Compliance Update

Upcoming courses

    • SRA Accounts Rules: A Practical OverviewRelease date: May 2015
    • Equality & Diversity: A Practical OverviewRelease date: TBD 2015

Compliance news:


We’re delighted to confirm that Dr Simon Kemp, Head of Sports Medicine at the Rugby Football Union, will be delivering a case study.

The case study will cover the Concussion Awareness module which we created with the RFU, Premiership Rugby and the Rugby Players’ Association.

We’re really proud of the course, which has been rolled out across all levels of professional rugby as part of a campaign to raise concussion awareness amongst everyone who takes part in the sport.

We think it’s an excellent example of the potential for eLearning in delivering information to wide ranges of learners, and Dr Kemp will be discussing in detail the challenges faced, the solution, and the results.

The addition of Dr Kemp finalises the agenda for the conference, which also features seminars with compliance experts and workshops with staff.

We designed the day to help you to maximise the benefit of eLearning to your business and to give you the chance to give us valuable feedback on our products and services.

The SRA released the latest version of its handbook on 1 April 2015. Among the important changes is the final Competence Statement, which is the cornerstone of the new approach to CPD and can be adopted starting today.

The new approach will be implemented for all solicitors from 1 November 2016. However, solicitors can choose to move to this new approach today (for 2015), or on 1 November 2015 (for 2016).

Where can you go for guidance on the new approach?

The SRA has also published a toolkit with detailed recommendations for compliance with the new scheme. The recommended process is as follows:

Here at VinciWorks we are putting the final touches on a platform to streamline your transition to the new framework. It will be built into our Learning Management System. We’d love to hear from you what your thoughts and plans are for the new CPD scheme. Recommendations that we hear now will be considered for the final product.

As previously announced, VinciWorks has worked with the Rugby Football Union, Premiership Rugby and Rugby Players’ Association to create a bespoke Concussion Awareness eLearning course for all players, coaches, and officials.

The launch of this campaign across rugby coincided with widespread media coverage and awareness of concussion in a number of sports.

As well as contact sports like rugby and football, sports like Formula 1 have received coverage around the risks of concussion, as the long-term effects of head injuries come under increased scrutiny in the media.

With concern growing, sporting bodies are taking steps to minimise the risks of concussion and VinciWorks are passionate about the use of eLearning in reaching this goal.

We create fully responsive eLearning courses which can be accessed through any internet-enabled device, with a rich variety of content which has been independently validated by experts in the field.

Our Concussion Awareness eLearning content is suitable for all sports and is the most effective way to raise awareness of the symptoms, risks, and management of concussion amongst sportspeople.

When VinciWorks’ Concussion Awareness course was announced by the RFU, Premiership Rugby and the RPA the news was widely reported in the media, reaching BBC Sportthe Guardian, and Sky Sports. The latter described the course as “a major advance in concussion education in professional sport.”

The risk experts at VinciWorks have conducted multiple off-the-record conversations with various COLPs, COFAs and risk officers to discuss the risks they are examining in their firms. In addition, we researched multiple online risk resources and the SRA’s own public statements on risk and OFR.

This list features five key risks that you should focus on when compiling your risk register and conducting risk strategy sessions. Our recommendations are by no means exhaustive, nor should they be construed as legal advice. If you would like to learn more about our comprehensive risk advisory service, risk workshops and risk management service, click here to download the brochure.

And now to the risks:

1. Bogus firms

The risk

This is a new risk the SRA has added to its risk outlook for 2014/2015. The term ‘bogus firm’ is used to describe situations in which criminals take on the identity of a law firm in order to steal money or access information. Reports of bogus firms to the SRA increased by 50% between 2013 and 2014; and it is likely that 2014 will exceed the 548 reports from 2013. The majority of bogus firm reports relate to situations where the identity of an existing firm has been used; and according to the SRA, both small and large firms are susceptible.

The control

This is a serious risk to your firm, and you are vulnerable, even if you are not aware that someone is masquerading as you. For example, in Lloyds TSB Bank PLC v Markandan and Uddin [2012] EWCA Civ 65, the firm that was said to be the victim of the fraud was still held liable for breach of trust in paying away mortgage monies.

Here are some practical things the SRA recommends that you regularly do:

  1. Search your firm’s name on the internet from time to time, since that might bring up a false office. It may be worth considering doing the same with the names of some of your partners or staff.
  2. Check your firm and individual details on the Law Society’s find a solicitor web page, in case someone has misused your name to set up a false practice.
  3. Be alert to suspicious incidents such as transactions that others seem to think your firm is dealing with when you are not.
  4. Look out for alerts and warnings on the SRA website about bogus firms.

