This website uses cookies

We use cookies to improve your experience on our website. If you continue without changing your settings, we'll assume that you are happy to accept all cookies on the CLC website. You can change your settings at any time.

Reviewing the risks posed by client money management practices for the conveyancing industry

9 October, 2024

Shieldpay and the Council for Licensed Conveyancers (CLC) recently hosted a roundtable discussion to examine the risks involved in client money management practices within the conveyancing industry. The event brought together experts from conveyancing law firms and regulatory bodies to join CLC’s Director of Strategy and External Relations, Stephen Ward. 

Also in attendance was Shieldpay’s Chief Growth Officer, Claire Van Der Zant, Shieldpay’s Head of Compliance & MRLO, Scott Newby, and Shieldpay’s Head of Legal Ed Boal to provide insight into the causes of the risks that surround client money management and how these risks can be mitigated in the present and into the future. 

The conversation opened with a discussion of the impact that technology is having on the handling of client funds. CLC’s Stephen Ward reflected on the first ever digital mortgage payment, which had happened six years prior via a Shieldpay Third-Party Managed Account (TPMA). 

“It delivered the security and the efficiency that we all expected,” said Stephen, “but what we didn’t understand going into it was the benefit of the transparency that it brought to the transaction, and that was a very welcome side effect.”

The payment was part of a pilot scheme to demonstrate the future of the industry and since then the CLC has not only approved the use of digital solutions but is actively encouraging law firms to use them to reduce the risks associated with managing client funds. 

“We took the opportunity to make very clear to the firms that we regulate that TPMAs and other alternatives to client account were not only acceptable but desirable,” said Stephen “but we haven’t seen an uptake in their use since then, and it would be good to understand why that might be.”

Personal Indemnity Insurance – a growing challenge

One significant challenge highlighted during the conversation was the growing cost of Professional Indemnity Insurance (PII) reflecting the growing risks associated with handling client funds. Another factor propelling premiums up is a lack of competition, which might be driven by regulators being overly rigid in their criteria and pushing all legal firms towards the same, limited number of products. The Solicitors Regulation Authority (SRA) has acknowledged the impact that rising insurance costs are having on many firms. 

Richard Orpin, at the time the interim CEO of the Legal Services Board (LSB), emphasised that collaboration between legal and financial services regulators is important in overcoming this challenge. “The message to legal regulators is that there ought to be sufficient arrangements in place to ensure that client money is protected” said Richard “Encouraging the use of TPMAs is one of the means by which risks associated with handling and holding client money can be reduced.” Greater use of TPMAs would also lower the risk for regulatory compensation funds, which are called on in instances where there has been dishonesty by legal services providers.

The LSB’s recent insights paper sets out key principles that should underpin legal regulators’ approaches to putting in an appropriate level of financial protection for consumers – including reducing risk, improving transparency and fostering effective competition.  

For firms, the LSB has suggested using TPMAs to reduce risk and lower insurance premiums, and to be as transparent as possible with insurers around data arrangements and claims. The LSB’s recent report on this issue can be found here

Stephen noted some positive developments, with two new insurers having entered the market this year (although another also left). 

“We’re actually ending the [June] professional indemnity insurance renewal round for Licensed Conveyancers in a healthier place than where we started it.” said Stephen, “And I think that’s part of the cyclical nature of the insurance market. We’ve been expecting this improved liquidity, and it has now arrived.”

This challenge will continue for the insurance market unless changes are made however as a recent survey published by the law firm Browne Jacobson and the International Underwriting Association shows that 38% of the participating insurers had considered leaving the solicitor’s professional indemnity market following the Discovery Land v Axis case.

Exploring the risk landscape

The conversation then moved on to discuss the specific risks involved in handling client funds that are driving up premiums and keeping regulators awake at night. 

