Reflections On The SRA’s Proposal To Ban Solicitors Client Accounts
When the Solicitors Regulation Authority (SRA) first floated the idea of banning solicitors from handling client money, I must admit, my initial reaction was sceptical. I assumed, perhaps naively, that this was just a headline-grabbing tactic to draw attention to the SRA discussion paper, that lacked any real substance.
However, after delving into the review, taking part in an SRA round table event, and attending the enlightening Legal Futures session on the future of regulation, my perspective has taken quite a turn.
I have come to the conclusion that they aren’t kidding about this. Although the proposals are at their earliest stage, I am convinced that if they had their way, the current SRA management would ban solicitors’ client accounts.
Panel Discussion Recording: Attacks, Hacks And Cyber-Risks
This week we hosted an insightful panel discussion titled “Attacks, Hacks, and Cyber-Risks”, focusing on the impact of cyber security on law firms. The panel included Chris Roberts from Cybata, Gary Horswell and Colin Fox from Ntegrity insurance brokers, and Rachael Eyre, a data protection practitioner.
Key takeaways from the discussion include:
- The current cyber risk landscape
- The importance of supply chain security
- Regulatory compliance and reporting
- The role of cyber insurance
- Future threats: the impact of AI
- Practical tips and best practices
ICYMI: Use our free AML policy checklist for law firms
It would be an understatement to say that law firms face increased scrutiny regarding their AML practices. The SRA is intensifying its efforts to combat AML deficiencies, making it crucial for law firms to have robust and compliant AML policies and procedures (PCPs).
The Importance of AML Policies
AML policies are designed to reduce the risk of money laundering, terrorist financing, and proliferation financing. Law firms, gatekeepers to the financial and legal system, must implement effective AML controls to ensure they are not used to facilitate criminal activities. The Money Laundering Regulations 2017 (MLR 2017) require firms to establish compliant PCPs to mitigate these risks.
Clear policies should reflect the practice’s firm-wide risk assessment (FWRA), the theory being that no two AML policies will look identical.
Having a well-crafted AML policy is also a defensive measure. It demonstrates that the firm understands its risks and the underlying law, and has carefully thought through the practical controls that need to be in place.
For employees, the policy should be easy to navigate and unambiguous. It is likely to be the first port of call when a query about financial crime arises.
News and Guidance
- SRA consults on 2024-25 business plan, budget and fee levels – The SRA plans to significantly increase the compensation fund levy due to financial losses from the collapses of Axiom Ince and Metamorph. The individual contribution will rise from £30 to £90, and the firm levy will jump from £660 to £2,220 starting October 2024. The SRA says it aims to build sustainable reserves and has a potential £10m borrowing facility. Consultation on these changes is open until 24 June 2024.
- Gazette: Axiom Ince report kicked into long grass by election – The Legal Services Board (LSB) has delayed publishing its report on the Solicitors Regulation Authority’s (SRA) handling of the Axiom Ince collapse until after the general election on 4 July. The report will investigate how Axiom Ince failed, leaving a £64 million deficit in the client account, which will result in increased contributions from solicitors. Despite the delay, the LSB says it will pursue necessary actions arising from the review.
Compliance corner – real life Q&As
“What should I do if I think my law firm has suffered a significant data breach?”
Here are the recommended steps to take:
- Notify your cyber insurer, who will be able to help in the immediate aftermath of a cyber incident. (If you do not have a standalone cyber policy, we can connect you with specialist brokers.) You may also need to notify PI insurers in the event of third party losses.
- Form a response team including your Head of Data Protection (or DPO, if you have one), COLP, and Head of IT.
- Locate and follow the relevant parts of your data incident response plan and/or business continuity plan.
- Contain the breach and recover lost data, using external experts if necessary.
- Assess the extent of the breach and identify the compromised data.
- Within 72 hours of becoming aware of the breach, notify the ICO as required by the UK GDPR. You may also need to subsequently notify individuals if the breach poses a high risk to their rights and freedoms.
