Some practical takeaways from the Law Society’s Risk and Compliance Conference

At the Law Society’s Risk and Compliance Annual Conference 2024, attendees asked their most pressing questions to a panel of experts, who provided answers that were practical, insightful and provided risk and compliance teams with information they could use in their firms.

The first question set the tone for the session. A participant noted that the Solicitors Regulation Authority (SRA) are now using a formula for fines and it has increased its fining scope. Are these fines accurate? Should the formula be reformed?

Jayne Willetts, solicitor advocate for Jayne Willetts & Co Solicitors, responded clearly that no, the formula doesn’t produce accurate results and there is no relation in the fine to the seriousness of the breach. Basically, she said, it punishes those that earn a lot of money and not others. But, she added, when the case goes to the Solicitors Distribution Tribunal, there is a better formula that is based on the actual breach.

Another question referred to the top risks on the risk register. Kerrie Machin, partner at Mitigo responded that cyber risks are at the top and it’s important to carry out a risk assessment in relation to systems and data including hijacking and changing email accounts and bank details and ransomware attacks. He noted that bad actors are beginning to recognise that data is valuable. They can steal it and threaten to reveal it on the dark web. This actually happened in the past few months to some firms. 

Kayleigh Smale, a compliance and anti-fraud specialist, said that a firm wide risk assessment is  needed to ensure that the firm is covered, and it needs to be updated as needed, such as when new technology is introduced or new practice areas. It’s important to that the risk assessment is a  living, breathing document and keeps up with the SRA’s latest AML updates.

Emma Williams, director of European risk & compliance for Simpson Thacher & Bartlett LLP, believes that your people are your top risks. They provide the highest risk exposure and with the new workplace culture rules, the situation could get riskier. It’s been nearly one year since the rules were implemented so that requires review. 

Another question was raised about training, specifically the costs involved and what is the priciest element of it. 

Williams noted that fee-earners record their time to a particular code, so its difficult to see what the actual costs were while non fee earners don’t do that and its easy to see their costs are. Firms are asked by insurers and head offices what the costs are. Often for smaller firms this is complicated especially when they don’t have dedicated compliance teams. 

People, she believes, have a limited idea of what training is. It can be 10 minutes at a team meeting, it could be an e-mail, it could be video recordings. What’s important is to be smart about it and provide your staff with what they need. 

The next few questions were more technical. One participant wanted to know how to verify ID documents when a client is housebound and can’t get certified copies. Smale said that it’s important to use a risk based approach and ask if you have evidence why the client is homebound? Why can’t you pay a visit? You need to understand the risk of the matter.

Another participant asked if they need to screen counterparties for non regulated work. Williams said she thinks it depends on where you set your risk appetite. Some firms will screen everyone even if not they are not an actual client. She thinks you should but it’s not a legal requirement, although it might be for a sanctions check. Remember, to keep the check  proportionate to the type of work you are doing. 

Another participant asked about source of funds/ source of wealth inquiries in private client work. Williams agreed that it’s tricky. Do you start from a suspicious place? The firm needs to decide because there is little guidance and yet its important to understand the client’s source of funds and wealth.It’s hard to just suspect everyone, the starting point does not have to be that there is an issue.

The issue of compliance with KYC, beneficiaries with no photo ID and alternative acceptable forms of ID was raised. Smale noted that it depends on who they are. If someone doesn’t have a passport, you can confirm their identity in other ways but it requires a risk based approach. Ask yourself, what are you being asked to do? Does it make sense? It’s not a black and white issue with right and wrong answers.

Tips for getting partner engagement on risk and compliance were requested. Machin had one suggestion: Demonstrate what would happen if things went wrong and they got fined.  These are very easy areas to investigate, especially AML, and there is an obligation to deal with matters as effectively as possible. 

The touchy subject of a firm acting as a bank account was raised. Willets noted that for complicated property deals, this comes up often and usually at the last minute. It’s important that fee-earners are trained to be as alert as possible to the issue of money laundering in these kinds of cases. There are what she calls outlandish proposals such as restricting firms from holding client money, but she believes we need to ensure that the profession participates in these debates as restricting firms from client money and restricting compensation funds will be problematic for the legal profession.

Finally, participants wanted to know how to stay on top of SRA updates. Williams recommended joining Linkedin groups, checking on the SRA website, keeping up with the legal press and signing up to various newsletters.

At its Risk and Compliance Annual Conference, Law Society president expresses concerns 

The Law Society’s Risk and Compliance Annual Conference 2024, started off with a bang. Nick Emmerson, president of The Law Society, noted that, along with increasing compliance obligations on law firms were increasing fining powers by the Solicitors Regulation Authority (SRA). Emmerson was clear on where he stood on that. He called on the UK government to put a stop to those increasing powers.  

As Emmerson noted, current SRA fining powers are now unlimited for economic fine offences. Other offences are capped at £25,000. While the SRA wants to extend this to all offences, the Law Society does not believe they have a credible case for this. 

