The great regulatory shift. Do we need to prepare for doom?

Presenters at this year’s Law Society conference think law firms need to be ready for increased regulation

In a law firm regulatory update at The Law Society’s Anti-Money Laundering and Financial Crime Conference 2023, the presenters pointed out how regulation has increased in the past 15 years. They believe it is a trend that will continue and law firms should be prepared.

The panel, which included representatives from a number of leading firms, were uniform in their belief that more regulations were coming down the pike.

Way back when, back in 2007, risk and compliance worries could be summed up easily. There were conflict rules, POCA reporting, client due diligence (CDD) and anti-money laundering (AML) training.

These days, that list has grown significantly longer. There are policies, controls and procedures covering risk Management practices, internal controls, CDD, reliance and record keeping and monitoring, management and communications of all of these requirements.

But wait, there’s more. There are written AML risk assessments, sanctions processes (including counterparties), source of funds and wealth –far in excess of legislative requirements, sanctions record keeping, failure to prevent tax evasion, proliferation financing risk assessment, DAC 6, ABC systems and controls, modern slavery, compliance with all laws (COLP), discrepancy reporting obligation, ESG, client terms, client audits, regulator inspections and annual returns, broad and varied international compliance regimes and gold plated guidance inconsistent with the law, peer sectors or international standards.

The workload, challenge and expectations are only getting worse, according to the panel. What can firms look forward to?

For starters, a regulator with unlimited fines for all economic crimes. Then there will likely be increased economic crime policies controls and procedures and more regulations around failure to prevent fraud. There could be a whole new regulatory environment and the Law Society will have less ability to direct HMT-approved guidance. On top of all that, a levy to help pay for it all.

They noted that firms can’t say they weren’t warned but the question they asked next is apt: Are you ready and resourced for what is coming?

The most significant way a firm can prepare is to get your managing partners and board aware of what is happening. Make sure they are positively engaged, involved and truly supportive (not just in words). They need to support consequences for non compliance and, perhaps most importantly, be aware that they can no longer afford not to be.

A firm’s compliance department (or team or officer) needs to make everyone aware of the regulator’s expectations, what is coming and what resources are needed to ensure the firm stays compliant. The board can no longer afford not to be part of the conversation.

To understand increased regulations, you only need to look at how sanctions entered the mainstream in the last few years. Sanctions are now the way that governments deal with geopolitical issues and that’s not going to change. And now there is legislation around sanctions on Russia that runs to 30 pages.

The training law firm staff receive is going to be critical as will the use of AI and technology to take a firm’s compliance to the next level.

One trend the panellists noted as a result of the increased regulation is that law firms are starting to think about enterprise risk and how it will affect the business. They need to think about the cost of what they’re doing.

Interestingly, while sanctions are pretty clearly defined, some of the mandatory requirements are judgement based, making a risk assessment so integral to the process. The Solicitors Regulation Authority’s announcement that they will provide client and matter risk assessment templates elicited sighs of relief from the audience.

Omnitrack’s compliance solution will provide clients with the SRA’s client and matter risk assessment templates, once they are available. Customised templates are also possible, for those firms that prefer to create their own. AML compliance training is available on VinciWork’s platform.

Learn more here.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”