cybercrime is an ever-growing risk and is now
widespread in the UK. Cybercriminals target law           Email modification fraud
firms because of the money and information
                                                          The most common type of
they hold. Attacks can also threaten a firm’s own
                                                          cybercrime against solicitors,
operations or its reputation.
                                                          where criminals intercept
In the first quarter of 2018, email modification          and falsify emails between a
fraud accounted for more than 70% of all                  client and the firm, leading to
cybercrime reports. Almost all other cybercrime           bank details being changed
reports also involve some form of forgery to              and money being lost.
deceive targets into responding, rather than
explicit hacking of the firm’s systems.
                                                          Phising and vishing
In 2016, £9.4m of client money was reported
                                                          Criminals email or phone
as lost to cybercrime, increasing to £10.7m in
                                                          to obtain confidential
2017. We suspect there is some underreporting,
                                                          information, such as a
particularly where money is replaced promptly
                                                          password, through gaining
by the firm or their insurer. This is because we
                                                          the trust of a solicitor or
are seeing fewer reports than we would expect
                                                          other member of staff.
given media reporting of the frequency of these
attacks.

We are receiving more reports of cybercrimes.             Malware
                                                          Harmful software that
                                                          includes viruses and
                                                          ransomware programs, which
                                                          encrypt files and demand
                                                          a ransom in return for

       157                                                decrypting the files.

 reports to us about                                      CEO fraud
     cybercrime                                           Criminals impersonate
       in 2017                                            a senior figure at a firm
                                                          through hacking, or having a
                                                          very similar email address, to

                           103
                                                    CEO
                                                          impose authority and order
                                                          money transfers.

                            in 2016
                                                          Identity theft

                                                          Bogus firms copy the identity
                                                          and brand of a firm.

                                                                                            13
                                                                                             13
Email modification fraud

     This fraud happens when criminals               We also see cases where the criminal
     impersonate someone going through a             impersonates the firm and tells the client
     process involving the transfer of money,        that the firm has new bank details. In these
     such as a property transaction. They do         cases, the client sends the deposit and other
     this by breaking into that individual’s email   money directly to the fraudster’s account.
     system or forging emails from it.
                                                     This fraud is relatively common in firms
     The criminals contact the solicitor through     and often accounts for at least half of all
     the stolen or falsified address to tell them    cybercrimes. During 2017, email fraud
     the bank account details have changed.          reported to us fell to an average of 46% of all
     They usually do this at short notice and        cybercrimes but in the first quarter of 2018
     when there is time pressure, for example,       had risen to 71%.
     on the afternoon of a property completion.
     The solicitor sends money to the new bank
     account and this is quickly moved on by the
     criminals. When used to steal conveyancing
     money, it is also known as 'Friday afternoon
     fraud', as many of these transactions take
     place on Friday afternoons.

14
Cyber security
  Remote working

                             Firms are increasingly using systems to
                             help their employees work on the move.
                             This includes ‘bring your own device’,
                             which allows people to work from home
                             or anywhere on their own devices while
                             connected to a cloud-based server. This can

      £10.7m
                             offer security if updates to the system are
                             made automatically and data is backed-up.

                             We are also seeing more use of video
     client money reported   conferencing systems and smart, connected
         to us as lost to    devices, such as internet connected
       cybercrime in 2017    printers.16 However, the connected devices
                             are often not fully secured or updated.
                             Malware targeting these devices increased
                             six-fold in 2017. This can be a serious, but
                             subtle threat, such as:

£9.4m                        • a compromised smart alarm or thermostat
                               could tell a criminal when a building is
                               unoccupied
 in 2016
                             • a compromised video conferencing
                               system, printer or home assistant could be
                               used to steal sensitive data.

                                                                            15
What solicitors and firms can do

     We want firms to benefit from the             Our paper on IT security: keeping
     advantages IT can bring. However, they        information and money safe gives more
     need to take care that their system keeps     detailed advice on how to defend against
     client information and money safe. The        cybercrime. The National Cyber Security
     best defences against many cyberattacks       Centre (NCSC) also give advice and
     are to:                                       information, including specific guidance for
                                                   smaller businesses.
     • keep systems updated
                                                   Losses of client data and money that
     • use antivirus software on desktops and      amount to, or may be, serious breaches
       laptops                                     or misconduct should be reported to us
                                                   through report@sra.org.uk. Reports will
     • backup important information frequently
                                                   be dealt with in line with our enforcement
       and securely, and learn how to restore
                                                   strategy.
       the system from a backup
                                                   We are also interested in evidence of
     • encrypt mobile devices and install a
                                                   near misses and other scams that target
       system to track and delete the data if
                                                   firms or their clients. These can be sent
       they are lost
                                                   to us through fraud@sra.org.uk. Our
                                                   Professional Ethics team can provide more
     • make sure everyone in the firm knows
                                                   advice on what to report.
       how to create secure passwords

     • avoid using administrator accounts
       (those with the privilege to access other
       users’ accounts and install software)
       for regular work that does not involve
       maintaining the IT system

     • make sure everyone in the firm knows
       how to recognise the signs of email
       modification fraud and common
       phishing scams

     • plan how to respond to an attack or
       other incident.

