Professional indemnity insurance (Mar21)

Many firms have already encountered a harder market when obtaining cover with not only significant increases in premiums and excesses, but those with significant claims issues and with exposure on conveyancing are finding it harder to obtain cover at all, or are considering going into run-off rather than risk a far higher run-off premium after renewal.  Insurers have been securing personal guarantees for excesses and run off premiums.

There are many substantial claims, particularly from development and other fractional investment schemes, and concerns that a recession may result in increased claims activity.  Examples may include clients blaming solicitors over difficulties extricating themselves from contracts and leases, and there may be fallout from remote working with attendant inadequate supervision and control on deadlines and timescales.  Corporate failures may also lead to claims by liquidators or their assignees.

Solicitors should therefore pay attention to protecting their assets.  Incorporation alone may not suffice.  Many pay insufficient attention to avoiding the risk of the assumption of personal liability.  Appointment as executor or trustee gives rise to personal liability, hence an increase in the number of law firms setting up trust corporations.

Data Protection (Mar21)

Perhaps the most important point for many readers will be the publication by the European Commission of a draft adequacy decision to enable data flows between the UK and the EEA when the interim provisions in the EU Withdrawal Agreement end.

There have been a number of documents published which relate to transfer of data to the USA.  The Information Commissioner’s Office published an analysis of the transfer of personal data from UK based firms to the US Securities and Exchange Commission for organisations.

Of interest to a number of our US law firm readers in particular, in Soriano v Forensic News LLC & Others [2021] EWHC 56 (QB), the High Court held that the extra-territorial jurisdiction provisions in Art 3 of GDPR did not apply on the facts. The absence of a branch or subsidiary in the UK was by no means determinative but it was relevant that Forensic News had no employees or representatives in this country. The fact that Forensic News had a readership in the UK which was not minimal was of no more than marginal relevance: its journalistic endeavour was not oriented towards the UK in any relevant respect. That the content of the First Defendant’s website may be of interest to some UK readers was not germane to the issue under consideration.

The Sedona Conference published a Commentary on the Enforceability in U.S. Courts of Orders and Judgments Entered under GDPR.

European Data Protection Board (EDPB) Guidelines 01/2021 on Examples Regarding Data Breach Notification (version for public consultation) contain numerous case studies which will be of interest in relation to UK GDPR as well as (EU) GDPR.

IBM have published their Cost of Data Breach Report 2020.

Perhaps we may be forgiven for being slightly less excited than Microsoft appear to be from the announcement that Microsoft Word will soon feature an artificial intelligence-powered text prediction feature: some smartphones with text prediction have a curious predilection for inserting client names from contacts in preference to the far more obvious word in ordinary English usage.

A link to the Soriano case can be found on and links to the other documents can be found on

Anti-Money Laundering (AML) (Mar21)

Firms will need to review their Practice Wide Risk Assessments following publication of the draft Legal Sector Affinity Group (LSAG) guidance and the Solicitors Regulation Authority (SRA) Sectoral Risk Assessment (and see also the Environmental risks section below).  The LSAG guidance is expanded considerably on previous guidance, and awaits approval by HM Treasury.

The Office for Professional Body Anti-Money Laundering Supervision (OPBAS) Sourcebook for professional body anti-money laundering supervisors published an addendum updating its guidance on prohibitions and approvals of applications to be a beneficial owner, officer or manager of a firm (BOOM), or a relevant sole practitioner.

Links to these and other documents are on, including an Organisation for Economic Co-operation and Development (OECD) report, Ending the Shell Game: Cracking down on the Professionals who enable Tax and White Collar Crimes, which includes recommendations on ‘targeting professional enablers and disrupting their activities’. See also

Environmental risks (Mar21)

Environmental risks have already hit major law firms themselves with, for example, flooding of offices, and firms in some parts of the USA and elsewhere in the world are well used to hurricanes and other extreme weather conditions.  It is an issue requiring consideration for firm’s own risks: we know of leading European law firms with IT equipment in the basements of offices adjacent to major rivers.

Many larger firms are establishing Environmental, Social and Governance (ESG) practice areas to serve their clients’ needs.  As with any other change in practice areas, they need to consider the impact in relation to their Practice Wide Risk Assessments.  Clients, for example, include new entrants to the energy sector with heightened exposure to new industry, country, technology, financing, sanctions and bribery risks.  We have advised many firms on their risk assessments and their policies, controls and procedures.  Our experience in AML issues over 18 years has been enhanced by our auditing of many leading US and UK firms for AML compliance.

Professional regulation (Mar21)

Secretariat Consulting PTE Ltd & Others v A Company [2021] EWCA Civ 6 was a decision on conflicts of interest in relation to experts.  See

On 24-25 March 2021 the Supreme Court will hear the appeal in Harcus Sinclair LLP v Your Lawyers Ltd, on whether the courts have inherent jurisdiction to supervise the conduct of an authorised body through which a solicitor practises, in particular to enforce an undertaking.

DAC6/Mandatory Disclosure Rules (MDR) (Mar21)

The government confirmed in the budget on 3 March 20201 that it would be implementing the OECD’s Mandatory Disclosure Rules (MDR).  HMRC will be consulting on draft regulations later this year and anticipate that the rules will come into force next year.

Cyber (Mar21)

Cyber risks are a major concern.  Widescale attacks such as the SolarWinds attack which affected Microsoft and many others, and an attack on Microsoft’s Exchange Server software, use of which is widespread, are among many, and providers of software to law firms are already being targeted.  It may only be a matter of time before a case management system used by large numbers of law firms is attacked, leaving large numbers of firms exposed, with perhaps little recourse against suppliers due to restrictive contract terms and/or limits of insurance cover.

Firms are, rightly, encouraged to use two factor authentication, preferably with an authenticator app rather than SMS messaging.  We have however heard of two instances of this being breached.  A relatively sophisticated example resulting in loss of client money was reported by Australian law firm insurer, Legal Practitioners’ Liability Committee here.  Another example, not involving a law firm, arose where an employee received a push notification log in request and approved it instinctively without giving it further thought.

A consultation on reduction in cyber cover under the SRA Minimum Terms and Conditions (MTC) is expected imminently.  While cyber cover is widely available, we understand the market there is hardening too, and cover may be subject to many exclusions and limitations not found in the MTC.  Some risks are not strictly cyber anyway and may require crime cover. Social engineering is also increasingly a threat: some people should be more cautious about the information they give away about themselves on social media and even in out of office replies and home working photographs.

Back To Top Download PDF Publication


0345 330 6791

Download PDF Publication

Download vCard