Not long ago, we were reporting the occasional low level fine for firms incurring the ire of the SRA for AML failures. £600 for a lack of risk assessment here, £1,200 for an inaccurate declaration there. Nothing too dramatic – the most damaging aspect of a finding was the naming-and-shaming in the legal press.
Over the past year, however, the regulator’s fining powers have increased from £2,000 to £25,000, the regulatory importance of AML controls has heightened due to Russia’s invasion of Ukraine, and the SRA has increased its AML supervision visits.
This is resulting in an increased willingness by the SRA to issue more significant financial penalties.
The most recent example is a £20,000 fine to a small Oxford firm, Ferguson Bricknell, for anti-money laundering failures.
Rachael Eyre, certified data protection practitioner, looks at law firms’ duties to establish a client’s identity when they call the office.
We are all familiar with the routine. After sitting in a queue to speak to your bank, insurance company, phone company (etc.), the call handler proceeds to go through a data protection screening exercise. They want to know they are speaking to the right person and aren’t giving away any personal information unlawfully – or allowing an imposter to change things on your account.
When a law firm receives a call from a person claiming to be a client, are we supposed to go through a similar process?
It’s been a rollercoaster first 5 years for GDPR, says Rachael Eyre.
In this article, Rachael looks at the effect of Brexit on the UK’s data protection regime, ICO enforcement, and international developments.
December’s webinar (see below for recording) was a roundup of the top 10 SRA compliance topics of 2022, with some 2023 predictions thrown in for good measure.
Our previous predictions were pretty accurate. We said that AML, law firm cultures, transparency, diversity and the economy would be on the regulatory agenda in 2022. That turned out to be correct, although perhaps we don’t get any Mystic Meg prizes for the AML prediction. It looks set to remain on our end of year lists for the foreseeable future.
News and Guidance
- Statement: Closure of Metamorph Group law firms
Law Society – New and updated practice notes (may require login)
- Cybersecurity blog: Overheard on a train: how I could have ransomed a law firm (but didn’t)
- Ethics blog: Owning up to mistakes: what’s the right thing to do?
- Legal Futures: Government to give SRA power to demand more information from firms – the Economic Crime and Corporate Transparency Bill will allow the SRA to access documents relating to economic crime from firms, even if they are outside the scope of the Money Laundering Regulations.
- UK Government Factsheet: Economic Crime and Corporate Transparency Bill – more information about the proposed legislation.
- ICO Guidance: Direct marketing and using electronic mail
Recording: It’s the final countdown (of 2022)…our round-up of hot topics past, present and future
The recording of December’s live webinar can now be found here (passcode: wEi$9brb). We covered the top 10 compliance topics of 2022 and looked forward to what to expect this year. The video recording will be available for a few more days.
Next webinar: GDPR turns 5!
When: January 25th 2023 at 12:00pm
Platform: Zoom (register for the event here)
Invitations have been sent out we have over 200 signed up (that’s a record for us). A popular topic!
Led by our in-house data protection practitioner, Rachael Eyre, the session will cover:
- GDPR basics
- How data protection ties in with duties of confidentiality
- The future for the UK GDPR
- Data Processes / Data Maps – the foundation of your Data Protection Regime
SRA and SDT disciplinary decisions
- Archstone Solicitors Ltd – fined £1,600 for failing to publish costs and complaints information on its website.
- Achom and Partners – firm fined £3,500 for failing to display the SRA digital badge on its website, along with costs and complaints information.
- Robert Lawson KC – rebuked by SRA following a drink driving conviction.
- Ferguson Bricknell (a firm) – fined £20,000 by the SRA, without referral to the SDT, for ‘reckless’ AML systems failures (not having a compliant policy, risk assessment, independent audit etc.). There was no evidence of actual money laundering.
- Joshua Patel – law firm credit controller banned from the profession after altering the date on an email in order to mislead his manager.
- Kim Collings – fined £2,000 with additional conditions, for AML failures and failing to keep a contemporaneous bookkeeping system.
- Suzanne Hughes – police station accredited representative struck off following conviction for communicating with a prisoner via an unauthorised mobile phone.
- Aberdein Considine & Company – dual Scots and English regulated law firm rebuked for placing monies relating to English work in a Scottish bank account.
- Markus Malik – rebuked for improperly transferring money from client to office account without submitting bills to clients.
- Christopher Peak – solicitor agrees to removal from the roll after acting in a conflict of interest in his advice to disgraced bishop Peter Ball, a serial sexual offender.
- Kiran Yadav – solicitor agrees to removal from the roll after being found to have misled clients.