Stage 10: Drafting your policies and procedures – Part 2

In this stage we are focusing on four key areas within your policies and procedures:

Anti-Money Laundering

Law firms are a target for criminals because of the opportunity to turn the proceeds of crime into laundered money. As an AML supervisor we focus on how firms both understand and mitigate the risks posed to them by the activities that they carry out. The AML section of our website provides a number of resources that will assist a new firm in setting up, including a template for your AML policy, checklists and guidance. We would recommend that you study these carefully as compliance with the Money Laundering Regulations is a key role for us as an AML supervisor.

Data Protection

Law firms hold a large amount of personal data and the impact on the reputation of a firm from any adverse comment can be severe. You need to ensure that you are doing all that is possible in a proportionate manner to protect this. We recommend that you seek guidance, and registration, from the Information Commissioner’s Office where there are several resources to help you adopt an appropriate policy.

Risk Register

You should maintain a risk register with key dates for your firm so that you log and evidence both breaches and regular reviews of your risk activities. This may also include training relevant to these key areas within your policies.

The following links and documents will help you at this stage:

Business Continuity

Having an effective business continuity plan so that you can continue to handle your clients’ business if something goes wrong is vital. Otherwise, would you know how to cope?

Often this is just seen to apply to your IT systems, but emergencies can vary widely. Strangely loss of key people (including you) is rarely thought about. However, some incidents are fairly common and can be mitigated by sensible continuity planning.

So demonstrate to us that you have thought about the possible threats and how you could deal with them.