StaRs: Time to prioritise, but not to panic
Little did we know then that Covid-19 was around the corner and set to test our systems and processes yet further. Whilst the uncertainty around Covid-19 inevitably gives rise to a sense of unease, this can be seen as another opportunity to step back and prioritise, to ensure you are complying with your regulatory obligations during these otherwise uncertain times. Reviewing systems and processes now could ensure future work systems that help you achieve optimum standards in terms of business continuity, security, and supervision during unpredictable times. In turn, this could improve not only your firm’s capability in respect of regulatory compliance, but services for clients and, ultimately, client satisfaction. This ever-changing and uncertain climate could, in fact, bring about positive change for law firms.
So what are some of the key regulatory risks law firms face in respect of Covid-19 and how can these be tackled?
The clear message from the government - to avoid all unnecessary travel and to work from home wherever possible - has made remote working more a necessity than an option.
The increased risk of data breaches and the loss of confidential information through hard copy documents being transported and kept at home, rather than in offices with the necessary systems and controls in place, is inevitable.
Colleagues should work digitally wherever possible and be advised against working from hard copy documents and minimising the need to make handwritten notes of calls or virtual meetings they attend – typed notes should be encouraged. This may mean firms need to expand their teams working for particular clients to include administrative support, input from paralegals or individuals with an advanced technological skill-set, should detailed notes of meetings or conferences be needed.
If working digitally is not possible, for whatever reason, transporting and storing documents in a locked receptacle should be made compulsory. You may want to give further thought to suggesting the types of lockable storage you would prefer individuals to try to use, wherever possible. For example, a large lockable filing cabinet or lockable drawer within a desk is likely to be harder to make off with than a portable lockable rucksack. Where this is not possible, you may want to remind colleagues to keep their working environment as secure as possible, by setting a home security alarm and closing windows when they go out. This is about reminding colleagues of basic steps they can take to minimise the chances of confidential information being lost or stolen. Likewise, the use of removable media to transport data should be discouraged and, where such media is used, the importance of the relevant device being encrypted must be clearly communicated.
It may be that you will need to consider reviewing underpinning policies with a view to amending them or, at the very least, reminding colleagues of their existing obligations.
Colleagues should consider notifying parties with whom they have corresponded by post previously / relied on service of documents by post, that correspondence should be electronic-only going forward (wherever possible). This is in anticipation of any full office closures should isolation measures be ramped up in the UK in the coming days and weeks and to manage the associated risks of missing key documents and communications.
Remote working introduces further risks to data security beyond inadvertent disclosure or loss of hard copy papers/removable media.
Colleagues should be reminded to work, where necessary and indeed where possible, in private environments where conversations of a confidential nature cannot easily be overheard and computer screens cannot be easily seen by third parties. The importance of locking computer screens when unattended (even within one’s home) should be reinforced. Colleagues should be encouraged to avoid predictable passwords and consider using password managers.
Working from home does not always mean literally ‘from home’. Accordingly, colleagues should be reminded that public Wi-Fi hotspots are not secure and vulnerable to hacking, and it is hard to prove that a hotspot belongs to the company or individual it claims. The SRA advises that in most cases, modern websites (using HTTPS) will protect you from risk. Using work mobiles as ‘hot spots’ may be a necessary alternative if another secure network is unavailable, but be aware there can be increased costs associated with this method.
Due to difficulties in contacting individuals on office telephone numbers or limited availability of support staff to contact various individuals on behalf of lawyers, colleagues may need to send more emails than usual. Likewise, sharing a confidential document in person in the office will now most likely be done virtually or via email. Colleagues should be reminded to check and double check email addresses used, to authenticate email addresses by independent means wherever possible, and to password protect attachments to emails (with the password being provided separately) to best protect against any potential breaches.
The ability to ‘share your screen’ through providers such as Skype for Business should also be used with caution and, in some circumstances, limited to internal meetings. Colleagues should be advised to ensure only appropriate material/data is shared with the parties attending a particular meeting or call. Disenabling email pop-ups is one precaution worth considering so that confidential information is not inadvertently displayed to others whilst screen sharing.
Laptops should be encrypted and firms should have a system to track devices and delete data from tablets and phones remotely if they are lost or stolen. The SRA also recommends two-factor authentication for email and log-ins, where possible.
If colleagues think that a data breach has occurred, they should be reminded of whom to report this to within your firm, and how. They should also be reminded of the requirement for this to be done promptly (given the 72 hour deadline under the GDPR to report where there has been a breach of personal data).
As part of our StaRs blog series, my colleagues Shannett Thompson and Charlie Roe commented on how the twin themes of accountability and exercising judgement pervade the StaRs. The introduction to the Code for Individuals stresses, ‘[y]ou must exercise your judgement in applying these standards to the situations you are in and deciding on a course of action, bearing in mind your role and responsibilities, areas of practice and the nature of your clients.’ It goes on to state, [y]ou are personally accountable for compliance with this Code – and our other regulatory requirements that apply to you – and must always be prepared to justify your decisions and actions.”
