New Risk Outlook: Are you up to date?
The Solicitors Regulation Authority have today (25/07/17) released their new Risk Outlook for 2017/18.
Outlining the main areas of risk within the legal sector, the guide aims to keep legal professionals up to date with how they could be impacted, and to minimise the risk of being targeted.
One of the key purposes of the Risk Outlook is to set out the SRA’s priorities and how the regulator intends to allocate resourced to combat risk efficiently. Control of the risks is key, as well as assisting legal professionals in managing them effectively, in turn prioritising the interests of the public. The general aim is to ensure proper administration of justice.
Recently updated is the priority risks section which sets out where the SRA are focussing their attention in areas which are deemed to present the most prominent risks.
One of the key areas highlighted was the protection of client money, stressing that this is one of the basic duties of a legal professional.
Reporting on trends witnessed, the Outlook highlights that despite the fall in misappropriated client money, the risk is still prominent, with an average of 43 being reports being received each quarter.
Conveyancing is noted as a key targeted area, namely involving email modification from a scammer, who will then impersonate one of the parties. The SRA references a significant number of instances where the fraudster has masqueraded as the solicitor in requesting the modification of bank details. This could go some way to explaining the addition of recommended services such as Lawyer Checker when transferring client monies.
During the last year, the SRA stated that £12 million of client money has been taken by fraudsters.
In order to target this risk and reduce this figure further, the SRA provides guidelines for what actions professionals should take.
Where client money is held, it is essential that systems and controls are in line with the SRA Accounts Rules in order to protect it properly.
The advised steps are as follows:
- Proper management and audit of accounts
- Appropriate vetting, training and supervision of staff
- Appropriate control of client accounts; this includes awareness of access
- Awareness of email modification fraud and how to combat against this. The SRA encourages firms to do the following:
- Exchange details with the other parties at the start of the transaction
- Considering the use of a system such as Lawyer Checker to verify the bank information of a law firm
- Appropriately training staff to be alert to fraudulent emails and to verify a change of bank details using another method of correspondence
- Appropriately protecting client information
The SRA also stress that any client money stolen should immediately be reported to them, even if it has been replaced.
Another key risk area highlighted in the report is money laundering.
This can occur where legal professionals are instructed to transfer or hold money by a criminal. The Outlook draws attention to the relevant obligations that solicitors are subject to under the Criminal Finances Act and the recent Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017.
Whilst the SRA notes that the number of legal sector Suspicious Activity Reports is low, it has also seen a rise for the first time in seven years.
Regarding money laundering trends, the Outlook highlights reports relating to residential conveyancing making up around a third of the total.
In light of the 2017 Regulations, the SRA state that they will be updating the guidance, clarifying the legal obligations which law firms are expected to comply with.
Information Security is also listed as a priority risk in the Outlook, perhaps made even more significant in the run up to the implementation of the General Data Protection Regulation.
Much like client money needs protection, the sensitive nature of client data also means that it required protection. This is because of the severe consequences which could occur if said data is lost or stolen.
Whilst physical information is not secure, the SRA also highlight that electronic information presents its own challenges, given that criminals are able to obtain it remotely if it lacks proper protection.
Listing the most common scams that legal professionals are likely to fall victim to, the Outlook draws attention to the most popular methods used by criminals to obtain information. These are as follows:
- Sending malware which can demand a ransom in return for encrypted files.
- Impersonating a CEO which is likely prompt staff to obey rather than acknowledge the potential for fraud.
- Phishing or vishing where a criminal sends a believable link to a login page or requests password details through other correspondence.
- Bogus firms operating under the name or identity of an existing firm.
The SRA notes that rather than electronic systems, this kind of attack will usually target people. It is therefore essential that staff are trained to recognise and deal with these scams in the most appropriate way.
It advises professionals to read through its paper on IT security for detailed information on the most frequent types of scams and what to be aware of.
Whilst this is not the first time that cybercrime and information safety has appeared in the risk outlook, the fact that they have been highlighted again does not make them any less important. Rather, as mentioned by the SRA’s Paul Philip, they require constant attention.
The SRA’s Chief Executive stated: ‘Our new Risk Outlook sets out eight priority risks that matter to all solicitors and all law firms. These issues, if not managed, risk harm to the public, the Rule of Law and the proper administration of justice.
‘Many of these risks will be familiar to you. That is because challenges such as keeping information safe, cybercrime and compliance with anti-money laundering regulations do not go away and need your constant attention.’
Also highlighted as a priority in the outlook is the standards of service, along with vulnerability.
The SRA notes that when service is not up to a certain standard, people do not receive the help that they need, a risk which is only enhanced when the individual is vulnerable.
As the advice of a legal professional is often relied on during stressful times, the SRA highlight that any given, along with the support provided is competent and appropriate. Where this is not the case and the SRA feel that their standards have been breached, action will be taken in the public interest.
The Regulator noted that complaints received usually related to conveyancing, wills and probate, family law and personal injury, largely because a solicitor is more likely to be used in these legal areas.
Whilst the SRA aims to reduce the number of complaints it receives, it stresses the importance of handling them in the correct way. It states that solicitors must adhere to their appropriate complaints procedure, dealing with them in a prompt and fair way.
Along with publishing their research into consumer and firm experience of complaints, the SRA also intend to introduce two succinct Codes of Conduct before the end of next year. The aim of these is to make it simpler for both legal professionals and consumers to understand the expected standard of service.