Legal Practice Notes

The Criminal Finances Act 2017 ( CFA 2017) created a corporate offence for failing to stop the facilitation of tax evasion, effective from 30 September 2017. Government guidance was also released, outlining expectations for compliance frameworks. That guidance should be applied proportionately and on a risk-based footing, reflecting your organisation’s size, nature and complexity. A small entity and a large multinational may adopt the principles in very different ways: what is reasonable for a small business in a low-risk sector could be entirely unreasonable for a large business operating in a high-risk sector. Application should be tailored to organisational scale, sector, and operational complexity as contemplated within the government guidance issued. The Law Society also issued a practice note, Criminal Finances Act 2017, for law firms, which the chancellor approved on 21 November 2018. The Law Society states that the chancellor considers this...

Legal professional privilege ( LPP) shields documents from disclosure to third parties, including government agencies, regulators and claimants in civil proceedings. It is vital to safeguard LPP wherever possible when carrying out internal investigations. For guidance on preserving privilege in the criminal context, see Practice Note: Maintaining privilege during criminal investigations. Types of legal professional privilege There are two types of LPP in England and Wales: Legal advice privilege Covers confidential written or oral communications between a lawyer and their client where the dominant purpose is to obtain or provide legal advice, together with related documents. Advice from an in-house lawyer is protected if given in the proper legal context and confined to the legal element of their function (ie genuinely for the purpose of giving or receiving legal advice). It will not apply where the subject matter...

Among business people, lawyers often carry a reputation for risk aversion. In-house and compliance counsel cannot be excessively cautious—they must recognise risk, determine where it lies and respond proportionately. If they do not, they risk becoming a needless barrier within the organisation, blocking sound commercial plans and estranging themselves from colleagues... In-house lawyers and compliance specialists handle legal and regulatory risk every day. To maximise your contribution, you should also take part in assessing and managing your organisation’s non-legal risks. This Practice Note offers guidance on identifying and evaluating risk across the business. Managing risk is not a single task—it is an ongoing discipline, illustrated below... This Practice Note covers the following stages from the lifecycle: establish the organisation's risk appetite—see Precedent: Risk appetite statement gather risk information from internal stakeholders—see Precedent: Risk questionnaire review available risk information to identify...

Legal professional privilege ( LPP) This Practice Note examines legal professional privilege, which comprises legal advice privilege and litigation privilege. It sets out the criteria applicable to both categories, including the confidentiality of communications, the dominant purpose and legal context of the material over which privilege is claimed, and the identity of any recipients copied into the correspondence. It explains, for the purposes of asserting privilege, what is meant by client, legal adviser, legal advice and anticipated litigation. It also addresses recognised exceptions, notably the iniquity exception (where fraud or crime is in play), and situations where statute displaces privilege. The treatment of copy documents, and of documents that are collated, selected or extracted, together with translations, is considered. Practical pointers are provided. In this Note, legal professional privilege (often shortened to ‘privilege’) is used as a collective label for legal advice...

Cyber risk, like any other corporate exposure, demands careful management and should be treated as a high‑priority concern for the internal compliance or legal team. It is a business issue to be addressed within an overarching information governance, risk management and crime prevention framework, and must not be left solely to the IT department. This Practice Note covers: the landscape around cybercrime (i.e. why it should be on your radar) the threats cybercrime poses to commercial organisations, and principal vulnerabilities This Practice Note reflects information security and breach notification obligations in the General Data Protection Regulation ( UK GDPR), Assimilated Regulation ( EU) 2016/679, but is not intended to address specialist sector‑specific requirements in the: Network and Information Systems Regulations 2018 ( NIS Regulations), SI 2018/506 Privacy and Electronic Communications ( EC Directive) Regulations 2003 ( PECR 2003), SI...

This Practice Note outlines regulatory duties concerning the use and care of visual display screen equipment. For details on other regulatory requirements linked to managing health and safety in the workplace, see Practice Note: Health and safety in the workplace—regulatory requirements... What is display screen equipment? Display screen equipment ( DSE) is the commonly used term for devices featuring an alphanumeric or graphic screen, and covers conventional display screens and laptops, touch-screens and similar technologies. There are particular risks associated with prolonged DSE use and, in some situations, organisations must implement specific measures. DSE requirements apply whenever workers are using DSE, including when: working at a fixed workstation working remotely/mobile working hot-desking Where staff use DSE both in the office and away from it, for example when working from home, the requirements will apply in both...

This Practice Note offers guidance for commercial organisations on composing and rolling out a health and safety policy. It highlights key considerations and points to tools that may assist. It also explains the benefit of having a policy document that both states the overarching commitment to health and safety and sets out the organisation’s aims and targets. This Practice Note focuses on health and safety obligations in an office-based setting. Sector- or workplace-specific duties may arise in other environments. For detail on regulatory requirements tied to implementing a health and safety policy, see Practice Note: Health and safety policy—regulatory requirements. What is a health and safety policy? A health and safety policy is a statement of the organisation’s principles and aims for protecting staff and visitors. It should usually be distinguished from a health and safety plan, which develops and records the concrete measures and...

