Risk agenda highlights key issues for CLC practices in 2022

14 July, 2022

Cyber-attacks, sanctions, cryptocurrency and anti-money laundering are among the new issues highlighted in our second annual Risk Agenda, published today.

The agenda brings together a list of the biggest risks faced by the CLC’s regulated community, which emerged during its regular monitoring and inspection work throughout the year.

It includes advice to help practices stay on the right side of compliance after a turbulent couple of years which saw unprecedented pressure placed on the sector as a result of the pandemic and extended stamp duty holiday.

Under cyber-attacks, for example, which are described as “a matter of when, not if”, the agenda stresses the importance of preparing for potential incidents. Earlier this year, the Information Commissioner’s Office fined a large law firm £98,000 for failures that led to a ransomware attack. The agenda goes on to list the five key issues that firms should consider, such as establishing an internal incident response team, testing processes in a live environment and maintaining a separate list of customers so they can be contacted if core systems are down.

Russia’s invasion of Ukraine has brought sanctions into the spotlight given the influx of Russian money into the UK property market over the years. The agenda highlights the importance of keeping up to date with and adhering to sanctions, with criminal prosecution or a large public fine facing anyone who fails to comply.

Conveyancing remains a high-risk area for money laundering. Currently, transactions funded by cryptoassets are treated in a similar way to those paid for in cash and practices must carry out the same due diligence, such as obtaining statements and trade histories. The risk agenda says firms should consider whether they have the expertise required to handle such matters if it is outside their usual remit.

Another risk is firms which fail to adequately prepare for closure, for example, if they are refused professional indemnity insurance or, in the case of sole practitioners, if they fall ill. Business continuity plans should be in place to cover this and other issues such as file storage which, under CLC rules, must be kept for a minimum of six years with some exceptions.

The regulator says it has encountered business owners who are not aware of their obligations and have not budgeted for the ongoing cost of storage and/or data retention. In a recent case, one owner was disqualified from practising for a year after ignoring CLC advice and abandoning 15,000 archived files at offices they were no longer paying for.

CLC chief executive Sheila Kumar says: “Today, the threats to clients’ assets are more sophisticated than ever and the challenges for lawyers have grown correspondingly.

“Property transactions and probate issues are more complex, and lawyers have serious responsibilities to help combat fraud and money-laundering as well as ensuring that sanctioned individuals or businesses cannot get around the restrictions that the UK government or international community has placed on them.

“The second of our annual Risk Agendas aims to help CLC-regulated lawyers meet the challenges of legal practice in the fast-changing world and to protect their clients.

“Our unique approach – working with practices to identify and address risks before they crystallise as harms – is what we hold to be the most proportionate and effective approach to regulation and is successful in resolving the vast majority of non-compliance that we find.”

Digital identity checks, changes to professional indemnity insurance, complaints, conflicts of interest and aged balances are also among the issues covered in the Risk Agenda which you can read in full here.