Legal Precedents

STOP PRESS: This document is being revised to align with the commencement of the Data ( Use and Access) Act 2025 ( DUAA 2025), which updates the UK GDPR and the Data Protection Act 2018. For further guidance on DUAA 2025 compliance impacts, consult Practice Note: Data ( Use and Access) Act 2025—compliance implications. 1 Background Name and role of the person(s) carrying out the assessment [ Insert name ] Assessment date [ Insert date ] 2 Proposed processing Overview of intended processing covered by this assessment [ Describe, eg: Email marketing to existing contacts for comparable services provided by [ insert organisation name ] ] Details of the data or classes of data to be handled [ Describe, eg: ] [ Names and email addresses ] [ Purchase histories of intended recipients, to confirm any direct marketing is confined to...

STOP PRESS: We are revising this document to align with the rollout of the Data ( Use and Access) Act 2025 ( DUAA 2025), which modifies the UK GDPR and the Data Protection Act 2018. For further guidance on the compliance impact of DUAA 2025, see the Practice Note: Data ( Use and Access) Act 2025—compliance implications. 1 Background information Organisation’s name and contact details [ Insert your organisation’s name and the contact details of the person co-ordinating the supplier ] Supplier’s name [ Insert name of receiving organisation ] Scope of questionnaire [ Indicate whether the questionnaire concerns the delivery of a brand new preference centre or the enhancement of an existing preference centre. Also specify whether the preference centre will be the sole system for capturing and managing all customers’ preferences, or will sit within a broader suite of tools used for...

FAQs We conduct our business [ es ] with integrity. We must all act together to keep our business [ es ] remain [ s ] free from tax evasion and the facilitation of tax evasion. These FAQs draw on guidance from the Law Society and are intended to help you deliver [ insert organisation’s name ]’s business aims in a manner consistent with our commitment to stop the facilitation of tax evasion. This document covers frequent questions and scenarios; whenever you are uncertain about a matter, transaction or situation, please consult [ insert contact name or title ]. 1.1 If a client instructs the firm on work involving a foreign jurisdiction, and our retainer excludes advice on related overseas tax issues, what duty do we have to consider foreign tax matters? The firm is only at risk where an associated person criminally...

1 Decide who should conduct and support the investigation General counsel should determine the most suitable way to run the investigation, though they may form a dedicated committee including appropriate board or audit committee members. Identify a ‘client contact’ as the primary liaison within the company. This person must be senior enough to issue instructions and make decisions for the business, and must have no involvement in the alleged conduct. Consider whether to appoint: external legal advisers to reinforce the (perceived) independence and integrity of the investigation and to provide a stronger basis for legal professional privilege ( LPP); an external data vendor to collect and process relevant material and assist with forensic tasks, such as recovering deleted data where required; media relations experts to help deliver effective public messaging and to monitor the impact of any adverse...

1 Introduction Adhering to laws that prevent financial crime is vital for [ insert organisation name ] [ and all its businesses ]. We issue this note to every agent and intermediary to build awareness, safeguard our good name, and mitigate any liability that could arise if financial crime is perpetrated by any of our business partners. This briefing promotes awareness and helps safeguard our reputation overall too effectively. If you are a partner, agent, consultant, or other third party delivering services for, or representing, [ insert organisation name ], you may fall within the definition of an ‘associated person’ under applicable legislation, meaning we can be liable for actions you take for us. It is therefore essential that you: understand and adhere to the same laws and policies that govern us and our employees; spot when financial crime risks emerge and respond...

1 General information Review period [ Insert review period ]; Review date [ Insert date ]; Reviewer(s) [ Insert name(s) ] 2 Data Criteria For the last [ insert period, eg quarter ] and last 12 months, capture totals for: SARs received; ML/ TF/ PF‑related SARs; SARs to the National Crime Agency ( NCA); DSARs needing consent/defence (granted, refused, pending); SARs not sent to the NCA; super SARs; CDD company discrepancy reports; and PEPs added to the central list 3 Review and findings Confirm a refreshed organisation‑wide ML/ TF/ PF risk assessment in the last year; AML/ CTF/counter‑proliferation policies, controls and procedures reviewed, updated and communicated (incl. branches/subsidiaries); SAR and Super SAR registers current; dates of staff training and record reviews [ Insert date ]. Note any SARs/super SARs needing further review; status of the high‑risk client/matter list (incl. PEPs) and quarterly reviews; CDD...