Putting a carefully designed and accessible health and safety framework in place helps an organisation oversee these matters effectively and efficiently. An organisation should therefore: set out its core principles and aims for protecting the health and safety of its key stakeholders, ie what it intends to achieve (see subtopic: Health and safety policy) identify key members of staff and obtain their input carry out a risk assessment (see Practice Note: How to conduct a health and safety risk assessment) develop an action plan explaining what the organisation needs and why implement the plan, and review the plan This Practice Note explains how to design, implement and review a plan to manage health and safety, and control related risks in an office-based workplace. Other...

The UK’s domestic sanctions framework is underpinned by the Sanctions and Anti-money Laundering Act 2018 ( SAMLA 2018) together with regulations made under it. For further detail, see Practice Notes: The UK sanctions framework under SAMLA 2018 and International sanctions—an introduction. Licences to disapply financial sanctions prohibitions The Office of Financial Sanctions Implementation ( OFSI), part of HM Treasury, can issue a licence (written authorisation) to set aside financial sanctions prohibitions for an activity that would otherwise be barred. The authority to grant licences arises within the individual sanctions regimes, so lawyers advising on licences and exemptions must consult the specific sanctions regulations relevant to their matter. Any individual or organisation wishing to undertake conduct restricted by UK financial sanctions (including UN financial sanctions that apply in the UK) may apply for a licence. Under the SAMLA 2018 framework, general licences have become a more common...

Risk assessment Government guidance outlines what procedures commercial organisations should adopt to stop those linked to them committing fraud offences, framing this around six core principles. Chief among these is the second—‘ Risk assessment’—which confirms you ought to take a risk-based approach to tackling fraud risks. The failure to prevent fraud offence represents one dimension of fraud risk management: the danger that an associated person commits a fraud offence that advantages your business or your clients. You must also factor in the risk of fraud where your own business is targeted as the victim. The positive here is that the measures you implement to address each perspective on risk will usually be identical or closely aligned. Your fraud risk management procedures should be proportionate to the particular fraud risks you encounter, so the starting point is to identify those risks....

The Economic Crime and Corporate Transparency Act 2023 ( ECCTA 2023) created a corporate offence of failing to prevent fraud, effective from 1 September 2025. This Practice Note is directed at commercial organisations, including law firms. It outlines the key features of the failure to prevent fraud offence brought in by ECCTA 2023. It explains the government’s expectations for procedures organisations should implement to deter fraud and the ensuing compliance implications. Not putting such measures in place may leave the organisation exposed to criminal offences. Organisations should also reflect on how to avoid becoming victims of fraud. Although the failure to prevent fraud offence addresses a distinct strand of fraud prevention, the risk management actions and preventative controls adopted by commercial organisations are likely to be much the same. Accordingly, this Practice Note addresses both strands of fraud risk...

Risk assessment underpins every compliance programme. Managing fraud risk is complex. Commercial organisations must look at fraud from two viewpoints: (1) fraud by or for the organisation, engaging the failure to prevent fraud offence, and (2) the organisation being defrauded. In reality, the preventative measures for both are largely the same, so you are unlikely to run two separate assessments or keep duplicate policies. This Practice Note and the related Precedents therefore treat both together, while noting they are not identical. What are the risks we are assessing? Risk assessing fraud is two-pronged: Committing the failure to prevent fraud offence Staff and agents committing fraud for your organisation and/or customers. The risk of your organisation being a victim of fraud A...

Sections 45 and 46 of the Criminal Finances Act 2017 ( CFA 2017) set out two distinct offences: failing to prevent the criminal facilitation of a UK tax evasion offence (the UK tax evasion offence) and failing to prevent the criminal facilitation of a foreign tax evasion offence (the foreign tax evasion offence). Both are strict liability offences, in respect of which a ‘reasonable procedures’ defence applies......

FORTHCOMING CHANGE: The Crime and Policing Act 2026 secured Royal Assent on 29 April 2026 and displaces the current ‘senior manager’ attribution model for specified economic offences set out in the Economic Crime and Corporate Transparency Act 2023 ( ECCTA 2023), removing sections 196 to 198 and Schedule 12. Section 250 of the Crime and Policing Act 2026 widens corporate and partnership criminal exposure so that, where a senior manager acts within the real or ostensible scope of their authority, liability can arise for the commission of any offence, not just those enumerated in ECCTA 2023. This provision takes effect on 29 June 2026. We will review and update this material, as needed, once the provision is in operation. This Practice Note highlights core provisions of the Economic Crime and Corporate Transparency Act 2023 ( ECCTA 2023) that may carry compliance consequences for law firms. It...

