MAY 2023 – ARTICLES & ITEMS OF INTEREST

THE LEGAL QUALITY STANDARD OF IRELAND

MAY 2023 – ARTICLES & ITEMS OF INTEREST

IMPORTANCE OF ROBUST DATA PROTECTION POLICIES AND PROCEDURES HIGHLIGHTED BY ICO IN RECENT INVESTIGATION

On the 24 May 2023 it was reported the Information Commissioner’s Office (ICO) has issued a formal reprimand to the Ministry of Justice (MoJ) after confidential waste documents were left in an unsecured prison holding area.

Prisoners and staff had access to the 14 bags of confidential documents, which included medical and security vetting details, for a period of 18 days.

During this time staff challenged prisoners who were openly reading the documents, but did nothing proactive to ensure the personal information was secured.  At least 44 people had access to the information, which had remained on site as a contracted shredder waste removal company had not collected as scheduled.

The ICO investigation uncovered a lack of robust policies at the prison including:

• no pre-agreed areas for staff to leave confidential waste in a secure place;
• staff being unaware of the need to shred information or the risks of allowing prisoners access to non-shredded confidential documents;
• inaccurate records of the number of staff who had completed data protection training;
• a general lack of staff understanding of the risks to personal data and the need to report data breaches.

The reprimand details a number of required or recommended actions including:

• a thorough review of all data protection policies, procedures and guidance to ensure they are adequate and up to date with legislation;
• the creation of a separate data breach reporting policy for staff.

To view this article in full see https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2023/05/ico-issues-ministry-of-justice-with-reprimand/

AML – UK FIRM FINED £20,000 FOR NOT COMPLYING WITH ANTI-MONEY LAUNDERING OBLIGATIONS

Amy Bell, chair of the Law Society’s Money Laundering Task Force UK, reports on a firm that was fined £20,000 by the SRA for failing to have AML policies, training and systems in place, the largest penalty handed out since the regulator increased its fining powers from £2,000 to £25,000 in 2022.

The deficiencies were discovered by the SRA during an onsite audit to review the firm’s overall AML compliance.  The small firm was found to have failed to put in place a compliant firm-wide AML risk assessment until mid-2022 – more than five years after the requirement was introduced in June 2017 and despite the SRA having issued warning notices about the need to ensure this was done.

It was only after the SRA’s onsite investigation that the firm put a compliant risk assessment in place.  Several years earlier, the firm also incorrectly declared to the regulator that its risk assessment was compliant and in line with relevant guidance, when it was not.

The policy was undated, did not state who wrote it, referred to outdated legislation and had not been regularly updated.

A review of the files found that the firm:

• did not always check on the source of funds from third parties
• had weak ongoing monitoring of transactions
• failed to ensure that a form accompanying the client care letter to verify the source of funds was completed and returned

No client or matter risk assessments had been undertaken and there was no documentary evidence to demonstrate how the firm identified and assessed the level of risk.

Lack of training was also a factor – the SRA said the only AML training employees received was in the form of a “personal compliance booklet” sent in January 2022.  It was dated 2016/2017 and referred to the “outdated and superseded MLRs 2007”.

Of further concern was that a partner of the firm was not aware that the policy existed.  The SRA said that “this in itself demonstrates a lack of adequate training practices at the firm”.

The firm was fined £20,000 and paid £1,350 to the SRA toward the costs of the investigation.

This case demonstrates the serious consequences of not complying with your anti-money laundering obligations.

To view this article in full see https://www.lawsociety.org.uk/topics/regulation/risky-business-firm-received-record-fine-for-aml-failings

On the topic of AML and AML training, the LQSI hosted an AML Webinar on the 24 May 2023, if you missed this webinar it is available in the LQSI members area.

ICO PUBLISHES NEW GUIDANCE ON RESPONDING TO SUBJECT ACCESS REQUESTS

On the 24 May 2023 the Information Commissioner’s Office (ICO) published new guidance for businesses and employers on responding to Subject Access Requests (SARs).

The right of access, commonly referred to as a subject access request or SAR, gives someone the right to request a copy of their personal information from organisations.
This includes where they got their information from, what they’re using it for and who they are sharing it with.  Individuals can request the personal information held by their employer, or former employer, such as details of their attendance and sickness records, personal development or HR records.

Organisations must respond to a SAR within one month of receipt of the request.  However, this can be extended by up to two months if the SAR is complex.  Failing to comply to SARs is non-compliant with the law. If organisations fail to respond to SARs promptly, or at all, they can be subject to fines or reprimand.

The ICO stated “What we’re seeing now is that many employers are misunderstanding the nature of subject access requests, or underestimating the importance of responding to requests.  For example, employers may be unaware that requests can be submitted informally, such as over social media, or do not have to contain the words ‘subject access request’ in order to qualify as a legally binding request.  Similarly, employers may not realise that there is a strict time frame for responding to requests, and this must be kept to.”

