SRA Order Cyber Crime Thematic Review Into Legal Sector
Following the news that the average loss to a law firm suffering a fraudulent attack last year was over £173,000, the Solicitors Regulation Authority (SRA) is conducting a thematic review into the impact of cyber crime in the legal sector next year.
According to data revealed at this year’s COLP/COFA Compliance Conference, 23 law firms lost over £4 million in the last year with insurers paying out over £3.6 million to just 16 law firms.
Furthermore, 18 law firms lost over £400,000 in the worst affected cases with the average firm losing £4,000 per year to cyber crime.
With the average loss for clients over £60,000 and the conveyancing sector considered the highest risk group, it is unsurprising that the SRA suggested increasing certifications like Cyber Essentials and DMARC to help protect against the persistent digital threats.
Of the firms attacked, only 5 had a Cyber Essentials Plus certifications and were considered to have a good approach to cyber security, emphasising the extent of the problem.
Solicitors were informed the SRA want to offer more freedom, but firms need to ensure they are complying with all regulations, especially those relating to price/service transparency and anti-money laundering.
The COLP/COFA Compliance Conference, at the ICC in Birmingham, opened with the regulator explaining that the new standards and regulations, due to be enforced in less than a month (25 November) have been designed to offer solicitors greater freedom to run their practices.
This includes offering firms the ability to interpret the standards by reducing prescriptive measures, allowing the use of third-party managed accounts and freeing up solicitors to work in the unregulated sector.
However, as the legal sector is approaching a year since the introduction of price and service transparency information, the SRA are still looking for many regulated firms to increase their compliance levels.
Earlier this year, only a quarter of firms were fully compliant with regulations with a fifth not compliant at all.
The introduction of the SRA’s new digital register and badge, which has been optional but will become mandatory from 25 November, was discussed at length with the SRA confident it will lead to increased consumer choice and law firm compliance.
71% of consumers now shop around for legal services and although the publishing of new and existing information will not offer price comparisons, it is thought that improved information could lead to greater levels of choice for consumers.
Following recent announcements concerning anti-money laundering (AML) failings within the conveyancing sector, it will become a key theme and remain a high priority for the next year.
Having requested over 7,000 firms confirm their AML policies and processes, the SRA intend to expand their AML team, focus on proactive supervision, complete regular reviews of risk assessments and policies, investigate related cases and increase enforcement.
To ensure compliance with new Money Laundering Regulations, the SRA are looking for firms to become a lot more active when reporting AML issues. From 10 January, discrepancies in information provided by clients and that lodged at Companies House will need to be reported.
Similarly, from the Spring, all new trusts need to be registered with HMRC and all money laundering reporting officers (MLRO) need to be criminal record checked before taking on the role.
The SRA are looking for law firms to adopt a considered and thoughtful approach to identifying risk including geographical issues, client-based risks, transaction-based risks and risks attached to third parties.
Policies should consider the firm’s transactions and means of delivering services as well as demonstrating an understanding of a law firm’s client base.
The regulator will be less forgiving with compliance failures in the future. Risk assessments which are not written down, kept up to date, and customised specifically for the business will be deemed non-compliant and face increased enforcement procedures.
How has your law firm amended policies to comply with price transparency, money laundering and cyber crime regulations?