INSOLVENCY (SCOTLAND) RULES 2018

The new Insolvency (Scotland) Rules 2018 are finally here!
Due to commence on 6 April 2019, now is the time for familiarisation, planning and preparation. Here’s how we can assist you.

Anti-Money Laundering – Have you assessed the risks?

A step-by-step explanation of a firm’s responsibilities under anti-money laundering regulations.

For many insolvency practitioners, anti-money laundering (AML) compliance starts and finishes with client identification procedures. But that simply isn’t sufficient to comply with current legislative requirements, nor to adequately protect you from becoming a professional enabler – a title none of us relish acquiring!

The area is under increasing regulatory scrutiny as the Recognised Professional Bodies (your AML supervisors) now have their own oversight regulator, the Office for Professional Body Anti-Money Laundering Supervisions (OPBAS), breathing down their necks. We IPs are likely to come under closer scrutiny from our AML supervisors, with a renewed focus on meaningful AML compliance.

So, aside from Customer Due Diligence (CDD) procedures, what do you need to do?

What are the risks faced by IPs?

Money laundering and terrorist financing are significant threats to any economy, particularly those operating globally. The UK is the world’s sixth largest economy, of which our financial services sector is a key component.

HM Treasury’s 2015 National Risk Assessment judged accountancy services to be at high risk of money laundering exploitation. The Treasury re-affirmed that view in 2017, concluding that ‘the inherent risks and vulnerabilities of accountancy services remain, due to the value of these services to those engaging in high-end money laundering… Company liquidation and associated services (including insolvency practice, which may be conducted by certain accountancy professionals) also pose a risk of criminals masking the audit trail of money laundered through a company and transferring the proceeds of crime…’.

Firm-wide risk assessment

First and foremost you must have a documented firm-wide risk assessment in place. This is a mandatory requirement under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR17), placed upon all ‘relevant persons’ (which includes IPs) and your supervisor may ask for sight of it at any time. Your risk assessment should:

  • identify the risk factors that apply specifically to your business and the way in which it operates
  • consider the frequency of occurrence of these risks, as well as their potential severity
  • explain how these risks are adequately managed and mitigated by the processes and procedures employed by your firm
  • be reviewed periodically and updated with new service lines and operational models
    used to educate and inform your staff

If you don’t know where to start or are pressed for time, ISS can assist you.

Oversight

Secondly, you need to consider who within your practice is going to take responsibility for production, operational oversight and periodic review of your policies, controls and procedures and whether this is going to be a formal compliance officer role, or an informal or shared function. Depending on the size and nature of your practice, either route may be appropriate. The key requirement is that someone (individual or group) needs to oversee this area. This is not the same function as the traditional money laundering reporting officer role, although these may be combined, if that works best for your firm.

Policies, controls and procedures

Regulation 19 of the MLR17 requires you to establish and maintain policies, controls and procedures to effectively mitigate and manage the risks of money laundering and terrorist financing identified in any risk assessment undertaken by the relevant person. These must be maintained in writing and must include:

  • risk management practices
  • internal controls
  • customer due diligence
  • reliance and record keeping
  • the monitoring and management of compliance with, and the internal communication of, such policies, controls and procedures

Do you have these policies in place? If not, we can help.

CPD and staff training

Those responsible for AML oversight must receive appropriate CPD on the conduct of their functions. Additionally, your whole team should be provided with periodic training, not just about the law in this area, but also about the specific risks presented to your business and the policies, controls and procedures that your firm has in place.

ISS can supply in-house and/or online learning modules for your officers and your team members, specifically tailored for your business and the risks it faces.

Beneficial owner and manager approval

It is a criminal offence for a person to act in the capacity of a beneficial owner, officer or manager of a relevant firm without the approval of an AML supervisor. Have all relevant owners and managers of your practice registered with your AML supervisor yet?

This requirement extends to any party with a controlling interest in the business (eg a shareholding in excess of 25%) and any principal, senior manager, or member of a management committee who is responsible for setting, approving or ensuring the firm’s compliance with the firm’s anti-money laundering policies and procedures.

