Posted 29 February 2024

For today’s law firms, staying compliant with regulations is an ongoing and imperative operational challenge. One of the most critical aspects of regulatory compliance for law firms is Know Your Customer (KYC) due diligence. KYC regulations mandate that law firms verify the identity of their clients, assess potential risks associated with them, and monitor their transactions continuously. Failure to comply with these regulations can result in severe penalties, reputational damage, and legal consequences. Therefore, it's crucial for law firms to have robust KYC processes in place.

Yet traditionally, KYC processes have been manual, time-consuming, and prone to human error. Fortunately, workflow automation has emerged as a transformative opportunity to revolutionise how law firms handle KYC. Here, we look at the potential of automation to streamline KYC processes, making them more efficient, accurate, and future-proof. 

The Benefits of Automating KYC Processes

The benefits of leveraging workflow automation to streamline KYC process are manifold:

• Reduce time and resources: By automating KYC processes, firms free up time and resources and allow lawyers and staff to focus on higher-value tasks. 

• Improved accuracy: Automated processes minimise the risk of human error, ensuring adherence to regulatory standards.

• Scalability: Through faster processing, firms can handle a larger volume of KYC requests, without compromising on quality. 

Implementing Automation in KYC Workflows

Effectively implementing automation in KYC workflows requires law firms to take a strategic approach. This involves identifying pain points in existing processes, selecting the right workflow automation tools and technologies, and integrating them seamlessly into the firm's infrastructure. Additionally, training staff on how to use these tools and managing change effectively are essential for successful implementation.

It’s also important to keep in mind that while workflow automation offers significant benefits, it can also present challenges and risks that need to be addressed. For example, data security and privacy is a major point that needs to be considered. Fortunately, Sysero’s workflow automation technology provides the ability to create custom data retention policies to govern how and when data is erased. Additionally, Sysero enables firms to not only anonymise data, but go one step further with pseudonymisation.

Real-World Example: Wikborg Rein

Top-tier rated international law firm Wikborg Rein is one firm that has found much success with automating KYC processes. The firm’s digital client intake solution, developed in collaboration with Sysero partner PSA Consulting, uses a built-in risk matrix to automatically assess a new client or case against Money Laundering Act requirements. Client information is automatically checked against various public registers and information databases and their identity authenticated through their Bank Identifier Code. All client data is stored (and deleted) in accordance with GDPR legislation.

Any client or case that falls outside the requirements is automatically routed to a simplified workflow for further assessment to ensure compliance and once approved, automatically created in the firm’s integrated internal systems. Every step of the process is documented for internal quality control and compliance protection.

Conclusion

Automation has the potential to revolutionise KYC processes at law firms, making compliance more efficient, accurate, and future-proof. By embracing automation, firms can streamline their KYC workflows, reduce compliance risks, and enhance client satisfaction. As regulations continue to evolve, automation will play an increasingly critical role in enabling law firms to navigate the complex landscape of regulatory compliance successfully.

To learn how Sysero can help your firm automate its KYC processes, get in touch with our team. 

Adopting and implementing effective compliance policies are an essential part of any law firm’s risk management. Yet, many firms continue to struggle with the challenge of delivering efficient client onboarding, whilst ensuring compliance with various KYC, AML and UK GDPR rules. Many firms still rely on manual processes and disparate technology solutions to manage client onboarding, which only slows down client acceptance and increases risk. 

Ultimately, the goal for any law firm is to strike the optimal balance between fast, efficient service and a strong compliance culture, in order to reduce risk for each lawyer and the firm, and ensure the firm is operating within the regulations.

So, how can law firms drive greater efficiency in the onboarding process, whilst reducing risk? By combining well-developed compliance policies with the right technology solution, firms can create a streamlined and integrated client onboarding process within a robust compliance framework. 

Here’s how to start the process for your firm:

Create risk profiles

The first step in creating a compliance-driven process is to know your customer, and setting up risk profiles is a great place to start. Building a series of risk profiles enables you to set parameters against which to assess potential clients based on their level of risk. Risk comes in many forms, so it’s crucial to spend the time to create a robust risk assessment framework that aligns with your firm’s specific tolerance level. 

Take for example, Simonsen Vogt Wiig’s digital onboarding solution. The cloud-based solution automatically assesses the risk of new clients based on a predefined set of rules determined by the firm’s priorities, including professional risk, terms alignment and GDPR compliance. A risk profile is then created for each new client, enabling the firm to easily identify and escalate high-risk clients for further review. 

While technology makes it easier to streamline risk assessment, the process starts with a strong understanding of the risks to consider. Clear articulation of factors that reduce or heighten risk will help determine the client information that’s required to appropriately assess new business opportunities.

Identify areas ripe for automation

There’s no doubt that some areas of your onboarding and acceptance process could benefit from technology. The key is to identify which parts of the process could be improved with automation, and which parts benefit from the nuanced decision-making of your lawyers or staff. Workflow automation can - and should - be employed to ensure that the appropriate data collection processes are completed, decisions are routed to the correct internal staff, and key technology systems work together. 

