Legal Practice Notes

You are responsible for taking steps to reduce workplace fire hazards and to protect staff should a fire occur, minimising risk and safeguarding employees. There is no single, prescriptive set of rules dictating the exact fire safety measures you must adopt. Smaller organisations might require only basic arrangements, whereas larger organisations or those facing specific fire risks may need greater provision and additional resources. This Practice Note offers practical guidance and information on arranging, managing and maintaining fire safety in the workplace. Its scope is office-based, non-residential settings. It addresses fire safety in that workplace context only. Distinct, industry or premises-specific obligations may apply elsewhere, notably in residential and domestic properties, such as flats and multi-storey residential buildings. Regulatory requirements concerning fire safety in residential and domestic premises fall outside this Practice Note, as do building regulations requirements relating to fire safety. For...

International financial sanctions lists This Practice Note presents a table of international financial sanctions registers, providing links to the relevant lists and, where available, the regulatory authorities accountable for them. Including Multinational United Nations — United Nations Security Council Consolidated List: Persons and entities; Embargoed countries World Bank — World Bank Listing of Ineligible Firms and Individuals: Persons and entities EU Sanctions — European Council EU Sanctions Map: Persons and entities; Embargoed countries; Special measures ( Russia) Argentina Superintendencia de Seguros de la Nación ( SSN) — Superintendencia de Seguros de la Nación Liquidación: Persons and entities; Embargoed countries Comisión Nacional de Valores —...

This Practice Note explains what the Financial Conduct Authority ( FCA) is, why it might execute a raid, the scope of its powers, and what happens if you do not co-operate during a raid. What is the FCA? The FCA supervises financial services firms operating in the United Kingdom that provide services to consumers. It also works to preserve the integrity of the United Kingdom’s financial markets. The FCA concentrates on overseeing firms across the retail and the wholesale financial services sectors. The Prudential Regulation Authority ( PRA) regulates PRA-authorised firms (principally deposit takers, designated investment firms and insurers). The FCA further has an Enforcement Department that employs a broad suite of criminal, civil and regulatory powers to protect consumers and to take action against firms or individuals that fail to meet the FCA’s standards. What is a dawn raid? A dawn raid is an...

Assimilated law Assimilated law describes retained EU law that continues to apply after the close of 2023. For more detail, see Practice Note: Assimilated law. This Practice Note offers guidance on the rights of data subjects in the employment setting. It reflects the UK GDPR framework, and statutory references are to Assimilated Regulation ( EU) 2016/679, the UK General Data Protection Regulation ( UK GDPR) and the Data Protection Act 2018 ( DPA 2018), unless stated otherwise. It also accounts for provisions of the Data ( Use and Access) Act 2025 ( DUAA 2025) in force as at 5 February 2026 (see Practice Note: Data ( Use and Access) Act 2025—employment implications). Updated guidance from the Information Commissioner’s Office ( ICO) is awaited. For an overview of key themes in the Assimilated Regulation ( EU) 2016/679, UK GDPR and DPA 2018, and for...

This Practice Note sets out advice for law firms on responding to client account fraud and outlines the applicable legal and regulatory duties. Client funds are inviolable and their careful stewardship is essential and paramount. What is client account fraud? A firm suffers client account fraud where money is unlawfully taken from its client account. Immediate steps to take Act swiftly to limit harm in the immediate aftermath of client account fraud. Do everything possible to prevent further loss and disruption promptly. Form a fraud response team and appoint someone to lead the incident without delay; suitable choices include: the compliance officer for finance and administration ( COFA) the finance director the compliance officer for legal practice ( COLP) the nominated officer the senior partner another appropriately senior person within the firm The SRA warning notice, Money missing from client account, states that if you...

You are responsible for supplying suitable and sufficient equipment, facilities and personnel so employees can receive prompt attention if they are hurt or fall ill at work. What counts as suitable and sufficient will vary according to several factors, such as the scale and nature of your undertaking. To determine what is right for your operations, you should carry out a first aid needs assessment. This Practice Note sets out guidance on performing such an assessment. For details of the regulatory obligations that apply to first aid, see Practice Note: First aid in the workplace—regulatory requirements. Key staff members Ensure the individual (or team) with overall responsibility for evaluating first aid needs holds enough seniority to lead the process and supervise any actions implemented. You should also think about how to properly involve all staff in discussing and agreeing the key elements of the...

This Practice Note provides high-level guidance on engaging with the National Crime Agency ( NCA). It describes the NCA’s role, powers and strategy, its statutory objectives and current priorities, and what it expects from private sector organisations, including self-reporting. Role and powers Role The NCA is the UK’s lead law enforcement body for organised crime, including cyber and economic crime, that crosses regional and international boundaries. Its workforce of over 5,000 officers is stationed across the UK and in key locations worldwide. Created by the Crime and Courts Act 2013, it succeeded the Serious Organised Crime Agency. A core feature of the NCA’s approach is collaboration and co-ordination with partners such as the Serious Fraud Office, HM Revenue and Customs, Immigration Enforcement, Border Force and the police, alongside strong engagement with the private sector. The NCA undertakes a broad spectrum of law...

