SRA Compliance Update July 2023

Andy Donovan from Compliance Office takes you through the latest updates from the Solicitors Regulation Authority

New rules and guidance from SRA

📰 The SRA’s has just published new guidance on the Proceeds of Crime Act and it does feel a little like a further attempt to push AML regulated sector obligations out to all areas of legal practice despite the absence of mandatory legal or regulatory requirements duties. So boutique litigation firms for example should pay particular attention. Here’s the key information:

🔍 You have to really concentrate to realise that it is largely recommended best practice going above and beyond clear mandatory duties rather than more typical SRA guidance, similar to what we saw with the sanctions guidance. Pay close attention to the ‘key’ at the start of the guidance which distinguishes between ‘must’ (hardly used!) ‘should’ (which means it is recommended best practice) and ‘may’.

⚠ I would also warn that in the very understandable desire to achieve certain certainly desirable behaviours to prevent crime, the inevitable conflict with this guidance and some of the SRA’s own rules and guidance is not really addressed:

❌ Law firms are encouraged to make suspicious activity reports to the National Crime Agency (including for historic events ) even in circumstances where their work has been specifically carved out from the legal obligations to do so. There is no mention in the guidance of the mandatory SRA rule 6.1 to only disclose confidential client affairs where required or permitted to do so by law. It’s not clear to me that you can automatically disregard client confidentiality on a mere suspicion;

❌ Law firms are encouraged to not inform their clients of suspicious activity reports made with no mention of the mandatory SRA rule 6.4 which requires disclosure of all material information about their case to clients, save for four limited scenarios, mainly relating to legal obligations to not disclose. This won’t always be a problem – but neither would it never be a problem. It’s odd that this does not get a mention either.

Some question marks aside. there is still some really useful points they address and highlight too for firms not doing AML regulated sector work:

✅ Don’t get lulled into a false sense of security because the matter in question relates to the non-AML regulated sector – things can still get very tricky very fast whatever type of work you’re doing if you learn that the client’s funds are tainted

✅ Do have an MLRO and sensible reporting procedures in place

✅ Do train all staff on broad risks and issues such as use of the client account as a banking facility, sham litigation and reporting matters up to the MLRO.

🤔 Overall it’s a useful document but take care to differentiate for yourself what is best practice vs actual mandatory obligations looking at the ‘must / should / may’ key and don’t underestimate the potential legal and professional conduct hurdles in voluntarily deciding to apply a statutory regime which does not in fact apply to you. There should really be legislative change if that is the route everyone is expected to go down.

AML Legislation

📰 The list of high-risk third countries has been updated to include Gibraltar, among other changes.

📰 New Russian sanctions regulations amend the existing set of regulations to expand restrictions on the provision of legal advice to individuals and businesses with ties to the Russian regime. While this is unlikely to regularly impact many firms all firms should review the changes and consider whether their practice has sufficient exposure to reconsider risk assessments and procedures. Kingsley Napley have done a very helpful blog post summarising the changes which we would recommend firms review.

Hot topics

Government finally unveils laws to clamp down on SLAPPs. The government is to define in law for the first time, what a SLAPP is in relation to economic crime and require claimants to prove it has a reasonable chance of success to advance it in court. Should a case reach court the early dismissal mechanism comprising of two tests will come into effect – whether a case is a SLAPP as defined by the bill, and whether the claim has reasonable chance of being successful. This will put the onus on the complainants to prove that their case has merit, rather than on the defendant. Rumour has it that the SRA will have unlimited fining powers for breaches.

The SRA Diversity Survey 2023 has launched, with all firms being asked to report their diversity data between 26th June 2023 & 23rd July 2023. Our retainer clients are once again able to use our reporting tool to collate the data. Make sure you don’t miss the deadline! For a bit of lunchtime listening, here is a recent podcast with our Director Andy Donovan & Nick Henderson – Mayo of VinciWorks discussing all things diversity survey.

Law firms may be compelled to point potential clients to Legal Ombudsman (LeO) decisions about them to help make it easier for consumers to choose a lawyer.

Sir Geoffrey Vos, Master of the Roll speaking recently at the Law Society of Scotland’s Law and Technology conference has said Legal regulators and the courts may need to control “whether and in what circumstances and for what purposes” lawyers can use artificial intelligence (AI) systems like ChatGPT in litigation. ChatGPT is an artificial intelligence chatbot developed by OpenAI, trained to generate human-like responses to prompts. Sir Geoffrey highlighted the recent case of New York lawyer Steven Schwartz, who used ChatGPT to prepare his submissions in a personal injury case. Six of the cases cited were, in the words of the judge, “bogus decisions with bogus quotes and bogus citations”. This was despite Mr Schwartz asking the system to confirm their accuracy.

Another move by the regulator to try and reduce the amount of money people spend on legal fees. The Solicitors Regulation Authority (SRA) wants to “harness the potential of unbundling to broaden access to legal services and increase consumer choice”.

