Risk Update • January 2018

Firms conducting business in the regulated sector under The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) should by now have largely completed their risk assessments under Regulation 18 and implemented their policies, controls and procedures under Regulation 19 to 21.  They also need to consider their independent audit ‘where appropriate’, and how this may be implemented.

Firms also need to have reviewed their practices and implemented reasonable procedures for the purposes of the defence to the offences of failure to prevent tax evasion in the Criminal Finances Act 2017.

The National Crime Agency has updated its SARs Online User Guidance.

The European Parliament and the Council reached a political agreement on the Commission’s proposal to further strengthen EU rules on AML and counter terrorist financing by amending the Fourth Anti-Money Laundering Directive – the so-called Fifth Directive.  New EU-wide penalties for money laundering are being proposed.

The first ever EU list of non-cooperative tax jurisdictions was agreed on 5 December 2017 by the Finance Ministers of EU Member States; this is the start of a continuing process

The Solicitors Regulation Authority (SRA) is collecting data over a two-week period which commenced on 22 January 2018 in order to comply with its obligations under the MLR, and this has thrown up some queries reflecting the difference in definitions of ‘manager’ in the MLR and SRA Handbook.

The Office for Professional Body Anti-Money Laundering Supervision (OPBAS) and the Financial Conduct Authority (FCA) have published the Sourcebook for professional body anti-money laundering supervisors following implementation of The Oversight of Professional Body Anti-Money Laundering and Counter Terrorist Financing Supervision Regulations 2017, which makes provision for the FCA’s oversight of the professional bodies which have responsibility for supervising compliance with the MLR.

We have been advising many law firms and property professionals on these issues, including risk assessments and drafting of policies, and Suspicious Activity Reports, and also provide audit services to leading firms.  Links to documents referred to above can be found on our News page https://www.legalrisk.co.uk/news/.

Firms should be well advanced with their risk assessments for GDPR compliance as the 25 May 2018 implementation date is fast approaching.  We have been advising firms on this and also providing training.

Contracts with data processors will need to be reviewed.  Consideration should also be given to cloud providers.  Three particular issues arise here.  First, is data being held outside the European Economic Area?  Secondly, researchers at the Massachusetts Institute of Technology (MIT) have warned of the risk of ransomware targeting cloud providers; while the largest providers have increased their spending on security, smaller providers may not have the same resources.   Thirdly, though not solely in the context of cloud services, the European Commission has published a note on the impact of Brexit on data transfers.

MIT have also warned of artificial intelligence (AI) being used to create spear phishing attacks, with the technology being used to create thousands of malware-loaded, fake emails.

The Article 29 Working Party has published guidance on consent and draft guidance on transparency under GDPR.

The Information Commissioner’s website has expanded the guidance on personal data breaches and added three new pages in the lawful basis section, covering contract, legal obligation and vital interests.

Links to documents referred to above can be found on our News page https://www.legalrisk.co.uk/news/.

The SRA is continuing to review the Minimum Terms and Conditions (MTC) but the results of its work are still awaited.

We continue to be instructed on policy coverage issues, including disputes with insurers, claims handling problems, successor practice liability, and drafting block notifications.

Many block notification instructions relate to investment schemes which have gone wrong.  They highlight the need for firms to consider, when assessing how much cover to buy, the application of the aggregation clause in the MTC and policy wording, under which, broadly, claims which arise from the same or similar acts or omissions may be treated as one claim under the policy.

The application of this provision goes far wider than investment schemes, however.  It can cause problems in fraud cases involving rogue partners and staff, and could arise, for example, in the case of computer failure causing missed deadlines and trials.  It could be a particular concern in relation to claims arising from the application of AI, and we have already advised in one case where this type of problem occurred.

We have had several recent successes defending SRA investigations, including a ‘sexting’ case, a holiday sickness claim and a complaint by an opponent in aggressively conducted litigation, making allegations of misleading the court.

A recurrent theme in the instructions we receive, as we have mentioned in previous issues, is the alleged breach of Rule 14.5, SRA Accounts Rules 2011 (provision of a banking facility).  Practitioners do not always seem to appreciate that the SRA’s interpretation of the rule has evolved over the years, and may continue to do so, so the firm’s assessment of whether current practice is compliant must factor in the risk that it may not be seen to be so when reviewed in a few years’ time.

The SRA has updated its warning notice on Risk factors in personal injury claims.  (See https://www.legalrisk.co.uk/news/ for link.)

We are often asked to advise on conflicts, and our clients include large City and US firms.

Cases on conflicts and rules from several jurisdictions and other resources can be found on our Conflicts page https://www.legalrisk.co.uk/services/conflicts/rm-cases/.  New reported cases on conflicts occur less frequently than in the USA, but there has been one recent case, Keeling v Keeling [2017] EWHC 1189 (Ch), which involved an executorship.  A person who is asserting a claim which is adverse to an estate should not take out a grant of representation, as a personal representative is in a fiduciary position; if a law firm knows of the claim, it should advise the person.

The Law Society of Scotland has published a consultation on proposed changes to practice rules on conflict of interest.

We are often asked to advise where firms are acquiring all or part of another practice.  As well as professional indemnity insurance and successor practice issues, this gives rise to questions about how to move the clients over.  Only too often, we come across firms which are purporting to ‘buy’ the clients, or in some cases a ‘will bank’, from an administrator of an insolvent practice with scant regard on either side to the duties of confidentiality to clients and their free choice of solicitor.

Costs issues are also common; many instructions relate to the transfer of litigation matters.   The transfer of a conditional fee agreement was held to be effective as a novation rather than an assignment in Budana v Leeds Teaching Hospitals NHS Trust [2017] EWCA Civ 1980, but care is still needed in both the drafting and implementation of the agreements in order to achieve success.  (See https://www.legalrisk.co.uk/news/ for link.)