Norfolk Law Magazine of the Norfolk & Norwich Law Society - www.nnls.org - Spring/Summer 2017
Inside...
More pictures from the Norwich Legal Walk, details of our Annual Dinner, Law Society updates, future training dates.
Norfolk Law - Contents - 3
This issue...
Norfolk L Magazine of the Norfolk & Norwich
Law Society
aw
- www.nnls.o rg - Spring/Sum mer 2017
In this edition, we have looked at the Law Society’s position on the election (along with Gordon Dean’s story), given some information on the law society library, an update from our council member Richard Barr, a review of the Norwich Legal Walk, and a preview of our forthcoming Treasure Hunt and Annual Dinner. Inside...
Contents
More pictu res details of our from the Norwich Lega l Walk, Annual Dinn er, Law Soci updates, futur ety e
training date s.
4
President’s Report
16
The Law Society Library
5
Committee
18
Annual Dinner 2017
6
Richard Barr’s Law Society Update
20
20 Years in the Conveyancing business
7
Training Dates for your Diaries
22
Top Tips on Combatting Fraud
8
Lawyers Walk for Pro Bono Support
24
Cybercrime: how do you protect your law firm
10
NNLS and Litigation Campaigns
12
Election Special
26
Flexible court hours pilots ‘fundamentally flawed’
15
Treasure Hunt
28
Business Valuations - Art or Science?
from ransomware threats?
www.nnls.org
4 - Norfolk Law - President’s Report
President’s Report Since the last edition of Norfolk Law, our government has called a General Election, seemingly to avoid an otherwise embarrassing climb-down over probate fees (the main issue, of course) and Norfolk and Norwich have been pit against each other as blue and red in the Council elections. Here at NNLS we have been busy too; we helped out with the Norwich Legal Walk, have a redesigned website (www.nnls.org) and we’ve been busy organising our Treasure Hunt on 22 June 2017 and the Annual Dinner on 21 September 2017. We have hosted training on money laundering, land charges, contentious probate, cyber-crime, contracts and conveyancing. A huge congratulations also goes to the UEA Law School, which was ranked 7th in the UK by the Guardian recently, making it one of the top law schools in the country. David Richards President Norfolk & Norwich Law Society
Published by: EAST PARK COMMUNICATIONS Ltd. Maritime House, Balls Road, Birkenhead, Wirral CH43 5RE Tel: 0151 651 2776 simon@epc.gb.com www.epc.gb.com
www.nnls.org
Advertising/Features Simon Castell Managing Editor David Richards Marketing Richard Castell Design David Coffey/Stuart Turner
Published Spring/Summer 2017 Accounts Tony Kay Legal Notice © East Park Communications Ltd. None of the editorial or photographs may be reproduced without prior written permission from the publishers. East Park Communications Ltd would like to point out that all editorial comment and articles are the responsibility of
the originators and may or may not reflect the opinions of East Park Communications Ltd. Correct at time of going to press.
Disclaimer Norfolk Law is published for the Norfolk & Norwich Law Society by East Park Communications. All rights reserved. Reproduction without consent is prohibited. Any comments or views expressed in any article are not necessarily those of the Society or Publisher. All times, prices and event details were correct at time of publication.
Norfolk Law - Committee - 5
6 - Norfolk Law - Law Society
www.nnls.org
Norfolk Law - Event Preview - 7
www.nnls.org
8 - Norfolk Law - Event Review
Lawyers walk for
www.nnls.org
Norfolk Law - Event Review - 9
pro bono support
www.nnls.org
10 - Norfolk Law - Campaigns
www.nnls.org
12 - Norfolk Law - Law Society
Election Special The Law Society’s
www.nnls.org
Norfolk Law - Letter from the Editor - 13
Position
www.nnls.org
14 - Norfolk Law - Event Review
www.nnls.org
Norfolk Law - Event Preview - 15
www.nnls.org
16 - Norfolk Law - Law Society
www.nnls.org
Norfolk Law - 17
Interdisciplinary Anyo
www.nnls.org
18 - Norfolk Law - Event Preview
www.nnls.org
22 - Norfolk Law - Articles
Top tips on combatting fraud By Julian Bryan, Managing Director, Quill Pinpoint
PII, to address the risks posed by cyber criminals and assist the recovery of potential losses incurred.