16
What we are doing

                                                                                                        Cyber security
We are working with the NCSC and the
IT security sector to regularly update the                   Firm’s data stolen and
information we provide to firms.                             spread through social media

No defence is perfect, and some organised
cybercrime activity can be hard for even            In March 2018, a firm was attacked with
technology companies to stop. As such, we           ransomware. The criminals left a ransom
take a proportionate approach to breaches           note on the firm’s system, saying that
reported to us. When we have taken regulatory       they had obtained sensitive information
or disciplinary action against firms, it has been   and would publish it unless the firm paid
where the firms did not:                            £3m. The firm declined to do this and the
                                                    criminals began publishing the firm’s data
• take reasonable steps to protect themselves       through Twitter.
  or check their client’s instructions
                                                    The firm worked with computer forensics
• follow basic security guidance                    specialists to deal with the breach and find
                                                    out how their system was accessed. And
• report the incident, where appropriate            they obtained an injunction from the High
                                                    Court to bar anyone from further sharing the
• act to remedy the losses.                         information that the hackers had published,
                                                    as well as successfully securing the removal
Our Accounts Rules reforms include options
                                                    of information from websites. They reported
to use third-party-managed accounts instead
                                                    the breach to the National Crime Agency and
of a traditional client account, giving firms
                                                    to us.
the option to avoid the exposure that a client
account brings. Money held in these accounts        It is not yet clear how the firm’s systems
is not subject to the Accounts Rules, but firms     were infected with ransomware, but
need to act in the best interests of each client    many of these attacks rely on fake links or
and decide whether a managed account is             attachments in emails.
appropriate in each case.

We will be publishing more information on how
firms are using advanced IT, including artificial
intelligence. We are also working with the NCSC
to include the latest recommendations on how
to protect systems from attack.

                                                                                                   17
Diversity in the
       profession

         Law firms, solicitors and the public all
        benefit from a diverse and inclusive legal
                       profession.

18
Diversity in the profession
Why this risk matters

The legal profession is changing and starting to     Research into diversity in the profession
reflect the diversity of wider society. More needs
to be done to improve the representation of all      Our law firm diversity tool shows that entry
groups, particularly in senior roles.                into the profession is diverse but women, black,
                                                     Asian and minority ethnic (BAME) and disabled
Equality, diversity and inclusion in the legal       lawyers continue to be under-represented at
profession is important for many reasons,            partner level, particularly in large firms. And
including:                                           BAME and disabled solicitors are more likely
                                                     to work in smaller firms. Solicitors that went to
• the effective administration of justice, as a      state schools, and were the first generation to
  diversity of views and approaches, whether         go to university, are also more likely to work in
  in firms or in the judiciary, supports an          small firms.
  independent justice system and maintains the
  rule of law                                        Independent analysis of the diversity data we
                                                     collected about the people working in firms
• allowing the most talented people to become        found that:
  solicitors and progress in their careers which
  helps to maintain high standards                   • the prospects of becoming a partner are
                                                       higher for white men than any other group
• improving access to services, as some people         across all types of firms
  may be more likely to seek legal help from
  solicitors they share some social or cultural      • women and BAME men are more likely to be a
  characteristics with.                                partner in small firms

There are also business benefits of a diverse        • BAME women are particularly disadvantaged
and inclusive workforce, including:17                  in progressing to partner level in the
                                                       profession.
• a better understanding of the market and a
  wider customer base

• more informed decision-making and more
  innovative solutions to business problems
  and market changes

• attracting and retaining the best staff at all
                                                               21%
  levels of seniority
                                                             of all partners
• cost efficiencies and better productivity from               are BAME
  improved staff morale and retention.
                                                                                       8%
                                                                                   of partners in
                                                                                    large firms
                                                                                     are BAME

