Legal Precedents

Chapter V ( Transfers of personal data to third countries or international organisations) In brief, the United Kingdom General Data Protection Regulation, Assimilated Regulation ( EU) 2016/679 ( UK GDPR), restricts the transfer of personal data beyond the UK (and to certain ‘international organisations’). ‘ Assimilated law’ is the label applied to retained EU law that continues in force after the end of 2023. For further information, see Practice Note: Assimilated law and News Analysis: Implications of the move to ‘assimilated’ law, and the Retained EU Law ( Revocation and Reform) Act 2023, for data protection lawyers. One of the most frequently relied upon transfer mechanisms used to comply with those international transfer restrictions is commonly known as standard contractual clauses ( SCCs). This document includes a link to a template SCC issued by the UK Information...

Chapter V ( Transfers of personal data to third countries or international organisations) In summary, Chapter V of the United Kingdom General Data Protection Regulation, Assimilated Regulation ( EU) 2016/679 ( UK GDPR), places limits on sending personal data outside the UK and to certain ‘international organisations’. A frequently used route to satisfy these international transfer rules is the use of standard contractual clauses ( SCCs). This document provides a link to a template SCC released by the UK Information Commissioner’s Office ( ICO) in 2022. The key details of that template SCC are: Name: International data transfer addendum to the European Commission’s standard contractual clauses for international data transfers (the Addendum) Purpose: An addendum that can be used to rely on the SCCs issued by the European Commission in June 2021 for use under the EU’s General Data Protection Regulation, Regulation ( EU) 2016/679 ( EU GDPR) as an SCC...

1 Introduction This role description and profile concerns the combined post of Deputy Money Laundering Compliance Officer ( MLCO) and Deputy nominated officer (nominated officer). Any references to MLR 2017 relate to the Money Laundering, Terrorist Financing and Transfer of Funds ( Information on the Payer) Regulations 2017, SI 2017/692, as amended. 2 MLCO/nominated officer role holder details Firm name [ Insert firm name ] Name of Deputy MLCO/nominated officer [ Insert name ] Reports to: MLCO/nominated officer [ Insert name of MLCO/nominated officer ] Working pattern ☐ Full time ☐ Part time Details of any additional positions within the firm [ Insert details ] Date of appointment by the firm [ Insert date ] 3 Role summary 3.1 Serve as deputy to the firm’s MLCO/nominated officer......

1 General information Review timeframe [ Insert review period ] Review date [ Insert date ] Individual(s) carrying out the review [ Insert name(s) ] 2 Data Total count of high-risk clients [ Insert number ] Total count of high-risk matters [ Insert number ] Total count of these that pertain to PEPs [ Insert number ] Total count of these that concern false or stolen identification documentation [ Insert number ] Total count of these that involve sanctioned entities [ Insert number ] Total count of these that present a proliferation financing concern [ Insert number ] Total count of these that involve clients who are beneficiaries of life insurance policies where the retainer has a direct link to the policy [ Insert number ] Total count of these that concern clients...

This Precedent enables you to maintain a centralised record of all high‑risk clients and matters. It also features a separate tab for politically exposed persons ( PEPs). It can assist in evaluating and overseeing the firm’s risk much more efficiently, accelerate client due diligence (and enhanced due diligence), and simplify the continuing monitoring process overall......

This Precedent serves to log when client ID documents acquired for /client due diligence ( CDD) purposes will expire. This register is built in Excel, and as such, it cannot be exported directly to Word at all......

1 Details of Deputy money laundering compliance officer (deputy MLCO) Firm name [ Insert name ] Deputy MLCO name [ Insert name ] Reports to the money laundering compliance officer ( MLCO) [ Insert name of MLCO ] Employment status ☐ Full time ☐ Part time Other roles held within the firm [ Insert details ] Date appointed by the firm [ Insert date ] 2 Role summary Serve as the deputy for the firm’s MLCO. When the firm’s MLCO is unavailable [ and after consulting with [ state who, eg the nominated officer, COLP or senior partner ] ]: act as the principal point of contact with the Solicitors Regulation Authority ( SRA) on matters concerning anti-money laundering ( AML),...

Kindly select: ☐ Attached agreement for review by the legal team ☐ Draft agreement needed at this time 1 General information Requesting division [ Insert department ] Individual(s) submitting the request [ Insert name(s) ] Contact information, including email and preferred telephone number for the requester(s) [ Insert contact details of requesting person(s) ] Agreement purpose [ Insert purpose of contract ] Is this agreement a single procurement, or the initial part of a series?......

This is designed to build your understanding of your organisation’s finance and accounting by providing essential financial questions. Capture every response in the table. You might also need to consult your finance team to fill any omissions along the way as you proceed......

Attendees [ Insert the name of the director/head of function ] [ Insert the name of the in-house lawyer ] [ List any additional attendees ] Agenda Topic Required information Action owner Introduction Purpose of the meeting: to gain clarity on all procurement processes employed within the organisation; to understand how contracts are administered across the organisation; to identify how the legal department can best support the organisation’s contract management processes; to enable the legal department to create an effective legal process that supports the organisation’s contract management process......