Continue reading

Our new survey reveals a crack in business preparedness for the upcoming EU Artificial Intelligence (AI) Act. The survey exposes alarmingly low awareness among larger organisations, with only 2% of large companies reporting a full understanding of the Act.

While the EU AI Act is not yet formally passed (expected to come into force in 2025), it’s anticipated to significantly impact organisations operating in the EU. The Act aims to regulate the development, deployment, and use of AI to ensure it’s fair, safe, and trustworthy.

Non-compliance can lead to substantial penalties, reaching up to €35 million or 7% of global turnover, whichever is higher.

Continue reading

Since 1 April 2023, all firms in the regulated sector have been required to carry out proliferation financing (PF) risk assessments.

This applies to all regulated entities, from law firms to financial services, casinos to cryptocurrency.

Regulated entities can create a new risk assessment on proliferation financing or incorporate PF risks into existing AML and terrorist financing risk assessments. However, regulators expect firms to take action to understand the risk of PF and how to mitigate it in their business. Failing to do so can result in a breach of the Money Laundering Regulations.

One year into this new requirement on the regulated sector, how effective have the new regulations been? What are the key strategies for compliance, and what are the best practice tips for ensuring PF obligations are met? In this webinar, we looked at the issue of proliferation financing in detail, discussed strategies for compliance, and shared best practices for understanding and mitigating PF risks.

This one-hour session covered:

– What proliferation financing is and the jurisdictions and industries at risk
– The differences and similarities between proliferation financing, money laundering and terrorist financing
– Practical examples of how proliferation financing can happen
– Proliferation red flags and high risk indicators
– Strategies and technologies to counter the risk of proliferation financing
– How to undertake a proliferation financing risk assessment

Watch on-demand now

Our recent poll reveals an alarming gap between concern and action regarding fraud. While nearly half (48%) of the 258 surveyed compliance professionals across the UK, Europe, North America, and other key regions consider fraud a high concern, 38% of their organisations haven’t planned any fraud prevention training.

Continue reading

The issues of gifts, hospitality and bribery are increasingly complicated – especially for companies doing business in other countries. The danger of getting caught up in a corruption scandal is damaging, expensive and could be ultimately devastating. But when is a gift considered bribery? How can corruption, or even the perception of corruption, be avoided in business? 

In this webinar, we highlighted some recent bribery scandals, analysed how they could be avoided, and took a deep dive into international anti-corruption laws. Most importantly, we discussed how companies can safely conduct business around the world. We included information on Transparency International’s recently released annual report on perceptions of corruption and bribery across the world and explained how it can form a critical part of a company’s bribery and corruption risk assessment. 

This free, one-hour session provided key background info on everything from the Foreign Corrupt Practices Act in the US to the UK’s Bribery Act to the EU’s proposed anti-corruption legislation. If your company has any business in a foreign country, including any parts of its supply chain, you’ll want to watch this one.

This webinar featured:

  • A basic understanding of anti-corruption legislation around the world
  • Highlights of recent scandals – and how they could have avoided
  • How you can manage your company’s gifts and hospitality policy
  • How to prevent corruption in your business
  • Future trends in anti-corruption laws

Watch on-demand now

A recent survey by compliance eLearning and software provider, VinciWorks, has found that only 29% of compliance professionals have implemented specific procedures, training, or preventive measures to guard against Artificial Intelligence (AI) related compliance breaches. The majority (71%) admitted to lacking such protective measures, with 13% having no plans to address this significant gap in their compliance strategy in the near future. 

Continue reading

The field of economic sanctions has been growing increasingly complicated in recent years, and the past year was a historic and transformative period for the use of financial sanctions on both the global and UK levels, with Western nations launching an unprecedented line of sanctions against Russia as a result of its invasion of Ukraine in February 2022.

Recent conflicts such as the Hamas-Israel war in response to Hamas’s October 7th massacre, the Russian invasion of Ukraine, as well as events in Iran, China and other countries have grabbed global headlines. These events have sparked waves of new laws and regulations around the world, from sanctions to tougher economic crime compliance rules.

All businesses must comply with financial and trade sanctions and companies must be able to prove that they are properly screening for sanctions. Failure to comply with screening requirements can carry stiff penalties reaching into the millions per infraction and any sanctions breach, even accidental, is a crime.

This webinar covered:

  • Recent sanctions issues and key compliance challenges and lessons to be aware of in the present volatile international landscape.
  • The creation of the Office of Trade Sanctions Implementation (OTSI), the UK’s newly created body that will be responsible for the civil enforcement of trade sanctions, including those against Russia.
  • The ever-relevant crossover between sanctions, terrorist financing, and AML, which has become increasingly important as the world faces rapidly evolving geopolitical challenges.
  • The effectiveness of financial sanctions in general and those against Russia in the past two years in particular.
  • Cases of sanctions breaches and consequences.
  • Tips for sanctions compliance for both regulated and non-regulated businesses.