 

We will be examining the legal requirements and the risks presented to practices in our forthcoming Intensive CPD / CPE Catch-Up Courses and discussing how practices may manage these.

For further information about how ISS may assist you in meeting your AML obligations, contact enquiries@insolvencysupportservices.com

A Privacy Policy is not just for your website

An Insolvency Support Services (ISS) survey of 70 insolvency practitioners’ websites has revealed that only 25% contain any information about the rights of the various parties an insolvency practitioner will routinely process data about during the course of an insolvency engagement: debtors, directors, creditors, employees and other stakeholders.

While 80% of websites contained a privacy policy of sorts, 68% of these privacy policies related only to visitors’ use of the website and information collected about their website usage through cookies.

Most policies were found to be lengthy, generic templates which failed to adopt the “layering” approach recommended by the Information Commissioner’s Office. In one case, the privacy policy was labelled “US” and failed to mention the GDPR regulations at all!

Only 13% of the websites surveyed sought express permission for cookies and explained both the privacy policy in relation to the website and in relation to data held by the practice in connection with insolvency appointments.

Alison Curry, a director of ISS, commented: “These findings might not mean that practitioners are falling down in their GDPR obligations. They may be supplying the necessary information within privacy notices that are distributed by email or in hard copy during the course of insolvency proceedings. However, even if that is the case, these firms are missing an opportunity to make this information readily available at nominal additional cost and inconvenience, by placing it on their website. Of more concern would be if practitioners are failing to provide the relevant data subjects with an appropriate privacy notice, explaining their rights, the insolvency practitioner’s lawful basis for processing and the retention and destruction policies adopted by the practice.”

Do you have all the GDPR documentation that your firm needs in order to comply fully with the new legislation, both online and offline? ISS can assist you with insolvency-specific, layered, GDPR documents; including a full suite of policies, procedures and notices, which can be easily customised for use in your firm.

Was your firm surveyed? If you would like to know if yours was one of the firms surveyed, please get in touch for a no-obligation chat about our findings.

For further details, call 0845 6017570 or email enquiries@insolvencysupportservices.com

Research note:

Insolvency Support Services’ review surveyed the websites of 70 insolvency practitioners in London and South East England at the end of September 2018. Our main objective was to assess the extent to which insolvency practitioners’ have published a privacy policy on their website that satisfies GDPR requirements some four months after the new legislation came into force.

GDPR: practical support for IPs – supporting your business and issues on appointment

One of our recent webinars considered the forthcoming provisions of GDPR and the practical implications for IPs, in terms of our own businesses and those of the insolvent entities to which we are appointed. There is lots of generic advice out there, but little if any that is insolvency-specific. That’s where we can help.

We are designing policy and process documents for insolvency practitioners, a GDPR checklist for use on appointments and sample privacy notices for the different categories of people that insolvency practitioners will encounter. We can also provide bespoke webinars to support regular staff training and induction.

If you would like to know more about how we can help you meet your data processing obligations, please contact Alison Curry at ac@insolvencysupportservices.com

We can offer several options to help meet your specific needs:

  • GDPR checklist on Insolvency Appointment: priced at £500 plus VAT
  • Package of Sample Privacy Notices: priced at £750 plus VAT
    o Employees
    o Directors, shareholders and owners
    o Debtor clients
    o Creditors, book debtors and employees of insolvent entities
    o Marketing and Contacts
  • Package of Sample Policies and Registers: priced at £750 plus VAT
    o Data Processing Registers for Insolvency Practices
    o Data Breach Register
    o Sample Policies:
    – Employees (IP practice staff)
    – Confidentiality and Data Security
    – Special Category Data
    – Data Security Breach
    – Data Retention and Destruction
    – Subject Access Requests
    – Vulnerable Clients

Or purchase the complete package for £1,850 plus VAT

We can also offer bespoke webinars to support regular staff training and induction from £750 plus VAT.

Please contact Alison Curry at ac@insolvencysupportservices.com to discuss your requirements.

And don’t forget that our GDPR webinar: A practical approach to GDPR for IPs is still available for £50 plus VAT per view. Contact courses@insolvencysupportservices.com to register.