Risk Update • September 2019

These new provisions, replacing the SRA Handbook 2011, come into force on 25 November 2019. The two new Codes of Conduct, a six-page one for Firms and an eight-page one for Solicitors, RELs and RFLs, are shorter than the current 42 page version, and the Accounts Rules are seven pages instead of 80. There are many points of detail to be considered, but space permits mention of only a few.

The provisions and guidance can be found on a beta site at https://beta.sra.org.uk/but note that at the time of going to press the HTML version of the Code for Solicitors, RELs and RFLs predates the enhanced reporting amendments and paragraph 7 is therefore incomplete (ending at paragraph 7.12). Paragraph 7 of the pdf version runs to 7.19: http://bit.ly/SRACodeAm. The Code does not apply to unqualified employees, unlike the current Code.

The new Principles, reduced from ten to seven, include a requirement for honesty, in response to the various decisions in which some courts have had difficulty distinguishing it from integrity but still a curious provision given the requirements of the general law. They apply to all members of the firm.

New guidance on client care letters should prompt firms to review their documentation; they should also read the UK Governments’ guide for business on how to help their customers better understand their contractual terms and privacy policies. See Contractual terms and privacy policies: how to improve consumer understanding(link on www.legalrisk.co.uk/news.)

Accounts procedures must also be revised if they are to remain compliant, particularly in relation to treatment of disbursements. Firms will also need to keep and maintain records to demonstrate compliance.

New forms of practice are permitted -(a) freelance solicitors and (b) solicitors delivering non-reserved legal activities through unregulated entities. The Law Society has issued practice notes on each –see www.legalrisk.co.uk/news.

Freelance solicitors may conduct reserved legal activities subject to a number of conditions, including ‘adequate and appropriate’ insurance (on which there is as yet no guidance), they cannot employ staff (but can use a serviced office or chambers-style mode of practice) and may not hold client money (subject to provisions relating to disbursements).

Some currently SRA-regulated firms may consider whether they could convert to delivering services through unregulated entities but they will not be able to undertake re-served legal activities and would need to purchase run-off insurance for their existing practice. There are also other regulatory hurdles to consider, including anti-money laundering and financial services regulation. For some, depending on the circumstances, switching regulator may be an alternative to explore.

There are various changes on publicity and transparency. These include provision of additional information when practising in the new ways outlined above. The ban on unsolicited approaches currently applies only by telephone or in person, but under the new Codes would appear to apply also to social media, email and even leaflet drops.

The requirement for individuals and firms to inform clients of mistakes is of some concern as unlike the current provisions they no longer seem to be expressly limited to current clients. This could be problematic.

The bar on limiting liability below the compulsory insurance level remains, but has been moved to the SRA Indemnity Insurance Rules, at paragraph 3.2.

Many firms will be seeking renewal on 1 October. Those with claims histories, particularly those with involvement in development schemes, are finding the market significantly tougher than it has been. We flagged up development schemes in our July 2017 issue. The potential claims exposures of firms whom we represent on coverage and disciplinary issues in relation to these are eye-watering. Cases are already subject to disciplinary proceedings.

We also understand that excess layer cover has become harder and more expensive to obtain and this illustrates why it is fortunate that the Solicitors Regulation Authority was unsuccessful in its previous attempts to reduce the primary level of compulsory cover. We understand that the SRA’s desire to overhaul PII may only be temporarily in abeyance.

We are advising many firms on their firmwide risk assessments, policies, controls and procedures, and audit.

We commented in recent issues on the SRA’s enhanced focus on AML compliance and in particular on both firmwide and matter risk assessments.(See the Warning Notice dated 7 May 2019: http://bit.ly/SRAfra) Firms need to be cautious of simply buying a template and filling it in as each firm’s particular blend of clients and work will be different and the risk assessment should show that that has been properly considered. The SRA’s TCSP Thematic review ( http://bit.ly/SRAthematic) made clear that that risk assessment is ‘the cornerstone of any successful risk-based AML regime’. SRA visits can be expected.

Where files are reviewed by the SRA, they will expect to see matter risk assessments on the files selected.Firms which have not yet completed their firmwide risk assessments or have a working system of matter risk profiling should be addressing this urgently as they may be asked to provide them and it is less than ideal if the ink is still wet.

Particular areas to address are Politically Exposed Persons (PEPs) and financial sanctions –it is easy to assume that the firm will not encounter these issues, but we know from experience that they can catch even high street firms unawares.

We believe that we can expect to see more Unexplained Wealth Orders.The corollary of this is likely to be closer scrutiny of firms which have acted on property transactions for those concerned.

The Association of British Insurers has reported that 99% of claims made (207) on ABI-member cyber insurance policies in 2018 were paid. Firms which have been slow to take out cover, quietly confident in their ability to protect themselves, should keep this under review, because the risks are developing as criminals become more ingenious. The following two examples illustrate the point.

An article in the Wall Street Journal reported that the manager of a firm was tricked into transferring £200,000 to a bank account controlled by fraudsters after they used artificial intelligence soft-ware to mimic the voice of his boss.

The theft of fingerprint and face-recognition details of more than a million people used for access controls for staff of the Metropolitan Police and banks has exposed the victims to security is-sues for the rest of their lives.

We mentioned the £500,000 data breach fine on Equifax in our November 2018 and May 2019 issues. Equifax has reached a $1.4 billion class action settlement. Those responsible for information security may find it useful to review the terms of the settlement setting out business practices commitments which will be binding on Equifax for five years which cover a wide range of measures, including monitoring, vulnerability scanning, threat management, patch management, access control, legacy systems and mandatory training –and a minimum $1 billion spending on data security and related technology over five years. See http://bit.ly/EquifaxOrder.

We advise on a variety of conflicts issues, including challenges to firms acting and disciplinary investigations. Recent additions to our Conflicts web page, www.legalrisk.co.uk/conflicts, include the following.

In Glencairn IP Holdings Ltd v Product Specialities Inc (t/a Final Touch)[2019] EWHC 1733 (IPEC), applying Bolkiah v KMPG, the court declined to grant an order restraining a small two office firm from acting even though there was little detailed evidence on how the information barrier worked.

SRA v Evans and Whiteley 11907-2018 involved an own interest conflict and fines and costs totaling £45,000 for failing to ensure that a client had taken separate advice: it was not enough simply to advise the client to obtain separate advice.

Plein v. USAA Casualty Insurance Company, 2019 WL 3407107 is an American case considering ‘Playbook conflicts’, which arise when a lawyer has knowledge of a client’s approach to strategy.