                                                                                                         19
What solicitors and firms can do

     Firms have a responsibility to promote and           • support different routes to the profession,
     encourage diversity at all levels by nurturing,        including apprentices, paralegals and legal
     valuing and developing all the talent they             executives, so talented people from all
     recruit. Embedding diversity and inclusion into        backgrounds can access the profession
     their culture allows firms to realise the benefits
     that different people can bring.                     • consider the wellbeing of staff and help staff
                                                            manage their stress levels.
     Career paths are influenced by people’s social
     background and education as well as barriers         Our report, The business case for diversity, and
     to entering, and progressing in, professions.        our diversity resources have more practical
     There are different barriers for different groups.   examples about how to promote a diverse and
     And some people face multiple barriers if they       inclusive workplace.
     are a member of more than one disadvantaged
                                                          Networks such as Women in Law, the Black
     group. It is best for firms to take more than one
                                                          Solicitors Network, the Society of Asian Lawyers,
     approach to improving diversity and evaluate
                                                          the Lawyers with Disabilities Division and the
     the success of their initiatives.
                                                          lesbian, gay, bisexual and transgender (LGBT)
     To improve diversity and inclusion firms can:        Lawyers Division run business and social events,
                                                          and offer career support and networking.
     • create a culture where people feel able to talk
       about diversity and staff feel included and
       valued

     • offer mentoring schemes, which can improve                     Making flexible working
       access to the profession and diversity at                      available for all staff
       management levels – initiatives such as
       Inspired by Law, Aspiring Solicitors, Sponsors
       for Educational Opportunity and the Social          “We changed the culture by shifting the
       Mobility Business Partnership can help firms        onus. We began by assuming all flexible
                                                           working requests could be agreed. Instead,
     • use our law firm diversity tool to benchmark        managers had to prove why flexible working
       their diversity, and encourage all staff to         couldn't work.”
       respond to all questions
                                                           Law firm
     • carry out pay audits to identify any pay gaps
                                                           “The benefits are that you retain a greater
       between different groups of people
                                                           number of people, especially those returning
     • consider unconscious biases and help staff          from maternity leave. It helps you attract
       overcome these to make objective decisions          staff and gives rise to continuity as staff stay
       about recruitment and selection                     and therefore clients deal with the same
                                                           people that understand their business.”18
     • offer flexible working, such as home working        Law firm
       to help the work-life balance of all staff,
       particularly those with caring responsibilities

     • ask senior managers to lead by example, such
       as challenging any offensive behaviour in the
       workplace

20
Diversity in the profession
What we are doing

We continue to work with firms and other
organisations to encourage a diverse and                    Mentoring scheme to
inclusive profession. We have:                              promote LGBT inclusion

• had our diversity data independently analysed
  to explore solicitors' career progression        We are working with Stonewall and several
                                                   firms to promote LGBT inclusion through
• reviewed how firms are promoting equality,
                                                   a cross-firm mentoring programme. Some
  diversity and inclusion
                                                   of the legal sector’s top-ranking firms in
• worked with solicitor groups to improve the      the Stonewall Workplace Equality Index are
  representation of women and BAME solicitors      offering mentoring to small and medium
  in senior roles, such as Women in Law, the       sized firms in England and Wales. They
  Society of British Bangladeshi Solicitors and    share best practice and give guidance about
  the British Nigeria Law Forum                    creating an LGBT-friendly workplace.

• measured the impact of removing the
  minimum salary for trainees, which found
  that the average pay gap between different
  ethnic groups has reduced

• engaged with firms, academics and others
  about the Solicitors Qualifying Examination
  (SQE) and innovative routes into the
  profession while maintaining standards.                    On the horizon

An independent review of the SQE proposals
found that it should open up opportunities to      Gender pay gap reporting is currently
access the profession, increasing the potential    required for firms that have 250 or more
for social mobility and support diversity.         employees.

We promote good practice in equality and           It is possible that pay gap reporting is
diversity in our own work. For example:            likely to extend to ethnicity. Some firms
                                                   are already taking a lead on this. The
• We have Disability Confident accreditation, as   Government has commissioned research
  we make sure that disabled people have the       into what steps employers have taken to
  opportunities to fulfil their potential.         promote diversity in the workplace and
                                                   how they are trying to reduce the ethnicity
• We are a Stonewall Diversity Champion, as we     pay gap. And the Hampton-Alexander
  have an inclusive workplace.                     Review calls for one-third of FTSE leadership
                                                   positions to be held by women by 2020.
• We have staff networks around diversity,
  wellbeing and inclusion. These support staff
  and organise our attendance at professional
  and community events, such as Pride and the
  UK Diversity Legal Awards.

                                                                                                   21
Information security

            The information that clients share with
          their solicitors can have great financial and
          personal value. Solicitors must know how to
           protect the information they are holding.