This Practice Note sets out UK sanctions frameworks, covering regimes established under the Sanctions and Anti- Money Laundering Act 2018, the Anti- Terrorism, Crime and Security Act 2001 ( ACSA 2001), and the Export Control Order 2008 ( SI 2008/3231). Where relevant, it highlights the equivalent EU sanctions regime and points to useful further reading for each UK regime. It does not include details of designations within individual regimes. If an individual, organisation or other legal entity is designated under a UK sanctions regime (a designated person), their name appears on the UK Sanctions List ( UKSL). The UKSL assists businesses and individuals in fulfilling their responsibilities under the various regimes, and regular screening of the UKSL should be embedded in an internal sanctions compliance programme. A sanctions regime is a set of sanctions measures introduced for particular purposes. Regimes can be: ...

You are obliged to take steps to reduce the likelihood of fire at work and to protect your staff should a fire occur. There are no fixed rules on the level of fire safety measures you must adopt: small organisations might only require basic provision, whereas larger businesses or those with distinct fire hazards may need greater resources. To determine what is adequate and proportionate for your activities, you must perform a suitable and sufficient review of the risks—a fire risk assessment. This Practice Note provides guidance and information on conducting a fire risk assessment. It focuses on fire safety within office-based, non-residential workplaces. Other industry or premises-specific requirements may apply in different settings, particularly in relation to residential and domestic buildings, including flats and multi-storey residential properties. Regulatory requirements concerning fire safety in residential and domestic premises are outside the scope of this...

You are not required to act like the police, but you must stay vigilant for indicators of bribery and corruption and make the kinds of enquiries a reasonable person with your qualifications, knowledge and experience would undertake. This Practice Note highlights common warning signs that typically warrant further enquiry. It draws on examples from the Wolfsberg Anti‑ Bribery and Corruption ( ABC) Compliance Programme Guidance and the International Foreign Bribery Taskforce ( IFBT). These factors are not conclusive evidence; they are simply red flags. Give close attention where multiple indicators appear. Such signals can arise during a range of activities, including intermediary engagement, business acquisition or day‑to‑day operations, as well as gifts and entertainment, charitable contributions, and related areas. General There has been a shift in the behaviour of employees, intermediaries or business partners, for example: an...

At 11 pm ( GMT) on 31 December 2020, the post‑ Brexit transition/implementation phase, created after the UK’s exit from the EU, concluded. At that moment (in UK law termed ‘ IP completion day’), principal transitional measures ceased and substantial changes started to apply across the UK’s legal framework. Before IP completion day, the Establishment of Lawyers Directive 98/5/ EC (the Establishment Directive) allowed members of specified legal professions in the EU, EEA and Switzerland to practise in the UK on a permanent footing, provided they registered with one of the UK’s legal regulators. In England and Wales, the relevant regulators were the Solicitors Regulation Authority ( SRA) and the Bar Standards Board ( BSB). Separate provisions operated for Scotland and Northern Ireland. Lawyers entered on this basis were described as Registered European Lawyers, or RELs. Since IP completion day, the REL scheme has, for the...

Why you need to manage this risk Contract management is often regarded as an exercise aimed not at attributing blame, but at spotting issues, shaping remedies, and settling matters before they turn into disputes. However, that approach represents only one element of best practice contract management. It also ensures the parties work together to realise the contract’s objectives, while overseeing compliance, addressing any shortcomings, and managing contract changes, extensions, and renewals. As all parties must fully discharge their obligations, effective management includes gathering evidence of breach so any later legal process can be supported. To address all these aspects, the management framework should be designed from the very outset of the procurement process. This guide focuses on the activities required after award of the contract and once service delivery has commenced. The key risks arising from poor or absent contract management are: failure of the...

What type of police could I encounter? The police generally investigate most offences across the UK on a day-to-day basis. Policing is arranged by location and, in some cases, by the nature of the suspected offence or circumstance. The City of London Police are a specialist force for the ‘square mile’ in London, with a dedicated economic crime and fraud unit based there. The Metropolitan Police Service, often called ‘the Met’, is the territorial force for Greater London, excluding the City’s ‘square mile’ area. Beyond these, county constabularies operate throughout the UK, alongside other specialist forces in certain major urban centres and conurbations. All of these forces possess the same powers and tools when it comes to executing search warrants, across their jurisdictions, in practice as needed. Main reasons for a police raid Police may enter premises either with a warrant or without one,...