The technology needs to be able to capture data and verification documentation from client-facing lawyers, route the information and notify key staff and capture their decisions.  It should also be able to send reminders if the on-boarding process is taking longer than expected and route approved matters to the accounts team to create the client/matter records. Throughout the onboarding process, the automation process may need to draw information from other internal systems and post data and documents to accounts and DMS systems. Finally to complete the onboarding process, the automation process needs to notify the originators of the new client and matter details.

One of the most important benefits of an automated on-boarding process is that the technology creates an audit trail detailing when the information was entered, which verifications were completed, who made decisions and reasons for those decisions.

For example, Wikborg Rein’s digital client onboarding solution replaced many of the firm’s manual onboarding processes and disjointed technical solutions. By employing workflow automation, the firm was able to streamline the client intake process to reduce acceptance time, improve quality and ensure compliance with regulation. Any client or case that falls outside of the firm’s risk requirements, is automatically routed to a simplified workflow for further assessment and review. Once approved, the new client or case is automatically created in the firm’s integrated internal systems. 

By understanding which areas of the process would benefit from automation, Wikborg Rein was able to create a streamlined system that not only makes it easier to register new clients and cases, but also provides the necessary internal approvals and compliance documentation. 

Build a plan to deliver

Once you understand how to architect your client onboarding process, incorporating automation, you can begin to create a plan for building your solution. As part of this process, you’ll need to assess the industry technology solutions available to help create a streamlined digital onboarding and acceptance process. Each firm has a unique on-boarding process dictated by the firm’s areas of law and the existing internal systems. The technology should allow firms to design their own process and integrations with in-house systems and be able to modify these processes even after the system has gone live.

While there are plenty of technology options available, it’s critical to select the right solution that aligns with your firm’s needs. For example, Syero’s technology can be used to build a custom digital onboarding solution in as few as six weeks. To check out an example of the solution, you can view a live demo here. 

As the need for compliance, auditing, data security and greater efficiency continues to mount, automation technology offers firms a way to transform the client onboarding process and ensure compliance protection. Advancements in both data management and technology have made it easier than ever for firms to increase speed and transparency within the process, providing better service to clients and enhancing protection for the firm. 

To learn more about how Sysero can help your firm develop and implement a custom digital client onboarding solution, get in touch with our team or visit our website. 

Posted by Phil Ayton
14 May 2018

The General Data Protection Regulation (GDPR) comes into effect in a matter of days, and with it new obligations for data controllers and processors. As most law firms run on-site systems, it is important to understand who is responsible for the processing and where technology vendors fit into the equation.

One of the main aims of the new legislation is to ensure that owners of data, the data controllers, are responsible for their data.  The new act requires them to ensure that anyone processing their data does so according to the new rules and cannot absolve responsibility simply because someone else processes for them.

Who is a data controller?

The data controller is the one who owns the data.  They made the decision to collect personal data in the first place. They need to be clear on which items of personal data they are collecting, the purpose for which the data are to be used, from which individuals they collect data, what efforts should be made to secure the data and how long they need to retain the captured data.  They need to articulate these to the data processor.

Who is a data processor?

A data processor, on the other hand, is the person, public authority, agency or other body that processes the data on behalf of the controller. The act of ‘processing’ could be as simple as storing data on a third party’s server or could include data retrieval or erasure.

When is there NOT a data processor?

In almost all cases, law firms are clearly the data controller. If the system is an in-house system run by in-house staff, there may be no data processor, which means the law firm must manage the obligations laid down by the GDPR. Many firms make the assumption that if a technology provider uses data to perform a task or service, that it must be a data processor. However, this often won’t be the case. The definition of a vendor as a data processor depends on their role and how much control they possess over the personal data.

Why is it important to determine whether my vendor is a data processor?

One of the key elements in the GDPR is accountability. Firms are responsible for, and must be able to demonstrate compliance, with GDPR.  However, compliance means different things for the data controller and the data processor. So, it’s imperative that firms are able to determine their own role, and the role of their vendors, to fully understand their legal obligations. For example, firms may believe their GDPR obligations are covered if a vendor signs a DPA, when in fact, they might be exposing themselves to crippling fines.

How do I determine if my vendor is a data processor?

To determine whether your technology vendor is a data processor, consider where the data is stored and maintained. Cloud-based providers are considered data processors, as they capture and store data on their own servers or third-party servers. However, if your firm uses software that is hosted and maintained on-premise, it’s most likely that your firm is also responsible for the processing of the data.

Under the GDPR, every data processing activity must have a data controller. However, a data processor isn’t necessarily required. In the case of on-premise software, law firms assume the sole responsibility of the data and whilst they are a data controller, they must assume the responsibilities of the data processor, also. Even though the software may be the means by which your firm captures, organises and stores personal information, the data is ultimately managed and maintained by the firm, and the firm exercises complete control over the processing and protection of the data.

If you use Microsoft Word to manipulate personal data, is Microsoft Corp. your data processor?  What about using Microsoft SQL Server, which both stores and performs automatic calculations on your in-house data. In this case, is Microsoft a data processor for you?  As Microsoft themselves are not creating, manipulating or storing the data, probably not. The same goes for any other vendor.