1 Attendees: [ List attendees ] Each participant should attend the workshop fully ready to deliver a Power Point to the group, lasting no longer than [ insert, eg 20 minutes ], covering the following: categories of goods/services routinely obtained by that department; the end-to-end contracting workflow; each person’s function within that department across the contract lifecycle; how the central procurement team/organisational procurement process is used; contract templates relied upon; whether standard contract review/creation request forms are employed; where original agreements are physically retained; who executes contracts; what is currently in the immediate pipeline......

1 Goods/services Which kinds of goods and services are sourced in your area/department? Where can I find a list? 2 Contracting process Which contracting procedure is followed? Where can I obtain a contracting process workflow diagram? 3 Roles and responsibilities Within your area/department, who handles each stage of the contract lifecycle?......

This approval form sets out the grounds on which the project described in your [ data protection impact assessment ( DPIA) OR privacy impact assessment ( PIA) ] has been approved, alongside the data protection compliance steps you must implement. The final [ DPIA OR PIA ] is attached and contains full particulars of the guidance summarised below—please review both documents carefully before implementing your project. If you need any additional details or assistance, please contact [ insert relevant point of contact, eg your organisation’s data protection officer ( DPO) or data protection manager ( DPM) ]......

Task ☐ Understand all. sources of legal advice to your organisation, past and present Points to consider Legal guidance may derive from numerous places, eg: external counsel industry bodies insurers business consultants, accountants, etc briefings/mailers issued by law firms, consultants, etc conferences newspaper articles internet searches Actions Meet with each director and head of function to: map every source of legal input used identify the annual budget/cost of that legal input assess outcomes from the external service and satisfaction levels Position the legal department as the first point of call for any legal query or issue. If external counsel have been appointed, arrange meetings and take charge of instructing them......

Please confirm this privacy impact assessment ( PIA) is adequate for your requirements. You might need to undertake a full data protection impact assessment ( DPIA)—see [ insert link to your organisation’s DPIA screening questions ] 1 Background information Project title [ insert a name for the project ] PIA date [ insert the date the PIA is being completed ] Name and email address of the person accountable for the project and completing this PIA [ insert the name and email address of the person completing the PIA, eg the project manager ] 2 Describe the project Outline the data-sharing project/activity and its intended purpose [ insert a general description of the project, eg what you hope to achieve by sharing personal data and why. You may wish to refer to or link other documents, such as a project proposal ] Could you meet your...

STOP PRESS: This document is being revised to reflect implementation of the Data ( Use and Access) Act 2025 ( DUAA 2025), which amends the UK GDPR and the Data Protection Act 2018. For further guidance on the compliance implications of DUAA 2025, see Practice Note: Data ( Use and Access) Act 2025—compliance implications. For use by the organisation making the decision to share data......

STOP PRESS: This document is currently being revised to align with implementation of the Data ( Use and Access) Act 2025 ( DUAA 2025), which amends the UK GDPR and the Data Protection Act 2018. For more guidance on DUAA 2025 compliance implications, see Practice Note: Data ( Use and Access) Act 2025—compliance implications. For use by the organisation making the data sharing request......

Precedent Independent audit register Use this Precedent Independent audit register to keep a log of independent audits carried out within an organisation, supporting oversight of adherence to the Money Laundering, Terrorist Financing and Transfer of Funds ( Information on the Payer) Regulations 2017 ( MLR 2017), SI 2017/692, as amended. It includes placeholder entries for illustration, which must be removed before practical use. The Precedent aligns with the expectations contained in the Legal Sector Affinity Group ( LSAG) AML Guidance for the Legal Sector, yet remains broadly applicable in practice for general commercial organisations......

1 Introduction and instructions Internal use only—do not send to clients. Money launderers may try to hide where funds originate by arranging payments via associates or other third parties. A payment to or from a third party is especially suspicious if it is unanticipated, made at short notice, or said to be an error with a request for the money to be returned. There can be genuine reasons for third-party funding, for example parents providing a house deposit to their child. Ensure you carry out appropriate due diligence, including verifying the source of funds, before accepting any such funds. You should be satisfied that third-party monies are from a legitimate source and for legitimate reasons. This investigation record must be completed before any funds from a third party are accepted. Refer to our AML, CTF and...

STOP PRESS: On 19 June 2025, the Data ( Use and Access) Bill obtained Royal Assent and became the Data ( Use and Access) Act 2025 ( DUAA 2025), with parts commencing that day. Measures that started immediately on 19 June 2025 included those on handling data subject access requests and the grant of powers to make further regulations. Other elements, relating to notices issued by the Information Commissioner and particular aspects of law enforcement processing, began on 19 August 2025, two months after Royal Assent. The bulk of DUAA 2025 will only take effect once additional regulations—issued as statutory instruments—are made to commence them. Parts 5 and 6 of DUAA 2025 introduce amendments to the UK’s data protection and e Privacy regime, including: the United Kingdom General Data Protection Regulation; the assimilated Regulation ( EU) 2016/679 ( UK GDPR); the Data Protection Act 2018; and the Privacy and...