Andrea Cohen outlines what’s on the regulatory horizon and sets out what should be on your risk radar in the coming year

Andrea Cohen 600 x 400

A worthwhile risk management task to help firms plan, prepare and budget for the year ahead is to try and anticipate the main changes on the horizon. Here are our top nine.

1   Money Laundering and Terrorist Financing Regulations (MLRs)

The Money Laundering and Terrorist Financing (Amendment) Regulations 2023, which came into force on 10 January 2024, amended the MLRs so that enhanced due diligence (EDD) on domestic politically exposed persons (PEPs) will be lower than foreign PEPs unless there are other high-risk factors present. Domestic PEPs refer to people with public functions in the UK, so would not apply, for example, to PEPs in crown dependencies.

2   Anti-money laundering (AML) controls in high-risk third countries

HM Treasury has published an advisory notice on money laundering and terrorist financing controls in high-risk third countries.

As a reminder, EDD and enhanced ongoing monitoring is required in any business relationship with a person established in a high-risk third country or in relation to any relevant transaction where either of the parties to the transaction is established in a high-risk third country.

It is expected that changes to the high-risk third countries list will continue to be a trend in 2024, so it is worth keeping an eye out for updates.

3   The UK sanctions list

Between the start of December and the time of writing this update, more than 250 new designations have been added to the UK sanctions list. These include 173 transfers from the Iran (Human Rights) regime to the Iran sanctions regime, 45 new designations under the Russia sanctions regime, 18 under the Belarus sanctions regime and 16 under the Global Human Rights sanctions regime.

Designations were also added under the Syria sanctions regime, the Iran (human rights) sanctions regime, the counter-terrorism (international) sanctions regime, the Haiti sanctions regime, and the cyber sanctions regime.

You can expect more changes in the months ahead.

4   Economic Crime and Corporate Transparency Act 2023 (ECCTA 2023)

The ECCTA 2023 received royal assent on 26 October 2023 and introduced several changes, some of which have come into force and some of which will be implemented through secondary legislation. The Companies House changes will need increased resources and operations, but it is anticipated that some changes – such as the power to query or reject information filed with it, revisions to the company names regime, and the requirement for companies to provide the registrar with an email address – will come into force in the next few months.

The failure to prevent fraud offence will require guidance on the adequate procedures defence. The SRA now has unlimited fining powers under the ECCTA for economic crime offences, and this will be on the agenda for the SRA. While the investigation and any prosecution of alleged criminal offences will fall outside the remit of the SRA, it will investigate alleged breaches, and the burden of proof is the civil standard.

The LSAG has updated its AML guidance to account for recent developments by publishing an addendum to the 2023 edition of the guidance. It includes guidance relating to:

In relation to the continuing challenges posed by AML, sanctions and economic crime, we suggest that the following practical steps are taken:

  • Review your policies and training in relation to preventing fraud and AML. Consider whether you should update or create new policies for all your economic crime matters: AML, anti-bribery, modern slavery, fraud and so on.
  • Review your firm-wide risk assessment (FWRA) and all policies, controls and procedures (PCPs). Have you got a FWRA that is in line with R18 requirements? Are your PCPs up to date? Do they refer to the correct MLRs, SRA sectoral risk assessment, latest publications / links, LSAG guidance and so on? If not, that is a giveaway that they have not been reviewed for some time.
  • There have been an increasing number of AML visits by the regulator, with larger fines imposed for MLR breaches, so now is the time to carry out an independent audit / arrange your next independent AML audit.
  • If the work you undertake is outside the scope of the MLRs, ensure you have processes in place so that you are not in breach of the Proceeds of Crime Act and the sanctions regime, by carrying out sufficient due diligence checks on clients and regularly checking sanctions lists.

6   SRA Standards and Regulations

There have been a number of recent amendments to the SRA Standards and Regulations including changes to pro-bono work outside a firm, administering oaths outside employment, cessation of owner approval, and deeming approval of solicitors. Expected changes to the SRA Accounts Rules, including how money on account of costs should be dealt with, have been put on hold as a result of Axiom Ince, with the SRA saying it was necessary to review consumer protection arrangements, including risks to client money. We can therefore expect to see changes, and possibly more major changes than anticipated, being introduced in 2024.

New rules were introduced in May 2023 regarding wellbeing at work, including specific obligations to treat colleagues fairly and with respect and expectations on managers around challenging behaviour. We may see in disciplinary cases in 2024 how the SRA deals with breaches of those obligations.

Changes to terms of business / client engagement letters / final complaint response / website will require a further update on 22 January 2024 when the LeO address changes to Legal Ombudsman, PO Box 6167, Slough, SL1 0EH.

The latest Office for Legal Complaints consultation, on a new strategy for LeO, will run from 1 April 2024 to 31 March 2027. The final strategy, plans and budget will be published before April 2024.

8   The risks of using artificial intelligence (AI)

The SRA has published a risk outlook report on the use of artificial intelligence in the legal market. The report shows the growing trend of AI use in law firms: at the end of last year, three quarters of the largest solicitors’ firms were using AI, nearly twice the number from just three years ago.

In light of more frequent use of this technology, the SRA warns of its risks. For instance, AI can have biases, which could harm efforts to increase diversity in recruitment processes, and bias in criminal litigation could lead to miscarriages of justice. There is also the risk of errors: language models such as the ever-popular ChatGPT have been known to draft legal arguments which are non-existent. It has also recently been highlighted that there is a real risk of litigants in person unwittingly using these false cases.

The SRA recommends ensuring all staff understand how such tools operate and that firms can explain their use to clients. Remember that – as with other IT systems – firms remain responsible and accountable for the outputs from any AI they use.

9   Practice notes and guidance

In 2023, the SRA produced 34 guidance notes on areas including client accounts, workplace environment, AML and financial crime, and the Law Society published 14 practice notes on topics ranging from handling complaints to protection for client accounts.

You don’t need a crystal ball to know that we can expect to see further Law Society practice notes and SRA guidance over the next 12 months!