22
Information security
Why this risk matters

Solicitors hold sensitive and confidential             Solicitors have always needed to work on
information about their clients and must               the move, as they need to visit clients and
protect it. Any loss of that information can           courts. This means that they must work with
have financial, reputational or personal               confidential materials outside the safety of a
consequences for the client and for the solicitor      secure office. It is important that solicitors take
that loses it.                                         care to keep information safe and confidential
                                                       while working remotely.
Information security is not just about technology
and protecting electronic information. It is also
about protecting printed data and sensitive
discussions.

Data from the Information Commissioner’s

                                                                                  512
Office (ICO)19 shows that:

• for all sectors in the first quarter of 2018, they
  received:
                                                                             reports to us about
   ◊ 97 reports of cyber security incidents
                                                                                breaches of
   ◊ 119 reports of lost paperwork                                             confidentiality
                                                                                   in 2017
   ◊ 284 reports of data being sent to the
     wrong person by email, post or fax.

• There has been an increase in the reports
  of all data security incidents, which may
                                                                   122
  be because of the increased awareness of                        first quarter
  data protection and the launch of the ICO’s
                                                                       2018
  Personal Data Breach helpline.

• The most common legal sector breaches
  are confidential emails and letters being
  sent to the wrong person, and lost or stolen
  paperwork.

                                                                                                             23
General Data Protection
              Regulation (GDPR)

     Solicitors must comply with the GDPR and        There are additional obligations that may
     the Data Protection Act 2018.                   apply to some firms, such as appointing a
                                                     Data Protection Officer. There is also the
     Law firms will need to be sure that they are    requirement for enhanced internal record
     meeting GDPR requirements, including:           keeping where a business has more than
                                                     250 employees or its activities relate to
     • telling people how their data is being used   higher risk processing, such as:

     • training staff and promoting awareness        • processing personal data that could result
                                                       in a risk to the rights and freedoms of an
     • understanding what data they hold and
                                                       individual(s)
       how this is managed
                                                     • processing special categories of data or
     • transferring data in line with GDPR
                                                       criminal convictions and offences.
       requirements
                                                     The ICO has an advice line and accessible
     • making sure suppliers have appropriate
                                                     guidance to help small businesses comply
       controls in place and are carrying out
                                                     with GDPR. The Law Society also has a guide
       proper due diligence checks
                                                     for solicitors on GDPR compliance.
     • conducting an impact assessment when
       any new data processing or systems might
       lead to a high risk, such as when they
       introduce a new technology.

24
Information security
What solicitors and firms can do                     What we are doing

Firms can protect information by focusing on         Our report, Information security: keeping
simple steps, including:                             information and money safe, provides more
                                                     detail on common information security threats
• double-checking emails and letters are being       and on the best practices for how to deal with
  sent to the right address. Some email systems      them.
  will flag an external email address is being
  used                                               When we learn about criminal activities or frauds
                                                     targeting those we regulate, we issue scam
• protecting physical documents, for example         alerts to warn the public and firms about known
  by locking filing cabinets at night and taking     threats. There is also a quarterly round up of
  precautions when transporting documents            these alerts to show the high-risk scams for both
                                                     members of the public and solicitors.
• using privacy screens for laptops to protect
  information for mobile workers                     When a loss of client data is reported to us, we
                                                     take action where needed, considering the facts
• making sure that sensitive conversations are       of the case. We expect solicitors and firms to
  not overheard
                                                     take reasonable steps to protect information,
                                                     and to promptly report to us any loss that may
• keeping electronic data backed up securely
                                                     amount to a serious breach or misconduct.
• using appropriate encryption when storing          While we recognise that no defences are perfect,
  and transferring personal data                     we are likely to act where client information is
                                                     exposed and the firm did not take appropriate
• understanding and meeting their GDPR and           steps to protect it.
  Data Protection Act 2018 obligations.

When there is a serious breach of confidentiality,
firms need to report it to us and consider
whether a referral should be made to the ICO by
following their guidance on reporting a breach.

                                                                                                         25
Integrity and ethics

             Solicitors are responsible for meeting
          high professional standards. The business
            culture in law firms should reflect this.

26
Integrity and ethics
Why this risk matters

Solicitors owe duties to:                             The Advertising Standards Authority is also
                                                      investigating advertising by tax advisers and
• the court                                           has made findings against those advertising
                                                      avoidance schemes.
• the wider public interest
                                                      We warned firms about facilitating tax
• their clients                                       avoidance schemes that go beyond the
                                                      intentions of Parliament.
• their colleagues

• third parties.

Acting without integrity and ethics can lead to
poor outcomes and undermines the proper
administration of justice.