To view the https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2023/05/it-s-important-not-to-get-caught-out-new-sars-guidance-for-employers-issued/

EUROPEAN UNION (TRANSPARENT AND PREDICTABLE WORKING CONDITIONS) REGULATION 2022 – IMPLICATIONS FOR EMPLOYERS

In the Spring edition of the Parchment, Ciara O’Kennedy reviews the European Union (Transparent and Predictable Working Conditions) Regulation 2022 and spells out the implications for employers.

The article looks at the significant changes to the law governing probationary periods and states employers would be well advised to review their existing employment contacts and probationary practices in light of the changes.  Employers may also need to re-examine their performance management processes to ensure employee reviews are conducted in a timely fashion and completed within the new restricted probationary period.

Employees may no longer be restrained without notification from working for another employer outside their work schedule.  If an employer wishes to impose an exclusivity clause, the justification, or objective clause on which the restriction is based, must be clearly set out in the contact.  The regulations set out a non-exhaustive list of objective grounds, these are referred to in the article.

The Employment (Miscellaneous) Provisions Act 2022 introduced the requirement to provide a Statement of Terms within 5 days of the commencement of an employee’s employment, the information to be provided has now been extended.  This article sets out the information to be provided.

Employers are now also required to provide a Statement of Terms and Conditions within one month (previously two) and again the article sets out what should be included.

Employers need to be aware of the time limit to notify an employee associated with ‘Changes to Terms and Conditions’ and be aware of how to deal with ‘More Predictable Working Conditions’, ‘Mandatory Work Related Training’, ‘Predictability of Work: Improvement of Precarious Working Conditions’, all referenced in this article.

Ciara O’Kennedy states ‘All employers should review their contracts in light of these changes, to ensure they are in compliance’.

To view this article in full see https://issuu.com/256media/docs/parchment_spring_2023-flipbook?e=16581915/96535834

NEW SOLICITOR ACCOUNT REGULATIONS (SARs)

In this month’s Law Society Gazette Dr. Niall Connors, Registrar of Solicitors and director of regulation, has written a very informative article on the new SARs which are coming into effect on the 1 July 2023.

He sets out the key changes as follows:

Estate Accounts – the definition of client moneys has been amended to include moneys received by a solicitor acting as personal representative of an estate.  Estate funds are to be lodged into the client account.  It is no longer a requirement to open separate bank accounts.

Balancing statements – solicitors are required to prepare balancing statements in respect of transactions on the client account every three months, instead of every six months.  This will result in earlier detection of deficits by the solicitor.

Undue or unnecessary delays – solicitors are required to review the listing of client ledger balances for undue and unnecessary delay in dealing with matters (in particular, in discharging undisbursed outlay, moneys due to clients, and moneys due to be paid for or on behalf of clients) and, where appropriate, take immediate action to deal with those matters.

Balances outstanding two years or more – solicitors are required to list client ledger balances outstanding two years or more as at the accounting date, disclosing the reason the balance is outstanding and, where appropriate, the action taken or proposed to clear each balance.  The balances are to be reported to the Society as ‘Appendix 6’ to the reporting accountant’s report.

Reporting accountant’s report – the reporting accountant’s report is to be furnished to the Society within five months of the accounting date, with an extension of one month if such extension is sought, in writing, 14 days prior to the due date.  Final accountants’ reports are to be filed within three months of the date of the solicitor ceasing practice or within such time as agreed with the Society.

Dr. Niall Connors also discusses Responsibilities of the Compliance partner/sole practitioner and what they are required to confirm as part of the ‘Form of Acknowledgement’ and who can be an Authorised signatory – to address instances of staff fraud, a cheque signatory

The article also looks at:-

• Deficits –
  • Deficits – if a solicitor cannot rectify a deficit of client funds within seven days of it coming to attention, the solicitor is required to notify the Society in writing, as soon as practicable.
  • Loans from, to, or between clients
  • Statements of account – solicitors are to provide clients with a statement of account disclosing all moneys received, paid, or held in respect of each client matter, to the extent not already done so in a bill of costs, or otherwise.

• Client moneys
  • Return money to clients
  • Receipts for cash payments to clients
  • Fees
  • Withdrawals from client account not related to a specific client
  • Bills of costs
  • No legal services provided
  • Personal moneys
  • Accounting records

• Reporting accountant
  • Withdrawal of approval of an accountant as a reporting accountant
  • Examination by the reporting accountant
  • Notification to the Society by reporting accountant

To view this article in full see https://www.lawsociety.ie/globalassets/documents/gazette/gazette-pdfs/gazette-2023/may-2023-gazette.pdf#page=37