Free compliance guide: SRA Accounts Rules

Vinciworks, the leader in online compliance learning, has just released a free guide to the SRA Accounts Rules, which includes hot topics, key definitions and best practice. This guide will come in handy when you need to quickly reference topics such as “office money vs. client money” and “matter completion.” You will constantly be able to refresh yourself on the topics of:

  • Mission briefing
  • Critical terms
  • Whose money is it?
  • Client money checklist
  • Matter completion

With these quick refreshers, your firm will not have to worry as much about the SDT and SRAs fines or restrictions. Also, each page in the guide comes as an individual, print-ready poster.

Screen Shot 2015-07-07 at 11.00.06 AMDownload guide

 

VinciWorks product updates June 2015

Compliance News roundup for June 2015

SRA completes money laundering audit

On 26 June 2015, the Solicitors Regulation Authority (SRA) announced that it had completed its audit of anti-money laundering procedures at law firms. Early findings suggest that only a small proportion of firms require a follow-up visit.

Since September 2014, the SRA visited over 500 firms that it had identified as being at risk from money laundering attempts. It examined whether or not they had effective checks and balances in place to detect any suspicious activity, and that staff were aware of these systems and knew how to use them. This campaign was in line with the SRA’s 2014-2015 risk outlook, which identified money laundering as a key risk to the industry.

As part of this process, the SRA published a “warning note on appropriate anti money laundering processes,” “guidance on how to complete suspicious activity reports,” and a “warning notice emphasising that firms should not allow their client account to be used as a bank account.”

During this process, we heard from a number of clients who presented the SRA with AML training reports from the Learning Management System. The SRA was satisfied with the reports and the level of training all staff received from the new VinciWorks Anti-Money Laundering training.

However, it is important to note, that a Financial Action Task Force (FATF) audit is expected soon.

FATF identified 42 red flags for law firms in its 2013 report Money Laundering and Terrorist Financing Vulnerabilities of Legal Professionals. These red flags focus on due diligence around clients, source of funds, choice of lawyer and the nature of the retainer. The previous FATF audit was in 2007.

SRA Accounts rules released

Train your firm on the SRA Accounts Rules in 30 minutes

VinciWorks – the leader in online compliance learning – has just released a new, 30-minute interactive course to brush up on the SRA Accounts Rules.

The course provides an overview of the key definitions, explains the rules that impact day-to-day work, and tests understanding with real-life scenarios. It digests the rules into concise principles and clarifies how client and firm money should be handled. The course is designed for fee earners, support staff and anyone else involved in handling client money.

Why is this important for you?

According to Rule 6, Non-compliance by any member of staff will also lead to the principals and COFA being in breach of the rules. Serious breaches will be referred to the Solicitors’ Disciplinary Tribunal (“SDT”) whose findings are published. The SDT and the SRA have the power to impose fines or other restrictions on any member of staff (not just solicitors).

Click here for pricing and more information

How One Leading Firm Tripled their AML Course Completions with VinciWorks LMS Pro

A large international firm with over 500 lawyers in 11 countries approached VinciWorks with a problem. Its employees are required to complete mandatory AML training every year. To facilitate this requirement, the firm set up easy online access to courses, and sent emails with login details and clear instructions for how to complete the training to everyone at the firm. Yet, despite their efforts to make compliance with this policy easy, course completion rates were alarmingly low.

After 3 months, only 13.6% of the firm had completed the training.

With this completion rate, the firm risked non-compliance with the regulatory requirement to train employees on the regulations and risks related to money laundering.

VinciWorks helped the firm implement the advanced features in the VinciWorks Legal Learning Management System Pro Edition, and after only three months, course completion rates tripled!

CLICK HERE TO SEE HOW WE DID IT: Screen Shot 2015-06-22 at 3.21.02 PM

 

Cybercrime issue is escalating, says SRA

Cybercrime issues affecting solicitor firms are increasing the Solicitors Regulation Authority (SRA) has revealed.

More and more reports are being received of firms either being contacted by con artists or falling victim to fraudulent activity, with potentially serious consequences for clients buying or selling property. The SRA is urging solicitors to step up their efforts to keep criminals out and protect client interests.