Cases where solicitors put their clients’ interests
above all other considerations can also harm
public trust in legal services, which ultimately
undermines the rule of law.                                                   2,090
Tax avoidance schemes                                                   reports to us about acting
                                                                            without integrity
Solicitors advising on taxation need to be aware
of the legal position of artificial tax avoidance                              or ethics in
arrangements. The Government does not view                                         2017
tax arrangements that do not meet the spirit of
tax law as being legitimate.

Solicitors should be aware of the penalties that
                                                               439
apply to ‘enablers’. Enablers include:                       first quarter
                                                                  2018
• solicitors involved in developing and advising
  on schemes
                                                                               449
• those involved in implementing the scheme
  by creating companies or trusts                                            first quarter
                                                                                  2016
• those involved in marketing schemes.20

HM Revenue & Customs will impose a penalty
where they defeat a tax avoidance scheme that
has abused the tax law. The penalty is the full
payment received by each enabler.

                                                                                                      27
Harassment and non-disclosure
     agreements (NDAs)                                               Immigration solicitor
                                                                     abuses the appeals process
     The role of solicitors in drafting NDAs in relation
     to allegations of harassment has received public      The Solicitors Disciplinary Tribunal (SDT)
     and political attention.                              struck a solicitor off the roll for abusing the
                                                           court system by bringing hopeless appeals
     While we recognise that NDAs have legitimate          to immigration decisions. The solicitor had
     uses, solicitors must not draft agreement terms       made a practice of bringing last minute
     in a way that suggests a person may not report        challenges to removal decisions. In one of
     misconduct to a regulator or a law enforcement        these challenges, they left out important
     agency or make a protected disclosure.                information which would have meant the
                                                           submission would have been rejected.
     We will act against any firm that uses NDAs to
     cover criminal activity or serious professional       The Immigration Tribunal found that the
     misconduct. Our warning notice provides               appeals had no legal merit and that the
                                                           solicitor had designed them to exploit
     further detail, and our paper on balancing
                                                           a “weak spot” in the judicial system to
     duties in litigation includes warnings about
                                                           delay deportations where there was no
     the use of unenforceable litigation threats to
                                                           justification.
     prevent legitimate criticism.
                                                           The SDT found that the solicitor’s actions
     As with many other forms of poor conduct,             had shown a lack of integrity. The solicitor
     preventing harassment in firms themselves             appealed but the High Court upheld the
     can be tackled through the business culture           decision of the Tribunal. It found that
     communicated through business leaders. An             the solicitor’s actions had been an abuse
     effective tool is to encourage staff networks that    of process and that it was suitable that
     help people discuss issues. It is also important      deterrence was a consideration when
     that staff affected by issues such as harassment      making their decision.
     feel able to report problems. Some firms have
     launched confidential helplines for this purpose.

28
Integrity and ethics
What solicitors and firms can do                       What we are doing

Solicitors must always act with integrity. As well     We are reforming our regulations with
as being honest, this includes having sound            shorter, less prescriptive rules that focus on
morals and following the ethical codes of the          ethical standards. This lets solicitors use their
legal profession.21 Solicitors are expected to         professional and ethical judgment in their work.
follow high standards in both what they say and
what they do.22                                        Where we see ethical problems, we warn
                                                       solicitors and may conduct research and analysis
Solicitors must put their ethical obligations first    of the issues. Our paper on balancing duties in
and keep their independence. This means that           litigation provides more detailed advice on how
they must not and should not put their own,            to manage situations where solicitors’ ethical
or their clients’, interests above their wider         duties may conflict. We will be updating this
professional obligations to the administration of      paper soon.
justice, the rule of law and the courts. Given their
professional responsibilities, this means that
they should be prepared to decline instructions
that would conflict with their obligations.

When handling litigation, solicitors must be
sure to bring cases honestly and professionally,
without allowing themselves to become complicit
in misleading the court. For example, solicitors
must:

• not abuse the court system by using
  proceedings to delay a legal process

• make sure they have full information and
  make the court aware of any limitations in
  their case.

                                                                                                           29
Investment schemes

          The promoters of questionable investment
           schemes often try to legitimise them by
              involving solicitors and law firms.

30
Investment schemes
Why this risk matters

Questionable investment schemes offer              The financial losses for people can be high. If
unrealistically high returns for investors and     solicitors are involved in such schemes they risk
often lead to significant losses of money. Very    harming public trust in the profession. We are
few solicitors would ever knowingly become         likely to take action including making a referral
involved in the promotion or administration of a   to the Solicitors Disciplinary Tribunal (SDT).
dubious investment scheme.
                                                   In March 2018 we were investigating 51 reports
We have seen cases where solicitors and firms      of investment fraud. There had also been
have become involved by:                           106 applications made to the Compensation
                                                   Fund relating to investment schemes, totalling
• acting for the promoter                          £47.4m since 2015.