Malpractice and compliance breaches

The panel identified a range of risks currently being faced. Some of these result from malpractice in the legal sector itself. Recent high-profile cases of client fund mishandling include that of Axiom Ince during which £64 million of client funds went missing. This in turn has led to an uptick in interventions from the SRA, an increase in the contributions firms need to make to the SRA’s compensation fund and the regulator launching a Consumer Protection Review, to take a broader look at client fund handling. The CLC has reported that instances of fraud have been slightly lower in recent years, with small numbers and values of fraud being reported. However, cases do still exist — such as a recent misdirection of £75,000 as a result of socially engineered fraud —so there is no room for complacency and risks shouldn’t be underestimated. 

Other risks however are external. David Jabbari, CEO of Muve, a Conveyancing Firm, spoke to the cybersecurity landscape and the risks it poses. 

“One of the biggest risks is phishing attacks,” said David, “mostly directed at client’s email security rather than a firm’s because client email is often not very secure. Despite warnings that firms give to clients on phishing, I still think it’s one of the biggest risks. What’s needed is a forensic analysis of where risk originates.”

One solution here, said David, would be to put client communications within a secure environment. This wouldn’t eliminate the risk but would go some way towards mitigating it. 

Rob Gurney, Managing Director of Landmark Information Group agreed, “The extent to which getting client communication off email could be a bigger win than taking the funds away from lawyers in terms of enhanced security shouldn’t be underestimated.”

Tech and security

The growing threat of AI 

While more sophisticated technology can help firms mitigate cyber-risk, it is also making criminals more sophisticated. Social engineering fraud for example, by drawing on AI enhanced tools to appear more human, is becoming more sophisticated and convincing. This means that where law firms had become more attuned to – and robust against – fraud, AI has enabled it to re-emerge as a threat and increase the risk again as it becomes increasingly deceptive and convincing.

Sarah Charlton, CEO of Eaton-Evans & Morris reflected on the major incident mentioned above of social engineering fraud to assert her concerns. 

“Firms have done a huge amount to clamp down on in the last 10 years and there’s been a lot of learning, but fraudsters are becoming more sophisticated and social engineering tactics are becoming more convincing.”

Risk mitigation: strengthening relationships with clients 

The panel discussed greater consumer education as one possible means of mitigating this risk.  Strengthening communication and relationships between firms and clients by meeting in person for example, not only builds trust but also enables both parties to more accurately identify social engineering fraud and instances of phishing. 

While law firms are exposed to risk when handling client money, the potential impact that those risks could have on clients is ultimately greater, as it is their capital on the line. This should always be at the forefront of discussions around best practice and mitigation of risks, with efforts made to understand the clients and their needs on an individual basis, and to work with them to mitigate social engineering attacks.

Risk mitigation: Education and qualifications

The importance for conveyancing firms in strengthening their cyber security and ensuring they have robust protection to the most common cyber attacks was also discussed. Sarah also suggested that as a minimum, firms should be working with the government backed Cyber Essentials scheme which protects businesses against the most common cyber attacks. 

“I think that would force a lot of people’s hands,” said Sarah, “even the basic Cyber Essentials is difficult to attain for small to medium sized law firms that don’t have the tech and specialist people in-house. An application for Cyber Essentials goes into detail on how a law firm operates from a tech perspective and where people can gain access.”

Not only would Cyber Essentials educate legal practitioners, but it would also minimise the risk of wider attacks by urging firms to build a stronger base layer of defence. 

Risk mitigation: Technology solutions

There are also multiple existing and emerging technologies that can be used to strengthen security when it comes to handling client money, from TPMAs to integrating blockchain technology. 

Scott Newby, Head of Compliance and MLRO at Shieldpay added to the conversation to shed some light on the controls and prevention tactics TPMAs can offer to mitigate risk. He was the first to say, “we’re not going to be able to stop all fraud.” He called upon his tenure in the industry to explain that fraud is an ever-evolving practice and there will always be new tools and tactics to get around prevention methods. 

TPMAs however, are a continuously developing digital solution. Shieldpay’s platform is being constantly reviewed to respond to emerging threats. Scott shared the example of the upcoming financial regulatory updates, Confirmation of Payee (COP) and APP Fraud, and the functionality changes the payments provider is making to ensure compliance. The specialist technology is evolving and adapting to stay ahead of the risk landscape for law firms. 

