Law firms must modernise identity checks

The legal sector in the UK is experiencing a significant challenge as regulatory scrutiny intensifies and client expectations change. Recent events, such as the rebuke of Hett’s Johnson Whiting LLP by the Solicitors Regulation Authority (SRA), underscore the urgent need for law firms to modernise their identity verification processes. The SRA's actions serve as both a cautionary tale and a wake-up call for legal professionals to reevaluate their compliance strategies.

In June, Hett Johnson Whiting faced sanctions for repeatedly submitting inconsistent identity documents. A specific instance highlighted the issues at hand—a passport photo submitted to HM Land Registry did not match the individual's signature. Such discrepancies, which should have been flagged by a modern compliance system, went unnoticed due to outdated manual processes.

Cindy van Niekerk, CEO of Umazi, emphasises that many UK law firms remain reliant on antiquated methods for client onboarding and identity verification. “PDFs, office-certified photocopies, and siloed data handling are still in use, meaning red flags are easily missed because of outdated, fractured systems and human fatigue. This is leaving firms open to fines, reputational damage, regulatory investigations, and lost client trust. However it appears with the right shared corporate identity infrastructure, firms can remove the need for repetitive manual verification, centralising and digitising identity checks, reducing the risk of human oversight, and ensuring consistent compliance across every client interaction.”

Corporate identity platforms have the potential to revolutionise how law firms manage due diligence, identity, and compliance. If Hett Johnson Whiting had employed a digital-first approach, the outcome could have been drastically different, leveraging advanced AI-powered document verification to flag irregular identification documents upon upload. The incorporation of biometric validation and intelligent scanning technology stands to prevent mismatched credentials from entering the system altogether.

Van Niekerk details further innovations, stating, “Should an individual attempt to resubmit the same ID across different internal channels, behavioural red-flag detection triggers a risk-based alert and prompts further due diligence before any onboarding process is allowed to proceed. Rather than relying on uncertified photocopies, a reusable digital identity wallet enables clients to present a single, verified, tamper-proof credential that can be securely reused across institutions. Crucially, every verification step is immutably recorded via blockchain-backed audit trails, ensuring full traceability and embedding accountability into the process from the outset.”

The implication is clear: if UK law firms had adopted corporate digital identity platforms earlier, issues like the inconsistencies that plagued Hett Johnson Whiting would simply not occur. With the legal sector lagging behind in technology adoption, the risk of more incidents rises sharply.

Van Niekerk concludes, “It’s well known that the legal sector has been slow to embrace new technology, but in this environment, hesitation is no longer safe. The dangers of inaction now far outweigh the perceived risks of change. Corporate ID platforms don’t just tick a compliance box; they deliver assurance, speed and resilience. UK firms must act now, because the next time warning signs appear, they may not get a second chance to stop the damage.” The pressing need for law firms to adopt modern identity infrastructure is clear, and time is of the essence.