• acting for potential investors                   The Financial Conduct Authority (FCA) found
                                                   that people over 65, with savings of more than
• acting for both                                  £10,000, are three and a half times as likely to
                                                   fall victim to investment fraud.
• passing people’s money through their client
  account.

The schemes that concern us are those that
take advantage of people, with the solicitor’s                Rule 14.5 of our Accounts
reputation being used to persuade people                      Rules 2011
to invest. Schemes can include potential
investment in, for example:
                                                    "You must not provide banking facilities
                                                    through a client account. Payments into,
• off-plan property
                                                    and transfers or withdrawals from, a client
• hotel room leasing                                account must be in respect of instructions
                                                    relating to an underlying transaction (and
• car park spaces                                   the funds arising therefrom) or to a service
                                                    forming part of your normal regulated
• bank instrument trading                           activities."

• carbon credits                                    Our warning notice and case studies on Rule
                                                    14.5 should be read by all solicitors holding
• fine wines, art and diamonds.                     client money.

The promoters often move money through the
solicitor’s client account and tell people that
the solicitor’s insurance and the Compensation
Fund will protect their money. But it is very
unlikely that this will be the case. And the
people that give their money to the promoter
of a questionable investment scheme are not
usually the solicitor’s client.

                                                                                                       31
What solicitors and firms can do                   What we are doing

     Solicitors and firms must not become involved in   Guidance
     questionable investment schemes and should:
                                                        Our report about questionable investment
     • read and follow our warning notices on           schemes and warning notices provide
       investment schemes and the client account        information about the signs of investment fraud
       and investment schemes and conveyancing          and the consequences for those who become
                                                        involved.
     • carry out due diligence on any promoter of an
       investment scheme                                Acting in the public interest
     • not allow the client account to be used as a     Where solicitors have allowed their client account
       banking facility                                 to be used as a banking facility, or have become
                                                        directly involved in questionable schemes, we
     • not provide advice or services that would give   will act to protect the public. Solicitors who act
       the appearance of a false underlying legal       dishonestly, or without integrity, can expect us to
       transaction                                      take disciplinary action and for their case to be
                                                        referred to the SDT.
     • not allow regulatory protections, such as
       insurance and access to the Compensation
       Fund, to be used to persuade or reassure
       people

     • not give anyone the impression that they are a
       client if they are not

     • not take unfair advantage of people

     • carefully analyse any complaints or contact
       from people who are not clients but are
       affected by a transaction, as this may help
       uncover a questionable scheme

     • get help and advice from our Professional
       Ethics team to understand obligations and help
       with dilemmas.

     The FCA’s Scam Smart page contains advice on
     recognising the warning signs of investment
     fraud.

32
Investment schemes
         Three solicitors suspended for                   Strike off for involvement in
         involvement in scheme                            diamond and art trading

The SDT suspended three solicitors for            A solicitor was struck off and ordered to pay
their involvement in a questionable               £67,000 costs after acting for companies that
investment scheme. The firm had acted for         offered investments in diamond and fine art
the promoters of a scheme involving social        trading.
housing developments in Brazil. The firm held
the investors’ money in their client account      People paid money into the client account
and distributed it as instructed by the           totalling more than £400,000 thinking they
investment company.                               were investing in a legitimate investment
                                                  scheme.
The scheme folded, leaving debts of £21m.
                                                  One person said: "I took reassurance from
The SDT found that the solicitors had failed to   the fact that my monies were paid into a
act with integrity and had acted in a conflict    solicitor's client account and would be dealt
of interest. The scheme had not needed a          with in an ethical fashion. In fact, it was
solicitor to be involved, and their role had      explained to me that by paying the money
been to add credibility for investors. The        to a solicitor, this would give me the same
Tribunal suspended the solicitors from            safeguards as buying a house and using a
practice for one year, which was increased        solicitor."
to three years’ suspension for two of the
solicitors after an appeal to the High Court.     However, some people did not receive the
                                                  goods that they had paid for. The solicitor
                                                  also deducted fees from their funds, even
                                                  though there was no agreement in place for
                                                  them to be clients.

                                                  The SDT said that it had no doubt that the
                                                  involvement of a solicitor lent a “veneer of
                                                  respectability” to the transactions. And the
                                                  SDT said the solicitor should have read the
                                                  warning notices issued by us but had not. Had
                                                  the solicitor done so, they would have realised
                                                  these transactions were dubious.

                                                                                                    33
Managing claims

        Solicitors and law firms must make sure that
        claims are made properly and honestly. They
        must also meet their duties to the court and
             the proper administration of justice.

