Risk Update

Risk Grab Bag — Evolving AML Rules, Sanctioned Cell Call, Pen Tests in Perspective

Solicitors urged to review AML policies as new guidance launches” —

  • “It is finally here! You have all waited so patiently, but I am delighted to confirm that the Legal Sector Affinity Group’s (LSAG) revised and much updated anti-money laundering (AML) guidance has, after much anticipation, finally landed. The good news is the Law Society can help making getting through it all easier, but more on that at the end.”
  • “The review of the guidance was triggered by the European Union’s fifth money laundering directive, which came into force in January last year and brought in a raft of new requirements including changes to client due diligence and enhanced due diligence as well as a duty to collect proof of registration for companies and trusts.”
  • “Where possible the MLTF has sought to ensure regulatory expectations and burdens were tempered by practical reality. Balancing the many demands that practitioners are under while recognising the importance of our role in the fight against financial crime and the need for a minority to up their game.”
  • “The guidance is an effective and critical tool in supporting the profession. It is designed to help the legal profession navigate complex AML risks and challenges. It will guide you through what is a ‘must’, a ‘should’ and a ‘may’ to help ensure practices are able to understand and address AML risk to meet regulatory requirements, SRA expectations and identify good practice.”
  • “There is also additional advice on understanding and evidencing source of funds and wealth, a new technology section, which examines considerations to apply when using or exploring AML-related technology to effectively mitigate risk and revised, updated and expanded AML governance and internal controls sections.”

UNETHICAL MISTAKE: Big Firm Sanctioned as Partner Violated Ethics Rule When Calling TCPA Plaintiff in an Effort to Disprove Ownership of Phone” —

  • “A big firm partner just got his law firm sanctioned by calling a TCPA Plaintiff in a putative class action in the hopes of proving someone else actually owned and used the phone line. Talk about a bad day at the office.”
  • “Setting the stage here—TCPA plaintiffs often sue callers for purported wrong number calls when they (the Plaintiff) actually set up the lawsuit by allowing someone else to use the phone, enter the number, or otherwise have a relationship with a third party that the caller was trying to reach. Its dirty unethical stuff, and it happens all the time.”
  • “Defense counsel constantly look for tactics to try to detect and reveal this unsavory behavior to the court. But the one thing most defense lawyers know not to do is to call the Plaintiff’s phone number in an effort to somehow prove that someone else actually uses the phone.”
  • “There is a very clear ethical rule that forbids lawyers from talking to represented opposing parties about the substance of the case. This is a big clear bright line that any lawyer that passed their ethics exam has seared into their memory.”
  • “And while dialing a number in the first instance might not—in and of itself—violate the rule, having a discussion (even a brief one) with a represented party is a huge no no.”
  • “Plaintiff asked to have the attorney’s law firm disqualified from representing the Defendant but the Court felt that was too harsh a penalty. Instead the firm was ordered to pay the cost of Plaintiff’s motion work to address the ethical violation.”
  • ore details and decision: In Moore v. Club Exploria, LLC

For those looking to dig into security, see: “Security Assessments and Pen Tests for Law Firms” —

  • “The new norm has created an operating environment that hackers once could only dream of. What has been proven over the past year is that cybercrime rises during times of crisis and law firms are still slow to respond. Ransomware is the number one cybersecurity threat that we now face. The perfect storm has been created and is heading towards your firm if it hasn’t arrived already.”
  • “What exactly do we mean? Users are now accessing confidential client files from their kitchen or home office through personal computers, tablets, and outdated Wi-Fi that has not had the configuration updated since the Internet Service Provider installed it. Employer-provided systems are not universal, even among the largest of firms. Users are now responsible for keeping their software and operating system patched with critical updates.”
  • “Law firms recognize that there are security problems within their networks. Many just don’t know where to start to identify and fix them. Others accept the risks of taking no action. All is not lost. There are steps that law firms can take now to get control of the situation, to identify where the problems exist and remediate them. The first step is realizing that something needs to be done. The next step is finding where the problems exist, and that is accomplished through a security assessment.”