The Solicitors Regulation Authority (SRA) has updated their 2017/2018 Risk Outlook.
Setting out the main areas of risk within the legal sector, the guide aims to keep legal professionals up to date with how they could be affected, and how to protect against these risks.
One of the main purposes of the Risk Outlook is to display the priorities of the SRA and how resources are allocated to deal with them efficiently. Being able to control the risks is key and by helping legal professionals manage the risks, services can be carried out in the interests of the public, ensuring that justice is properly administrated.
Recently updated in the Outlook is the priority risks section; setting out for legal service providers where the SRA are focussing their attention and the issues which are of most importance.
The one most commonly associated with conveyancing and perhaps the most significant to the profession is the protection of client money.
After acknowledging the relevance of the risk and the importance of supervising staff where they are able to access client funds, the SRA highlight the trends they’ve observed in this area.
These are as follows:
- Per quarter, they state that they receive an average of 43 reports of misappropriated client money, having fallen from 54 reports in 2016.
- Conveyancing funds are often the target of email modification fraud, which usually involves a criminal impersonating a solicitor or client through email interception, then requesting a change of bank details.
- Solicitors have reported £12m worth of client money has been stolen by cybercriminals over the past year. Since 2016, reports have risen by 52%.
- In the year to January 2018, they received 640 reports of bogus firms copying the identity of real firms. This is usually with the intention to steal client funds.
The regulator then lists recommended actions which firms should take to mitigate the loss of client funds.
It states that where firms hold client money:
- They should have appropriate systems and controls to protect that money which comply which the SRA Account Rules. Firms should also be able to check these processes and monitor their effectiveness.
- Staff should be vetted appropriately, and receive sufficient training and supervision
- Accounts should be managed well
- The client account should have appropriate controls
It then goes on to highlight the recommended measures to curtail the risk of email modification fraud – these include:
- From the start of a transaction, firms should be clear with clients or third parties that they will not change bank details
- Ensure that staff are trained to be aware of such emails, and following it up through a different method of communication using details not included within the email
- Making sure to protect client details
- Considering the use of systems which offer lawyer checking services in order to verify that the bank or contact information of a firm is genuine
The regulator then highlights their response when a loss of client money is reported to them. Stating that this will be proportionate to the loss, they list reasons for why they have taken action against firms in the past. These are:
- The firm did not have a suitable system to protect against crime
- The firm did not replace lost money promptly
- The firm did not report matters promptly
The updated Priority Risks can be accessed here.