34
Why this risk matters

                                                                                                                Managing claims
Solicitors and firms play a critical role in          • There was no report of the claim to the hotel.
delivering access to justice for people who
have been harmed. But while they must act in          • There was no extensive sickness among
the best interests of each client, they also have       others in the same accommodation.
duties to the court, the rule of law, and the
proper administration of justice.
                                                      • The claim comes from or involves people
                                                        generating claims in the resort.
When several people have a valid claim in law,
many firms will use claims handling processes
                                                      • The client’s report of the holiday at the time
                                                        of them being away was positive.
to help meet demand. This can include
employing non-legally qualified staff, working
                                                      • The client drank or ate excessively.
with introducers and using the latest technology
to speed up the process. Solicitors and firms         It is difficult to verify holiday sickness claims.
must competently progress all claims and meet
the high standards expected of them.                  Solicitors must engage with case law and
                                                      properly assess all evidence before submitting
There are particular concerns in areas of work        claims.
such as holiday sickness claims and payment
protection insurance (PPI) claims, but also in the
wider personal injury market.

Holiday sickness claims

We have warned solicitors and firms about
the conduct of some holiday sickness claims.           ...it will always be difficult (indeed, very
Genuine claims for holiday sickness can be             difficult) to prove that an illness is a
pursued, but we are concerned that some are            consequence of food or drink which
being submitted without proper analysis of             was not of a satisfactory quality, unless
the evidence or an understanding of the legal          there is cogent evidence that others have
position.                                              been similarly affected and alternative
                                                       explanations would have to be excluded.
We have investigated and acted against firms
over potentially improper links with claims            The Court of Appeal commented in the case
management companies and payment for                   of Wood v TUI Travel [2017] EWCA Civ 11
referrals of claims. We are also seeing firms
pursuing claims without proper instructions.

The extent to which firms should verify their
clients’ cases is risk-specific. For example, there
seems to be a serious risk that many holiday
sickness claims are not genuine. Examples of
risk factors in holiday sickness claims would
include:

• The claim is made some time after the alleged
  incident.

                                                                                                           35
We regulate more than              The personal injury
      10,000                                 market
             firms23

                       7%                    of these ...             16%
               of all firms specialise in                        are an alternative
                    personal injury                           business structure (ABS)

          Easier to             Existing                               In the last 12
         become an           relationships                  why?      months this has
            ABS              with insurers                             increased by

                                                                          5%

                              Top 5 reasons for investigations about
                                     personal injury services

                  Alleged                       Client care                     Prohibited
                insurance                           and                          referral
                   fraud                       competence                          fees

                                Misleading                           Cold
                                  court                             calling

                                              2X
                                              as likely
                                                                   SDT

           Misconduct relating to personal injury services is almost twice as likely to
               be referred to the Solicitors Disciplinary Tribunal than other work

36
Managing claims
Personal injury                                    Payment protection insurance claims

We continue to have concerns about some            We are concerned that some firms are failing to
solicitors and firms involved in bringing claims   meet high professional standards when bringing
for personal injury. We have warned solicitors     claims for mis-sold PPI and other financial
and firms that we are concerned some firms         products. We have seen some firms:
are:
                                                   • acting in matters without first investigating
• allowing third parties to cold call potential      that there is a valid claim
  clients
                                                   • making claims without knowledge of the
• entering into referral arrangements that are       policy holder
  in breach of the Legal Aid Sentencing and
  Punishment of Offenders Act 2012                 • failing to properly identify clients and confirm
                                                     their instructions
• taking and acting on instructions from
  third parties, without making sure that the      • submitting false claims in the hope of a
  instructions originate from the client             settlement without further investigation by
                                                     the defendant
• settling claims without a medical report
                                                   • charging unreasonable costs for a limited
• paying damages or sending cheques to third         amount of work, contrary to their trustee and
  parties without accounting properly to the         regulatory duties.
  client
                                                   Our warning notice explains that firms who
• in some extreme cases, bringing claims           conduct cases which have one or more of these
  without the knowledge of the person named        features may face regulatory action.
  as the claimant
                                                   The Financial Guidance and Claims Act 2018
• not training and supervising their staff         has introduced an interim cap on the fees that
  adequately.                                      solicitors can charge when undertaking PPI
                                                   work. Solicitors and firms can only charge 20%
Firms that carry out cases with one or more of
                                                   of the claimant’s damages in fees, if the claim is
these features will face regulatory action.
                                                   settled without court proceedings.

                                                                                                        37
What solicitors and firms can do

     Solicitors and firms must make sure that in
     following their client’s instructions they do not
     compromise their duty to the court and the
     proper administration of justice.