The majority of recent scams fall into two categories:

  • Firms receiving calls pretending to be banks to obtain sensitive information, such as account passwords
  • Emails between firms and clients being intercepted, leading to client funds being paid into fraudsters’ accounts

This is against a backdrop of continued instances of con artists pretending to be solicitors, using either fake names or stealing the identities of genuine firms.

Read more on SRA website

Compliance news roundup for May 2015

Experts weigh in on changes to CPD – Legal Futures
SRA’s new proposals to reduce regulatory burden – SRA
SRA guidance on offering inducements updated – SRA
Engaging the Evolving Workforce in Compliance – Compliance Week
Risk management industry must adjust to climate change loss  -Financial Times
How risk management leads to increased profit margins – CIO
SRA halfway through 500-firm AML audit SRA
Sheldon Adelson lectures court after tales of triads and money launderingThe Guardian

VinciWorks compliance update: upcoming courses, poll results and more

Compliance Update

Upcoming courses

    • SRA Accounts Rules: A Practical OverviewRelease date: May 2015
    • Equality & Diversity: A Practical OverviewRelease date: TBD 2015

Compliance news:

 

Five key risks that probably aren’t in your risk register, but should be there

The risk experts at VinciWorks have conducted multiple off-the-record conversations with various COLPs, COFAs and risk officers to discuss the risks they are examining in their firms. In addition, we researched multiple online risk resources and the SRA’s own public statements on risk and OFR.

This list features five key risks that you should focus on when compiling your risk register and conducting risk strategy sessions. Our recommendations are by no means exhaustive, nor should they be construed as legal advice. If you would like to learn more about our comprehensive risk advisory service, risk workshops and risk management service, click here to download the brochure.

And now to the risks:

1. Bogus firms

The risk

This is a new risk the SRA has added to its risk outlook for 2014/2015. The term ‘bogus firm’ is used to describe situations in which criminals take on the identity of a law firm in order to steal money or access information. Reports of bogus firms to the SRA increased by 50% between 2013 and 2014; and it is likely that 2014 will exceed the 548 reports from 2013. The majority of bogus firm reports relate to situations where the identity of an existing firm has been used; and according to the SRA, both small and large firms are susceptible.

The control

This is a serious risk to your firm, and you are vulnerable, even if you are not aware that someone is masquerading as you. For example, in Lloyds TSB Bank PLC v Markandan and Uddin [2012] EWCA Civ 65, the firm that was said to be the victim of the fraud was still held liable for breach of trust in paying away mortgage monies.

Here are some practical things the SRA recommends that you regularly do:

  1. Search your firm’s name on the internet from time to time, since that might bring up a false office. It may be worth considering doing the same with the names of some of your partners or staff.
  2. Check your firm and individual details on the Law Society’s find a solicitor web page, in case someone has misused your name to set up a false practice.
  3. Be alert to suspicious incidents such as transactions that others seem to think your firm is dealing with when you are not.
  4. Look out for alerts and warnings on the SRA website about bogus firms.

2. Money laundering

The risk

Money laundering is a serious concern for law firms that handle client money and can make attractive targets for those wishing to launder the proceeds of crime or otherwise disguise improper transfers of money. It is estimated that money laundering in the UK has an annual value of up to £57b. As such, the SRA has identified money laundering as a key risk it will be regulating in 2015.

Between October 2012 and September 2013, solicitors made 3,615 suspicious activity reports (SARs) to the National Crime Agency (NCA). The majority of these were consent SARs, where a professional seeks consent to continue with a transaction. An NCA analysis of these reports found a high proportion received from the legal sector were of poor quality. Many did not contain enough information about the suspicious activity for the NCA to be able to make a decision about whether the transaction should proceed.

We have heard from many of our clients that the SRA is conducting audits of their AML procedures and training and the SRA has indicated that this activity will continue in 2015.

The control

It is imperative to engage every relevant member of your staff in mitigation. Anybody at your firm could inadvertently find themselves embroiled in a money laundering transaction that could ruin your firm’s reputation or expose it to liability.

