SRA Risk Outlook 2015/16: A view from Financial Eye

As part of the service to our clients, we at Financial Eye keep abreast of Regulatory developments and update our clients as and when there are matters which we feel will be of interest to them.

In the SRA Risk Outlook 2015/16 that has recently been published, Paul Philip, Chief Executive, states “Reducing risk is not, of course, just a matter for us. The profession and law firms have the front line responsibility for managing risk in the legal sector – the power to reduce risk in your business is in your own hands. It is in your clients’ interests that you do so and there is no doubt that good risk management is part of good business management”.

Within the Report, the SRA details the factors that they believe are driving change in the legal market, together with an update on their eight priority risks. We have focussed on four of the priority risks which are pertinent to Financial Eye and the services that we provide. A brief summary of these risks and salient points are as follows:

Misuse of client money

This is a consistent risk to people who use legal services. The SRA spend significant regulatory resources dealing with this one issue alone.

In the last year, the SRA received an average of 118 reports of misuse of money and assets each month and in 2014, they took some form of regulatory action, ranging from monitoring to referring individuals to the Solicitors Disciplinary Tribunal, on almost 300 different matters relating to this risk. They have seen some particularly severe cases involving probate fraud.

The SRA require firms to manage this risk, and firms should put in place systems and controls to protect client money. It is vital to ensure those entrusted with access to client money act with integrity and are appropriately trained and supervised.

The SRA are also taking steps to help control this risk including exploring alternatives to the way firms hold client money, and have consulted on the option of using third parties to hold money.

Lack of independence

The Principles state that those that the SRA regulate must not allow their independence to be compromised. Any challenges to a solicitor’s professionalism, integrity and independence must be managed effectively.

Independence should not be overridden by the:

  • promotion of a client’s interests
  • acceptance of a client’s terms
  • a desire to maximise commercial return.

It is important that legal services are free from undue influence. This could include situations when a solicitor responds to pressure concerning the use of their client account – for example, using this to offer a personal banking facility.

When a sole client is responsible for a significant proportion of a firm’s fee income, challenges to independence may become more likely. Many solicitors are increasingly operating in this environment and they must not allow dominant clients to compromise their independence.

Information security and cybercrime

Cybercrime is an increasingly prevalent threat to modern business practices. The City of London Police Commissioner stated his belief in April 2015 that cybercrime may now be bigger than the drug trade.

PwC have warned that many law firms believe themselves to be too small or obscure to warrant the attention of professional hackers. However, they note that there is no question that law firms are among the companies being targeted by cyber criminals.

According to the most recent published ICO figures, reported data breaches increased by 9 percent between the third and fourth quarters of 2014. Solicitors and barristers were the fourth most frequent subjects. A factor behind this trend is the increased sophistication of the scams and attacks used by cyber criminals. For example:

  • attacks using ‘ransomware’ which encrypt data and demand payment for it to be released back to the firm
  • using details gained from hacking the firm to impersonate a bank or client. This is often referred to as the ‘Friday afternoon’ scam as it often targets conveyancing firms at times when they are likely to be holding significant amounts of money
  • using information gained from hacking to impersonate the firm to clients, for example, by modifying bank account details to steal money. This type of attack demonstrates the clear links between cybercrime and the increased risk of bogus firms.

Bogus Law Firms

Bogus law firms are created by criminals to steal money or information.

Some bogus law firms directly target people under the guise of being a genuine law firm or solicitor. Other bogus law firms target genuine law firms with a view to deceiving them into sending money or information.

One of the key risks to consumers is the loss of money or confidential information. They may also suffer by receiving poor advice and representation. This is of particular concern because victims of bogus law firms are not covered by the normal regulatory protections that apply when dealing with an SRA regulated firm, such as access to the Compensation Fund.

Key risks to firms include the damage to reputation from being cloned by a bogus firm or mistakenly dealing with one. There is also the possibility that clients may seek to hold firms liable for losses attributed to having dealt with a bogus law firm.

The number of reports that the SRA receive about bogus law firms have continued to increase. In 2014 they received 701 reports. This represents a 28 percent increase on 2013, and a 101 percent increase on 2012. Almost half of all reports of bogus law firms received in 2014 involved the identity theft of a genuine law firm or solicitor. This is in line with national figures which show that identity theft accounts for 41 percent of all fraud in the UK.

Some of the practical steps to mitigate this risk include:

  • performing regular internet searches using the names of your firm, your partners and staff to check whether anyone is using your details without authorisation
  • ensuring your details on the Law Society’s Find a Solicitor web page are accurate and up to date
  • regularly reading the scam alerts and warnings about bogus activity on the SRA website
  • verifying the identity of the firm of solicitors you are dealing with

Financial Eye will continue to monitor progress with these risks and mitigating factors and will continue to keep our clients updated with any important developments.

If you have any issues or concerns in relation to the above, Financial Eye will be pleased to have an initial consultation with you, in confidence, to ascertain your particular requirements. This will allow us to tailor a suitable solution which will be of assistance to the Firm’s COFA. Simply contact one of the Financial Eye Team for further details.

John Graham MCIOBS

Financial Eye

Any Questions?

To find out more about Products and Services, please complete the form below.