1 General information Report date: [ Insert date ] Previous report date: [ Insert date ] Name of the individual submitting the report: [ Insert name ] 2 Action points arising from last nominated officer report Action item: [ Action point ] — Responsible party: [ Identify person responsible for this action point (may or may not be the nominated officer) ] — Status: [ Status ] Action item: [ Action point ] — Responsible party: [ Identify person responsible for this action point (may or may not be the nominated officer) ] — Status: [ Status ] Action item: [ Action point ] — Responsible party: [ Identify person responsible for this action point (may or may not be the nominated officer) ] — Status: [ Status ] 3 Executive summary This report addresses the following areas: 3.1...

As an organisation, we uphold robust policies and procedures to deter exploitation and human trafficking, while safeguarding our good reputation and people. These are accessible [ insert details, eg on our intranet ]. This awareness tool highlights common red flags suggesting a person could be a victim of slavery or human trafficking. If you believe someone is being controlled or coerced by another to work or deliver services, please report it. This may involve a colleague, someone within our supply chain, or someone unconnected to our [ firm OR organisation ]. If a colleague shares anything you believe could show they, or another person, are being exploited or mistreated, then please report it at once. There is no single type of victim, and some do not realise they have been exploited or that they deserve help and support......

Suggested action This guide is designed to prepare [ insert organisation’s name ]’s crisis management team to handle media enquiries in a crisis scenario. You should also refer to our [ insert, eg Crisis management plan and action list ]. Work on the basis that any written records you create are not confidential or privileged... Guidance Nominate a single point of contact for press enquiries. Preferably one person, or a closely coordinated team, to keep messaging consistent. This could be [ insert organisation’s name ]’s internal or external press officer. If not, appoint someone sufficiently senior and well equipped to deal with journalists. Avoid involving too many people in the issue; a smaller group prevents overload and allows every-day business to continue, while giving a person or compact team clear ownership of the exercise. Assess the media risk....

Please be aware that the details within these tables are confidential and must be treated accordingly. 1 Internal crisis management team The table beneath identifies people who will, or might, form part of an internal crisis management team. Ensure the eventual line-up is customised to the specific incident, remains proportionate, and refrain from overstaffing the team. Operating on a need-to-know footing is advisable, both for confidentiality and to preserve legal professional privilege. Accordingly, those shown in square brackets are optional, contingent on the circumstances of the crisis......

1 Assemble crisis management team Bring together a crisis management team and nominate a leader. Complete or update the Crisis management team sheet. Person responsible: [ Insert name of person responsible ] Status and comments: Work on the basis that any notes you produce are not confidential or privileged. 2 Preliminary, high-level assessment and reflection Pause to grasp what has occurred and consider worst-case consequences. Take a short period to reflect and brainstorm. Do not spend excessive time, yet give yourself room to think. Assume any written records are neither confidential nor privileged. Early priorities are to determine: what has already taken place; what further developments might arise that could make matters worse, especially those you can prevent, manage, or limit. Person responsible: [ Insert name of person responsible ] Status and comments: [ Describe status of this action point and insert any other...

Person responsible for the crisis management plan [ Name and contact information of the senior individual within the organisation who periodically, from time to time, reviews the crisis management plan and reports on its operation to the Board ] Plan Review Date [ Date of the next plan review ] 1 What is a crisis and when does this plan apply? 1.1 There is no officially recognised and accepted definition of a crisis......

Crisis management panic sheet This Crisis management panic sheet sets out guidance for the immediate aftermath (first 12 hours) of any crisis not addressed by a different dedicated plan. [ Insert organisation's name ] maintains separate plans and strategy documents for particular incidents, eg [ data security breach, internal investigation, dawn raid and business continuity failure ]. Refer as well to the Crisis management action list, which is attached to our Crisis management plan. 1 Assemble crisis management team Form a crisis management team without delay, appointing an individual to lead it. Even with a pre-drafted line-up, always ensure the final composition fits the specific crisis and is kept as lean as practicable. Alert all members at once, with round-the-clock contact and availability. 2 Conduct a preliminary, high-level assessment Carry out an initial review of the incident and its possible worst-case scenario impact and...

