In this blog, we will consider the requirement for solicitors and law firms to identify their clients under the new SRA Code of Conduct. Are you ready?
What is the requirement?
25th November 2019 marked the launch of the SRA Standards and Regulations 2019 (often called StaRs for simplicity which I quite like!). The new rules are less prescriptive and more succinct than past practices, and the SRA Code of Conduct says that ‘they focus on what really matters; high professional standards and appropriate public protection’.
There are two separate Codes, one for solicitors (and RELs and RFLs) and a separate one for firms. Rule 8.1 of the Solicitor’s Code (with an equivalent provision in 7.1 of the Firm’s Code) states that:
‘You identify who you are acting for in relation to any matter’
Before the launch of StaRs, there was no specific SRA requirement to check the identity of clients, other than what was required to comply with money laundering legislation.
The Money Laundering Regulations 2017 (MLR2017) of course, only applies only to certain types of work, mainly transactional and financial. However, this new rule makes it clear that the SRA expects some level of ID checking for all clients, regardless of the type of work being undertaken.
It has, of course, always been important for firms to know who their client is, and to make sure that the client has the authority to give instructions. The appearance of this new rule is probably the SRA’s recognition of that.
What guidance has been given?
The rule itself is brief as noted above, but the SRA Code of Conduct has published some guidance to accompany the rule that can be found here – https://www.sra.org.uk/solicitors/guidance/ethics-guidance/identifying-client/
In this guidance, it states ‘the Code is not prescriptive; it does not specify the measures to be taken, and it is therefore initially a matter for your firm to decide what arrangements are necessary’. It goes on to say that the SRA expects firms to take a ‘proportionate approach’.
What ID checks do we have to do?
The guidance makes it clear that it is for firms or solicitors to assess the risk and decide upon the approach. The guidance suggests that firms do not have to go as far as required under the MLR2017, but it’s likely that the SRA will want to see basic ID checks at the very least. It’s interesting that the guidance also states:
‘the onus will be on you to explain your approach should your conduct be called into question’.
Therefore your audit trail is very important; it is reasonable to assume that in the future the SRA may want to see your decision-making process, both for your firm-wide policy and for any case that departs from that policy.
What steps should law firms take?
For firms who do not have any ID checking policy at all, or a policy that only applies to specific departments, I would suggest taking the following steps:
What steps you will need to take will depend on whether you already have a policy on ID checking clients and what that policy says. A number of firms who do a mixture of work, some of which is MLR 2017 regulated, will have already decided to apply the same level of checks as is required for MLR2017 for all matters, those firms will probably only need to update or tweak their policy.
- Conduct a risk assessment to decide on your ID checking policy. You will need to consider whether you meet your client in person, the client profile and the type of work your firm undertakes. Remember to keep an audit trail and record your assessment and your decisions.
- Draft a policy based on the risk assessment that covers ID checking processes.
- Make sure your policy covers situations where fee earners can depart from the policy, for example, if they know the client personally.
- Remember that you will need to address clients that you had before the 25th November 2019 with ‘live’ or ongoing cases as well as new clients.
- If your firm does a mixture of work, some of which is MRL207 regulated, consider applying the same identity verification process across the board; otherwise, it can get very confusing for staff with increased risk of mistakes happening.
- Verifying identity can be time consuming, make the process as easy as possible for your staff and your clients – systems like Credas can help you implement your policy smoothly.
The fact that the SRA Code of Conduct has decided to add these rules speaks volumes on the importance it places on checking your client is who they say they are. It is imperative to ensure that the instructions you receive are valid. There will be some firms, particularly those who do not carry out any MLR2017 regulated work, that won’t have an ID checking procedure in place at all. For such firms, this rule probably represents one of the most significant changes they will have to make following the launch of StaRs.
If you need any help with adapting or implementing a policy, please contact Lisa at firstname.lastname@example.org.
Lisa specialises in providing compliance assistance to the legal sector. She was a Solicitor in private practice for 10 years before finding her niche compliance and regulation. She understands first-hand the worry of compliance and prides herself in providing commercial and practical advice to a variety of law firms. Anti-Money laundering is a priority risk identified by the SRA as law firms are an attractive target for criminals. Lisa can assist by providing bespoke policies and procedures which are suitable for your firm as well as advising on specific AML concerns.