2. Money laundering

The risk

Money laundering is a serious concern for law firms that handle client money and can make attractive targets for those wishing to launder the proceeds of crime or otherwise disguise improper transfers of money. It is estimated that money laundering in the UK has an annual value of up to £57b. As such, the SRA has identified money laundering as a key risk it will be regulating in 2015.

Between October 2012 and September 2013, solicitors made 3,615 suspicious activity reports (SARs) to the National Crime Agency (NCA). The majority of these were consent SARs, where a professional seeks consent to continue with a transaction. An NCA analysis of these reports found a high proportion received from the legal sector were of poor quality. Many did not contain enough information about the suspicious activity for the NCA to be able to make a decision about whether the transaction should proceed.

We have heard from many of our clients that the SRA is conducting audits of their AML procedures and training and the SRA has indicated that this activity will continue in 2015.

The control

It is imperative to engage every relevant member of your staff in mitigation. Anybody at your firm could inadvertently find themselves embroiled in a money laundering transaction that could ruin your firm’s reputation or expose it to liability.

This control starts with education. Every member of your firm must undergo regular training to understand what behaviour is expected of them. AML has been singled out in the new SRA competency framework as an area in which a solicitor must maintain proper training.

In line with the SRA’s guidance, VinciWorks has redesigned its entire suite of AML training to offer appropriate training for every member of staff.

3. Microsoft products that are no longer supported

The risk

Many IT departments are slow to upgrade their firms to the latest versions of Microsoft Windows, Office and Internet Explorer. They do this for a variety of reasons including high costs, complicated technical deployments and the need to retrain staff. Some firms cannot upgrade because a business-critical application can only run on a previous version of Windows. For example, some bespoke matter management software requires Windows XP or Internet Explorer 7.

This is a grave concern for law firms. Microsoft ended support for Windows XP on 8th April 2014. That means it will no longer produce security patches for critical vulnerabilities in the operating system. As time goes on, more and more critical security holes will be found, and attackers will have free reign to exploit them. If your firm is running unsupported software, you could be exposed to liability under the Data Protection Act; especially in a case where you are storing personal data on those computers. In addition, the increased chance of hacking into your firm’s computers could open up the firm to a variety of risks including compromised information security, reputational risks and bogus firms.

Currently over 15% of our clients are still using IE7 or IE8 on at least some of their computers. From 12th January 2016 Microsoft will only support the most current version of Internet Explorer available for a supported operating system. That means that in less than a year, firms will have to upgrade to at least IE9 (on Windows Vista) or IE11 (on Windows 7 and up) or risk exposure to security flaws.

The control

It is strongly recommended that all organisations using Windows XP, Office 2003, Windows Server 2003, Exchange 2003 and Sharepoint 2003 should upgrade to supported software as soon as possible. If this is not possible, the UK government recommends some short-term mitigations to minimise exposure. These include the upgrade of high-risk user devices, such as devices used for corporate remote access, as they will be subject to greater physical threat and be more susceptible to network-borne attacks. Devices that can access more sensitive information or services, including personal data, should also be prioritised.

Firms running IE7 or IE8 should discuss an upgrade plan and budget with their IT departments before the looming 12th January 2016 deadline.

To learn more see the CESG guidance on the matter.

4. Referendum on UK membership in the EU

The risk

In January 2013, Prime Minister David Cameron promised an ‘in/out’ referendum on British membership of the European Union in 2017, if the Conservative Party wins an outright majority at the next general election. Recent opinion polls have shown that a majority of the population favour such a move. This could have severe implications for the practice of law in the UK.

Currently firms in the UK benefit from the EU single market which enables solicitors to cross borders and practise across the EU. If the UK leaves there will be negative consequences to the open market.

In that scenario, firms that represent high net worth individuals from Europe could potentially see their business go elsewhere if the referendum passes. Larger firms with an international practice and firms that represent multinationals could find operating throughout Europe to be too costly, or could find their clients looking for European representation.

The management of client money and its transfer across borders could also potentially be affected by an EU exit.

The control

Firms must start by assessing the areas of their business that could be affected by an EU exit and prepare a contingency plan. Regular communication with at-risk clients could mitigate the risk and larger firms should consider whether to invest in lobbying or public policy initiatives.

5. Misuse of money or assets

The risk

Like AML and bogus firms, misuse of money or assets is a key risk for the SRA in 2015. The SRA has identified a trend of increased cases of misuse. Some of these cases are caused by poor systems and controls, whilst other cases involve unethical conduct.

In the twelve months to August 2014, the SRA received over 140 reports of misuse of money or assets per month.