If a vendor offers remote support and regularly accesses your systems, are they a data processor?  If they manipulate data contain personal information then yes, but if they fix bugs, which may involve creating and delete test data (not real data), then they are not processing.  Most vendors will sign Data Processing Agreements to help their clients become GDPR compliant, but this is not the same as implementing measures to protect the data so won’t help if the EU comes calling.

Rather than getting vendors to sign DPAs, firms should be looking to ask them what facilities their software offers to help them reach a higher level of compliance.  The GDPR demands that firms document steps take to ensure compliance and completing a DPA is just the first of many steps firms need to take to reach the required level of compliance.

Posted by Callie Sierra 
10 July 2017

We’re less than a year away from the implementation of GDPR, which will overhaul the way companies collect, use and store personal data. As of May 2018, companies around the world, who wish to sell products in the EU, will need to adhere to a strict set of data protection laws, or face fines up to €20M or 4% of turnover, whichever is greater.

While GDPR presents an array of challenges for businesses, it also opens a world of opportunity for forward-thinking law firms. Any company dealing with EU customer data will need to understand GDPR’s implications and develop a plan for compliance – and time is of the essence. For law firms, this presents the opportunity to proactively address client needs, expand existing business and create differentiation through innovative client service.

Here are three ways law firms can turn the burdens of GDPR into compelling competitive advantages.

Advise Clients Proactively

Businesses around the world are largely reacting to GDPR with a mixture of panic and inaction. Only 40% of companies in the UK have begun GDPR preparations, and a mere 28% of companies in the EU say they are prepared. Furthermore, Gartner predicts that less than 50% of global companies affected by GDPR will not be in full compliance with its requirements by the end of 2018.    

For law firms, this is the perfect opportunity to step up and take initiative in advising clients. Many organisations lack knowledge of GDPR’s impact on their business and equally are unaware of the regulation’s repercussions. With less than a year to go until GDPR takes effect, now’s the time for firms to partner with clients to quell concerns, identify key areas of risk and help them plan their path towards compliance. By quickly adapting to client needs and pre-emptively solving compliance problems, firms can not only deliver better client service, but also ensure that clients don’t suffer noncompliance ramifications down the road.

Expand Existing Business

Partnering with clients to help them ready for GDPR also opens new business potential for firms. Businesses will need to reassess their current data collection and storage methods, and start making improvements to meet the new regulations.

Firms can quickly and easily provide clients with detailed legal assessments to help them identify areas of concern and develop an action plan for compliance. By providing personalised GDPR action plans, firms can not only offer guidance to clients, but also identify all potential GDPR-related work for the firm.

Many firms also are using GDPR to expand their legal offerings. Under GDPR, many companies will need to appoint a Data Protection Officer (DPO), whose sole responsibility is to oversee data protection compliance. A few innovative firms have already tapped into this new business opportunity by offering DPO services for clients.

Build Client Relationships

Today’s law firms are operating in the age of the client. It’s no longer enough to simply engage with clients on a transactional basis. The modern client expects a consultative, partnership-like relationship from their law firms. And GDPR is a great opportunity to not only establish a strong relationship with clients, but start building a long-lasting relationship.

One way law firms can do this is by leveraging technology to help clients approach compliance. Take for example, DLA Piper, who recently released a mobile app dedicated to helping clients make sense of GDPR. Creative uses of technology can prove an efficient and effective way of demonstrating your firm’s knowledge and expertise.

While apps are a great way to engage clients, firms can take it one step further to use technology to form a partnership-like relationship with their clients. Advanced automation technologies have made it easy to not only generate personalised GDPR assessments for clients (as mentioned above), but also allow clients to track and monitor their progress towards compliance. By offering clients an online, end-to-end GDPR compliance tool, firms can position themselves as collaborative consultants helping clients pave the path to compliance.

Interested in learning more? Join Phil Ayton, Director of Sysero on 5th September at 15:00 BST to for a live webinar titled The GDPR Opportunity: Re-imagining Client Service through Technology. During the webinar, Phil will explore the business implications of GDPR on law firms and how the right approach to client engagement can help them expand business and build long-lasting client relationships. Register by 1st September to reserve your seat, as space is limited!

Posted by Callie Sierra
28 April 2017

By 26 June 2017, a new set of anti-money laundering regulations will take effect, and law firms need to be ready. Designed to bring a more risk-based approach to the prevention of money laundering and terrorist financing, the Fourth EU Money Laundering Directive will impact how law firms capture, store and process data.

There are two main aspects of the Directive that warrant closer attention from law firms:

         - Demonstrating and documenting that risk assessments are conducted and up to date

         - Obtaining and providing adequate and accurate information on beneficial owners

Firms will need to ensure they have adequate processes and systems in place to conduct and audit risk assessments and efficiently capture and store information relating to beneficial owners. And with limited time to comply, firms need to move quickly.

Fortunately, Sysero’s knowledge automation technology can support firms’ moves towards compliance with the Fourth EU Money Laundering Directive. To see how Sysero can help move your firm comply with the new Directive, see the infographic below: