NLJ – Controlling risk

This article contains some predictions for the next two years based on the writer’s experience as a member of a specialist law firm providing legal advice on professional regulation and professional indemnity insurance to a cross-section of the legal profession, including many of the world’s leading UK and US-based law firms.

Anti-Money Laundering

Further regulatory action is inevitable, with the Solicitors Regulation Authority (SRA) under scrutiny from The Office for Professional Body Anti-Money Laundering Supervision (OPBAS) and increasing pressure from HMRC and Parliament.

Firms will face regulatory action for breaching their own policies. This may even be so where they were complying with the general standards of the profession.

The SRA, under OPBAS scrutiny, will continue to audit firms. Many firms have not done their risk assessments, over a year after The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) came into force and they should do so urgently.

Expect particular attention to high end residential property (over £1m) and cases where the firm has acted for Politically Exposed Persons (PEPs).

Some firms are employing accountants to carry out their independent audit under Regulation 21 of MLR 2017. This is perhaps surprising, as an audit is almost bound to find fault, and if it is conducted by accountants, rather than lawyers with current practising certificates, it will not be protected by legal professional privilege, so the SRA can, and doubtless will, ask to see the report.

Data Protection

Inevitably, some law firms will be subject to fines under the General Data Protection Regulation (GDPR). Here are some risk hotspots.

Personal injury firms are highly exposed through a combination of handling large volumes of medical records and, in many cases, a degree of complacency. We have already encountered a post-GDPR example of medical records in a file left in a cab, and a case where copies of two clients’ records were mistakenly sent to two other clients jointly instructing the same firm. But this is barely the tip of the iceberg: medical records and reports are routinely copied many times into instructions for counsel and experts, court bundles and file copies, exponentially increasing the risk of data breach. Can you account for what happens to each and every copy when the case is finished?

Many firms trained staff for the introduction of GDPR, but we suspect will fail to ensure that staff are reminded of it on a regular basis and new joiners trained which will be an issue in future regulatory investigations. Inadequate training was a factor in the ICO’s Heathrow Airport fine.

Data subject access requests are increasingly being used as a tactic in litigation, including partnership disputes and employment. Brexit and the EU Withdrawal Agreement (even if it is in fact agreed) give rise to a host of issues on international data transfers.

Professional regulation

The SRA’s proposal to allow solicitors to work in unregulated businesses has been approved by the Legal Services Board (LSB). In two years’ time, problems may start to emerge: criminals controlling enterprises in the business of law, alternative legal services providers operating out of shell companies without effective insurance and without proper regulation, consumers confused by well-crafted notepaper employing the word ‘solicitor’.

The LSB has also approved the SRA’s revised and much-shortened Code of Conduct. Guidance is promised, but will solicitors suffer from retrospective interpretation of its provisions?

We anticipate that the UCL Faculty of Law’s independent review into the regulatory framework for legal services in the UK, led by Professor Stephen Mayson, will propose that the ‘reserved legal activities’ be swept away and replaced by a more rational approach to what legal services need to be regulated, and that the multiplicity of regulators should be rationalised. However, the burning question will be whether there is Parliamentary time available to implement the proposals, whatever they may be.

Professional Indemnity Insurance

We welcome the SRA’s decision to hold off its proposals for reducing the amount and scope of compulsory cover (for the time being, at least). In the meantime, insurers are increasingly focusing their attention on the aggregation clause, under which (broadly) multiple claims arising from similar causes may be subject to one policy limit. We expect there will be further recourse to the courts or arbitration over the impact of this, particularly in the case of investment scheme claims (including hotels and student lets) where we are advising many firms.

Coverage issues are far more common when excess layer insurers are involved. But even where they are not, we are seeing more coverage issues in practice. Where insurers face significant claims, they are prepared to incur legal costs to scrutinise whether a firm failed to supervise (and thereby condoned fraud), misrepresented its systems and controls in its proposal form, or failed to disclose problems prior to renewal.

We may see further contraction of the market in the UK: we have seen insurers exit both the primary and first excess layer market already, and note that Amtrust are withdrawing from the Irish Solicitors’ market. Some firms have faced steep premium increases on renewal.

SRA reforms allowing solicitors to work in unregulated firms are unlikely to achieve significant insurance savings, as the volume will not be there, but will significantly narrow the scope of cover, opening up more exclusions from cover. So we predict that consumers (and lawyers) will lose out with no appreciable benefit.