Karen Edwards, Head of Professional Development at the ILFM, argued that, when it comes to the use of blockchain technology in the conveyancing industry, “going forward there is likely to be change, it’s just a question of when and how.”

It was widely agreed that there is only one direction of travel when it comes to client money management practice. Technology has to be the way forward for conveyancing firms. In order to ride the wave of change, law firms should think about investment and cultural adoption of digital solutions now to get ahead of the inevitable shift. 

Revenue

While TPMAs present a solution to many of these tech challenges, some on the panel also noted the risk they pose to firms’ revenue streams, which are already under pressure. In recent years, as interest rates have climbed and peaked, many firms have come to rely on the revenue from holding client funds and the interest this generates even more than had previously been the case. Alongside this, other non-core revenue streams like CHAPs fees have also become important, as legal services fees have been squeezed by the economic climate. 

Claire Van der Zant, of Shieldpay, noted however that “While part of the industry is being propped up by the interest rates, they are changing, as indicated by the latest decision on rates from the Bank of England. Likewise, consumer duty means that the financial regulator would not be happy to find businesses relying on interest income.”

Chris Handford, Director of Regulatory Policy at the SRA noted that this question forms part of the SRA’s Consumer Protection Review as while the SRA has guidelines on this, it doesn’t currently have rules. Chris pointed out however that, “We have to also be conscious of the impact it would have on the sector if we were to stop this immediately.”

Nevertheless, it was felt by the panel that relying on interest income is an unsustainable business model which also incentivises malpractice. Far more common than substantive fraud in the legal sector, argued Sarah, is “smaller firms getting into trouble and the Partners ‘dipping’ into client money to pay the payroll.” Many firms are doing this in response to a difficult economic climate rather than with malice, but it’s risky nonetheless. Sarah also noted that accountancy practices aren’t always consistent, so annual audits can’t always be relied on to identify dishonest client money handling.

What are the steps forward to succeed today, tomorrow and in the future? 

It was widely agreed that the conveyancing market is currently in a fragile state. Reflecting on the key concerns raised during the roundtable session, from fraud and phishing threats, to the economic climate, and incidents of mishandling client funds, it is clear why there are changes to regulation on the horizon. 

While the LSB, CLC and SRA have all weighed in on the conversation to express their unanimous perspective that the risks outweigh the benefits for law firms managing client money in-house, one key challenge highlighted by the panel was diversity of solutions available and competition in the market to support law firms to outsource this. There was consensus that we need a healthy market with multiple players in the space to incite innovation and benefit the law firms and the end consumer. 

However, with more solution providers, David Jabbari shared his view that there must be interoperability. Data is such an important part of the conveyancing process and in order to be able to have a fully connected and seamless transaction for all parties involved, up and down the chain, platforms must be able to safely and efficiently transfer this information between them. 

In thinking about how we can work together to mitigate these key risks and build the future of the industry, Chris Williams, founder of Novus Strategy & Consulting, suggested zooming out and having a clear structure for how to approach transformation for the industry. He provided the idea to look first at what solutions can be acted on today (now), then setting our sights on tomorrow (next) and then planning for further on in the future (later). As an initial outline, this could mean now, focusing on investigation and education in the short-term to ensure we are building a comprehensive foundation of knowledge; next, we start to drive greater adoption of the technology solutions we currently have at play to drive the move to digital; and further ahead, we look to reimagine the process and transform the way the end-to-end transaction runs in order to eradicate major risks. 

The importance of staying abreast of technological advancements therefore is crucial for future proofing the money management process. This applies both to being aware of the latest methods used to conduct cyber attacks and fraud, and to the technology being developed by third parties to strengthen security and reduce risk. Risks and regulations will continue to develop at a pace, and solutions can be found through the collaboration between law firms, third party technology, and clients, all working towards the overall aim of greater efficiency and protection. 

But the driving force for change is regulation – mandating change is the most powerful way to get this stagnant market to finally embrace the digital transformation wave.