Compliance tips for solicitors regarding the use of AI and technology

Do you understand what your needs are and what you would like the lawtech to be able to do? Have you involved others within your organisation to gain an overall view of actual needs?

Have you first considered whether you are getting the most out of your existing technology? It might be worth seeing what capabilities you already have before purchasing anything new.

Law Society Gazette article - Technology: how to get the most out of what you've got

Before purchasing any new technology be very clear what you want it be able to do? When reviewing the product specification be sure it matches your requirements and have it demonstrated that it actually does. Try to speak to someone who is actually using it to get a buyers viewpoint. Make sure that the technology is compatible with your existing systems and will work and won’t cause any conflicts.

9 Questions to Consider Before Buying Legal Technology

Ten things: Buying and implementing legal tech

Legal software explained: your guide to every category

Are there any guidelines we can follow when buying lawtech?

Not specifically for lawtech, but we think the UK Government’s guidance to date targeted at the adoption of AI in the public sector that meet high ethical standards is also a useful guide for private sector organisations. The UK Government has an aim of setting the standard for ensuring the ethical use of AI. Hogan Lovells has also produced materials that may help you understand and manage the risks of technology failure and get on top of the ethical issues.

UK Government Publishes Guidelines for Artificial Intelligence Procurement

Failure - The Litigation Landscape (hoganlovells.com)

Are there any key pinch-points with the Standards and Regulations we should be aware of?

It is open to solicitors and firms to use any technology they think is appropriate for their business. This remains subject to our principles and standards. In addition, take steps to understand the legal framework underpinning the use of technology in particular that of AI.

To ensure there is senior leadership and oversight, we would expect as a minimum that the Compliance Officers for Legal Practise (COLP) to be responsible for regulatory compliance when new technology is introduced. Board oversight both of purchasing and ongoing use are also highlighted as critical in managing the risks of technology failure

Make sure your governance frameworks remain fit-for-purpose and underpin the responsible adoption, use and monitoring of AI

Your client bests interests must remain at the centre of your decisions about the use of technology. This means you should have appropriate governance, systems and controls to ensure you are using technology responsibly. This will include:

  • appropriate leadership and oversight,
  • undertaking risk and impact assessments
  • creating policies and procedures
  • undertaking training and awareness
  • monitoring and evaluation impact of the technology to avoid unintended consequences.

You may be using technology to help deliver your services in new ways. This could be as part of a platform where consumers are signposted to a solicitor. You should undertake due diligence to ensure that these platforms have been designed so that you are not in breach of your obligations. Key areas you will want to review that you continue to meet your obligations on protecting client confidentiality, conflicts, fee sharing and referral fees.

For example, our Standards and Regulations forbid solicitors and firms from accepting referrals if the platform acquired the clients in a way that the solicitor themselves would be prohibited from doing under our rules. Solicitors cannot make unsolicited approaches to clients to advertise legal services.

You will also want to be sure that, in cases involving claims for personal injury, that any payments you make for access to the platform do not amount to prohibited referral fees under the Legal Aid, Sentencing and Punishment of Offenders Act 2012 (LASPO) Sections 56-60.

Does my law firm need a practising address, even though I do not physically work from an office location to provide legal services?

Yes. Solicitors (and others that they work with) who make applications to us for authorisation of legal services businesses need to meet the requirements of our Authorisation of Firms Rules.

The Rules require applicants to:

  • '…have at least one practising address in the UK or, if you are a licensed body, in England or Wales.'
  • This is an important requirement for all SRA-regulated organisations. As well as making sure that important notices and other documents can be served to those organisations properly, it also makes sure that statutory information about the registered address and the practising address of those organisations can be collected and made available to the public.  

Identifying your practising address does not, however, preclude you from providing legal services partially or entirely through digital, non-physical channels, or from using technology such as virtual document storage solutions to manage the delivery of your business model.

The practising address that you provide for your firm’s authorisation from the SRA must relate to a genuine and physical location. It must be an address that allows you and any other individuals who are responsible for running the firm to receive postal correspondence and notifications from statutory and regulatory bodies, including in relation to AML obligations.

For limited companies, Companies House guidance confirms they must have a physical registered office address in the same country that the company is registered that will be listed on the public register of companies. The guidance confirms that the registered office does not need to be the actual address from where the director conducts their business, and companies can opt instead to use an alternative viable address.

Storing documents in a Virtual Firm

Some law firms are already using cloud-based technology and other digital solutions to store client information securely, and do not store paper-based hard copies of that information. If you decide to partially or entirely store client information through digital channels you must make sure that any technology or solution you use to do so enables you to meet the requirements of the Code of Conduct for Firms.

This includes:

  • '…keeping the affairs of the current and former clients confidential [paragraph 6.3]…
  • …having effective governance structures, arrangements, and systems and controls in place to comply with any regulatory legislative requirements that are applicable. This includes maintaining client information securely and in line with any timeframes specified in relevant data protection legislation [Paragraph 2.1(a)]'

Can we use electronic ID verification processes?

Firms/solicitors are obliged to Identify who they are acting for in any matter. There is no intrinsic reason why the appropriate questions to establish this cannot be asked by software. When a duty to provide verification arises (e.g. because of anti-money laundering legislation) electronic verification processes are now available. Read Guidance further on this.

Data privacy is key

Consumers are increasingly focused on their privacy rights. Failing to comply with applicable laws comes with significant reputational and financial consequences. Think beyond data protection laws when you are using client data. Research highlights concerns about consumer trust – that it will be eroded if businesses use their data in ways that are not anticipated by or beneficial to the consumer, even if they comply with data regulations.

If your product uses AI, know your obligations. 

The ICO have excellent resources to help you. The obligations include explainingto individuals how their personal data will be processed, and complying with requirements on automated decision-making and profiling.

Not everyone will be able to or will wish to use legaltech. Give them other options to work with you

You have obligations to provide information in a way that the individual client can understand and ensure that they are in a position to make informed decisions about the services they need, how their matter will be handled and the options available to them.

You also have to consider and take account of the client's attributes, needs and circumstances.

In the case of vulnerable consumers, can you show that the risk factors that can exploit consumer vulnerability been identified and addressed?

It could be difficult to establish whether the client has understood the results, so exclusions upfront (i.e. built into the early questions) and information as to suitability for the service on the website will help. It should always be made clear to clients where they are interfacing with AI.

Do consumers have a choice over whether to use lawtech-based services or not? Is there any convenience or cost detriment if they do so?

When things go wrong

While legal technology has the potential to deliver considerable benefits for both you and the client, it may malfunction or not perform as expected and could have unintended consequences. It could also cause significant operational, financial and reputational impact to you and your clients.

While the liability between your firm and the supplier will typically be covered by the contract, is it clear who the client turns to if they are affected? You must be clear about your responsibilities and have explained them to your client when they are using the technology to access your services.

Don't forget the essentials

We have provided security tips in our Technology and Legal Services paper. These were written in collaborations with NCSC who have provided more recent guidance the NCSC's guidance on cyber security and specifically to help small businesses meet the challenges of COVID-19 . We also offer general IT security advice in our most recent Risk Outlook and Thematic Report.

We are here to help. Please get in touch

To discuss your ideas for innovation and growth, contact SRA Innovate.