Download Risk Outlook 2016 - Solicitors Regulation Authority

Risk Outlook 2016
James Dipple-Johnstone
Paul Hastings
Dr Debra Malpass
Risk Outlook 2016
Today’s session:
Brexit
Cybercrime and Information Security
Money Laundering
Risk Outlook 2016
Brexit
New paper on Brexit and the potential impact on legal
regulation
Available on our website
Hot topic page for regular
updates
Brexit
Nothing has changed post EU-referendum
Issues we are considering include
- practising rights
- impact on international firms
- data protection
- Future of Primacy (EU influence over UK law)
We will not know more until formal negotiations begin
Brexit
Our report includes a checklist for firms:
- entering the market
- people you work with
- clients
- planning for the future
Modern and proportionate regulation is
essential for the vibrant and competitive
domestic and international market of the future.
We will not know more until formal negotiations
begin
Cybercrime and information security
Cybercrime is now the most frequently reported
category of crime in the UK
Law firms hold personal data and significant
sums of money
ICO: the risk to law firms is the same as that to
any other business – but they hold very
sensitive information
Cybercrime and information security
We do not want to deter firms from using technology to
better serve clients, making legal services more
accessible
It is important to manage the risks. Paying attention to
the basics can help
But we have seen an increase in the sophistication of
cybercrime and other scams
Cybercrime and information security
We have seen numerous attempts – some succeed
Can cause significant losses of client money
Can harm reputation, cause disruption
Has put some firms into financial difficulty
Potential regulatory and legal liability
Cybercrime and information security
Malware
- harmful computer programs
email attachments, hacked websites,
or insider action
– “ransomware”
Ransomware seeks money in return for ability to
retrieve files. Some types also steal data
Cybercrime and information security
Phishing and vishing
Fake email (“phishing”) or telephone call
(“vishing”) purporting to be from someone
you trust
Seeking information or money transfer
Can be well crafted and very convincing
Cybercrime and information security
Email redirection
Very widespread, costing business over $2bn globally
Hackers intercept and modify emails between parties to
redirect money or information
Conveyancing proceeds are a major target – “Friday
afternoon fraud”
Cybercrime and information security
Cybercriminals
Do not doubt how clever and sophisticated attackers
can be
However, research shows most to be interested in fast
results
Being a harder target can deter them
Cybercrime and information security
Managing the risks does not have to be costly
Aim to be a harder target
Pay attention to the basics
Most attacks are aimed at people not technology
Training is key
Cybercrime and information security
Further guidance
Risk Outlook
Cyber Essentials
Action Fraud
Information Commissioner
Money Laundering
• We are seeing an increase in reports concerning AML
compliance (ML Regulations and/or Proceeds of Crime Act)
• We are investigating a very small number of substantial cases
• We have seen increased interest in this area from Law
enforcement
• The legal services market, solicitors and the ‘client account’
are attractive to organised crime
Money Laundering
• Financial action task force (FATF) inspection of the UK Spring 2017 (Legal
profession will be a priority? – see FATF report June 2013)
• 4th Money Laundering Directive
• SAR numbers and quality – Total 354,000 last year - 3600 reduction in SAR
from the profession 8% 2014 (1 % of all SAR)
• Quality of consent SARs – NCA report February 2014
• Refusing SAR on quality from 1st October 2014
• Home office campaign
• New criminal legislation
Money Laundering
Thematic review into AML procedures published in May
- role of MLRO
- policies, systems and controls
- client due diligence
- staff awareness
- recording and reporting
Money Laundering
Key findings: MLROs
Each firm had an MLRO who was aware of their
responsibilities.
The MLROs' knowledge and experience varied.
There is a concern that some MLROs lack specific
training
Money Laundering
Key findings: policies systems and controls
Firms differ in their view of what constitutes high risk
work.
Firms who conduct property and transactional work are
at greater risk and should consider the risk to their
workload overall.
Money Laundering
Key findings: client due diligence
Many firms use automated IT systems which require
CDD and AML compliance before work can commence these can promote efficiency, provided that they are not
over-relied upon.
Firms were generally aware of the importance of CDD
and many applied their CDD procedures to all work.
Money Laundering
Key findings: staff training and awareness
Following mergers, some firms failed to refresh and
review the new firm's AML training.
Generic training may not be appropriate for finance staff
to spot warnings
The lack of procedures providing for regular training by
some firms was a concern.
Money Laundering
Key findings: recording and reporting
Most firms were compliant with the recording and
reporting obligations of the MLRs.
Some firms failed to record all information.
Some staff at some firms were unsure about who to
approach if they had a suspicion about a transaction.
Questions?