Cyber Security Major Priority For Firms Under New CQS Regulations

All accredited Conveyancing Quality Scheme (CQS) firms must adhere to the new Core Practice Management Standards (CPMS) from today 1st May 2019.

All CPMS regulations are now enforceable to all legal practices that have already gained CQS accreditation, as well as those working towards achieving CQS for the first time.

The updated requirements emphasise the increased importance that should be attributed to cyber hygiene. According to section 6.2, ‘practices must have an information management and security policy, which should be accredited against Cyber Essentials.’

If Cyber Essentials certification is not gained, accredited firms must be able to evidence that they have considered the following in their information management and security policy:

  1. a register of relevant information assets of both the practice and clients
  2. procedures for the protection and security of the information assets
  3. procedures for the retention and disposal of information
  4. the use of firewalls
  5. procedures for the secure configuration of network devices
  6. procedures to manage user accounts
  7. procedures to detect and remove malicious software
  8. a register of all software used by the practice
  9. training for personnel on information security
  10. a plan for the updating and monitoring of software
  11. a procedure for the secure transmission of the practice’s bank information to clients and receipt of banking information from clients
  12. a procedure for verifying the banking details of other conveyancers and third parties to whom money is sent
  13. a procedure for communications with the practice’s bankers

Regulations 1.3 and 1.4 are also related to the prevention of money laundering and mortgage fraud. From today, all CQS practices should have a clear policy on ways to mitigate and manage money laundering and terrorist financing. This includes the appointment of a Money Laundering Reporting Officer (MLRO) who will be responsible for when to make disclosures to the authorities as well as providing clear procedures for checking the source of funds.

Friday fraudsters, property fraud and authorised push payment (APP) fraud have been increasing threats to law firms in recent years. Last year alone in the UK, £364 million was lost to APP fraud according to UK Finance, marking a significant increase on 2017’s figures.

Now, all practices must increase their due diligence on this issue by creating detailed policies which document procedures for dealing with high risk transactions as well as creating clear procedures for enhanced checking of client identity. Additionally, it is now mandatory to document and show how the practice will proceed when acting for a buyer where there is a significant risk of a fraudulent seller.

Is your firm ready for the CQS and CPMS updated standards? Do you feel confident that these new rules will create more rigorous safeguards for your law firm?