The Role of the Regulator
25 January, 2022
This article first appeared in What Mortgage Magazine.
Regulators are like football referees – it’s best when you don’t notice us. And we want the game, or rather the market, to flow with minimal intervention.
But there come times when we have to act where clients face an immediate risk and that action has to be quick and decisive. Indeed, consumers need to know we exist and are there to help when challenging circumstances arise. And nothing has ever been quite so challenging in the conveyancing market as the recent cyber-event that knocked out the IT systems of the country’s largest conveyancing business, Simplify. The three law firms within its group that were badly affected by this are regulated by the CLC.
After several extremely difficult weeks, Simplify has now restored the full range of client services. But throughout this time, we have received many messages asking what we as the regulator were doing – and, frankly, some wanted to know why we weren’t doing more.
Our role is to regulate the profession of licensed conveyancers and probate practitioners effectively in order to secure adequate consumer protection, promote effective competition in the legal services market, and provide consumer choice. Arguably the first of those is our single most important function – what’s the point of regulation without it?
We do this through a mixture of before, during and after-the-event tools. Before we will issue their first licence to practise as conveyancer, a lawyer needs to have completed the Level 6 diploma in conveyancing law and practice (equivalent to a university degree) as well as 1,200 hours of practical experience.
Once a licensed conveyancer is working, they must comply with the CLC code of conduct, as well as undertake a certain amount of training every year to ensure they are up-to-date and improving their skills. Ultimately, we have the power to discipline our lawyers if they go wrong, to the point of seeking their disqualification by the independent Adjudication Panel.
We also regulate law firms, which have to comply with our code of conduct as well. We are in regular contact with our firms and regularly go in and review how they are operating. Again, we have disciplinary powers, and can even close them down entirely if that is needed to protect the interests of clients and the public. This is, happily, a rarely used power which is mainly needed in failed firms when there is wrongdoing involved and/or client money is at risk. The professional obligations of the lawyers running a CLC-regulated firm continue after that firm has closed, for whatever reason, with Professional Indemnity Insurance also required to be in place for the six years following closure, and client files being stored safely, for example,
Finally, all our lawyers and firms, need to be covered by professional indemnity insurance that can compensate clients for negligent work, and we have a Compensation Fund for consumers who have lost out due to the dishonesty of one of our lawyers.
We in turn are monitored by the Legal Services Board, which regulates the regulators, to ensure that our performance is up to scratch.
There is only so much I can say about what went on with Simplify but I can assure you that we were in daily contact with its executive team from the start and went to the headquarters in Leicester to meet them face to face several times too. We had to be assured that our requirements were being complied with; within that, the single most crucial element was that client monies were safe, which they were.
What happened to Simplify could have happened to any business. The firm took a cautious approach to restoring systems and developed temporary processes to enable transactions to progress. We agreed with this, much though it caused very understandable concern and frustration among clients. In relation to their response to the incident we advised where they could improve too, such as in their communication about the incident.
In reality, were Simplify not such a large business with the access to resources that it has, it may not have been able to recover at the speed that it has – although we appreciate it did not seem quick to clients – or indeed at all.
This was an extremely unfortunate incident that serves as a very harsh lesson to all businesses about cyber-risk, but the best course was to allow the firm to complete its recovery. Any alternative would have increased delay and inconvenience for clients. The relevant agencies had been informed – the Information Commissioner’s Office and the police, the latter of which launched a criminal investigation, still ongoing, to find those behind the incident.
Consumers would not have been better served by the CLC stepping in – it’s not as though we could have got their systems up and running any quicker. Now that they are, however, our focus will turn to assessing the incident in the context of the CLC’s Code of Conduct and deciding our next steps and any appropriate sanctions.
Regulators, like the regulated, are always learning. It is all very well talking about cyber-risk in abstract but seeing the challenges it can present for such a large law firm and its many clients has been sobering for the entire legal market and beyond.
We cannot promise it will never happen again because property selling, with all the money that flows through the system, is an obvious target for fraudsters. But we can promise that the focus of the CLC and those we regulate will be sharper than ever to ensure that our part of the property market goes back to being as uneventful as possible.
