JUNE 2022 – ARTICLES & ITEMS OF INTEREST
The Legal Quality Standard of Ireland
JUNE 2022 – ARTICLES & ITEMS OF INTEREST
IMPORTANT BANK WARNING
The following is taken direct from an AIB website notice “As Ulster Bank and KBC prepare to exit the Irish market, the mass movement of bank accounts will accelerate. Be aware that fraudsters will use this as an opportunity to re-direct payments to scam accounts. Remember to verbally verify any requests to change account details on a known contact number. This applies to all payments – salary payments, invoices or instructions to send payments on behalf of a Director/senior manager. Never accept financial instructions vis text or email. If you make a payment to a fraudulent account, it is highly unlikely we will be able to get the money back for you.”
LSRA PUBLISHES ANNUAL REPORT FOR 2021
On 17 June 2022, the Legal Services Regulatory Authority (LSRA) published its annual report for 2021.
Highlights of the LSRA Annual Report 2021 include:-
- 3,356 phone calls and emails received requesting information and complaint forms.
- 1,599 complaints received with 1,560 relating to solicitors.
- 172 complaints were withdrawn and 615 were deemed inadmissible.
- 1,090 related to alleged misconduct, 431 related to alleged inadequate standards of legal services and 78 related to alleged charging of excessive costs.
- Out of the 1,599 complaints, 592 were made against Dublin legal practitioners city and county, 205 were in Cork city and county, 83 in Kildare and 82 in Limerick.
Steady Growth of Limited Liability Partnerships in 2022
- 106 LLPs authorised in 2021, bringing the total LLPs to 364.
- Majority of partnerships of solicitors authorised as LLPs had between 2 and 5 partners.
- Authorisation to operate with limited liability, permits existing partnerships of solicitors to limit their personal liability. For example, their personal assets are protected from the negligence of other partners in the LLP.
The report also contains numerous graphs including graphs setting out the % breakdown of complaints by legal area and also complaints received by county. To view the report in full see https://www.lsra.ie/wp-content/uploads/2022/06/LSRA-2021-Annual-Report-FINAL.pdf
UK LAW FIRM FINED FOR HAVING INADEQUATE AML POLICY AND PROCEDURES
On the 27 June 2022 it was reported by John Hyde on Law Society UK website how a firm was fined after wrongly saying it had a proper AML risk assessment.
“Clarkes Law LLP, based in Telford, reached a settlement with the regulator that it would pay a £2,000 fine and £1,350 costs after a number of shortcomings were identified.
An SRA investigation found the firm continued without a compliant AML risk assessment until February this year, having incorrectly declared in 2020 that its risk assessment met the required standards. The firm had no compliant AML policies, controls and procedures until February this year: its policies lacked accurate information and had out-of-date guidance and links, with references to staff who had left and mention of superseded regulations.
The SRA said Clarkes failed to take appropriate measures to make sure staff were made aware of the relevant rules and in one instance failed to do adequate checks on a source of funds, when £115,000 was received into the account and returned to sender following an aborted transaction.
The SRA has been increasingly willing to penalise firms who have not fulfilled their AML obligations even if there has been no harm proved.”
To view this news article in full see https://www.lawgazette.co.uk/news/firm-fined-after-wrongly-saying-it-had-proper-aml-risk-assessment/5112926.article
TEN STEPS TO PLANNING FOR DISASTER
In the June edition of the Law Society Gazette, the Guidance and Ethics Committee has issued a guidance note titled “Ten Steps to Planning for Disaster”.
Solicitors have an ethical and moral obligation to implement reasonable measures to safeguard property and money they hold for clients or third parties, prepare for business interruption, and keep clients informed about how to contact them.
This guidance note sets out some steps to help a firm create a response plan. These steps have been taken from the Guidance note but summarised.
- Carry out an inventory – so you know what needs to be recovered or replaced. Consider including the following:
- Software: make a list of any software your firm uses. How many licences do you have? Do you need to have passwords or other ways to access it?
- Hardware: how many computers, servers, or other pieces of physical hardware does your firm have – and where are they located?
- Client files: should a disaster occur, have a list of all client files in your firm’s possession so that they can be recovered.
- Location: note the locations of everything. For example, are files stored in the cloud or a physical location?
- Do a risk assessment – Identify the impact of each risk and ways to mitigate risks.
- Identify and group critical services, systems, and data – Items that can be easily replaced or are backed-up in multiple places could be considered low risk.
- Identify supporting tools – do you back-up your data? How often? Where is it located? Assess your current situation and make note of any gaps that could be an issue.
- Assign responsible individuals – tell someone what plans and procedures you have in place, should an emergency occur, people should know in advance what their responsibilities are.
- Determine how to handle sensitive information – consider documenting a plan for handling essential records (like employment records, financials, and client files) in terms of confidentiality, security, and integrity following a disaster.
- Communication – consider having a written plan to document the communication in case of disaster or emergency.
- Test and review the plan.
