• March 28, 2024
 Financial Eye attend SRA COLP/COFA Conference – 2017

Financial Eye attend SRA COLP/COFA Conference – 2017

Financial Eye attended the 5th Annual COLP/COFA conference in Birmingham last month. The event was well attended as usual with over 1,000 delegates hoping to learn more about what risks firms could anticipate during 2018 and what the SRA was doing to assist firms meet these challenges.

SRA Chief Executive, Paul Phillip outlined a 3-year plan that has now been approved by the Board of the regulator. The SRA engaged with some 6,000 firms over the past 9 months to help them develop a regulatory strategy that would help to bolster public confidence in the profession. This has now been published and is available on the SRA website. In summary, strategic aim one is to maintain high standards including the introduction of a new code of conduct and a new enforcement strategy.

Strategic aim two will deliver regulation for all types of firms ensuring proportionate regulation and will include a further review of the SRA Handbook. Strategic aim three hopes to increase consumer choice and protection and amongst other things could lead to firms being required to publish pricing information for certain services as well as complaints data. Delegates were also advised that the SRA operating budget continues to be reduced and the new SQE should be in place by 2020.

Cyber Crime was also a topic of much discussion on the day. Law firms continue to be a target for cyber criminals because of the size of the industry i.e. it is worth some £30 billion, involves 10,300 regulated firms and employs 140,000 regulated individuals. Other statistics reveal that 1 in 10 people are falling victim to cyber incidents. There were only 132 reports of cyber-crime made to the SRA last year and yet 1 in 4 firms admitted to being targeted. The 4 main crimes are still email modification, CEO fraud, hacking and ransomware

Solicitors and compliance officers were reminded that they must report a loss of client money to the SRA. They must also remedy the loss immediately and make changes to internal processes and training. Failure to do so will result in fines and other disciplinary action. Michelle Rosen of Brightstone Law spoke to delegates about her own experience in this area. She carried out her own cyber risk assessment but recognized that she had little IT knowledge. She arranged to put processes in place so that all suspicious emails requesting changes to client account details are sent to her. Spam emails are photo-copied and circulated to all staff to help them remain alert to future attacks.

Debra Malpass of the SRA advised firms to tell clients at start of the transaction to beef up their own personal email passwords and to always use a “no change of bank account” warning on all email footers.

Sian John of Microsoft stressed the need for anti-malware on all end-point devices and regular patching and changing passwords to stronger ones. Firms need to be able to detect what’s going on in their IT infrastructure. She advised that firms should get somebody in to check your IT that knows what they are looking at.

Juliet Oliver General Counsel SRA opened a discussion on data and the new GDPR regulations due to come into effect in May 2018. Safeguarding client data is not new, and we already have the Data Protection Act. There has been a steady rise in the number of breaches reported to the SRA. The biggest fine imposed to date is £250k. The SRA did confirm that they will be factoring the new rules into minimum terms discussions with PI insurers next year. Karen Round from the ICO also addressed delegates about getting your firm ready for 25th May 2018. She explained that the ICO work with various government departments. Other reforms include a new law enforcement directive and a new data protection bill to replace the 1998 DPA. She reminded delegates that there was already a duty to report all breaches to ICO including loss of data and unauthorized access to data.

You only have 72 hours to report to ICO. If there is a high risk to individuals affected by the breach, you must notify them as well.

The best thing to do is to start by looking at your own systems and processes and your hard and soft data, and then decide what might constitute risk. For firms with less than 250 people, there are different sets of rules and tests. Ask yourself, do you need a DPO? Each firm will have to read the guidelines and will have to decide for themselves. The lowest tier maximum fine is 2% of turnover up to £2m. Fines will be applied proportionately. If you are already complying with DPA you are well on the way.

Mobile devices are particularly vulnerable if not properly protected. Firms were recommended to visit the ICO website for more information on GDPR and to complete their 12- step risk assessment. They also have a SME self-assessment you can take. The ICO confirmed they would be publishing some more guidance soon. It was acknowledged that law firms are required to retain certain documentation. If those reasons are valid, you can still retain them and there is no need to report. If you have documentation that you do not need to retain, the ICO advises firms to destroy it. Most importantly, firms need a data protection policy in place that includes training, especially for home workers and when an employee leaves the firm. The data must not go with them!

