Another week, another hand-picked selection of stories related to risk, compliance and the business of law.
Thanks for taking the time to read this update. What would you like to see more (or less) of?
Jon and the team
The Financial Services Compensation Scheme and solicitors’ client accounts
Click here for a quick guide to the FSCS, including:
- What is the FSCS?
- Who can claim under the FSCS?
- What are the latest changes to the FSCS scheme?
Deputy Commissioner of ICO gives cybercrime advice
A speech given by the deputy commissioner of the ICO has compiled a list of advice with regards to reporting cyber security issues. James Dipple-Johnstone highlighted key trends surrounding the reporting system, in an attempt to “bust myths”.
With around 500 calls a week since May 25th, the reporting threshold needed some reiteration.
Key issues include:
- The GDPR’s 72-hour clock starts from the moment you become aware of the breach -NOT 72 working hours.
- Reports are often incomplete. Dipple-Johnstone suggests planning ahead by being prepared with someone of ‘suitable seniority’ available to talk, along with having as much information as possible at hand. He also suggests reading the reporting guidance in preparation for such breaches.
- There has also been the issue of “over-reporting”. Not every breach needs to be reported. Again, reading the reporting guidance about the reporting threshold would help prevent this, as well as looking at the NCSC/ICO security outcomes and use the advice there first.
- Make use of reporting over the phone to save time, particularly when asking for advice
- Take extra steps to prevent cyber-attacks, including staff training, email filters and so on.
Why it matters
This kind of guidance and reassurance is vital in attempting to reduce reporting inaccuracies and lessen potential for backlogs of trivial breach reports, therefore leaving space for the regulator to address more damaging breaches.
If you have a good idea of the reporting threshold, you can make better judgement on what does and does not need to be reported.
Dipple-Johnstone also went on to reassure businesses:
“If you take your responsibilities under the GDPR seriously, and have taken reasonable steps to protect that data in line with our security guidance, then we will recognise that .”
Fraudsters target small firms, warns SRA
Fraudster infiltrators have recently inflicted over £7million losses on unsuspecting law firms. The small firms were approached by new criminals posing as business partners offering to help widen the firm’s services into new areas of work.
Small firms need to be aware that they are primarily being targeted because the fraudsters think that the offer of new work is more alluring, therefore more readily accepted.
Also, with no one else covering the fraudster’s ‘expertise’, they hope that the fraud will be easier to commit with lack of oversight and supervision.
Why it matters
Not only does this put firms’ money at risk, it also puts clients at risk too. So it’s of high importance, as the SRA stated, that firms start to carry out proper due diligence – not just on new employees, but business partners. SRA also suggest checking official websites, although any scammer worth their salt will produce glossy literature to give the scheme legitimacy.
Paul Philip, chief executive of the SRA, indicated in recent reports that these cases indicated that there is “no room for complacency”.
Be on your guard.
Who’s afraid of Artificial Intelligence?
Despite the undoubted hype (bordering on hysteria?), AI within the legal sector is very real and its prominence is due to rise.
Atrium, a “law tech” venture, has secured considerable backing from Silicon Valley (£49.6m to be exact). The firm already uses its technology to analyse documents and has acquired an AI system which takes notes on phone calls.
This investment is further proof that technology investors really do see the future potential in legal services.
Another firm, Kira Systems, secured $50m (£38.8m) from a venture capital fund and is developing a system which would use AI to automatically review contracts.
Law Society President Christina Blacklaws, recently queried whether new solicitors will be prepared for the reality of working alongside AI within their day to day professional life.
Presently AI is used in very limited practice areas. The suggestion is that it will be another 10 years before we will be in a position that “general AI”, a system is capable of learning a new task, will be rolled out.
Why it matters
AI undoubtedly has the potential to streamline certain areas of the profession and could bring many benefits. Not least increased accuracy, lower costs and faster turnaround for automated tasks.
We’re not quite at the Ex Machina stage with AI development and, in any event, law will almost always need the human touch. The law is full of nuances and uncertainty. During our working lives, will we see robots capable of human-level problem solving, creativity and professional judgement?
Let’s not also forget that we are in the people business. So long as our clients are human, there will be a demand for one-to-one advice.
We just might need fewer lawyers, and more legal technology specialists.
“Financial enablers” rebuke gets short shrift from Law Society
The Head of the National Crime Agency (NCA) has referred to the legal profession as “financial enablers” in a recent interview with the Financial Times. This has not gone down very well.
He is quoted as stating that the NCA has concerns about lawyers (and accountants) carrying out customer due diligence effectively. This comes off the back of previous criticism aimed at solicitors by the NCA when they accused them of being “crucial to the laundering of illicit funds”.
Why it matters
If the NCA wanted to ruffle feathers they certainly have. They clearly have concerns that the professions are not reporting enough.
Is this justified criticism? It does not seem to be based on much hard evidence, other than comparisons to the financial services sector, which is arguably not a fair comparison.
Having said that, reporting suspicious activity is difficult. You risk losing a (possibly major) client, not getting paid for work already completed, and getting drawn into a time-consuming process with the NCA. There can be competing pressures internally.
Added to that, the process of reporting is not easy. You will often find the NCA asks for information about the criminal property or transaction that you just cannot answer. Which leaves the lawyer in a no-win situation: they cannot benefit from the defence to money laundering (because the report is rejected by the NCA) and so must consider whether they can continue to act.
Sometimes we see firms trying to come up with reasons why they should not report. This is of course, not not in line with the AML legislation. Bottom line: if you have knowledge or suspicions you must report. And “suspicion” is quite a low bar.
New and updated Law Society Practice Notes
- In-house practice regulatory requirements – very useful resource of in-house lawyers
- Legal professional privilege – awaiting a further update following the recent Court of Appeal decision in Serious Fraud Office v ENRC, a useful summary of which can be found here.
Disciplinary decisions
- Solicitor fined £30,000 for misconduct. Andrew Good was found guilty by the SDT of overcharging the NHS in clinical negligence claims. He founded Hull firm Rapid Response within which he established a policy which overcharged the NHS for work undertaken by junior members of staff.
- Matthew Stokes and Mary Hunter. Non-solicitors David Rae and Dale Stephenson have been struck off and fined £200,000 and £50,000 respectively. They were found to have benefited personally from misusing the litigation financing Axiom Fund.
- Miguel Jose Roure Lopez has been struck off the Register of European Lawyers for having client funds transferred to his own account. He was also ordered to pay £57,536 costs.