     They should also comply with any relevant
     legislation applicable to the claim, such as the:

     • referral fee ban in personal injury cases (Legal
       Aid Punishment of Offenders Act 2012)

     • interim fee cap in PPI claims (Financial
       Guidance and Claims Act 2018).

     Solicitors should read our warning notices to
     keep up-to-date with common risk factors when
     bringing claims.

38
What we are doing

                                                                                                             Managing claims
Our report on the importance of balancing
duties in litigation can help solicitors recognise              Action taken against firms
situations where their duties conflict.                         paying referral fees

We reviewed firms conducting PPI claims, before
the interim fee cap, to find out more about the       We will take action where solicitors do not
work and raise awareness of good and poor             act with integrity or in line with the rules of
practice. We found that 16 out of the 20 firms        professional conduct. For example, in 2018
we visited were routinely charging fees of more       the SDT fined two solicitors and their firm
than 25%, with some charging as much as 50%           £12,000 for paying prohibited referral fees,
of the total claimed for clients.                     which they were falsely recording on their
                                                      firm's ledger as ‘marketing fees’.
We are investigating multiple allegations
about the conduct of firms involved in PPI and
personal injury, including holiday sickness
claims.

Where solicitors do not comply with their
professional obligations, we will investigate and
take action as appropriate. Solicitors who act
dishonestly or without integrity can expect us to
take disciplinary action, including referral to the
SDT.

                                                                                                        39
Money laundering

             Law firms can be attractive to those
          looking to launder the proceeds of crime
           and finance terrorism. Solicitors play an
         important role in preventing and detecting
                      money laundering.

40
Money laundering
Why this risk matters

The legal market can be an attractive target for   Suspicious Activity Reports (SARs)
money launderers. Criminals want to instruct
legal professionals to hold or transfer money      One of the tools against money laundering is
because of the perceived legitimacy this offers.   the suspicious activity reporting system. Legal
Solicitors and firms are at an increased risk      professionals submitted less than 1% of the
because they:                                      total SARs to the National Crime Agency (NCA) in
                                                   2017.24
• regularly hold large sums of client money in
  pooled client accounts                           The creation of the Office for Professional Body
                                                   Anti-Money Laundering Supervision (OPBAS)
• advise and transfer money in relation to         shows the Government's focus on legal and
  property and financial transactions              financial professionals as important to the
                                                   defence against money laundering.
• have access to financial markets.

Money laundering is not a victimless crime as
it helps fund terrorism, drug trafficking and
people smuggling. And serious and organised
crime costs the UK an estimated £24bn each
year.

Organised crime can only operate if the
criminals can move their money into the
legitimate financial world. Solicitors who

                                                                   67%
make money laundering possible, whether
deliberately or unknowingly, can face serious
consequences including criminal prosecution
and regulatory sanctions.
                                                                increase in money
                                                             laundering reports to us
                                                                   over the last
                                                                    18 months

                                                 36
                                             last quarter
                                                 2016

                                                              60
                                                            first quarter
                                                                 2018

                                                                                                      41
Solicitors are at the front line of the
                                                              Conveyancing
     detection mechanism for money laundering
     but are worse than any other financial
     services sector in reporting suspicions.
     We get some very good quality reporting
     from the legal profession, but we get some
     that focuses very carefully on the identity,
     but not at all on the source of the funds
     – one half of the due diligence. Solicitors
     are a crucial source of information and
     intelligence on how criminals hide their
     assets. We have a very, very few who are
     criminally complicit, some who are careless
     and others who are unsure about their
     responsibilities.
                                                    Conveyancing is particularly attractive to
                                                    money launderers because of the large sums
     Director of the National Crime Agency,
                                                    involved. The Government’s National Risk
     Donald Toon speaking at our Compliance
                                                    Assessment views conveyancing transactions
     Officer Conference, 2017.
                                                    as a serious risk, although it accepts that few
                                                    solicitors are knowingly involved in illegal
                                                    activity.

                                                    Four in ten of the SARs from the legal
                                                    sector relate to conveyancing. In particular,
                                                    residential conveyancing SARs have risen by
                                                    66% across the past two years. The faster
                                                    turnover of house sales makes residential
                                                    property a more common target for money
                                                    launderers than commercial property. It is
                                                    more usual for complex trusts to be involved
                                                    in commercial conveyancing transactions.

                                                    Solicitors working in this field should take
                                                    extra care, particularly when the transaction
                                                    has the warning signs of potential money
                                                    laundering, such as:

                                                    • purchases of very high value properties by
                                                      overseas companies and trusts

                                                    • purchases involving money from high risk
                                                      countries.

42
You can also read
NEXT SLIDES ... Cancel