The final session was on managing financial risk. Delegates were advised that driving all the recent developments in anti-money laundering regulation was about keeping the public safe and helping catch terrorists, drug traffickers, people traffickers and preventing tax evasion. The new regulations were published this year and more changes are set to come. The SRA are going to be more active in this area and the Information gathered will be passed on to the relevant authorities. The legal sector continues to be a high-risk sector and conveyancing is particularly high risk. Small firms are being targeted by criminals for high value property. The advice to firms was – really get to know your clients. The SRA has an ethics helpline that you should contact if you have any concerns in this area. Not enough firms are reporting concerns to the NCA – particularly concerns about the source of funds.

This article was submitted to be published by Legal Eye as part of their advertising agreement with Today’s Wills and Probate. The views expressed in this article are those of the submitter and not those of Today’s Wills and Probate.

Legal Eye

http://www.legal-eye.co.uk

Legal Eye works with law firms to ensure compliance and optimise performance. Their extensive and thorough knowledge of the law and regulations will ensure your law firm is compliant and your processes sound. Files are audited to ensure you are not only complying with the service level agreements you have in place, but very importantly, also the code of conduct.
They provide a documented audit trail which is firstly, a requirement of the code of conduct and secondly, essential for PI Insurance purposes and very often for CQS, Lexcel and other quality accreditations. This provides documented evidence of a proactive approach towards risk management. The advice they offer is clear and practical, and they pride themselves on exceptional customer service and unbeatable work quality. Services include:
  • Specialist expertise across the full range of regulatory, risk and compliance issues to inform your internal decision making.
  • Additional qualified resource where you simply do not have the time to review your regulatory position or to carry out essential ongoing tasks such as file reviews.
  • An online risk hub –  an online resource centre for law firms. The hub provides a comprehensive bank of resources to help COLPs, COFAs, partners, directors and managers to manage risk. It includes precedent policy and procedure documents and templates, access to online training on a range of risk and compliance topics, and a range of useful materials such as ‘how to’ guides, short videos and articles.
  • Drafting and review of key policies and procedures including the supply of ‘document packs’ to save you time researching and writing documentation.
  • Expert advice on how to comply with up-to-date regulation including the very latest requirements complete with a written set of recommendations.
  • Specialist outsourced complaints  handling service provided by former SRA and LeO officers.
  • Gap analysis of your firm’s policies, processes and procedures as they relate to the Solicitors Accounts Rules (SAR) including the production of a written report summarising the strengths and weaknesses of the current arrangements and detailing recommended next steps and actions to put your firm in an even stronger position.
  • Training on SAR and on anti money laundering (AML) as well as other finance-related training which can be delivered virtually for your firm, face-to-face (subject to government guidance) or online via Legal Eye’s Training Academy.
  • A Standard Procedures Manual to provide a practical and comprehensive roadmap for firms to follow when looking to double check whether the current operating procedures are fit for purpose, setting up a new firm – or arm of a firm – or starting a new finance function from scratch.
  • Experienced advice and support for one-off projects such as achieving quality accreditations or switching regulators.
  • Proven high quality training for fee earners and staff held at your office/s covering essential risk topics such as  Anti Money Laundering, data  protection, cybercrime, conflict of  interest and more.
  • Online training from The Legal Eye Academy – core modules available to all staff at their convenience. Includes built-in auto reminder functionality so that you no longer have to chase staff indi-vidually to complete important training. Your package includes free updates to ensure knowledge is always up to date.
  • Added value updates by email to all your key people covering all the latest updates on risk and compliance.
The Legal Eye team includes former solicitors, partners and directors in law firms; former case handlers at regulators such as the Solicitors Regulation Authority and the Legal Ombudsman and experienced risk and compliance professionals. Contact: Paul Saunders Tel: 0203 0512 049 Email:  bestpractice@legal-eye.co.uk Address The Old Grammar School Church Road Thame Oxfordshire OX9 3AJ