This control starts with education. Every member of your firm must undergo regular training to understand what behaviour is expected of them. AML has been singled out in the new SRA competency framework as an area in which a solicitor must maintain proper training.

In line with the SRA’s guidance, VinciWorks has redesigned its entire suite of AML training to offer appropriate training for every member of staff.

3. Microsoft products that are no longer supported

The risk

Many IT departments are slow to upgrade their firms to the latest versions of Microsoft Windows, Office and Internet Explorer. They do this for a variety of reasons including high costs, complicated technical deployments and the need to retrain staff. Some firms cannot upgrade because a business-critical application can only run on a previous version of Windows. For example, some bespoke matter management software requires Windows XP or Internet Explorer 7.

This is a grave concern for law firms. Microsoft ended support for Windows XP on 8th April 2014. That means it will no longer produce security patches for critical vulnerabilities in the operating system. As time goes on, more and more critical security holes will be found, and attackers will have free reign to exploit them. If your firm is running unsupported software, you could be exposed to liability under the Data Protection Act; especially in a case where you are storing personal data on those computers. In addition, the increased chance of hacking into your firm’s computers could open up the firm to a variety of risks including compromised information security, reputational risks and bogus firms.

Currently over 15% of our clients are still using IE7 or IE8 on at least some of their computers. From 12th January 2016 Microsoft will only support the most current version of Internet Explorer available for a supported operating system. That means that in less than a year, firms will have to upgrade to at least IE9 (on Windows Vista) or IE11 (on Windows 7 and up) or risk exposure to security flaws.

The control

It is strongly recommended that all organisations using Windows XP, Office 2003, Windows Server 2003, Exchange 2003 and Sharepoint 2003 should upgrade to supported software as soon as possible. If this is not possible, the UK government recommends some short-term mitigations to minimise exposure. These include the upgrade of high-risk user devices, such as devices used for corporate remote access, as they will be subject to greater physical threat and be more susceptible to network-borne attacks. Devices that can access more sensitive information or services, including personal data, should also be prioritised.

Firms running IE7 or IE8 should discuss an upgrade plan and budget with their IT departments before the looming 12th January 2016 deadline.

To learn more see the CESG guidance on the matter.

4. Referendum on UK membership in the EU

The risk

In January 2013, Prime Minister David Cameron promised an ‘in/out’ referendum on British membership of the European Union in 2017, if the Conservative Party wins an outright majority at the next general election. Recent opinion polls have shown that a majority of the population favour such a move. This could have severe implications for the practice of law in the UK.

Currently firms in the UK benefit from the EU single market which enables solicitors to cross borders and practise across the EU. If the UK leaves there will be negative consequences to the open market.

In that scenario, firms that represent high net worth individuals from Europe could potentially see their business go elsewhere if the referendum passes. Larger firms with an international practice and firms that represent multinationals could find operating throughout Europe to be too costly, or could find their clients looking for European representation.

The management of client money and its transfer across borders could also potentially be affected by an EU exit.

The control

Firms must start by assessing the areas of their business that could be affected by an EU exit and prepare a contingency plan. Regular communication with at-risk clients could mitigate the risk and larger firms should consider whether to invest in lobbying or public policy initiatives.

5. Misuse of money or assets

The risk

Like AML and bogus firms, misuse of money or assets is a key risk for the SRA in 2015. The SRA has identified a trend of increased cases of misuse. Some of these cases are caused by poor systems and controls, whilst other cases involve unethical conduct.

In the twelve months to August 2014, the SRA received over 140 reports of misuse of money or assets per month.

The control

Many times the misuse of funds is the result of a cash flow deficit. Firms should ensure that they have adequate credit lines and should extend overdraft authority to partners.

In addition, a properly maintained incidents register can ensure that material breaches are reported on time, cashiers are held accountable for mistakes, and risk teams can analyse trends of improper use of funds.

Finally, all employees who deal with client funds should receive regular training on the SRA Accounts Rules. In line with the SRA’s risk outlook, VinciWorks will be producing an SRA Accounts Rules Practical Overview in 2015 to complement its current SRA Accounts Rules course.