Anti money Laundering (AML) (Risk Update March 2020)

The Solicitors Regulation Authority (SRA) is pressing larger firms on the issue of independent audit under regulation 21 of The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.  We have undertaken many of these for US and UK-based international firms and City firms and are used to auditing electronic files so are able to do this remotely.

Given the increasing number of challenges to legal professional privilege in the courts, we believe it is important that being an SRA-regulated law firm ourselves, providing legal advice on our clients’ compliance with the legislation, maximises the prospects of protection from legal professional privilege.
The SRA are asking several firms to provide their policies, controls and procedures.  We have advised many firms on these, and on SRA investigations.

An HM Treasury advisory notice on enhanced due diligence in higher risk jurisdictions drew attention to the latest publication by the Financial Action Task Force (FATF).  See for a link.

The SRA’s supervisory responsibility now extends to tax advice and it will be asking the 7,000 firms it regulates for AML purposes whether they offer tax services.  The profession would benefit from guidance from the Legal Sector Affinity Group on what constitutes tax services for these purposes: does it, for example, extend to litigation with HMRC over VAT recovery by an innocent party in a carousel fraud case, or advice to a self-employed personal injury claimant on whether damages should be claimed gross or net of income tax or VAT?

Schedule 9 of the Proceeds of Crime Act 2002, amended by The Money Laundering and Terrorist Financing (Amendment) Regulations 2019, defines business in the regulated sector. By paragraph 1(1)(m) this includes ‘the provision of material aid, or assistance or advice, in connection with the tax affairs of other persons by a firm or sole practitioner, whether provided directly or through a third party, if the firm or sole practitioner by way of business provides (as the case may be) aid, assistance or advice in connection with the tax affairs of other persons’.


Conflicts of interest (Risk Update March 2020)

The SRA has updated its guidance on Conflicts of Interest.  As ever, there are regrettably no easy ways to spot the changes.  The guidance adds references to the distinction between
current and former clients, and same or related matters.

Own interest conflicts continue to be problematic.  Our January issue addressed some of the difficulties posed by the SRA’s guidance, Putting matters right when things go wrong, and own interest conflicts, and the decision in SRA v Howell Jones LLP Case No. 11846-2018.  A key point is that the solicitors in that case did ensure that the client received independent legal advice, contrary to the SRA’s assertion, by instructing counsel.  Under the Bar Standards Board Code of Conduct, a barrister’s duty to act in the best interests of each client includes a duty to consider whether the client’s best interests are served by different legal representation, including, if necessary, different solicitors, and if so, to advise the client to that effect and to advise if their solicitor has been negligent.

Further issues on own interest conflicts arise when a solicitor deputy appointed by the Court of Protection wishes to use the services of their own firm, or an associated company for investment advice.  A procedure for addressing this was set out in ACC & Others [2020] EWCOP 9.  (See paragraphs 38-42 and 56 in particular.)  The procedure should be read in full, but it is  notable, in the light of our comment on the Howell-Jones case above, that it includes provision for a separate partner to instruct counsel of five years’ standing to advise.  However, that is stated to apply ‘in relation to a settlement of £1 million or more’ – but if there is a conflict, there is a conflict, and there is no lower financial limit.

This all begs the question of whether the absolute bar on acting contained in paragraph 6.2 of each of the SRA Codes of Conduct may need some refinement, not just guidance.  Links to the above can be found on and our conflicts resource page,


Coronavirus (Covid-19) – a few thoughts ( Risk Update March 2020)

As remote working becomes the new norm, spare a thought for how you will spot if someone is struggling, under pressure, and in need of assistance.  Problems which would normally be spotted, perhaps in casual conversation at the coffee machine, may go unnoticed.           Working in public places such as coffee shops may diminish but may still be used by some (if such places remain open), perhaps if they have internet connectivity problems at home, due to the increased number of people at home (whether working, or adding even greater pressure through gaming). Do your devices have privacy screens?  Security issues may be increased if staff are using their own equipment (including, for example, printers to which documents can be emailed), and guidance is needed.
Even home working presents some risks to client confidentiality as family members may be able to see documents or hear calls, and it may be prudent to remind staff of this, and information security more generally: the BBC reported that hackers are preying on fears of Covid-19 which is featuring in a spike in email scams.  See
It will also be important to ensure that your staff remain aware of their obligations to report data and other conduct breaches promptly.


Data protection (Risk Update March 2020)

There have been several developments since our January Risk Update.

The Society for Trusts and Estates Practitioners (STEP) published a Guidance Note on the effect of the General Data Protection Regulation (GDPR) on private, non-charitable, trusts and estates.

The Information Commissioner’s Office fined Cathay Pacific £500,000 for a data breach (the maximum under the provisions of the Data Protection Act 1998, pre-GDPR).  The monetary penalty notice identifies many system failures which form a useful reminder for law firms, including inadequate patch management, out of date software, user access privileges and failure to use multi-factor authentication.

The Advocate General’s opinion on the meaning of “consent” under GDPR and the previous Data Protection Directive (95/46/EC) was provided in Orange România SA v Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal, Case C-61/19.  The opinion makes clear that the burden of proof is on the controller to establish that consent is freely given, specific and informed.  It further stated that there was no informed consent because Orange had not made it crystal clear to customers that a refusal to the copying and storing of his or her ID card did not make the conclusion of a contract impossible: a customer does not choose in an informed manner if he or she is not aware of the consequences.

Links to the above documents can be found on and on our data protection resource page,


Back To Top Download PDF Publication


0345 330 6791

Download PDF Publication

Download vCard