Risk Update January 2022

SIF protects clients, lawyers and their staff against claims made after the expiry of the compulsory six years’ run off cover.  Unless new arrangements are put in place this post six-year run-off cover (PSYROC) will end on 30 September 2022 (save for extant claims and, following a change of position by SIF, those arising from notifications of circumstances made by then).

The Solicitors Regulation Authority (SRA) has published a consultation which closes on 15 February 2022.  This includes a comprehensive 131 page report by Willis Towers Watson (WTW); those who are short of time might usefully read the Regulatory Impact Assessment (14 pages).

Every practising solicitor should look at the consultation: none should assume that the outcome won’t affect them, even if they practise in large firms.  Change in the structures and ownership of law firms could increase the exposure of those practising in larger firms to the risks against which SIF presently provides protection.

The exercise of the SRA’s powers to continue the protection must comply with section 28 of the Legal Services Act 2007 (LSA 2007) and be proportionate.  Continuing to provide cover will require funding; WTW estimate that this would cost £16 per solicitor annually, but that does not allow for investment income on a fund of, say, £20m.

The WTW report contains no case studies of claims, but, from the writer’s experience of defending claims, it is reasonable to assume that they will include people with serious medical conditions following undervalue settlement of claims, and other cases involving hardship.  Left unprotected, these are the stuff of tabloid headlines.

The SRA’s position is that it is not its role to protect solicitors.  However, SIF was established under section 37 of the Solicitors Act 1974, the provisions of which protect not only consumers, whose interests must of course be the first consideration, but also solicitors and their staff: Swain v The Law Society [1983] 1 AC 598 at p.618 B-C.  Amendments to section 37 in the LSA 2007 did not affect this.

Further, the SRA has created an onerous liability regime for solicitors –

• restricting their ability to limit liability below the compulsory per claim insurance limit (£2/3m), when that limit may not be available to them anyway, for example because of aggregation (and SIF provides only £1m);
• through published guidance – ‘We would therefore not expect to see caps put on liability to clients as a matter of routine’ – compare the guidance from the RICS, which promotes the use of liability caps among firms, saying ‘[indemnity limits and liability caps] are not really related, and there is no legal or regulatory reason why a liability cap needs to be anywhere near as high as the insurance policy limit’;
• a change slipped into the 2019 Codes of Conduct which the SRA interpret as requiring solicitors to inform former clients of potential claims, even though the fiduciary relationship has ended.

The insurance market appears unwilling to provide cover, though we are aware of isolated exceptions.  In any event, such cover will only be provided on an annual basis, and in the event of a claim may not be renewed.

The SRA suggests that The Law Society should arrange cover for its members, but post-LSA 2007 The Law Society, which derives its powers from Royal Charters, appears to have no power to implement an insurance scheme: such powers as it had were transferred to the SRA.  Nor does The Law Society have power to compel payment of premiums or contributions to provide such cover; a voluntary scheme in our view would be unsustainable.

The consultation compares the run-off insurance provisions for other professions, which afford less protection, but these do not advance the debate: the limitation periods may be the same, but those in other branches of the legal profession and in other professions do not, in practice, have as great an exposure to long-tail claims as solicitors. Claims statistics in the WTW report cover reporting delays of up to 19 years, but there is no absolute maximum period in which claims can be made.

Solicitors are exposed, for example, by acting for children on personal injury claims and in trust cases, where time may not even start running for many years, and in conveyancing work, where a title defect may not be discovered until sale many years later.

Unlike other professions, we already have a mechanism in place providing protection for consumers, and for solicitors and their staff. If we didn’t, we might not create it, but we do, so let’s not allow it to wither on the vine when the current arrangements expire on 30 September 2022. If St Paul’s Cathedral did not exist, we probably would not build it today, but it does, and we take steps to preserve it.

There have been several developments since our November 2021 Risk Update, including –

• The Money Laundering and Terrorist Financing (Amendment) (No. 3) (High-Risk Countries) Regulations 2021: Botswana and Mauritius were removed from the list and Jordan, Mali and Turkey have been added.
• HM Treasury published Anti-money laundering and counterterrorist financing: Supervision Report 2019-20
• The SRA published a report on Money Laundering Governance and the role of MLCOs and MLROs: Three Pillars of Success;
• Chainalysis published its 2021 Crypto Crime Report, explaining how cryptocurrency is used in money laundering and ransomware;
• Companies House announced a new procedure for reporting PSC (People with Significant Control) discrepancies.

Links to these and more are on www.legalrisk.co.uk/News, and a wealth of other resources on www.legalrisk.co.uk/AML.

We published an article following a Solicitors Disciplinary Tribunal decision in which it appeared that solicitors had been successfully prosecuted for using terms of business excluding personal liability on LLP members, when this appeared to be in accordance with SRA guidance under the Solicitors’ Code of Conduct 2007.  We raised this with the SRA and understand that, although it is not apparent from the agreed outcome, the SRA’s position is that ‘whilst the attempted limitations to liability were included in the client care letters they were not specifically brought to the attention of the clients’.  We may not be alone in thinking this draws a very fine line.

A number of developments show that this is an area which does not stand still.

An article by Yotam Katz, Product Manager at IntSights, Deepfakes: a future threat to watch as cybercriminals develop their skills in this area, raises concern that verbal confirmation of payment instructions may not invariably provide sufficient protection against fraud.  (Link: www.legalrisk.co.uk/News.)

IT security company Sophos published an article identifying a major concern that two factor authentication may have been compromised: Cryptocoin broker Crypto.com says 2FA bypass led to $35m theft.  The article outlines several possible causes.

The Superior Court of New Jersey has held, in Merck and International Insurance v ACE American Insurance, Docket No. UNN-L-2682-18, that a war exclusion did not apply to a claim arising from the NotPetya cyber-attack, widely attributed to the Russian military.  This may arise in relation to war exclusions in cyber policies here.

The Information Commissioner’s Office (ICO) has commented on the Government’s advertising campaign on end to end encryption; the No Place to Hide campaign says Facebook should abandon plans for end-to-end encryption in its Messenger app, saying it helps to hide child abuse, and promoting the concept of back door access for law enforcement.  The ICO says encryption serves an important role both in safeguarding our privacy and online safety.

The issue was previously addressed in the European Commission’s Article 29 Working Party Statement on encryption, which was opposed to back door access on the basis that strong encryption was essential to ensure a free flow of data, and citing examples of master keys and backdoors compromising security.