Do you hear the word “compliance” and roll your eyes? If you are reading this then you will be someone working in law, either as the compliance officer or as a legal cashier, bookkeeper, practice manager or student.
Law firms are a cyber criminal’s goldmine, so the function of risk and compliance in your legal practice is there for you and your colleagues to mitigate any risks (and let’s not forget criminals are one step ahead of us all the time), and maintain compliance by adhering to the necessary regulations.
Before I head into more detail, I would urge you, if you are not already, to join the ILFM as a member as we have so much support, training and forums just for you - have a look HERE. Our COFA support really gives you the confidence surrounding risk and compliance, together with other necessary legal finance factors.
The main four factors any law firm needs to look out to mitigate risk and keep up with compliance are listed here:
- Conflicts of interest
- Anti-money laundering
- General regulatory Risk & Compliance
- Claims, complaints and professional indemnity matters
If you run a small law firm you may well be the COFA and the COLP, and if you handle client money such as property and trusts, then you need constant support and guidance as it can be a lonely place!
There’s an easy guide from the Solicitors Regulation Authority (The SRA) which covers the code of conduct for solicitors in England and Wales, which sets out the rules for legal conflicts issues.
This matter is normally headed up by the COLP, although all the legal finance team must be informed and updated.
The SRA confirms that you do act (via an instruction by a client) if there is an own* interest conflict or a significant risk of such a conflict. You also don’t act in relation to “a matter or a particular aspect of it if you have a conflict of interest or a significant risk of such a conflict in relation to that matter or aspect of it”, unless:
- the clients have a substantially common interest in relation to the matter or the aspect of it, as appropriate; or
- the clients are competing for the same objective,
- and the conditions below are met, namely that:
- all the clients have given informed consent, given or evidenced in writing, to you acting;
- where appropriate, you put in place effective safeguards to protect your clients' confidential information; and
- you are satisfied it is reasonable for you to act for all the clients.
Most conflicts of interest forms are sorted out right at the beginning of a new client and we strongly recommend, if you haven’t in place already, a CMS system that records all up-to-date information for your clients (all names, addresses, dates of birth etc). Each new matter should be documented accordingly.
own* means any situation where your duty to act in the best interests of any client in relation to a matter conflicts, or there is a significant risk that it may conflict, with your own interests in relation to that or a related matter
Here’s where the finance team needs to be alert.
The SRA found that in 2020 nearly two-thirds of the firms it reviewed in the first year of a new programme of AML checks needed “some form of engagement” with the regulator as a result. That’s a high number. It appears that law firm policies don’t often do what they say they should in practice. Why is this happening when there is so much support and help out there? Through us, for example, and the SRA - well the SRA’s report on its findings said that there was a “lack of an effective compliance framework, or indeed a lack of any AML policies, controls, and procedures at all”.
We would love every single law practice in England and Wales to become members of the ILFM so you have updates, resources and training with our full, dedicated support. Please, get in touch if you’d like a chat about firmwide membership.
We can’t emphasize enough how important it is to know exactly who your client is and where their money is coming from. Asking awkward questions at the beginning of being instructed (post conflict of interest check) could avoid facilitating money laundering and supporting organised crime without your intent further down the line. You and I will both know a handful of practising solicitors who have been struck off sadly, for just that.
The larger the legal firm and any international clients (especially business clients) will require a chunk of time to enable sufficient research and analysis of all the information you receive but it is key to preventing money laundering and fighting those hardened criminals. Remember, your firm may have been researched and targeted by those criminals, they are always one step ahead of us. Please be vigilant.
Covid times have and working from home have definitely highlighted identification problems. The team and I appreciate it is difficult with remote working when it comes to AML and ID checks. There have been accounts of a rise in impersonation frauds because legal professionals were not meeting people face-to-face.
Amasis Saba, chair of the Law Society’s AML task force, said electronic identity checks could be a “very useful tool”, and the key thing was to understand how they worked. He suggested asking clients to take a photo of their passport together with a selfie holding that passport up to their face, rather than a video.
As a reminder, and as Amy from Teal Compliance confirms, you must have written policies, controls, and procedures (PCPs) for:
- Identifying complex or unusual transactions or unusual transaction patterns, or where there appears no apparent economic or legal purpose to the transaction.
- Considering any additional measures that could prevent misuse of products or transactions where clients have a level of anonymity.
- Considering any anti-money laundering risks to the practice from adoption of new technology or legal services.
When it comes to bringing on new members of staff or outsourcing your legal finances, it is vital you carry out due diligence checks on them. You don’t want to let an employee or colleague be the instigator or weak leak for criminals.
It may well be your job to know and filter down the rules, regulations, and legislation that apply to your firm - you must ensure they are being followed and evidence that. Have you come into a new compliance role and need to take over a tired and ineffective system? Do you need to develop and implement new processes?
Regulations change all the time, here are a few examples of what you may have had to deal with recently:
DAC 6: Implementing the new EU tax reporting rules in the UK
The Modern Slavery Act
The General Data Protection Regulations
The Criminal Finances Act
The 5th Anti-Money Laundering Directive
If you need help with how to undertake internal audits and gap analysis to support your role, please do get in contact with us. That’s what we are here for, our membership for anyone in legal finance is invaluable.
Mistakes happen - we are all human. The team and I here at the ILFM would always ask you to come to us first before you report to the SRA as we may well be able to help you.
However, sometimes complaints and claims are something many legal firms have to be prepared for.
Compliance officers in a legal practice or large legal firm will be the person there to try and stop the complaint from escalating. No business wants court proceedings against them.
Your credit control colleague may tell you that you must take action against a client who has not paid their bill. More admin!
All legal firms and sole practitioners want to avoid claims against themselves because we all know that a poor claims record can lead to a massive negative knock on for costs with professional indemnity insurance (PI insurance).
One of the COFA’s core duties is to safeguard client money by ensuring its law firm has accounting controls and procedures that are adhered to. Have a read HERE of an article we wrote about PI insurance claims previously.