Law firm CEO “saved £300,000” by recruiting lawyers on LinkedIn. The former chief executive of Brethertons has described how he saved the firm up to £300,000 in recruitment fees by finding lawyers himself on LinkedIn. We love LinkedIn for recruitment and thought that we would share this top tip for cutting overhead! There’s a time to call in the pros of course but why not try reaching out to your online network first.

SRA is going to be rolling out some bizarre original changes to the mySRA system.

  • Full stop to full stop in my SRA user names -The policy for usernames for mySRA accounts has had to change. The SRA have amended anyone’s account if their username included a full stop. If this applies to you, you will need to find out your new username in order to log in to your account. Clear? No, us neither…
  • MySRA Account verification. From 12 June, they are introducing an additional verification step to make your mySRA account more secure. This means when you log in you will need to register a phone number. You will then need to have this phone with you every time you log in to mySRA and use a text message code or call to verify your identity. Because of this, you will also need to replace any saved mySRA website links.

Slow response to a scam; avoiding a complaint to the Legal Ombudsman. With cybercrime on the increase, this is an interesting lunchtime read for you about how a solicitors sluggish response to a client who had been scammed led to them not being able to recover the client’s money and receiving a hefty £27,500 fine to be paid to the client. With so many of us working from home these days, this case really highlights how important it is to ensure firms have safeguards and processes in place to mitigate the risks of a cyberattack to a firm and its clients.

Tribunal trends and cases of interest

☹ Some rather serious & extremely concerning offences to highlight this update:

A solicitor caught in a police sting and convicted of attempted sexual communication with a child has been struck off.

Remember the rather infamous solicitor from last month’s update who pled guilty to obtaining drugs from his criminal clients? Well, crime definitely does not pay as he has recently been sentenced to 14 months in jail.

A City lawyer who shared intimate pictures with a teenage apprentice and sent her a video of him pleasuring himself has been struck off.

💰 Money Management

This solicitor’s failure to keep accurate accounting records led him to having shortfalls on his client account, breaching the SRA Accounts Rules and picking up a £2,975 fine with £1,350 costs.

A solicitor’s own money management issues got him into hot water with the SRA when he continued to practice as a solicitor despite his practice certificate being suspended when he was served with a bankruptcy order. He got off lightly with a written rebuke & costs of £600.

A firm’s COFA received a record breaking £18,750 fine with £1,3750 costs for multiple rule breaches. [He permitted a client account shortage](https://www.legalfutures.co.uk/latest-news/solicitor-handed-record-sra-fine-for-accounts-rules-breaches.) ****of £17,819.16, he did not fulfil his duties as the compliance officer for finance and administration (COFA) and accepted a cheque for £10,000 which he paid into his personal bank account. The cheque was from an elderly client for whom he acted as attorney. The SRA found that the solicitor abused his position by taking unfair advantage of the client and did not stop acting for the client and advise them to obtain independent legal advice before accepting the money.

💰 Anti-Money Laundering

A non-fee earning staff member who failed to follow their firm’s AML policies, controls & procedures when she did not adequately investigate a client’s source of funds has been fined £3,500 with costs of £1,350.

🚕 Driving Offences

These solicitors were fined £2,000 & £3,400 respectively for driving while under the influence of alcohol.

🕵️‍♀️ Theft

This ex – law firm employee was dismissed from her job & no longer allowed to work in the profession after she stole the firm’s cheque book & cashed a cheque in the sum of £1,000 into her personal bank account.

A solicitor who took advantage of vulnerable clients to wrongly charge them hundreds of thousands of pounds has been struck off the roll. Over two and a half years, while acting as one client’s deputy, he raised bills of costs amounting to almost £272,000 for work not undertaken. With another client, he charged almost £59,000 for work that was not chargeable. He also admitted using a third client’s money to buy products worth £3,100 from an Apple store and keeping an iPhone 11 Pro Max worth £1,500 for his own use.

⭐ Diversity & Inclusion

A barrister with a spinal cord injury has described how a set of chambers, despite being told in advance that he was disabled, offered to carry him up the stairs to a pupillage interview.

💥 Conflict of Interests

A Bournemouth based firm has received a £4,250 for acting in a conflict situation, despite the firm’s COLP recommending that the client take independent legal advice.

And finally, an interesting turn of events with David (well Seamus actually) taking on Goliath & winning. A now retired head of legal practice and head of finance and administration has successfully had his rebuke overturned with the SRA told to pay costs of £38,000 Solicitors Disciplinary Tribunal ruled that the finding against him was not explained and represented a ‘serious procedural irregularity’.

The SRA has always maintained that accounts rules breaches are effectively strict liability and that you cannot blame sub-contractors if there are problems. This case is being interpreted as raising questions on that approach. I would take care breathing a sigh of relief though – our feeling is that on appeal of SRA internal decisions what the tribunal is really doing is saying that your reasons are inadequate and therefore you have not justified this outcome. I wonder for a number of these cases what the outcome would have been if reasons had been prepared which dealt with the areas of concern better.

📩 Get in touch

Any questions? Don’t be afraid to simply reply to this email and say hello or ask any questions which you have arising from this update. Don’t forget to connect with us or follow on LinkedIn too.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.