The Code for Firms further emphasises the breadth of accountability for a firm and its staff. Whilst noting that any serious failure to meet the standards or serious breach(es) may lead to regulatory action being taken against the firm, its managers or compliance officers, the code also notes: ‘[w]e may also take action against employees working within the firm for any breaches for which they are responsible.’
A reminder to colleagues of their obligations under the respective Codes is recommended. Being away from the office should not lead to a relaxed attitude to the importance of one’s regulatory obligations. Individuals should be aware that they are responsible for the professional judgement they exercise when working at home and that the various discussions and decisions taken on a particular case, for example around disclosure or potential conflict points, should be carefully recorded. This should include reasoning for why they have chosen to act in a certain way, so that they can justify decisions, should they need to, in the future. The SRA’s Enforcement Strategy recognises, however, that mistakes do happen; clear record keeping will help the SRA decipher between honest mistakes and those that are less excusable.
Colleagues will need to keep records/evidence of expenses (for example, duty solicitors having to get taxis to police stations to avoid public transport during the outbreak) perhaps by taking photographs of them and emailing them to their administrative support teams so that they can be processed in accordance with the firm’s expenses policy (and/or billed promptly to the client as a disbursement, as opposed to when normality resumes which may well be months away). For those individuals without a work phone, they will want to keep a record of work calls made using their personal phone package. Likewise, colleagues may wish to buy computer screens or office supplies to enable them to work more comfortably from home. Firms will need to consider whether their existing policies cover such eventualities or whether interim policies will need to be introduced to ensure fair and efficient work patterns at home.
The Code for Individuals at paragraph 3.5 makes clear that when supervising others in the provision of legal services, practitioners remain accountable for any work conducted on their behalf. Delegating work does not, therefore, break the chain of personal accountability. Practitioners must exercise their professional judgement as to whether the individual to whom they have delegated is sufficiently experienced and able to complete the work in question. When working remotely, it is important that regular supervision meetings still continue to ensure close monitoring of work and workloads to act as a check on standards and the quality of output. Although not in the office, partner visibility is important to ensure juniors feel able to raise questions and concerns and to encourage open and frequent communication channels.
The need for electronic signatures for, amongst other things, letters, court documents, and bills (to ensure they are enforceable) is something to add to the checklist; whilst there is not a one size fits all solution, firms should consider their own approaches and policies on the signing of documents, to ensure they are workable and adequate for remote working and amend these if necessary.
With the announced closure of schools for most children, and the inability to rely on older family members to assist with childcare, the demands on working parents is a consideration that should be high on the agenda for firms. Encouraging colleagues to communicate any particular stresses on their time and working environment will be key. Discussing flexible ways of working and the ability to share work and personal commitments during the day will help colleagues feel supported and ensure efficient work patterns.
Any existing policies on working from home/flexible working may need to be revisited.
A comprehensive, and ongoing, review of all existing policies and procedures to ensure their adequacy in dealing with the various issues arising from the current situation as they occur should be considered. Additionally, clear internal communications should be issued, reminding colleagues of the existence and availability of a firm’s policies and procedures and any amendments made to them.
Many firms will have established tried and tested procedures to enable remote working for their employees as the push for agile working in the legal sector has intensified over recent years. Whilst firms are likely well equipped for this large-scale change in working practices for, what seems to be, the foreseeable, the importance of reviewing and improving systems in this context to ensure continued compliance with regulatory obligations will help achieve one of the ultimate aims during this difficult time; to ensure, as far as possible, that it is ‘business as usual’.
A shorter form version of this blog was published by Legal Week on Friday 20 March.
Jessica Clay is a Senior Associate in the Regulatory department and specialises in legal services regulation, with a focus on regulatory compliance, legal ethics, investigations and public law matters.
Charlotte Judd is an Associate in Regulatory department and assists and advises on matters including defending regulated individuals, organisations and corporates; advice for regulators and public bodies and legal services regulation.
Every solicitor knows that an undertaking is serious stuff. Arguably it is the greatest power available to a solicitor. A promise, if broken, that will lead to immediate and serious consequences for the giver. As such it can be relied upon to the ends of the earth. The power of undertakings has meant that they sit at the heart of every property transaction, bridging the time gap between the sending of money and the receiving of title. They are also used in other areas of commercial life and as part of litigation. The “brand” of a solicitor’s undertaking is so powerful that little thought is given as to where their power comes from.
This week, the Government announced that Covid-19 vaccinations will be made compulsory for care home staff, raising strong emotions on both sides of the argument.
Julie Norris and Jessica Clay consider SRA entity regulation and the imperative to create an ethical (ergo, compliant) legal workplace.
The pandemic has highlighted the importance of good mental health and resilience both in and out of the office. Bronwen Still and Lucinda Soon consider your obligations
Gone are the days of computer gaming being viewed as a secluded activity; gaming is now a thoroughly social experience that attracts a global audience of millions and players can compete for large sums of money and celebrity. This burgeoning industry is largely in a virtual world and has developed in a blockchain, decentralised fashion. Often the UK government talks up the UK gaming industry and how keen the government is to support this sector, and there have been instances that show support, but when it comes to playing games competitively, law and regulations have not yet caught up.
