SRA set to get new powers to enforce economic crime regulations

Firms and practitioners outside of the MLRs can be examined by the regulator

Despite controversial proposals in the Economic Crime and Corporate Transparency Act to weaken the long-discussed failure to prevent fraud offence, the Bill also contains new powers for the Solicitors Regulation Authority to become an economic crime enforcer.

Currently, the SRA’s powers to tackle economic crime in the legal sector are limited to being able to require firms to provide documents ahead of inspections it carries out in relation to money laundering.

However there is a gap of around 3,200 firms and sole practitioners who are regulated by the SRA, but not covered by the Money Laundering Regulations. This means the SRA is relatively powerless to inspect those firms’ procedures outside of an investigation. The new powers will allow the SRA to demand information from solicitors about economic crime. The Ministry of Justice said:

“We anticipate this measure will help the SRA identify and investigate breaches of the economic crime regime and will act as a deterrent to those who might otherwise commit such offences.”

The new Economic Crime Bill will also introduce a new regulatory objective requiring all the legal regulators to promote the prevention and detection of economic crime as a distinct priority. 

The new powers of the SRA is supposed to support the new regulatory objective, which itself “provides a clear basis upon which the Legal Services Board can assess how effectively the legal services regulators uphold the economic crime regime,” according to the MoJ. 

Overall, this will enhance the SRA’s powers to spot-check the policies and procedures of firms that it regulates, but who are not covered by the Money Laundering Regulations. The government believes the power will allow for a more flexible and proactive approach to be taken by the SRA in gathering information and is expected to reduce the risk of challenges to information requests by their members.

The government is also acknowledging with these new SRA powers that the risks of economic crime in the regulated sector are not limited to money laundering. Sanctions breaches and fraud remain significant risks, and it was felt by the government the SRA was being questioned by its members who may have felt the regulator was acting out of scope.

The new proactive information request power of the SRA works alongside the regulatory objective of the prevention and detection of economic crime.

The SRA anticipates it will build up to a steady state of use of the information request power, given the need to build the evidence based and to identify emerging areas of risk. The SRA has assumed a transitional period of 2 years for this, with a thematic review in each of those years (approximately 30 firms each time). Also, depending on emerging evidence, the SRA may undertake a declaration exercise during a 2-year period. If the SRA does carry out a declaration exercise, it may request information from firms, or a sample of firms, to verify the declaration they have made.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.