Services
People
News and Events
Other
Blogs

Are your outsourced legal cashiers compliant?

View profile for Elaine Pasini MCIM
  • Posted
  • Author

When conveyancing is heavily in demand and research shows us that an average UK legal practice is seeing a 60% rise in transactions, we ask, is your legal cashier compliant, trained, and qualified to cope with the pressures surrounding risk assessment and cybercrime?

No doubt your in-house legal cashier is a member of the ILFM. Are they? Most legal finance outsourcing agencies ensure the people on their books are ILFM trained. That goes with freelances too.

Here’s our guide to ensure you and your clients are safe.

Is your Outsourced Legal Cashier an ILFM Member?

The majority of legal cashier recruiters or agencies that supply legal cashiers to law firms will know of the ILFM and the training we offer. However, it is up you to as a law firm owner, HR manager, practice manager, and or compliance officer to ensure your outsourced person has support, qualifications, and continued professional development and training.

Law Firms and Cyber Attacks

Anyone who works in a legal practice, especially one that services the area of transactional work, will know the importance of risk assessment, digital asset security, compliance, and overall support for legal cashiers in your firm. What happens with training and compliance checks for whoever you choose as your outsourced legal cashier? Is it done internally or externally?

‘Cybercriminals are developing and boosting their attacks at an alarming pace, exploiting the fear and uncertainty caused by the unstable social and economic situation created by COVID-19.'

Jürgen Stock INTERPOL Secretary General

Have you heard of the Friday “last thing” cybercrime attacks? Often focusing on the legal cashier in the office (be it externally sourced or in-house) with a last-minute email or call from the “boss” asking to expedite with urgency a completion transaction? The pressure on that person overseeing the transaction, if no fee earners or anyone available to verify the matter, is enormous.

“Improving cyber security across the legal sector is critical for the future of our practice. Through the Industry 100 scheme, the legal community has built a strong partnership with NCSC to develop and share relevant, actionable information that will have a real impact across our sector.”

Industry 100 Law Firm Partners

The ILFM recommends partnering with an outsourced legal cashier person or agency that has a secure portal service otherwise you could have serious security and GDPR risks.

Law Firm Compliance & Supporting Outsourced Legal Cashiers

Your firm’s security needs to be demonstrated and when it comes to legal cashiering you are obligated to keep an accurate set of books. Anyone who works in a legal practice knows the pressures fee earners and partners are under when it comes to preparing accounts dovetailing their advice so always check your outsourced legal cashier is certified and compliant with the Solicitors Accounts Rules and Money Laundering Regulations.

There are some excellent and specialist legal finance outsourcing companies in the UK such as, Cashroom, Quill and Ascentant to name but a few.

You should make sure that you will be supported by specialist legal cashiers. It is vital that any partner you appoint doesn’t just have a firm grasp of accounts, but also possesses an ILFM qualification and has an in-depth understanding of the SRA Handbook, SRA Accounts Rules, and other relevant guidelines.

Alex Holt, Director of BD at The Cashroom

Kevin Drew, Managing Director at Ascentant Accountancy, added that in terms of compliance checks, your legal cashier agency should undertake weekly and monthly checks on all of their clients’ finances to review bank reconciliations, office credit balances, and client debit balances, etc. The month-end check should also review residual client balances and be sent to your firm’s COFA for review and signing.

At Ascentant, for example, month-end bank reconciliations are also uploaded to their portal for electronic signing at month end to comply with the 5-week signing requirement.

Platforms that provide remote connections such as virtual private network connections such as IPSEC/TLS VPN, virtual desktop infrastructure (VDI), remote desktop services (RDS), and workstations connecting remotely to your legal practice environment must comply with the PCI DSS requirements.

Here’s a useful guide from the National Cyber Security Centre regarding VPNs.

Remember, the Solicitors Regulation Authority has many resources for COFAs and law firms when it comes to ensuring you follow their rules and regulations. Here’s a snippet:

In order to comply with the SRA regulations, you will need to:

  • Risk assess your firm, relevant clients and matters
  • Identify and verify the identities of your clients and any beneficial owners of your clients
  • Identify sources of funds and wealth where relevant
  • Train your staff to recognise red flags
  • Appoint a money laundering reporting officer to alert the National Crime Agency where they suspect they have encountered the proceeds of crime
  • Where relevant to the size and nature of the business undertake an independent audit, screen your staff, and appoint a Money Laundering Regulation Officer (MLRO) to supervise your compliance work

Questions to ask outsourced legal cashiers

Outsourced legal cashiers are handling (albeit digitally) money so you have a right to ask them about their IT and portals they use. Here are some questions you could ask (including their portals):

  • Do they use Cyber Essentials – are they integrated and monitored?
  • What firewall do they use for all their remote access?
  • Do they have adequate anti-virus software for each terminal?
  • Are all passwords maintained using secure software?
  • How often do their employees receive training in data security, GDPR policies and procedures?
  • How often do they go on CPD training and are they members of the ILFM?
  • Do they generate weekly compliance reports, if not, how often?

If you’d like to read more about Password guidance, the NCSC has its guide HERE.

Where can I send an outsourced Legal Cashier for Training and Support

The ILFM is the body for training, qualifications and support for all Legal Cashiers. As a membership non-profit organisation, we understand the pressures on legal cashiers and your compliance officers, which is why we offer a high standard of training to keep you, your employees, your freelance legal cashiers and your clients safe.

LEGAL CASHIER COURSE

Diploma Level - ILFM(Dip)

This qualification is perfect for anyone new to legal finance or has worked in the field but needs certification for their agency or employer. 

The diploma qualification comprises two certificates:

  1. Bookkeeping for legal finance professionals – PLEASE CLICK HERE; and
  2. Legal finance compliance and Accounts Rules – PLEASE CLICK HERE.

Together, these courses offer complete and practical training through an online (secure) portal, including an ILFM tutor with one-to-one support, plus if you would like to support the training as an employer or agency owner, then we send you updates as and when required.

Our students can apply for an exemption from the Bookkeeping for Legal Finance Professionals Certificate if they already have a relevant qualification. Find out more HERE.

Hopefully, this article will have given you some tips to check if your outsourced legal cashier is ready to work with your firm, however, if you have any questions regarding our membership, continued CPD or qualifications please do get in touch, we’d love to hear from you.

 

Comments

    Post a comment!