The solicitors’ watchdog is right to take charge of misconduct cases but it needs firmer guidance to succeed
The COVID-19 crisis has forced sports clubs, schools, universities and charities to rapidly change their approaches to coaching, teaching and support work. The regulations on social distancing have forced organisations to innovate; services which had previously been offered mostly or wholly in person were rapidly shifted online during “lockdown 1” and will return online at least for the duration of “lockdown 3”. If the vaccine rollout has the desired effect there will no doubt be some return to “traditional” methods, but it seems very unlikely that the changes brought about by the pandemic will be completely reversed. In this blog, Claire Parry from Kingsley Napley’s Regulatory team and Fred Allen from the Public Law team look at the challenges organisations face engaging with children online.
In our fourth blog in our series on Beckwith v Solicitors Regulation Authority  EWHC 3231 (Admin), we turn our attention to consider what impact, if any, this landmark decision might have on the regulation of professional accountants. While the case turned on some very specific features relating to the regulation of solicitors as contained in the Solicitors Regulation Authority’s (SRA) Principles and Code of conduct, some parts of the judgment may have more general application.
In the two years preceding Ryan Beckwith’s appeal to the High Court, the SRA pursued a handful of other sexual misconduct cases before the Solicitors Disciplinary Tribunal (Tribunal). These cases are varied and fact-specific and include sexual misconduct in and relating to the workplace and conduct outside of work.
Regulatory investigations across all sectors are increasing in complexity, with a corresponding increase in the size of the cost applications made by regulators upon successful prosecution. For solicitors facing investigation by the Solicitors Regulation Authority (‘SRA’), the costs associated with prosecutions before the Solicitors Disciplinary Tribunal (‘SDT’) have made the headlines recently for their size. In Beckwith, for example, the Divisional Court referred to the SRA’s costs of c.£340,000 as “alarming.”
On 12 March 2018 the SRA published its warning notice on the use of non-disclosure agreements (NDAs). This was in the wake of the widespread publicity at the time given to NDAs which had been considered too draconian in reach and effect.
In this 3-part tech blog series, we’ve explored how legal and accountancy regulators are driving and responding to changes in technology and innovation in their respective professions. We’ve also considered the commercial perspective, looking at interesting developments in these sectors , particularly around the use of artificial intelligence (AI).
In this second blog in our technology and innovation series, we look at some recent developments in the use of artificial intelligence (AI) in the legal and accountancy sectors.
In the first of our Tech blog series, we take a look at how regulators in the accountancy and legal sectors are supporting technological innovation in their respective professional sectors, and how they themselves might adapt their regulatory approach in the new era of digital technology.
It has been a year since the Solicitors Regulation Authority (SRA) launched its Standards and Regulations (StaRs) and even longer since the revised Enforcement Strategy was rolled out. This time last year, we produced a series of blogs relating to launch of the StaRs and provided our views on what we thought you needed to know.
On 18 November 2020, the government confirmed that it is proceeding with planned changes to the Victims' Code, following a consultation that began on 5 March 2020. The changes mean that when the revised Code comes into force, it will be based on a clearly defined set of rights that set out a minimum level of service that can be expected from criminal justice agencies. It is hoped that the changes will mean victims have a greater awareness of their rights, receive the information and support when then need it and have a greater level of satisfaction with the treatment they receive in the criminal justice system.
On 19 November 2020, the High Court handed down judgment in the Professional Standards Authority for Health and Social Care’s (“PSA”) challenge to a decision of the Medical Practitioners Tribunal (“MPT”) to suspend a doctor from practice. In her judgment, Mrs Justice Farbey emphasises the significance of lack of insight to the question of sanction.
All providers registered with the Care Quality Commission (“CQC) must assure themselves that all directors who are responsible for delivering care to service users are fit and proper – in other words, they must be able to diligently carry out their responsibility to ensure the quality and safety of care. This forms part of the providers’ duty to ensure the service is well-led, which is one of the focus points during an inspection. Not only does the CQC monitor compliance at the point of registration, but it is an on-going duty and can lead to enforcement action where it is not met.
The route to obtaining a prestigious job in the legal profession is hard enough without the worry of whether past misdemeanours will prevent you from being admitted by the Solicitors Regulation Authority (SRA) as a solicitor. Convictions or cautions in early life (for even relatively minor offences), student disciplinary findings, civil debts and the like, are all capable of preventing prospective solicitors seeking admission to the roll becoming qualified as a solicitor. Since May 2018, prospective solicitors have had the ability to seek an early character and suitability assessment under the Authorisation of Individuals Regulations, enabling them to understand if something they did in the past could be a bar to entry to the profession.
Private prosecutions provide an effective way to seek justice; and particularly in circumstances when the traditional prosecuting agencies are unable or unwilling to act. Conducted appropriately they can be a useful, efficient and cost-effective tool to secure punishment of the guilty. Conducted badly they can be an expensive mistake with far reaching consequences.
In this blog series we draw on our experience of both bringing and defending private prosecutions to help clarify some of the common myths and misunderstandings about private prosecutions. In this blog we look at whether the private prosecutor is entitled to recover their full investigation and legal fees at the end of the case.
Skip to content Home About Us Insights Services Contact Accessibility