In Industry Insights



The SRA has published its Risk Outlook for 2018/2019.


One of the main themes emerging is that criminals are having a very real impact upon the legal profession and increasingly so, here are some of the headlines:

  • Money laundering reports are up 65% – with 60 cases of money laundering reported in the first quarter of 2018, compared with 36 in the first quarter of 2016.
  • The amount of money lost due to cybercrime is increasing at a rate of up 50% year on year. It has been estimated that £20million of client money has been lost as a result of cybercrime.
  • £47.7million has been lost through dubious investment schemes since 2015.


The SRA has categorised the trends that have emerged into 10 “priority risks”, and we will look at each of those risks in detail below.


  1. Cybercrime


The SRA notes 5 ways that cybercriminals target law firms:


  • Email modification – criminals intercept emails between clients and firms to change the bank details. This is often prevalent in conveyancing transactions and more commonly known as “Friday afternoon fraud” and accounts for more than 70% of the reports made to the SRA.
  • Phising and vishing – criminals gain the trust of a solicitor or member of staff to obtain confidential information by phone or email (eg. Passwords)
  • Malware – viruses and ransomware programmes are introduced through harmful software and used to either extort money or encrypt files.
  • CEO fraud – impersonating senior personnel within the firm so as to give authority to money transfers through hacking email addresses or having very similar addresses.
  • Identity theft- bogus firms copying another firm’s identity


The SRA advises that everyone within the firm should be alert to the risks, that mobile phones should be encrypted, that tracking systems should be used, and that firms should avoid the use of an administrator account.   Every firm should be prepared and have a planned strategy should an attack take place.



  1. Access to the legal services


The SRA highlights the affordability of services and lack of information as being the biggest reason that the public are not accessing legal services.


The SRA found that out of those that had a legal need in the past 18months, 35% of individuals and half of small businesses tried to resolve matters without professional legal advice.  Research suggest that the public expect fixed fees and online services but that there is still a strong preference for local services.  It is also apparent that people want to know the likely cost and quality of service they will receive before committing to instructing a solicitor and 28% of people don’t use a solicitor because they believe it will cost too much money.


The findings tie in with the requirements of the “Better information, more choice” proposals published earlier this year to publish prices and additional information such as a description of the services offered and regulatory status.


  1. Diversity in the profession


The report highlights the SRA’s findings that whilst entry into the profession is diverse, women, black, Asian and minority ethnic and disabled lawyers remain under-represented in larger firms.  State school educated solicitors who were the first generation of University graduate within their families are also under-represented.


Some suggested action for firms to improve diversity within the profession includes:  pay audits to identify any pay gaps in any particular groups of people; offering flexible working; and supporting different routes into the profession such as apprentices, paralegals and legal executives.


  1. Information security


By virtue of the very nature of legal services the type of information obtained, stored and discussed is often highly sensitive and the importance of information security within the sector is therefore critical.  The SRA quotes 152 reports of breaches of confidentiality in 2017 and some 122 within the first quarter of 2018.


The risk outlook report sets out the SRA’s advicewith regards to information security which includes making sure information is securely backed up, using privacy screens for homeworkers, and the use of encryption when storing and transferring electronic data.


Firms should be looking to reviewing their procedures in line with the above and the new GDPR obligations.


  1. Investment schemes


Scams where the promoters of “dubious” investment schemes use law firms to try and legitimise the scheme are on the rise.  Despite the draw of high returns, they often lead to huge losses.


Law firms commonly become involved in these schemes through acting for the promoter, acting for people investing their money, or passing people’s money through their client account.


Investment fraud is having a huge impact upon the legal profession with 106 claims having been made to the Compensation Fund since 2015 totalling £47.4million.


The SRA has published helpful guidance within their warning notices.


Be warned – solicitors who have allowed their client account as a banking facility and have acted dishonestly or without integrity will be referred to the SDT.



