Anti-Money Laundering: The crackdown

It is now 30 years since the Financial Action Task Force (FATF) was established in Paris to combat money laundering.  We have been advising law firms on AML compliance for over half that period; a thorough grounding in the historical development in compliance can be critical when facing regulatory investigations over the adequacy of steps taken or not taken some years ago.

The Solicitors Regulation Authority (SRA) has published A thematic review of trust and company service providers (TCSPs) and, as a result of the review, a warning notice, Compliance with the money laundering regulations – firm risk assessment.  Links can be found on www.legalrisk.co.uk/news and a large volume of resources and cases on www.legalrisk.co.uk/AML.

Four of the 59 firms reviewed were found not to have complied with the requirement to undertake a practice-wide risk assessment under Regulation 18 of The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR  2017).  24 firms had inadequate risk assessments; 20 had failed to address TCSP work.  Weaknesses were also found in relation to keeping Customer Due Diligence up to date.

Disciplinary action has been taken against several solicitors with many more pending.  Examples include cases where solicitors failed to comply with their own procedures, two in the Solicitors Disciplinary Tribunal, Sharif 11805.2018 and Dar – 11850.2018 and a regulatory settlement agreement in a case (with shades of Monty Python) where the solicitor was unaware that his purported client had in fact died eight years earlier.   Meanwhile the SRA has widened its review to a further 400 firms.

We have advised many firms on their risk assessments and on policies, controls and procedures.  We also provide independent audit.  We are also advising firms on SRA investigations relating to AML and other conduct issues.  Our clients include a spectrum of the legal profession, from the largest international firms to smaller practices, and property professionals.

SRA Standards and Regulations (May19)

We have commented on these in our November 2018 and March 2019 issues.  Changes have already been approved under the SRA Regulatory Arrangements (Reporting Concerns) (Amendment) Rules (link: www.legalrisk.co.uk/news) and these will lower the threshold at which reporting obligations are triggered.  All partners and firm members will have individual obligations to report potential breaches; this is likely to result in more individuals reporting matters directly to the SRA rather than leaving matters to the Compliance Officer for Legal Practice (COLP), which may itself increase the pressure to report early.

Meanwhile, we have been advising a number of firms which are exploring the route to regulation by legal services regulators other than the SRA.  There is no one-size-fits-all solution, but where the conditions are right, there can be benefits for some.

Conflicts of interest and costs problems

Our January issue addressed a difficult decision on own interest conflicts in the Solicitors Disciplinary Tribunal judgment in Howell Jones LLP (11846-2018).   A recent costs judgment in Bhatti v Asghar [2019] EWHC B5  addresses a further own interest issue where a costs budget has not been filed and costs are limited to the court fees, and compares the factual matrix with the position in Mitchell v News Group Newspapers Ltd [2013] EWCA Civ 1537.  For a link to the judgment and other conflicts cases see www.legalrisk.co.uk/conflicts.

Professional indemnity insurance concerns

We leave it to insurance brokers to comment on the reports of a hardening insurance market for solicitors.  However we do comment on some areas of emerging risk which may impact on insurers directly or indirectly further down the line.  There may be uncertainty as to the breadth of cover under the SRA Minimum Terms and Conditions, and more firms may fail, triggering run-off cover, but not all will pay the additional premium for this.

Many personal injury firms may be reeling from the recent Court of Appeal decision in Herbert v HH Law [2019] EWCA Civ 527 holding, broadly, that they could not charge a 100% success fee unless they could justify it with a risk assessment: could this be the next TAG?  (We refer to the long-running series of claims arising from the collapse of The Accident Group which went into administration in May 2003.)

Many litigation firms will also be contending with disappointed clients as a result of the collapse of After the Event insurer Lamp, an unrated insurer based in Gibraltar.

Claims arising from the purchase of leasehold residential property, with concerns over escalating ground rents and fees for consent under covenants, have not materialised as expected.

Data protection (May 19)

As the anniversary of the General Data Protection Regulation (GDPR) passed on 25 May 2019, it is opportune to reflect.  The aim of a Regulation, as opposed to a Directive, is to ensure greater harmony across the European Union, but one has to ask whether that has been achieved.  There are many areas where derogations are permitted at member state level, and this has given rise to wide variations across Europe.

Examples include special categories of personal data, with Spain requiring more than consent alone to process certain types of personal data, and a lower threshold for compulsory appointment of a Data Protection Officer in Germany.  Legislation is still awaited in some states.  There have also been wide variations in levels of data breach reporting with 442 in Belgium up to January 2019, compared with 21,000 in the Netherlands in 2018.

The recent case of Rudd v Bridle & Another [2019] EWHC 893 (QB) gave consideration to various issues in relation to a Subject Access Request under the Data Protection Act 1998, which may be equally applicable under GDPR, including an unsuccessful claim of legal professional privilege and what constitutes ‘personal data’.

In Dawson-Damer v Taylor Wessing [2019] EWHC 1258 (Ch), the latest decision in a case which has already been to the Court of Appeal, the High Court determined that solicitors must search 35 paper files on which the clients were trustees and disclose personal data to the beneficiaries.

The decision in Wm Morrison Supermarkets Plc v Various Claimants [2018] EWCA Civ 2339, in which the supermarket employer was held vicariously liable for a data breach by a rogue employee which affected 100,000 other employees, is being appealed to the Supreme Court.

Firms with the Law Society’s Lexcel accreditation are now required to review their data protection compliance with specific attention to the appointment (or not) of a Data Protection Officer, record keeping and procedures for compliance.  We can assist with these.

As many have observed, a hard Brexit would force firms with European offices to review the basis upon which they transfer personal data from those offices to the UK.  On the face of it, this would not be a huge challenge, given that many such firms already have to address the point when transferring data to offices outside the EU.  A large proportion of these firms rely on the European Commission’s Standard Contractual Clauses.  However, as will have been seen by readers of our November 2018 issue, it is important to note that this is not a mere paper exercise: the £500,000 fine on Equifax was based in part on a failure to audit for compliance and inadequate safeguards and security requirements.

We have advised dozens of US law firms and many UK firms on data protection.  Links to many data protection resources can be found on www.legalrisk.co.uk/data.

Back To Top Download PDF Publication