This Practice Note reviews Directive ( EU) 2019/1937 of the European Parliament and of the Council, dated 23 October 2019, on safeguarding persons who disclose breaches of Union law (the Whistleblowing Directive). It lays down rules and procedures to shield ‘whistleblowers’—people who, in a work-related setting, report information on violations of EU law in key policy fields—and, in defined circumstances, certain associated third parties. Member States had to transpose Directive ( EU) 2019/1937 into domestic law by 17 December 2021. Although implementation at national level began slowly, every Member State has now adopted at least one implementing measure. For further details, see: National implementation, below. The Directive is not part of retained EU law after IP completion day (31 December 2020) and therefore has no application in the UK. In October 2019, the UK government confirmed it would not take steps to transpose the...

Introduction to FATF The FATF was founded in 1989 as an inter-governmental body that advances effective implementation of measures to combat money laundering and terrorist financing, as well as other threats to the integrity of the international financial system. Its membership, comprising jurisdictions and regional organisations, represents most major financial centres worldwide. It also includes many associate members and observer organisations. Its stated objective is to: ‘protect financial systems and the broader economy from threats of money laundering and the financing of terrorism and proliferation, thereby strengthening financial sector integrity and contributing to safety and security’. It delivers this by examining and developing measures to detect and prevent money laundering ( AML), combat terrorist financing ( CTF), and counter the financing of proliferation ( CFP) of weapons of mass destruction ( WMD). Other areas of focus for FATF include corruption, environmental crime, asset recovery,...

This Practice Note provides an introduction to the data protection implications of establishing a global corporate whistleblowing scheme. To deliver effective corporate governance, companies need dependable ways to spot and remedy unlawful or unethical behaviour within their organisations. One means of meeting this aim is to set up internal whistleblowing arrangements, giving staff a trusted, confidential route to raise concerns about misconduct. Worldwide, more national laws are obliging businesses to put in place internal financial control procedures—often realised through whistleblowing frameworks. The US sets the pace with rigorous expectations for internal reporting and investigation of suspected wrongdoing under the Sarbanes- Oxley Act 2002 ( SOX). For a US‑regulated multinational, designing a uniform corporate whistleblowing programme across every territory in which it trades can be challenging. In Europe, organisations must also reconcile their governance goals with protecting the privacy rights of individuals named through the...

Updated November 2025 Introduction The Argentine Republic comprises 23 provinces plus a federal district—the City of Buenos Aires, the nation’s Federal Capital. Sitting on the south-eastern edge of South America, Argentina ranks eighth worldwide by land area and second in Latin America, spanning roughly 3.8 million square kilometres (about 1.5 million square miles). Its population exceeds 45 million, with around 15 million residing in Greater Buenos Aires, and an overall density close to 15 inhabitants per square kilometre. With a GDP near US$633bn, Argentina stands among Latin America’s biggest economies. Yet recurrent swings in growth and entrenched institutional constraints have hampered development. Although urban poverty has fallen compared with the prior year, it remains elevated at roughly 32% of residents, according to recent data. In December 2023 a new right-of-centre coalition assumed office, pledging a shift towards more market-friendly measures, such as easing foreign exchange...

Updated in December 2025 Introduction Germany stands as Europe’s strongest economy and ranks among the largest worldwide. Its central position across the continent underpins a tightly knit infrastructure network. The country presents excellent business conditions and enjoys strong regard from overseas investors. Far-reaching structural reforms, together with restrained growth in unit labour costs, have markedly enhanced the competitiveness of German enterprises. Outstanding infrastructure and a highly qualified workforce further underpin long-term commercial success. The Federal Government has recently expanded public spending to unprecedented levels, with a particular focus on infrastructure investment. In addition, the legislature has widened depreciation allowances and resolved to lower corporation taxes. There are numerous options for structuring a venture in Germany. The purpose of this Practice Note is to flag key issues a new business should address before commencing operations in Germany. This Practice Note is not intended to be a...

Updated in June 2025 Introduction Set in the Eastern Mediterranean, Cyprus sits at the meeting point of Europe, Asia and Africa. It is a sovereign, independent republic operating a presidential system, under a written constitution that upholds the rule of law, political stability, human rights and private property. Cyprus has belonged to the EU since 1 May 2004 and adopted the euro on 1 January 2008. In the run‑up to accession, wide‑ranging structural and economic reforms reshaped the economy, fostering a modern, open and energetic business landscape. Since entry, the island has become a natural gateway for two‑way investment between the EU and global markets, notably the fast‑expanding economies of Russia, Eastern Europe, India and China. As an international business and financial centre, Cyprus is exceptionally well positioned. Beyond its strategic location, cosmopolitan character and appealing climate, it offers first‑class commercial...