How to use this test These questions are intended to assess your understanding following attendance at training on anti‑money laundering, counter‑terrorist financing and counter‑proliferation financing. When you have completed this test, kindly return it to [ insert name ]. General Name of person completing test [ Insert name ] Role [ Insert role ] Date [ Insert date ] Please circle the correct answer. The law and red flags Please circle the correct answer. Question Multiple choice answers What is money laundering? (a) The method by which criminal proceeds, their true source and ownership are concealed so the funds appear legitimate (b) Requesting or accepting a bribe (c) Employees removing money from customer accounts and using it to fund crime What is terrorist financing? (a) Terrorising customers by demanding money (b) Providing or collecting funds from lawful or unlawful sources for terrorist acts (c) Providing or collecting funds from unlawful sources for terrorist acts What are red flags? (a) Warning signs of money...

The law and red flags Circle the correct answer. Question Multiple choice answers What is money laundering? (a) The method by which criminal proceeds, their real source and ownership are altered to make those funds seem lawful What is terrorist financing? (b) Supplying or raising money from lawful or unlawful sources to support terrorist activities What are red flags? (a) Indicators that suggest money laundering, terrorist funding, and proliferation financing How do you need to act when looking out for red flags and other signs of money laundering, terrorist financing and proliferation financing? (c) As a prudent person would, with comparable qualifications, knowledge and experience to yours Failure to disclose can result in what penalty? (c) Up to five years’ custody, a financial penalty, or a combination of both What can be a defence to the offence of failure to disclose? (c) Submitting a SAR to the nominated...

This presentation serves as a tool to instruct and train your staff on anti-money laundering, counter-terrorist financing and counter-proliferation financing. It is intended for broad use. Confirm whether the Money Laundering, Terrorist Financing and Transfer of Funds ( Information on the Payer) Regulations 2017, SI 2017/692 ( MLR 2017) set out any extra or different obligations for your sector, and whether your regulatory body has further, sector-specific expectations in place concerning training staff members on anti-money laundering, counter-terrorist financing and counter-proliferation financing. The training resources are flexible. You may choose to run the programme in a single sitting, or it can be readily split into shorter modules......

1 Introduction 1.1 This document sits alongside, and forms part of, [ insert organisation’s name ]’s Records management policy. It specifies and outlines the periods for which various categories of business records (as defined within the Records management policy) should be kept to meet operational and legal needs and obligations. [ You need not read the full retention schedule; instead, concentrate on the record categories relevant to your duties. ] 1.2 The schedule’s retention periods reflect operational needs and legal obligations, including our duty under data protection law not to retain personal data for longer than is necessary. When a retention period comes to an end, the data or record should be reviewed and, if no longer required, destroyed. 1.3 If you hold any records not described in this schedule, and it is not apparent from the existing...

Stop press: The Data ( Use and Access) Act 2025 ( Commencement No 6 and Transitional and Saving Provisions) Regulations 2026, SI 2026/82 bring into effect the remaining provisions of the Data ( Use and Access) Act 2025 ( DUAA 2025). Provisions relating to subject access requests, legitimate interests, purpose limitation, automated decision-making, international transfers and enforcement are operative from 5 February 2026, and those dealing with penalty notices and complaints take effect from 19 June 2026. For more information, see Practice Note: Data ( Use and Access) Act 2025—employment implications. This Precedent will be updated shortly to take account of these changes. 1 Introduction 1.1 The Company maintains personal data (or information) concerning job applicants, employees, clients, customers, suppliers, business contacts and other individuals for a variety of business purposes. 1.2 Under Assimilated Regulation ( EU) 2016/679, UK General Data...

Thank you for making the time to meet with us. As you know, we are carrying out an enquiry on behalf of [ insert organisation's name ] into matters connected to [ use general terms to describe the issues ]. We consider that you could improve our understanding further of events by sharing relevant details that will support the enquiry......

Precedent sample privilege log Click to access the Precedent sample privilege log. Please note this register was created in Excel, so it cannot be exported to Word. This Precedent sample privilege log is suitable when an organisation runs an internal investigation. It helps you catalogue documents covered by legal professional privilege, indicate whether they are redacted or fully withheld, and state the rationale. Use it to note whether access is limited by redaction or complete withholding, together with the underlying justification. It is equally applicable where an organisation faces an external investigation. Legal professional privilege ( LPP) shields documents from disclosure to third parties, including government agencies, regulators and claimants in civil proceedings. There are two categories of LPP: legal advice privilege litigation privilege See Practice Note: Internal investigations and legal professional privilege— Types of legal professional privilege......