- Finance – try to maintain a buffer to cover unexpected expenses that may occur. This might not always be possible, and will vary from firm to firm.
- Don’t panic; ask for help – Colleagues are usually happy to step in to assist in times of an emergency.
Further information on emergency succession planning is available in the Law Society practice note ‘Emergency succession planning in a sole practitioner’s or principal’s firm.’
To read the ten steps in full see https://www.lawsociety.ie/globalassets/documents/gazette/gazette-pdfs/gazette-2022/june-2022-gazette.pdf#page=61
EMERGING TRENDS IN CYBERCRIME AND EFFECTIVE PREVENTION
On the 1 June 2022 the SRA in the Law Society of England and Wales published a report titled the ‘Risk Outlook Report – Information Security and Cybercrime in a new normal’.
In its executive summary it states the move to remote and hybrid working has driven successful innovation from firms, to be more dependent on IT, so IT security is ever more important. The SRA states it helps to be aware of how IT threats are affecting the legal market.
It states the key types of IT threats the SRA are seeing in reports to them are:
- Phishing and email modification frauds – although conveyancing remains a frequent target, due to the large funds involved, criminals are broadening their attacks to other fields as well. Other sectors have been attacked using voice impersonation systems to copy a target and criminals intercepting and falsifying physical mail between a firm and client to request funds.
- Ransomware – can simply lock firms out of their IT systems, which will particularly affect fully remote firms, but is more regularly being used by criminals to steal information and threatening to publish it – which the SRA predicts will become a normal part of how ransomware extorts money.
- Attacks on third parties and providers – which spread to solicitors’ firms, is increasing.
This report looks at what firms already know in relation to (1) Phishing and email modification frauds, (2) Ransomare and (3) Attacks on third parties and providers and how the SRA expect these security threats to change in the near future in these 3 areas. The report details case examples where probate was affected by email modification fraud and a firm affected by an attack on its IT provider.
The SRA state “effective protection from these attacks means having the right culture, systems and training.”
The firms at most risk are those with cultures that do not encourage staff to come forward with problems. Everyone has times when they are distracted or stressed. At those times, people are more likely to fall for a phishing email, or to click on an attachment that they would otherwise have recognised as a scam. On those occasions, urgent internal reporting through your firm’s IT security process is key to preventing more significant damage.
One of the simplest security measures involves choosing secure passwords, ideally backing them up with multiple-factor identification systems.
With face-to-face verification of identities less common in a remote working world, you will need to take additional care to make sure the clients and third parties you are dealing with are who they say they are. This is not only an issue for information security but also in preventing money laundering.
If, like many firms, you are moving to hybrid working arrangements, you need to make sure staff remain aware of information security issues in the office, at home and on the move.
When staff have training on how to use their systems securely, for instance how to recognise the warning signs of phishing, then your firm will be in a better position to prevent attacks or will at least be better able to recover afterwards.
To view this report in full see https://www.sra.org.uk/sra/research-publications/risk-outlook-report-information-security-cybercrime/
CYBER RISK MANAGEMENT NEWSLETTER
This month O’Leary Insurances have published their quarterly Risk Management Newsletter. It includes several topical articles including how the UK’s National Cyber Security Centre released a report in May regarding apps on phones, smart TV’s and smart speakers. In it they say that there is “far more for app stores to do” in terms of security.
Just a month prior Google removed a dozen or so apps from its PlayStore after learning that they contained malicious code, as reported by the BBC. These apps, which included a weather app and a QR scanner, were harvesting people’s locations, email addresses and phone numbers.
There is now a push in the UK to have the developer and store operators sign up to a code of practice which would set out minimum security and privacy requirements.
The newsletter also reports on two real life Irish cases one involving an email breach where over €1m has been lost and the other a website identity theft where a company’s website was duplicated with just the trading name changed. At the same time, the company’s website was taken down. The fraudulent website was looking to appear legitimate and to take payments from customers.
To view this newsletter in full see https://www.olearyinsurances.ie/contentFiles/newsFiles/Q3_2022_Cyber_Matters_Newsletter1.pdf
GENDER PAY GAP – 2022 REGULATIONS PUBLISHED
In last months legal news we advised how the Department of Children, Equality, Disability, Integration and Youth published guidance for employers on how to calculate their gender pay gap metrics.
On the 3 June last the Minister for Children, Equality, Disability, Integration and Youth, Roderic O’Gorman published the Regulations under the Gender Pay Gap (Information) Act 2021, namely the Employment Equality Act 1998 (Section 20A) (Gender Pay Gap Information) Regulations 2022, which set out the information required to be published by employers on the gender pay gap. The Employment Equality Act 1998 (Section 20A) (Gender Pay Gap Information) Regulations 2022 came into operation on 31 May 2022.
Organisations with over 250 employees are being asked to report on their gender pay gap for the first time in 2022.
To view the regulations and more details on this see https://www.gov.ie/en/publication/29606-what-is-the-gender-pay-gap-information-act-2021/