In the complex world of legal services, inadvertent breaches of the Solicitors Regulation Authority (SRA) Accounts Rules has become an increasing concern. In a recent webinar, Scott Newby, Director of Compliance and MLRO at Shieldpay, and Ed Boal, Head of Legal at Shieldpay, spoke to Jonathon Bray and Rachael Eyre of Jonathon Bray, SRA compliance consultancy, to delve into the evolving landscape of client account management for law firms, highlighting the growing threats and the need for proactive measures.
The webinar recording is currently available on-demand through the COLP Insider newsletter.
Cybersecurity threats
Law firms are increasingly becoming targets of sophisticated cybersecurity attacks. Perceived as easy targets due to their activity levels and perceived inadequacy of security measures, with large sums of money being transacted, firms face a range of advanced threats, including phishing, social engineering, and spear-phishing campaigns.
Ed Boal considered the advancements in these attacks, touching on how the integration of artificial intelligence (AI) and biometric tools have elevated the sophistication of cybercrime, making it crucial for law firms to stay vigilant.
Scott agreed but also raised the point that while there has been a lot of attention on technology, we can’t underestimate the “old fashioned ways”. We are still falling for simple ‘analogue’ tactics.
Scott used the example of push payments, citing that nearly £240m was lost in H1 of this year from Authorised Push Payment (APP) fraud. He suggested that in practice areas such as conveyancing, where there are tight deadlines, it is easy to lose track, succumb to pressures and accept last-minute changes to bank details to get the deal done…only to realise it was a bad actor sabotaging the transaction and defrauding the seller.
Anti-Money Laundering (AML) challenges
To shed some light on the critical state of the sector when it comes to AML, Scott referenced this year’s annual SRA AML report. The research revealed only 30% of law firms were fully compliant with AML rules, and 47 firms have been fined for failure to comply.
A call for more proactive client due diligence
Drawing on his over 20 years of experience in compliance and risk, Scott emphasised the need for law firms to have robust, firm-wide risk assessment procedures, and comprehensive screening of individual clients during onboarding, as well as periodic reviews of those checks to keep records up to date. He also brought to the fore the need to keep personnel changes in check as this is a key element of company due diligence that is often overlooked.
A renewed focus on source of wealth and funds
Ed suggested how technological advancements are also playing a role in the increasing threat of fraud. He brought to our attention the ease with which documents can be forged, such as payslips and bank statements. While these are important avenues to verify source of wealth and funds, these cannot be the only supporting evidence for approving a transaction to proceed. There needs to be comprehensive checks conducted to validate the source of wealth and funds, de-risking the transaction and playing an active role in preventing criminal activity.
The impact of the global geopolitical landscape: Sanctions and terrorist financing
In light of the current turbulent geopolitical landscape, a major development for AML policies in recent years has been the increased dynamism of sanctions lists. Scott explained that “people are being added and removed on a daily basis”.
As conflicts have worsened, the risk of terrorist financing has also increased. Law firms must be on the front foot, scrutinising every transaction in and out of accounts to ensure that they are preventing any engagement with potential bad actors, and reporting suspicious activity where appropriate.
Rule 3.3: The most misunderstood rule
A central focus of the conversation was the ambiguity surrounding Rule 3.3: “Solicitors must not use a client account to provide banking facilities to clients or third parties.”
Rachael explained that it is one of the most frequently asked questions she receives from clients and there is considerable uncertainty around how to comply with this rule.
Law firms must be able to clearly justify the grounds for managing funds on behalf of their client in the context of the legal services they are providing. The SRA particularly zeroes in on reconciliations protocols and residual balance management. These processes do require specific resource allocation. Some firms may have the skillset in-house, or will employ a cashier or bookkeeper to conduct the required accounting work.
Rachael pointed to the case studies provided by the SRA as a key resource to support in gaining a better understanding of this rule. The emphasis from these is demonstrating best practice for demonstrating the ‘why’ behind funds being held in a client account.
