Useful guidance below to avoid data breach by mistakes using BCC in emails. One of the most common data breaches is user error! Should you suffer a data breach each out to use. We provide a lot of Data Protection & GDPR support: https://hunningsconsultancy.co.uk/gdpr-support/
"Failure to use BCC correctly in emails is one of the top data breaches reported to us every year – and these breaches can cause real harm, especially where sensitive personal information is involved.
When you use the ‘BCC’ field to send an email, the recipients can’t see each other’s email addresses. You can use this if the personal information you’re sharing isn’t sensitive and there’s little risk. But if your email may reveal sensitive information about the recipients, you should assess whether using other secure methods would be more appropriate.
You could:
· set rules within your email system to provide alerts and warn email senders when they use the Carbon Copy (CC) field;
· set a delay, allowing time for errors to be corrected before the email is sent;
· turn off the auto-complete email function to prevent the system suggesting email addresses in the recipient’s box; and
· use the NCSC email security check tool.
Under data protection law, organisations must have appropriate technical and organisational measures in place to ensure personal information is kept safe and not inappropriately disclosed to others.
Organisations that use and share large amounts of data, including sensitive personal information, should consider using other secure means to send communications, such as bulk email services, so information is not shared with people by mistake.
Organisations should also consider having appropriate policies in place and training for staff in relation to email communications.
For non-sensitive communications, organisations that choose to use BCC should do so carefully to ensure personal email addresses are not shared inappropriately with other customers, clients, or other organisations."
From the ICO
LEAP have issued a new, updated spec sheet (they call it System Requirements) on 31st July 2023.
Here is a link for easy access.
For assistance with using your LEAP:
We have worked with LEAP since 2015 as implementation consultants, implementing into hundreds of businesses in the UK & abroad. In addition to implementing, setting up & initial training we also
Contact Us
Fill in the form below or email: [email protected]
A few Testimonials:
(For more visit our Testimonials page)
Jade Collier - Finance Manager at Wilson Davies Solicitors
"Excellent service from Brenda and Ingemar. They went above and beyond to ensure the transition to our new system ran smoothly. Would Highly recommend."
Vas Constantinou – Partner at Tyrer Roxburgh:
"A huge thank you to Ingemar and Brenda at Hunnings Consultancy who have provided clear, precise and excellent training in installing Leap as our new case management system. You have provided an excellent service throughout and have always gone over and beyond to help us, making this transition a smooth process."
Maxine Johnson:
"The training was excellent. I found Ingemar to be incredibly helpful, knowledgeable and easy to work with. I would highly recommend Hunnings Consultancy Ltd."
Helen Dickie MD of MD Law in Cardiff:
Thoroughly enjoyed my training with Ingemar! Not only did I have the opportunity to expand my knowledge in the firm’s investment into LEAP it was very useful to consider profit revenue and risk/compliance utilising the tools within LEAP to assist. Enjoyed the remote training session- thank you!!
Law firms regulated by the SRA must publish their diversity data. Here is a link to guidance from the SRA on where and how this should be done: https://www.sra.org.uk/solicitors/resources/diversity-toolkit/your-data/ This was guidance was updated in June 2023.
The SRA a very active in carrying out AML Audits. We help firms navigate their way through such an audit and then with any work the SRA ask them to do to comply. In addition we can assist with carrying out an Independent AML audit after a few months to check the actual implementation & operation of those AML policies & procedures.
It is best to contact us as soon as you receive notification from the SRA. They will ask you to answer some preliminary questions and submit your policies for review. How you answer them can help or hinder how the audit or inspection goes.
We charge at £200 + VAT
Below are the Agenda's the SRA send out in their letter giving notice of an inspection.
Agenda to Prepare for The SRA Inspection
| Deadline | Activity | |
| 1. | Within 7 days | We will arrange a date for the inspection |
| 2. | 14 days | Provide: a list of the fee earners at your firm open and closed matter lists for your fee earners your response to our questionnaire your firm wide risk assessment your firm’s proliferation financing risk assessment your firm’s AML policies and procedures your firm’s template client and matter risk assessment copies of any audits on your firm’s policies and procedures AML related training records and content High risk matters list if applicable File review template and list of file reviews completed in the last 6 months |
| 3. | 3-5 days before the inspection | We will provide a list of the files we wish to review on-site and confirm if fee earners have been selected for interview. |
AML Inspection Day Agenda
| Approx Time | Activity | |
| 10.00am | Introductions and context | |
| 10.15am | Interview with the Money Laundering Compliance Officer (MLCO) and Money Laundering Reporting Officer (MLRO) | |
| 12.00am | Break for lunch | |
| 12.30pm | File reviews and review of SARs/DAML / opportunity to interview fee earners | |
| 2.40pm | Feedback to MLCO on files reviews and fee earner interviews. Thank you and close |
AML Support from us (HCL)
We provide a lot of AML support to businesses in the Legal Sector. Please see below for a summary and links for further information.
(Sanctions Regime compliance - see separate services for this on our website.)
Contact Us
Feel free to contact us, ideally by using the 'How can we help you?' form below.
This guidance on the Proceeds of Crime Act applies to all people and firms regulated by the SRA, whether or not they fall within AML scope. The SRA have given notice that they will have regard to this guidance when exercising it's regulatory functions. The guidance has been issued to help people understand the SRA's expectations.
