Deepfake video and sophisticated scams that manipulate video and audio to create highly convincing fake identities or messages from what appear to be trusted individuals are creating a major risk for law firms, the UK Solicitors’ Regulation Authority (SRS) says.
The SRA issued a caution to lawyers who heavily rely on video calls for client identification, highlighting the growing threat of ‘deepfake’ technology.
In an updated assessment focusing on anti-money laundering (AML) and terrorist financing risks, the SRA said there was an increased risk in law firms being involved in vendor fraud schemes.
While acknowledging that remote meetings might be necessary for certain transactions, the SRA emphasized concerns when clients display reluctance or evasion towards in-person meetings, citing potential risks.
AI Tools and Deepfake Video
The regulator also warned about the emergence of AI tools, specifically ‘deepfakes’, capable of convincingly impersonating real individuals. This raises concerns regarding the reliability of video calls for client identification and verification, urging firms to ensure their electronic due diligence measures are effective or consider employing software to detect deepfakes.
Vendor fraud, particularly in property transactions, was identified as a significant concern. Fraudsters are targeting properties, often residential, and selling them without the genuine owners’ knowledge or consent, frequently by impersonating the owners.
Law firms were advised by the SRA to remain vigilant for signs of vendor fraud, such as abnormal property sale conditions, reluctance to provide documentation, or undue pressure to expedite transactions.
Additionally, the SRA cautioned against suspicious client behaviors, such as splitting deposit sums or requesting unusual fund transfers, which may indicate attempts to evade AML controls.
New risks related to pooled funds and funding platforms were highlighted, posing challenges for firms in establishing the legitimacy of funds, especially in transactions involving numerous participants contributing to a property or asset purchase.
Ransomware and Cyber Attacks
Regarding client accounts, the SRA warned against relying solely on third-party managed accounts, emphasizing the ongoing responsibility of firms to monitor client money movements and conduct due diligence on account providers to mitigate risks of ransomware and cyber attacks.
An amendment to money laundering regulations was noted, reducing the level of enhanced due diligence required for domestic politically exposed persons (PEPs). However, firms were urged to await guidance from the Financial Conduct Authority and remain cautious when dealing with domestic PEPs, as they may pose varying levels of risk regardless of firm size or prominence.
Overall, the SRA emphasized the importance of proactive risk management and compliance with regulations to mitigate the evolving threats posed by financial crime and technological advancements.