The well-publicised Mishcon de Reya £1 million fraud case, when its client was duped into buying a London property from a seller dishonestly posing as the owner, has sent ripples of alarm throughout the legal community.
Not forgetting your other compliance responsibilities. The Data Protection Act 1998, Money Laundering Regulations 2007, Proceeds of Crime Act 2002, Terrorism Act 2000 and new EU General Data Protection Regulation applicable from May 2018 to name a few.
Although conveyancers are an obvious target for the increasing threat of rogue house owners and buyer deposit redirection fraud, it’s not just conveyancing practices that need to be on their guard. As a legal practice, you’re tempting prey for cyber criminals, not only because you hold large sums of money, but also vast volumes of valuable client information. The number, variety and sophistication of cybercrime grows daily, ranging from distributed denial of service attacks and phishing scams to hacking and ransomware. To qualify my argument, here are some recently quoted cybercrime statistics:• National Fraud Intelligence Bureau’s 2016 figures show 159 recorded losses of buyer deposits which is an 85% year-on-year increase • Office of National Statistics quotes 5.8 million cybercrime incidents which equated to 40% of all recorded criminal activity in 2016 • Action Fraud estimates the cost of cybercrime is currently £193 billion per year • BIS Information Security Breaches Survey revealed that 81% of large organisations have experienced a security breach with the cost per company being, on average, between £600,000 and £1.5 million And this is only the tip of the iceberg. Underreporting is a big issue. Many cybercrimes go unreported for fear of criticism and disciplinary action. You have a professional responsibility, enforceable by industry regulators, to identify, contain and remediate breaches, cyberattacks included. Aside from your regulatory obligations under the SRA Code of Conduct, you face new pressures from indemnity insurers who’ll want to see plans in place to thwart criminals when renewing policies and setting premium rates including run-off cover. There’s a plausible case for the need for a separate cyber insurance policy, over and above
www.nnls.org
The stakes are high but there’s much you can do to mitigate risk by creating a robust, reliable and secure cyber environment. Access our previously published ‘Desktop security: 10 top tips’ article for more indepth advice on how best to manage risks within your IT infrastructure. We cover topics such as operating systems, email attachments, file transfers, data back-ups, passwords and more. Visit www.quill.co.uk/ desktop-security.
Also, tell clients upfront – both face-to-face and within your client care documentation – that you’ll never ask them to send money to a different account than that already provided. That way, they can be on the lookout too and immediately contact you should they receive any communications of this nature. Define your client money handling processes Following on from #2 above, money is of course the biggest incentive and the SRA’s referred to £7 million of client money being lost to cybercrime in the last year. With the SRA Accounts Rules at the forefront of your mind, make a clear distinction between client and office monies, assign duties to your cashiering team members, designate reporting lines and outline timescales throughout.
Because cyber security is such a serious business risk, we’re extending our earlier guidance here with some top tips on combatting fraud so that you can take proactive steps to tighten your defences:-
For example, you may specify only appointed staff should transfer money and make it a habit to take deposits as late as practicable so there’s less money on account at any given time. As well as giving your clients a higher level of service, you’ll lessen the risk of financial theft.
Beware of outside-of-the-norm behaviour and requests for monies
Create disaster recovery and business continuity plans
According to the Solicitors Regulation Authority (SRA), 75% of cybercrime reports are so called ‘Friday afternoon frauds’. These cases involve criminals intercepting and altering emails being sent between two parties (solicitor and client), mostly bank details in order to redirect funds.
To form an adequate series of responses to unexpected emergencies, attempted crime amongst them, produce carefully written disaster recovery and business continuity plans. These will contain information on the types of crises which could befall you, how you should act if they do, roles of primary staff members, phases of recovery, emergency contact numbers, anticipated outcomes and records of test or genuine disaster situations. The ultimate objective is to put your firm in the strongest position to deal with critical incidents with minimum disruption to the running of your business.
If you’re suspicious, raise queries, several times if needs be, and ideally via a known telephone number. As part of this, you could set up a dummy run with a £1 transfer. Once receipt’s been confirmed, you’re ready for the real McCoy. If it turns out to be completely legitimate, those concerned will appreciate your stringent questioning and testing. Review your new client intake procedures When new clients instruct your firm for their legal matters, what checks do you carry out on them? A cursory glance at someone’s passport, driving licence or utility bills is no longer sufficient for purpose. Seek out as much detail as possible on both identity and credit history so that you’re confident your clients are who they say they are, have the means to pay for your services and that your hard-earned profits aren’t ending up in the greedy hands of racketeers.
This is yet another area we’ve written about extensively before. Read our ‘Top ten disaster recovery and business continuity planning tips’ for further details. Visit www.quill.co.uk/ disaster-recovery-planning. Develop a risk management policy and monitor activity Prevention is always better than cure so set out your preventative and detective measures within a risk management policy. These may comprise IT-based solutions such as SSL encryption and anti-virus software to physical security devices such as CCTV
Norfolk Law - Articles - 23 surveillance and burglar alarms. Your policy will address how to classify, deal with and communicate risks. Analyse your business closely for signs of unusual activity that could indicate the beginnings of an attack. The sooner you’re able to counteract possible violations, the better, to effectively stop criminals in their tracks. Report every failed and successful attack There’s an onus on you to do so, and the legal profession can only clamp down on cybercrime if we truly know the extent of unlawful activity and methodologies employed. With more two-way conversations, trends can be recognised, scams identified at an earlier stage, alarms raised to others and appropriate responses carried out. Notify the SRA, Action Fraud, Information Commissioner’s Office and / or your insurers. Consider your employees’ role in your business and engage your workforce in best-practice risk management Restrict certain tasks in your business, for
example software installation, to assigned personnel. Small steps such as these can go a long way to minimising exposure to risk. One weak link is all it takes to open your business to intrusion. Similarly, if you employ home and remote workers, you’ll want to restrain use of unapproved devices and removable media, both of which carry their own security risks and can uncover your entire network to vulnerabilities. Set up some safe parameters for your staff to adhere to then educate your personnel in IT best practice.
Or, you can go a step further and enlist extra back office services such as fully outsourced cashiering and payroll. Your outsourcing provider’s keen attention to detail will immediately highlight anomalies and alert you to dubious goings-on. Remember the SRA Code of Conduct here. Ensure outsourcing agreements – be it for cloud software or outsourced services – allow you to comply with your client protection duties. And ask about ISO certifications for reassurance that your supplier conforms to international security standards.
Evaluate your IT systems and suppliers We’ve already briefly mentioned the importance of running the latest operating systems, performing automated back-ups, installing firewalls, and using dedicated anti-virus and anti-spyware software for protection against hackers. There’s readily available software to reduce risk even more. Anti-money laundering checks, credit screens, conflict of interest searches, proof of identity document capture and breach warnings will preserve your matters and their associated finances.
Julian Bryan joined Quill Pinpoint as Managing Director in 2012 and is also the Chair of the Legal Software Suppliers Association. Quill is the UK’s largest outsourced legal cashiering provider with 40 years’ experience supplying outsourced services, legal accounts and practice management software to the legal profession. To contact the Quill team, call 0161 236 2910 or email info@quill.co.uk.
www.nnls.org
24 - Norfolk Law - Articles
Cybercrime: how do you protect your law firm from ransomware threats? Ransomware threats to law firms have increased at an alarming rate over the last eighteen months. As a leading supplier of practice management software, at LawWare we occasionally apocryphal stories about firms who have paid the ransom rather than risk downtime and data loss. What is ransomware? Ransomware is computer malware that installs itself covertly on a victim’s computer or network. It then executes a cryptovirology attack that adversely affects it and demands a ransom payment to decrypt it. Simple ransomware may lock the system and display a message requesting payment to unlock it. More advanced malware encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them. Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file. The ransom is almost always demanded to be paid in the digital currency, Bitcoin. Here are a few simple tips that can be put in place to mitigate the risk. Protection checklist. Backup all your data. By far the most important weapon in your arsenal is a regularly scheduled backup. If you are subject to an attack you can simply wipe your system to eliminate the ransomware and re-install the backup. The more often you backup your data, the less you will lose. It’s worth thinking about your
www.nnls.org
backup frequency and just how much data your practice can afford to lose without affecting its performance. Keep your software up-to-date. Ransomware often relies on the victim running outdated software where vulnerabilities are known. To combat this, the best approach is to create protocols for ensuring updates are performed when necessary. Keeping common third-party software such as Java and Flash up-to-date will eliminate a large number of threats. Educate your staff. Your staff are the weakest link in the security chain. If they allow themselves to fall victim to a phishing scam or other email generated approach, they can compromise the security of your entire business. Teach fee earners and staff to recognise potential threats and to treat unrecognised or unsolicited mails with extreme caution. Train them to ask these key questions about emails: • Do I know the sender? • Do I really need to open that file or go to that link? • Did I really order something from this company? Avoid being infiltrated. Occasionally your staff may unwarily visit compromised websites or open emails that contain malvertising. These are the usual sources from which the infiltration and malicious downloads will come. By blocking access to malicious websites, emails and attachments you can protect your network and avoid problems. Use high quality antivirus software. There really is no excuse for being lax in this matter. Making
use of a good quality antivirus solution throughout your entire system is a must. Ensure all laptops and portable devices that interact with your network have the same levels of protection as the network itself. Know the enemy. Intelligence about the latest threats provides you and your IT staff with advance warning about cyber-crime activity in your area and industry. You can keep up to speed with the latest reports from cyber intelligence organisations such as Talos. Talos publicly shares information about emerging threats and provides forums
and instructional videos to help you keep ahead of the game. Finally, say no to ransom demands. You may be tempted to pay up and recover access to your data to avoid both inconvenience and real operational problems. This should be the last thing you think about! Make sure you notify the authorities and remember, succumbing to the demands will only encourage the criminals to make further attacks. Mike O’Donnell, LawWare Limited.
26 - Norfolk Law - Articles
Flexible court hours pilots ‘fundamentally flawed’ A government pilot to extend court opening hours could heap more pressure on fragile criminal legal aid services, the Law Society of England and Wales warned today. Despite the limits of the preelection period, HM Courts & Tribunals Service (HMCTS) have decided to establish “local implementation groups” to explore the feasibility of extending court operating hours. Law Society president Robert Bourns commented: “Solicitors representing people accused of wrongdoing already attend police stations at any time during the day or night under the duty rota scheme. Fees for criminal legal aid work have not increased for more than 20 years - indeed they have been cut - and criminal legal aid practices already operate at little or no profit. Under this new government plan solicitors would be expected to attend court during unsocial hours for no uplift in pay.” The Ministry of Justice tested the introduction of more flexible court sittings in the wake of the August 2011 riots, and as recently as 2013 in the criminal courts, with 42 magistrates’ courts participating. The work-life balance concerns that came up in this previous exercise have not been addressed, nor has the impact on practitioners generally, such as those with responsibilities for care. A court that starts hearings from 08:00 will, in reality, mean a 07:00 start for the
www.nnls.org
defence if they are to be ready for trial. For those cases that finish at 20:30, practitioners are unlikely to leave the court until at least 21:00. There are also the practical dangers for court staff, prosecutors, defence lawyers, defendants and witnesses, who could be leaving the court building five nights a week after 20:30. Travellers are more vulnerable late at night.
predecessors. The cost/ benefit findings of a pilot which has operated, shortterm, on goodwill, will be impossible to extrapolate on a national level. If this scheme is rolled out nationally without any additional remuneration, in our view a new tender process would be required, as these significantly extended hours were not on the table for this current contract.
Under current arrangements, evenings and early mornings are often used for necessary preparatory or administrative work. This is important. Defence solicitors are often dealing with extremely sensitive cases, involving the most vulnerable in Society.
“Unless these fundamental issues in execution, resource and methodology are fully resolved then the pilot will be unsuccessful and any findings that come out of the evaluation will not command the trust or
The system is also dependent on access to support staff and firms’ employees, none of whom are likely to extend their working day without appropriate pay. The goodwill and morale of the criminal defence community has severely diminished following an 8.75% cut in fees in 2014 with the prospect of further cuts to come. “This means solicitors operating in the proposed pilot areas will be victims of a postcode lottery, incurring additional cost because of the bad luck of being in one of the areas selected for the pilot,” said Robert Bourns.
confidence of our members and their clients, the public or court users.” The Law Society has raised these issues at the local implementation groups, as well as with senior HMCTS and Legal Aid Agency officials. HMCTS have accepted that they need to engage further with the defence community on the design of the pilot as well as the evaluation. If the pilots do proceed, the Law Society will be providing a simple feedback form in order to record the real cost to practitioners that are subject to the pilot.
Chartered Surveyors and Valuers Est 1965 Alexander House, Fore Hill, Ely CB7 4AF
Independent, property advice (when you need to know)
• Detailed building surveys • Party Wall & boundary matters • Expert witness investigations & CPR compliant reports • Specific defect reports (damp, timber, cracking)
• Home buyer reports • Independent valuations • Mediation for neighbourly matters • Basements/waterproofing
“It is not acceptable to operate a pilot without paying solicitors properly for the additional cost they will incur as a result.” Covering East Anglia & London
He added: “We remain unconvinced that the scope or evaluation of the pilot will be more robust than its
www.martinandmortimer.co.uk
28 - Norfolk Law - Articles
Business Valuations – Art or Science?
Business valuation is certainly something of an art, albeit an art backed by science and a big dollop of common sense. Within corporate finance and forensic accounting we calculate business valuations for a variety of purposes including: • As part of the planning for a sale or Management Buy Out of a business. This valuation will give the owner a starting point for negotiations and will assist in “grooming” the business to optimise its valuation and the after tax proceeds; • For tax purposes such as in relation to the reporting of gifts or sales of shares, on the death of a shareholder, on share buy backs and trust transactions; • In relation to disputes between shareholders or partners, valuations may be undertaken to assist mediation, arbitration or as part of the court process; • To support or defend insurance claims for damages to businesses; • In divorce cases as part of the negotiations to agree the financial settlement; • To assist in raising capital or debt finance. Whatever the reason for the valuation the basic principles apply.
www.nnls.org
Whilst for public listed companies there will be a published market price for the share, for private companies, partnerships and sole trader businesses we need to be far more creative.
In practice we will often use more than one methodology and arrive at our opinion on the appropriate value or range of values for the purposes of the valuation.
The process for all valuations of unlisted businesses starts by establishing the underlying profitability of a business and then an assessment of the risk profile to apply an appropriate cost of capital or multiple to the earnings. Valuing businesses based on earnings multiples typically uses a Price Earnings multiple or EBITDA (Earnings Before Interest, Tax, Depreciation and Amortisation) and applying a multiple to EBITDA.
There are a number of other factors that we will consider including the growth potential, external factors such as Brexit, intangible assets, the strength of the management team and barriers to entry.
An alternative to an earnings based valuation is to look at a discounted cash flow. This method looks at the cash flow projections for the business and applies an appropriate discount rate to arrive at the present value of those cash flows. Other methods can include Entry Cost, being the costs to set up an equivalent business from scratch and Asset Based valuations.
If we are looking at valuation for a planned sale and we need to plug a gap between the seller’s aspirations and the buyer’s view of the value we will also consider the deal structure and mechanisms such as an earn out can be used to provide reassurance that the acquirer will only be paying for the value the business generates. So, in conclusion, valuation is an art, backed by science - but the essential ingredient is commercial experience. Fiona Hotston Moore Forensic Accounting partner, Ensors Chartered Accountants
30 - Norfolk Law - Articles
R L Commissioned The research was conducted using randomised control trials in eight firms of solici
www.nnls.org