Risk Outlook 2016 James Dipple-Johnstone Paul Hastings Dr Debra Malpass

Risk Outlook 2016 Today’s session: Brexit Cybercrime and Information Security Money Laundering

Risk Outlook 2016

Brexit New paper on Brexit and the potential impact on legal regulation Available on our website Hot topic page for regular updates

Brexit Nothing has changed post EU-referendum Issues we are considering include - practising rights - impact on international firms - data protection - Future of Primacy (EU influence over UK law) We will not know more until formal negotiations begin

Brexit Our report includes a checklist for firms: - entering the market - people you work with - clients - planning for the future Modern and proportionate regulation is essential for the vibrant and competitive domestic and international market of the future. We will not know more until formal negotiations begin

Cybercrime and information security Cybercrime is now the most frequently reported category of crime in the UK Law firms hold personal data and significant sums of money ICO: the risk to law firms is the same as that to any other business – but they hold very sensitive information

Cybercrime and information security We do not want to deter firms from using technology to better serve clients, making legal services more accessible It is important to manage the risks. Paying attention to the basics can help But we have seen an increase in the sophistication of cybercrime and other scams

Cybercrime and information security We have seen numerous attempts – some succeed Can cause significant losses of client money Can harm reputation, cause disruption Has put some firms into financial difficulty Potential regulatory and legal liability

Cybercrime and information security Malware - harmful computer programs email attachments, hacked websites, or insider action – “ransomware” Ransomware seeks money in return for ability to retrieve files. Some types also steal data

Cybercrime and information security Phishing and vishing Fake email (“phishing”) or telephone call (“vishing”) purporting to be from someone you trust Seeking information or money transfer Can be well crafted and very convincing

Cybercrime and information security Email redirection Very widespread, costing business over $2bn globally Hackers intercept and modify emails between parties to redirect money or information Conveyancing proceeds are a major target – “Friday afternoon fraud”

Cybercrime and information security Cybercriminals Do not doubt how clever and sophisticated attackers can be However, research shows most to be interested in fast results Being a harder target can deter them

Cybercrime and information security Managing the risks does not have to be costly Aim to be a harder target Pay attention to the basics Most attacks are aimed at people not technology Training is key

Cybercrime and information security Further guidance Risk Outlook Cyber Essentials Action Fraud Information Commissioner

Money Laundering We are seeing an increase in reports concerning AML compliance (ML Regulations and/or Proceeds of Crime Act) We are investigating a very small number of substantial cases We have seen increased interest in this area from Law enforcement The legal services market, solicitors and the ‘client account’ are attractive to organised crime

Money Laundering Financial action task force (FATF) inspection of the UK Spring 2017 (Legal profession will be a priority? – see FATF report June 2013) 4th Money Laundering Directive SAR numbers and quality – Total 354,000 last year - 3600 reduction in SAR from the profession 8% 2014 (1 % of all SAR) Quality of consent SARs – NCA report February 2014 Refusing SAR on quality from 1st October 2014 Home office campaign New criminal legislation

Money Laundering Thematic review into AML procedures published in May - role of MLRO - policies, systems and controls - client due diligence - staff awareness - recording and reporting

Money Laundering Key findings: MLROs Each firm had an MLRO who was aware of their responsibilities.   The MLROs' knowledge and experience varied.   There is a concern that some MLROs lack specific training            

Money Laundering Key findings: policies systems and controls Firms differ in their view of what constitutes high risk work. Firms who conduct property and transactional work are at greater risk and should consider the risk to their workload overall.            

Money Laundering Key findings: client due diligence Many firms use automated IT systems which require CDD and AML compliance before work can commence - these can promote efficiency, provided that they are not over-relied upon.   Firms were generally aware of the importance of CDD and many applied their CDD procedures to all work.            

Money Laundering Key findings: staff training and awareness Following mergers, some firms failed to refresh and review the new firm's AML training. Generic training may not be appropriate for finance staff to spot warnings   The lack of procedures providing for regular training by some firms was a concern.            

Money Laundering Key findings: recording and reporting Most firms were compliant with the recording and reporting obligations of the MLRs.   Some firms failed to record all information.   Some staff at some firms were unsure about who to approach if they had a suspicion about a transaction.            

Questions?