- Consider whether the SRA needs to be notified under the Codes of Conduct.
- Record the event in a breach register.
- Evaluate your response. Can any lessons be learned to avoid a repeat of the data breach?
If you have a question you would like us to answer in this section, feel free to send it to info@jonathonbray.com
Free CPD
Recording: Attacks, hacks and cyber risks
Watch this week’s panel discussion on cyber security for law firms, which brought together experts Chris Roberts from Cybata, Gary Horswell and Colin Fox from Ntegrity insurance brokers, and data protection practitioner Rachael Eyre.
The discussion focused on the growing cyber threats facing law firms, emphasising the importance of digital literacy, supply chain security, regulatory compliance, and the role of cyber insurance.
The panel provided practical tips for enhancing cyber security measures and highlighted future challenges, including the impact of AI on cyber threats.
Podcast with Jonathon Bray and AJ Fox Compliance: Inside risk and compliance
Recording: compliance clinic April 2024
Last month Rachael, Ed and Jon spent an hour on Zoom discussing various compliance issues that have caught their eye recently. In an informal session we covered topics including:
- Cyber-crime – latest impacts on the profession
- LOCS23 – the new data protection accreditation for the legal sector
- Insurance distribution – it’s boring but important
- AML fines – the ever-increasing risk exposure for law firms
- The consultation on improving the Money Laundering Regulations
Watch the recording (passcode 7wrZ%+ZQ)
Training resources: On-demand webinar archive
Contact us for access to our extensive back catalogue of recorded webinars. Topics include:
- Financial crime: LSAG, firm-wide risk assessments, client due diligence etc.
- Sanctions
- Use of client account as a banking facility
- Data protection
- Financial stability
- Conflicts and confidentiality
- SRA Transparency Rules
- Accounts Rules
- Employee Ownership Trusts (EOTs)
- Register of overseas entities
- Sexual misconduct and solicitors’ private lives
- Terrorist financing
- And more….
We also produce bespoke training webinars, live workshops for your team and COLP and COFA training.
SRA and SDT disciplinary decisions
- Legal UK Services Limited – firm fined £65,322 for failing to obtain client consent before submitting claims, not providing full costs information, and neglecting to advise clients on all claim options, including free assistance from the Financial Ombudsman Service. The firm also failed to maintain proper client ledgers and account reconciliations.
- Vishal Sharma – non-lawyer prohibited from the solicitors profession after being found in contempt for misleading the court.
- Tina Spencer – paralegal removed from the profession for (1) providing false information to the Land Registry and (2) preparing wills for clients in her personal capacity, whilst using her employer’s name and branding.
- Robert Barber & Sons – firm fined £12,400 for failing to comply with undertakings to register charges within agreed timescales.
- Dewar Hogan – firm fined £12,777.85 for failing to put in place AML controls. The firm conducted just three conveyancing transactions between 2011 and 2019, which technically brought the firm into scope of the Money Laundering Regulations, and should have triggered all of the required systems.
- Ronald Dewar Hogan – solicitor fined £14,528 for allowing his client account to be used as a banking facility.
- Raegal Limited – firm fined £1,520 for allowing its client account to be used as a banking facility, and a lack of compliant AML paperwork.
- Kirkwoods – firm fined £1,950 for holding residual client balances, identified on a qualified accountant’s report.
- Roger Holden – solicitor fined £3,223 for acting in a conflict situation (the conflict being between the firm and an estate of which he was an administrator).
- Hansells – firm fined £120,885 (3.2% of turnover) for “failing to replace client money which had been improperly withdrawn from the client account between 1 April 2014 and 25 March 2022“. The client account shortfall related to a 2001 estate where the assets were incorrectly distributed by the firm’s predecessor.
- Shaddai & Company (Solicitors & Advocates) Limited – firm fined £750 for failing to send training records to the SRA upon request.
- B&C Solicitors – firm fined £7,658 for Accounts Rules breaches, including failing to conduct reconciliations every five weeks and maintain client ledgers contemporaneously.
What we do – contact us for further information about our services