Risk Update January 2023

Supervision issues arise frequently in disciplinary investigations in our experience, particularly where conduct breaches have been committed by staff or salaried partners. The Solicitors Regulation Authority (SRA) guidance, Effective supervision, seeking to address the question of what constitutes effective supervision. (See www.legalrisk.co.uk/News.) The guidance includes suggestions for good practice, including steps which can be adopted for hybrid working and supervision of staff who are not employees of the firm.

The guidance also addresses the statutory requirements for supervision of reserved legal activities, claims management activities, immigration and legal aid. It includes links to other SRA guidance on claims management activities, relevant to a number of areas of practice, including employment claims and personal injury (in each case, for claimants).

The Money Laundering and Terrorist Financing (High-Risk Countries) (Amendment) (No. 3) Regulations added Democratic Republic of the Congo, Mozambique and Tanzania to the list of High-Risk Countries and removed Nicaragua and Pakistan for the purposes of enhanced customer due diligence requirements in regulation 33(3) of The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) from 15 November 2022.

Do your policies, controls and procedures (PCPs) pick up not only the application of the regulations to new matters, but also the need to apply enhanced due diligence and ongoing monitoring to existing clients and matters?

The SRA has published guidance, Complying with the UK Sanctions Regime.

The EU Commission published an updated Supranational Money Laundering and Terrorist Financing Risk Assessment.

A decision of the European Court of Justice in Luxembourg Business Registers (Prevention of the use of the financial system for the purpose of money laundering or terrorist financing – Judgment) [2022] EUECJ C-37/20 held that public access to registers of beneficial ownership in the EU contravenes GDPR; this is bound to have an adverse impact on the fight against economic crime – Transparency International has said that ‘[the] fight against cross-border corruption [has been] set back by years’.

The Law Society of Scotland has published a guidance note – Cryptocurrencies – Risk Assessment & Source of Funds/Wealth Considerations in the context of Conveyancing Transactions.

See also our section on privilege and AML below.

Links to the above are on www.legalrisk.co.uk/News. For legal advice on AML – risk assessments, PCPs, audits and suspicious activity reporting, contact [email protected].

Full details are on LinkedIn.

LPP is rarely far away from the daily life of Money Laundering Reporting Officers and law firm risk teams.

Lakatamia Shipping Co Ltd v Su [2022] EWHC 3115 (Comm) addressed the application of the iniquity exception and provided a summary of principles to be applied, noting that the case law indicates that the power to override LPP is an exceptional remedy, only to be used with the greatest care.

The Court of Justice of the European Union judgment in Case C-694/20 Orde van Vlaamse Balies and Others held that the DAC6 cross-border tax reporting obligation breaches LPP. (See http://www.legalrisk.co.uk/News.) While this is a European case, it may still be relevant post-Brexit, even to firms without European offices, as privilege engages Article 6 (Right to a fair trial) and Article 8 (Right to respect for private and family life) of the European Convention on Human Rights, and the decision cites two decisions of the European Court of Human Rights which are binding.

In Trentside Manor Care Ltd & Others v Raphael [2022] EAT 37 the employer obtained advice from a specialist employment consultancy. The advisers were not a firm of solicitors, but had an HR and Employment Law advice team, headed by solicitors, and in which all but one of the managers was legally qualified; however, the individual client advisers were not. It was held that the advice was not protected by LPP.

Similar issues may apply when law firms are audited under regulation 21 of the MLR 2017 by, or seek advice from, non-lawyers, accountants and even non-practising solicitor consultants on matters such as AML compliance; we have previously drawn attention to the issue in relation to accountants having regard to the decision in R (on the application of Prudential plc) v Special Commissioner of Income Tax [2013] UKSC 1.

The Consultation paper, Looking to the future – flexibility and public protection, published by the SRA in June 2016, addressed the question whether advice provided by a solicitor employed by an alternative legal services provider (an entity not authorised by the SRA) would be protected by LPP; while identifying this as a question of law which the SRA has no power to determine, the paper concluded that it was very likely that LPP would not apply, and Passmore on Privilege (4th edition at 1-309) appears to endorse that view.

There is added significance in the case of a Regulation 21 audit, because of the requirement not only to examine and evaluate the adequacy and effectiveness of the policies, controls and procedures, but also to make recommendations in relation to them.

Legal Risk LLP is a firm of practising solicitors and we believe this is critical to ensuring that the advice firms receive from us on audit, and in relation to suspicious activity reporting, regulatory investigations and compliance is protected by LPP: in our experience, LPP issues tend to surface in the most difficult and sensitive circumstances.

Our November 2022 Risk Update reported on the important decision in Royal & Sun Alliance Insurance Ltd [2022] EWHC 2589 (Comm) in which Northern Irish solicitors succeeded in a claim for indemnity from insurers in respect of claims for reimbursement of fees received. Permission to appeal has now been granted to insurers on the issue of what constitutes an insured loss: Royal & Sun Alliance Insurance Ltd [2022] EWHC 2825 (Comm).

The outcome of the appeal will be awaited with considerable interest, as it is an issue we have encountered on several occasions when advising on insurance coverage disputes arising from activities of rogue partners.

For advice on professional indemnity insurance coverage disputes contact [email protected].

While law firms are putting their energy into deploying artificial intelligence (AI) to improve client service, a report by WithSecure, the Finnish Transport and Communications Agency (TraEcom), and the Finnish National Emergency Supply Agency (NESA), The security threat of AI-enabled cyberattacks warns that AI may be used by criminals. Target identification, social engineering, and impersonation are the most likely deployment at present, but the authors predict that autonomous execution of attack campaigns, using stealth to evade defences and harvesting information from compromised systems or open-source intelligence will feature in future.

While the SRA reported a reduction in client losses from cybercrime (at the COLP COFA conference in November 2022), the risks have not gone away, and a large US firm is reported to have been unable to use its document management system for some weeks. Check Point Research reported that global attacks increased by 28% in the third quarter of 2022 compared to the same period in 2021, and a Review of the October 2022 Renewal Season by Miller Insurance notes that there have been a number of payment di-version fraud and invoice manipulation losses; in the course of audits and other practice, we have seen examples of firms where procedures for verifying account details and ensuring clients also understand the risks are less robust than they might be, so this may be an area worthy of review.

Ransomware attacks pose a threat to businesses, including law firms, of two requests for payment, the first for the key to decrypt data on the firm’s systems, and secondly as the price not to publish a copy of client confidential material.