The control

Many times the misuse of funds is the result of a cash flow deficit. Firms should ensure that they have adequate credit lines and should extend overdraft authority to partners.

In addition, a properly maintained incidents register can ensure that material breaches are reported on time, cashiers are held accountable for mistakes, and risk teams can analyse trends of improper use of funds.

Finally, all employees who deal with client funds should receive regular training on the SRA Accounts Rules. In line with the SRA’s risk outlook, VinciWorks will be producing an SRA Accounts Rules Practical Overview in 2015 to complement its current SRA Accounts Rules course.

On Monday 9th February, the LSB finally approved the SRA’s new approach to CPD, announced 21st May 2014.

In a letter — sent to Paul Philip, Chief Executive of the SRA, and buried on the LSB website — LSB Chief Executive, Richard Moriarty writes:

Please find enclosed our final decision notice granting the SRA’s application for approval of changes to regulatory arrangements relating to continuous professional development (CPD) and other miscellaneous changes.

The changes have been approved in full. The LSB welcomes the move from a prescriptive regulatory arrangement for CPD, currently based on arbitrary hours, to a more outcomes focussed framework that places responsibility on firms and solicitors to manage their continuing competence. We recognise that this policy has been the subject of lengthy review, development and consultation by the SRA.

Whilst supporting the SRA’s overall aim, we are also mindful that the intended benefits will only be fully realised if the new arrangements are effectively implemented. We would like to make two observations in this respect.

First, we were pleased to see that the SRA will be putting in place active review and evaluation processes, including for the opt-in period. As the SRA has acknowledged, the change is a big cultural shift for the SRA’s regulated community. In addition, the Legal Services Consumer Panel has said that the effectiveness of the approach in delivering competent services will depend on the capability of the SRA’s monitoring and supervision framework. It is therefore essential the SRA is able to know how well the changes are working in practice and to address any emerging issues both at a macro level and at the level of individual solicitors and firms.

Second, we welcome that the SRA’s post-implementation review will look at cost impacts on solicitors and firms. While outcomes focused measures generally help to reduce unnecessary burdens for business, it is important that these changes are supported by clear and effective communication to minimise any indirect costs that might arise for the regulated community from any uncertainty and confusion.

What are the important changes to the regulations?

Regulation 3.1 of the SRA Training Regulations 2011 Part 3 – CPD Regulations shall be amended as follows:

You must:
(a) undertake 16 hours of CPD during each complete CPD year in legal practice or employment in England and Wales; or

(b) consider and undertake the learning and development you deem necessary to ensure your ongoing competence and that you are in a position to provide a proper standard of service to your clients.”

For these purposes, the SRA has also amended the guidance note to regulation 8 to define what constitutes CPD under the new scheme:

(a) structured training, coaching or mentoring sessions;

(b) live or recorded webinars;

(c) writing onlaw or practice, for example law books,journals, publications for clients, client ‘s own publications, newspapers and magazines, online or in print:

(d) structured work shadowing schemes with clear aims and objectives and requiring feedback or reflection on the activity;
(e) research which relates to legal topics or has relevance to the practice/organisation which results in some form of written document, precedent, memorandum, questionnaire/survey etc;

(f) study for or production of a dissertation counting towards a qualification recognised by us;

(g) watching DVDs,webcasts, podcasts, television broadcasts or videotapes and/or listening to audio podcasts,radio broadcasts or audio tapes produced by learning and development providers;
(h) work towards the Qualification Credit Framework (QCF) awards relating to assessment,verification and/or quality assurance of competence-based assessment models (such as, for example, National Vocational Qualifications);

(i) participating in the development of specialist areas of law and practice by attending meetings of specialist committees and/or working parties of relevant professional or other competent bodies charged with such work;

U) work towards the achievement of an National Vocational Qualifications in any business-related area and at any level;

(k) study towards professional qualifications .

These activities can be completed face-to-face or by distance learning, where appropriate.

Click here to review the full list of changes to the regulation.

What is the timeline?

The new framework will be fully introduce with an opt-in period that will commence 1 April 2015, whilst the full changes will only go into effect in 1 November 2016. During the opt-in period solicitors and firms can choose to continue with the current 16-hour scheme (without the 25% requirement), or use the new scheme. Solicitors will be required to make a declaration when renewing their Practising Certificates in October 2015 that they have either undertaken 16 hours of CPD or that they have opted in to the new arrangements and ensured that they are competent.