The Opportunity: Interest earning
Law firms have an opportunity to earn significant interest on client account balances, especially with the UK base interest rate rising to 5.25% . Despite the potential financial gains, firms often overlook the possibility of negotiating higher interest rates with their banks or exploring alternative options. This needs to be reconciled with the requirement to account to clients for a ‘fair sum’ of interest.
If you do wish to explore your options, Jonathon Bray is able to support in conducting some market analysis and suggest how to unlock this potential.
The solution: Third-Party Managed Accounts (TPMA)
Third-Party Managed Accounts (TPMAs), introduced under Rule 11 of the new SRA Accounts Rules, solve for the challenges law firms face when complying with regulatory and legal requirements, as well as strengthen security protocols and remove the risks inherent in handling client money.
Some of the key benefits of using a solution, such as Shieldpay, mentioned by Ed and Scott on the webinar include:
- Automated reconciliation – all payments are reconciled, enabling law firms to have better residual fund management and report accurately to the SRA on their accounts
- Transparency and visibility of funds – through access to a digital platform, law firms can log in to see the real-time status of funds in the account
- Fraud prevention – all payers and payees in the transaction undergo verification checks, providing what Ed called a “second conscience” to the due diligence law firms already conduct on their clients
- Potential positive impacts on insurance premiums – using a secure, digital platform de-risks law firms and may result in lowering their PII premiums
Ed pointed out that a significant factor in making the decision to switch to a TPMA is that, when held in a TPMA, client funds remain client assets, but are not client monies for the purpose of the Accounts Rules. This has the potential to significantly reduce the compliance burden for firms.
Adding to this, law firms that don’t manage a client account do not have to pay into the compensation fund. This point has come to the fore recently with the illuminating breaches that occurred last year regarding Axiom Ince, draining the compensation fund pool. While the SRA did release a statement clarifying that there will be no immediate increases in the annual fees for law firms, everyone agreed that it will be re-evaluated in the not-so-distant future.
Why law firms hesitate to adopt TPMA
During this discussion, Ed raised the point that since the introduction of TPMAs in the Rules changes in 2019, adoption has been slower than initially anticipated. He shared a two-fold rationale for this:
- A lack of understanding of TPMA
Awareness of the solution and the benefits it brings to law firms is still underdeveloped. There is more campaigning we need to do to explain to legal professionals that there is a better way of doing things, that old legacy client money management protocol is no longer fit for purpose: it is riddled with risk, inefficient and costly.
- A desire for control
Using third-party providers and outsourcing gets a bad rep from the industry. There is a perception that it is “safer” to keep everything in-house and under the law firm’s control. However, law firms need to collaborate to innovate, becoming more efficient, more secure and deliver outstanding legal services for their clients.
Ed shared that he is optimistic that the tide is turning as firms recognise the benefits of de-risking their business, allowing solicitors to focus on delivering legal services.
What’s on the horizon for 2024?
At the end of the session, Jonathon quickly touched on a few headlines for proposed changes to the rules that may come into effect next year. It should be noted that the SRA recently withdrew its application to the Legal Services Board to make official rule changes, but that they can be expected to come into force sooner or later. He did caveat that these are not fundamental changes, but firms should be aware that they are likely to materialise in the future.
- Anticipated costs: Firms shouldn’t bill for anticipated costs, even though the current rule appears to allow it. The SRA clearly does not approve of the practice.
- Paying out expenses on behalf of clients: There will be formal clarification that it is okay for law firms to repay themselves from client account without issuing a bill, where disbursements have been incurred and paid by the firm on behalf of the client.
- Relaxed rules for operating a clients own account: The SRA is expected to ease the administrative burden of operating accounts managed by the solicitor (e.g. as deputy), in line with current guidance. Reconciliation requirements will be changed from every 5 weeks to every 16 weeks, and there will be new requirements about keeping central records.
The webinar shed light on the multifaceted challenges law firms face in managing client accounts. With cybersecurity threats on the rise and AML compliance essential, adopting Third-Party Managed Accounts presents an opportunity for law firms to enhance security, streamline operations, and navigate the evolving landscape successfully.