Updated March 2025 Introduction The European Commission anticipates that Poland’s GDP growth in 2025 will continue to trail the EU average for a third year in a row. In a volatile setting, provisional data from the Central Statistical Office show GDP in 2024 rose by a modest 2.5% versus 2023, easing from 4.9% in 2022. This tempo points to a measured rebound from earlier strains, chiefly elevated inflation and higher interest rates. Although the final quarter of 2024 recorded some improvement, with year-on-year growth of 3%, it still fell short of expectations. Weaker consumer outlays, held back by flat real wages and pricier credit, have weighed on activity, while geopolitical developments are also exerting pressure. Nevertheless, infrastructure spending and a recovery in exports have offered partial support. Economists expect growth to settle in 2025, though ongoing geopolitical tensions and wider global...

This Practice Note outlines how the Proceeds of Crime Act 2002 ( POCA 2002) addresses the sharing of information within the regulated sector and, specifically, how POCA 2002, Pt 7 ( Money Laundering) provides for voluntary disclosures, compulsory notifications and collaborative joint disclosure submissions (often called ‘super SARs’) These provisions should be read alongside the principal money laundering offences of: concealment, arrangement or the acquisition, use or possession of criminal property (refer to Practice Notes: Money laundering offences—concealing, disguising, converting, transferring and removing; Money laundering offences—acquisition, use and possession; and Money laundering offences—the arrangement offence), respectively non-disclosure of a suspicion of money laundering by a person in the regulated sector, a nominated officer within the regulated sector, or another nominated officer (refer to Practice Note: Money laundering offences—failure to disclose offences) tipping off within the regulated sector and acts that prejudice an...

Passwords are a common and accessible way to safeguard personal data and the systems that process it. As they are cost-effective and straightforward to implement, the Information Commissioner’s Office ( ICO) endorses them as a method for protecting personal information. Where appropriate data protection measures are missing, organisations could face regulatory action. Numerous ICO breach investigations—where personal data was stolen, lost or accessed without proper authorisation—would have been less serious had the data been suitably protected. This Practice Note mirrors the ICO’s detailed Guidance on passwords to help organisations understand their options and responsibilities, together with the UK General Data Protection Regulation ( UK GDPR). Introduction to passwords A key challenge when handling personal data and other information is ensuring those who require access can obtain it, while stopping unauthorised individuals. You therefore need to authenticate and authorise the person attempting to gain access. This is...

Serious and organised crime In successive Serious and Organised Crime Strategy documents, serious and organised crime is characterised as people planning, coordinating and perpetrating serious offences, whether acting alone, in groups, and/or within transnational networks; it is estimated to cost the UK £47bn each year. The principal categories of serious offences encompassed by this term are: Child sexual abuse Modern slavery and human trafficking Organised immigration crime Illegal drugs Illegal firearms Organised acquisitive crime Cyber crime Fraud Money laundering Bribery, corruption and sanctions evasion......

Pandemics are extraordinary incidents that confront organisations with harsh trading conditions, ambiguity, and notably complex information and cybersecurity challenges. Office shutdowns and enforced social distancing during such outbreaks produce atypical business scenarios, including handling an exceptionally high proportion of employees working remotely, many doing so for the first time. Core information and cybersecurity threats to assess and address during a pandemic focus on: ongoing compliance with legal and regulatory obligations cybercrime maintaining the security of systems and devices staff awareness This Practice Note examines each category and proposes practical measures you can adopt to reduce exposure. Legal and regulatory requirements Robust risk management requires you to identify, monitor and control all material risks to your business. See Practice Note: How to identify and evaluate risk across the business. Information and cybersecurity constitute significant risks for every...

The extent of the restrictions imposed by regulators or government will largely shape the risks your organisation must address during any pandemic. These constraints could be ‘light touch’ or, as witnessed with COVID-19, a stringent stance involving the forced closure of many businesses, curbs on travel, and rigorous social distancing. This guide to risk management assumes a strict approach will be in place. Accordingly, you may need to adjust the suggested measures to fit the situation your organisation faces. Furthermore, this guide does not cover the exacting requirements that regulators may impose on PLCs, financial organisations, competition law, advertising, consumer credit, etc, nor specialist areas of legislation such as employment, taxation, insolvency, or corporate law. Regulation concerning the public sector, alongside corporate accounting and finance, also lies beyond the scope of this risk management guide. Why you need to manage this risk The biggest issue for all...

Practice Note—overseas customer/client due diligence ( CDD) This Practice Note provides a single, time-saving route to each country’s company registry, acting as an all-in-one CDD resource for overseas customers/clients. It offers a hyperlinked, alphabetical directory of CDD sources by jurisdiction, covering nations from Afghanistan through to Zimbabwe. CDD forms a core element of the anti-money laundering ( AML) and counter-terrorist financing ( CTF) framework. The obligations sit within the Money Laundering, Terrorist Financing and Transfer of Funds ( Information on the Payer) Regulations 2017 ( MLR 2017), SI 2017/692, as amended. For detail on when MLR 2017 CDD applies and what it entails, see Practice Notes: Money Laundering Regulations 2017—customer due diligence; and for law firms, Money Laundering Regulations 2017—client due diligence—law firms. You are responsible for determining and selecting suitable evidence to verify your customer/client’s identity. This Practice Note signposts multiple sources to support that...