  1. Managing claims – personal injury services


Some alarming trends are emerging in this sector with misconduct relating to PI services being most likely type of work to be referred to the SDT.  Investigations may include: alleged insurance fraud; client care and competence; prohibited referral fees; misleading the court and cold calling.


The report highlights concerns in respect of handing of holiday sickness claims and PPI claims in particular.  The concerns include firms bringing claims without client permission, firms not adequately supervising staff and firms charging fees of more than 25%.


Again, the SRA has issued relevant warning noticesto alert firms to the potential risks of bringing claims.


  1. Money laundering


The report notes that there has been a 67% rise in money laundering reports since 2016.  Conveyancing is an area of particular risk but there is nothing new there.


In its bid to tighten the anti-money laundering regulatory regime, the government has set up the Office for Professional Body Anti-Money Laundering Supervision (OPBAS) to supervise the SRA and other regulators to ensure that the supervision meets the standards required on the AML 2017 regulations.


The SRA has provided quite considerable and helpful anti-money laundering guidanceand warning noticestogether with a risk assessmentwhich firms may use a tool by which they can manage their own risks.   It also highlights the need for firms to be alert to the increasing use of cryptocurrency in financial transactions such as conveyancing as it may be difficult to trace its source.


  1. Protecting client money


On average, 94 reports relating to the misuse of client money or assets are made to the SRA each month.  A worrying statistic, but most of these relate to poor accounting procedures rather than dishonesty.


The advice is to have good accounting systems in place and ensure all staff are trained to know their responsibilities and are supervised.  The SRA will of course act against firms that do not have appropriate systems in place.


It is also worth remembering that the new Accounts Rulesare due to be introduced in April 2019 alongside the Handbook Reforms which is aimed at making their expectations a lot clearer when dealing with client money.


  1. Standards of service


It goes without saying that clients suffer if they receive a poor standard of service.  In some circumstances, this could have a very serious consequences, in immigration cases, care proceedings and criminal proceedings for example.


Sub-standard services also impinge upon the reputation of the profession and the business.  The SRA focuses upon conveyancing services, criminal litigation and immigration legal services within the risk outlook as areas where not all solicitors were deemed to be meeting the high professional standards required.


The advice given by the SRA is for firms to ensure that staff training and development is supported including non-technical skills such as communication and complaint handling skills.  Other ways would be to use technology wherever possible to improve the delivery of services and to ensure that information is provided in accessible formats to all users and to meet their individual needs.


The introduction of two new codes of conducts for individuals and firms in 2019 is aimed at focusing on professional standards.


  1. Integrity and ethics


One trend that the report highlights is the role that solicitors have been known to place in non-disclosure agreements (NDAs) relating to allegations of harassment.  Whilst this involved a small number of firms, it received notable public and political attention.


Also, highlighted was the need for solicitors providing tax advice to be extremely cautions of facilitating tax avoidance schemes in any way.  The SRA has provided warning noticesto emphasise solicitors’ duties and to emphasise the seriousness with which they would deal with any actions that may be deem to be “enabling” tax avoidance.


The impending Handbook and Account Rules reforms are aimed at addressing some of the above concerns after years of consultation. What the report does also emphasise is that the modern legal practice can no longer cling to its dinosaur days of loose paper files and luddite approach to new technologies and risks that flow from that.  To remain safe and not fall prey to cyber criminals and breaches of security legal practices must become tech savvy. Technology can have the added advantage of increased staff awareness and training in all areas of the profession to ensure the professional standards are maintained.




The priority risks of the SRA highlight the core elements that challenge the modern law firm.  It has always been the case that the law is an ever-evolving sphere however it is the legal profession as a whole that must also evolve so as to stay on top of emerging trends and novel criminal activity.



Recent Posts

Start typing and press Enter to search

Get your FREE COLP Insider email delivered fortnightly

We’ll never share your email address and you can opt out at any time, we promise