A Competence Statement for Solicitors (on which the SRA recently consulted) will act as guidance to solicitors for CPD purposes. It is the SRA’s intention to publish this
on 1April 2015 when the ‘opt-in’ phase commences. The SRA has stated that it does not expect many solicitors to take up the opt-in opportunity until the start of the CPD year from 1November 2015, when the Competence Statement will have been available for several months. The LSB consider it important that solicitors who choose to opt-in are provided with as much support and guidance as possible and have the Competence Statement available to them.

VinciWorks’ Competency Frameworks

VinciWorks has prepared for these changes by introducing a flexible framework in LMS Enterprise that accommodates the SRA’s new competency based approach to training. It allows firms to define competency goals for various individuals, based on their position, builds tailored curriculum and tracks compliance. It allows individuals to reflect on their learning and produce annual competency statements to the SRA.

It is incredible to think that it has been 10 years since 14 fiercely competitive law firms got together as the Online Compliance Consortium (OCC) to jointly develop an AML course. That moment began a journey of collaborative development, which has continued to create great compliance solutions and set global standards.

Based on the principle that there is no competitive advantage in compliance, the OCC has grown to include over 150 leading firms. The OCC has developed over 50 compliance courses and collaboratively built state-of-the-art learning, compliance and risk management solutions.

To mark the occasion of our tenth anniversary, we have created the VinciWorks 10-year report: A Decade of Compliance.

Click here to download

VinciWorks decade report

Including articles by Nick Cray, COO of Hogan Lovells, and renowned BBC legal correspondent, Joshua Rozenberg, this report reflects on VinciWorks’ efforts to create a safer, fairer and more honest world. The report celebrates the strides we have taken so far and offers a roadmap for managing compliance and risk issues into the future.

We hope that you enjoy reading it as much as we enjoyed writing it.

Based on the principle that there is no competitive advantage in compliance, the firms pool their resources to establish industry best practice.

London, UK. The gold-standard Anti-Money Laundering training has undergone its largest update since 2004. Spearheaded by VinciWorks — a leader in online training, compliance and risk solutions — AML experts from 23 of the world’s leading firms have reviewed, rewritten and re-established the industry standard for AML training.

The new courses include 100% new scenarios and exercise questions, as well as a completely new interface. The courses are shorter, easier to read, cleaner and even more engaging than previous versions. The courses also include additional customisation options for firms to insert their own content and links.

Che Odlum, Compliance Manager- Financial Crime and Sanctions at DLA Piper UK, who participated in the core group remarked on the process, “I highly value the opportunity to work collaboratively with my peers from other leading firms. By sharing knowledge, experience and resources, we are able to produce better solutions and establish best practice.“

Guy Powell, another core-group participant and Head of Compliance and Standards at Hogan Lovells said, “One of the strengths of VinciWorks is facilitating the collaborative process. By collaborating, the core group benefits from peer expertise, and thereby produces better solutions that achieve our mutual compliance goals and importantly does so at a lower cost.”

The core group that participated in this anti-money laundering update included: Allen & Overy, Ashton KCJ, Bevan Brittan, Blake Morgan, Cleary Gottlieb Steen & Hamilton, CMS Cameron McKenna, Collyer Bristow Solicitors, Debevoise and Plimpton, DLA Piper, DWF, FBC Manby Bowdler, Herbert Smith Freehills, Hogan Lovells, Holman Fenwick & Willan, Macfarlanes, Matthew Arnold & Baldwin, Mills & Reeve, Shearman & Sterling, Shepherd & Wedderburn, Teacher Stern, Thomas Cooper, Vanderpump & Sykes, Weil Gotshal & Manges.

According to VinciWorks CEO, Howard Finger, “This AML project is yet more evidence that when there is no competitive advantage, sharing makes sense. The concept of collaborative development has been working since 2004 and continues to produce outstanding products that establish best practice, mitigate regulatory risk and reduce the cost of compliance. It is exciting that in 2015 we will be facilitating the model amongst groups of firms in the accounting, financial services and energy sectors.”

The new AML courses are available starting today. Click here to learn more and schedule a demo, visit To learn more about the collaborative development model and the opportunity for your sector, contact us at

About VinciWorks

Founded in 2002, VinciWorks is the world’s leading provider of online compliance solutions serving the global legal market and other regulated professions.

VinciWorks prides itself on its ability to identify and develop solutions that address client-specific requirements.

Behind VinciWorks’ products lie core strengths in content development, instructional design, online heuristics, enterprise-strength database and web programming and highly responsive customer service.

VinciWorks’ vision is to create a safer, fairer and more honest world by facilitating the world’s regulated sector in the collaborative development of innovative risk and compliance solutions.

To learn more visit:


Yehuda Solomont
Marketing Manager
Phone: +44 (0)20 8815 9308
Email: yehuda (dot) solomont (at) vinciworks (dot) com