Watch on-demand

Our latest survey has exposed a stark reality: 44% of compliance officers and managers feel unprepared for the compliance challenges that lie ahead in 2024. Only 7% feel fully confident in tackling the challenges in the year ahead, signalling a potential industry-wide gap in readiness to address the ever-changing regulatory landscape. 

The survey gathered 212 responses from industry leaders across the UK, USA, Spain and Germany, and gauged professionals’ confidence levels and preparedness in managing compliance issues. The findings underscore a critical need for robust compliance training programs as organisations navigate an increasingly complex regulatory environment. 

Beyond the headline unpreparedness, the survey explored various dimensions of compliance readiness:

1. Fraud Prevention Training

While 27% have implemented failure to prevent fraud training and an additional 27% are planning to do so, a concerning 46% revealed they have not yet rolled out failure to prevent fraud training, are undecided or have no plans to in the near future. This lack of preparation and preventive measures leaves businesses at an increased risk of fraudulent activities.

The new “failure to prevent fraud” offence comes into the UK as part of the Economic Crime and Corporate Transparency Act, which marks a significant shift in how businesses will be held accountable to combat corporate fraud and protect victims. Failure to provide adequate training can leave organisations susceptible to financial losses and reputational damage.

2. CSRD Compliance Preparedness

Only 2% of compliance professionals claimed to be fully prepared for Corporate Sustainability Reporting Directive (CSRD) compliance despite 50,000 companies worldwide being expected to be impacted by it. In comparison, almost half (47%) expressed uncertainty or deemed CSRD irrelevant to their operations.

As 2024 sees the first published reports from many large companies on their CSRD compliance, the global implications will ripple through supply chains, demanding a proactive approach.

3. Neurodiversity Training

In an era witnessing a quadrupling of neurodiversity discrimination cases from 2018-2022, compared to the number of cases from 2003-2017, organisations risk legal repercussions and employee well-being concerns without proactive measures for the fair treatment of neurodivergent employees to create a work environment that values and respects differences. 

Despite these figures, only 8% of businesses polled incorporate neurodiversity training into their yearly programs, and a notable 28% have no plans to do so, potentially hindering the creation of an inclusive work environment and causing an escalation of neurodiversity discrimination cases.

4. Gifts and Hospitality Registers

With 2023 witnessing a nearly quarter-billion pound fine against mining giant Glencore for flying suitcases stuffed with cash to local public officials, getting a handle on gifts and hospitality is crucial for businesses to get right in 2024. Worryingly, when questioned on the types of gift registers in place, 43% of compliance professionals admitted relying on outdated spreadsheets, while 18% admitted to not using any tools for this purpose at all, despite a legal requirement to implement procedures to prevent bribery.

Given the prevalence of digital solutions, the reliance on manual tools poses a risk to accurate and comprehensive compliance tracking. Organisations should consider investing in modern systems and technologies for more efficient and accurate compliance management.

5. Internal Policies on the Role of AI

Finally, the survey explored internal policies on the role of AI. While 23% have established policies, 37% have not considered AI policies in the workplace.

As AI integration becomes more commonplace, organisations must proactively develop and update policies to ensure responsible and ethical use. Neglecting this aspect may expose organisations to legal and moral concerns.

“As the compliance landscape undergoes rapid evolution with various regulations coming into force, this survey reveals a glaring gap in preparedness among compliance professionals,” said Nick Henderson-Mayo, Director of Learning and Content at VinciWorks. “The findings emphasise the critical need for proactive compliance procedures and new initiatives, including training. There are solutions out there for busy compliance professionals, including new technologies and automation. Being prepared is half the battle, and businesses can buffet against global headwinds by investing in proactive compliance and risk mitigation.”

To support compliance professionals in understanding the compliance challenges that lie ahead, VinciWorks is offering a free guide on Compliance Trends 2024.

In a recent study carried out by VinciWorks, a global compliance eLearning provider, 212 compliance professionals were surveyed on Compliance Trends 2024.

In this webinar, we explored the vast implications of the EU AI Act, the world’s first comprehensive AI regulation. With this legislation, the EU hopes to create a framework to regulate AI systems across the EU. But the Act will impact companies who do any business in the EU, and, similar to the General Data Protection Regulation (GDPR), the AI Act will likely set a global standard.

This free, one-hour webinar provided key background on how the AI Act was developed, its main elements, including an understanding of its risk-based approach, and critical advice on what companies need to be aware of. Importantly, we focused on how companies can prepare to comply.

This webinar featured:

  • A basic understanding of the AI Act
  • How it will likely impact your company 
  • The impact of GDPR on AI – and why that matters 
  • How you can prepare – and when you need to
  • Future trends in AI regulation around the world

The webinar featured the VinciWorks compliance team and a legal GDPR / AI expert.

Watch on-demand – UK companies

Watch on-demand – US companies