Below is a link to the guidance. It has some useful examples, a list of Red Flags to watch out for, how to make a Suspicious Activity Report (SAR), exemptions and emphasises the need for the training of staff [with which we can assist].
Here is the link to the Guidance.
AML Support we offer
Independent AML Audit - an audit to ensure the implementation & exercise of your AML policies & procedures
AML Training - for those regulated by the SRA and by the FCA
OPM - an up to date Office Procedures Manual (SRA regulated firms)
MLRO Support Retainer - for MLROs in certain FCA regulated sectors
MLRO Reviews & Reports - for MLROs in certain FCA regulated sectors
Contact Us
Fill in the form below
From 12 June, the SRA are introducing an additional verification step to make your mySRA account more secure. This means when you log in you will need to register a phone number. You will then need to have this phone with you every time you log in to mySRA and use a text message code or call to verify your identity. Because of this, you will also need to replace any saved mySRA website links.
More info here: https://www.sra.org.uk/mysra/updates/verifying-mysra-account/
For assistance with Compliance
Hit this link: https://hunningsconsultancy.co.uk/compliance-services/
For help with QWE Confirmation
Hit this link: https://hunningsconsultancy.co.uk/external-qwe-certification-service-2/
Contact Us
Fill in the form below
We thought it would be helpful to write a post explaining the actual process, with images, of how a solicitor actually does the confirmation of the QWE on the SRA website - as a resource for solicitors and also for Aspiring Solicitors who want to know.
The actual process is quite simple. It remains so if you have an SRA regulated solicitor on your organisation who will confirm your QWE. However, the SRA does allow an Aspiring Solicitor to reach outside of their organisation to an External Confirming Solicitor to confirm their QWE (for example if they do not have an SRA regulated solicitor in their organisation (perhaps working inhouse or in a charity and/or abroad). We have so far helped over 130 Aspiring Solicitors (updated April 2025) in that situation, from all over the world. Follow this link and/or fill in the form for more information.
The Process - how a solicitor confirms
Please note that the process will need to be repeated for each period of QWE to be confirmed.
The SRA has now produced a video taking you through this:
https://www.youtube.com/watch?v=HxakIEOO-OQ
External QWE Confirmation Service
If you need an SRA regulated solicitor to confirm your QWE but have no-one in your organisation to do so - we can help. Please see the link below and feel free to signpost them to us:
QWE - External Confirming Solicitor Service - for Aspiring Solicitors
We are putting this up so that people may satisfy their curiosity as to what the message to a successful applicant looks like!
Help with your SQE2 Exemption Application
Help with confirming QWE
This is for people who are NOT foreign qualified lawyers. We have confirmed QWE to the SRA for over 50 aspiring solicitors from around the world.
Contact Us
Feel free to contact us, ideally by using the 'How can we help you?' form below.
On 2nd May 2023 the SRA wrote to all firms they regulate who are NOT within scope of the AML regulations (they already asked those within AML scope) with a series of questions on how they comply with the Sanctions Regime. (Check your junk box!)
Answering is mandatory and answers must be submitted by the end of May 2023.
Although the answers seem simple, you do not want to get them wrong. The SRA will keep the answers and refer to them in future audits. They followed this approach with AML earlier and are now auditing and referring back to answer given earlier.
We are helping firms with answering the questions for a nominal fee of £50 + VAT.
Other Sanctions compliance help
Contact Us
Feel free to contact us, ideally by using the 'How can we help you?' form below.
We thought it worth putting up an answer to this questions as it has been asked may times. Compliance with AML is a particularly hot topic and the SRA is increasing inspection, audit and enforcement.
The SRA does not give an absolutely categorical list, but does supply helpful guidance (we understand a lot more helpful than the FCA) and attempt to tell firms it regulates what 'good' looks like.
(We provide a lot of support to businesses in the Legal Sector with AML compliance. Please see more info below.)
Here is a link to the most useful page we have found on the SRA website in answer to this question.
Below we have put part of that page where they have given guidance on what areas of legal work fall in scope of the AML regime:
"Legal areas of work - in and out of scope
The areas of work in the regulations are standalone definitions and do not align with other definitions of legal services. They do not for example refer to reserved activities under the Legal Services Act 2007.
You will need to decide for yourself whether a matter is in scope of the regulations or not.
You should be aware that there is no de minimis for small transactions or limited amounts of work. If something you do is in scope, the regulations apply in full.
It is also important to note that there is no definitive list of activities that are not in scope. While a type of legal work (eg litigation) might be considered out of scope, a particular matter could be drawn into scope if for example you were to set up a trust for the client as part of the matter.
Below are the areas of legal work that will generally be in scope of the regulations. Please note this list is not exhaustive and only reflects the likelihood that work of these types will be in scope. You will need to take a case-by-case approach when deciding whether a matter is in scope. If you are unclear, you should seek independent legal advice.
AML Support from us (HCL)
We provide a lot of AML support to businesses in the Legal Sector. Please see below for a summary and links for further information.
(Sanctions Regime compliance - see separate services for this on our website.)
Contact Us
Feel free to contact us, ideally by using the 'How can we help you?' form below.
