The SRA announced that they will soon be contacting 7,000 firms that fall under the scope of the Regulations and declared they would take a proactive enforcement approach towards firms who don't comply.
So far this year, the SRA has opened 172 investigations linked to anti-money laundering compliance, and in the last five years has taken more than 60 such cases to the Solicitors Disciplinary Tribunal, which has resulted in over 40 solicitors being struck-off or suspended.
In this article, we consider five steps law firms should be taking now to implement robust anti-money laundering (AML) solutions to satisfy regulatory compliance requirements in the UK and protect the firm from money laundering attacks.
How to Implement AML Compliance in a Law Firm: 5 Proven Steps
1. Create and maintain an effective firm-wide risk assessment
The SRA discovered that 40 firms failed to have a written firm-wide risk assessment in place, which is a breach of Regulation 18. The risk assessments presented were often inappropriate to the size of the firm, its geographical coverage and the services offered.
Creating and regularly updating a bespoke firm-wide risk assessment should be at the top of the priority list. Take time to outline what money laundering risks your firm faces and what steps you are taking to mitigate that risk. Firm-wide risk assessment should be the foundation of your AML processes and inform your policies, controls and procedures, which are compulsory under Regulations (18-21).
When formulating a firm-wide risk assessment, it is imperative to take sectoral risk into consideration:
- Clients – Are any of your clients Politically Exposed Persons or their close connections?
- Geographical coverage of your services – Do you operate in high-risk jurisdictions – countries with high levels of corruption or those that do not have equivalent AML standards to the UK?
- Products and services – Are you involved in conveyancing, trust and company formation, client accounts services?
- Transactions – Do you deal with high-value transactions?
- Delivery channels - Do you often work with remote clients or clients that combine various services?
Do not confuse a firm-wide assessment - which evaluates the money laundering risk to the entire business - with a matter or client risk assessment that estimates the money laundering risk of that client or client matter.
2. Develop policies, controls and procedures
Your policies, controls and procedures (Regulations 19 to 21) must explain how the firm will manage the money laundering risk identified in the firm, client and matter risk assessments.
Compliance Officer (MLRO) and Independent Audit Function
Depending on the size of your firm and the nature/complexity of work, you might be required to appoint a member of the board or senior management as an officer for compliance with the 2017 Regulations, and establish an independent audit function to evaluate the effectiveness of the firm's AML policies and procedures.
Use technology in your compliance work streams
If your firm operates across many offices and different jurisdictions, there is a danger that the processes will become disparate. By making use of compliance technology, you will be able to reduce human error and introduce consistency to your procedures.
3. Provide ongoing AML training
Ongoing AML training is a requirement under Regulation 24. Members of staff must have a thorough understanding of what money laundering is, how it's done, and the steps that can be taken to help prevent it. Employees must also understand the relevant UK legislation and regulations, what they cover, as well as the consequences of non-compliance.
Consider courses designed for the legal or accounting professions, as they will include the most relevant examples to help prevent money laundering. E-learning is convenient and offers the MLRO or Practice Manager the ability to track employees’ progress to ensure that they have completed their training.
4. Utilise technology for active client due diligence
The SRA highlighted that many firms do not understand their responsibilities when dealing with Politically Exposed Persons (PEPs) and their close associates and family members.
Firms are obliged by Regulation 35 to have appropriate risk-management systems and procedures in place to identify when their client (or the beneficial owner of a company) is a Politically Exposed Person (PEP) and to manage the enhanced risks arising from having a relationship with that client.
Technology and client due diligence
Manual customer due diligence processes are prone to human error, putting the firm at risk from a regulatory and reputational perspective. Incorporating an e-verification solution could not only save time but also mitigate those risks. Online e-verification allows you to check an individual for potential PEP/sanctions status while monitoring tools will enable you to continually keep up to date on any changes to adverse information related to your client.
The 4th Money Laundering Directive recommends that client records need to be retained in-keeping with the GDPR 2018 Regulations.
5. Digitise ongoing monitoring for PEPs and Sanctions
In addition to e-verification, digital monitoring systems are a straightforward solution for ongoing risk assessment/due diligence for clients that are politically exposed or have been found to be at higher risk using internal risk management systems. Thanks to API (application programming interface), customer due-diligence processes such as e-verification and ongoing monitoring can easily be integrated with your existing compliance platforms.
It’s clear that anti-money laundering compliance is high on the SRA’s priority list. Failure to comply could result in significant sanctions and reputational risks to the firm and individuals. It is therefore imperative that firms start implementing AML compliance processes now, if they are not already doing so.
Get in touch with our specialist AML & Compliance Team to see how we can help with your compliance obligations through our AML solutions, including e-verification, global monitoring for PEPs and Sanctions, and AML e-learning course.
Remote working and data protection compliance for multinationals
09 June 2020
How to remain compliant with data protection laws when managing a global remote workforce. Register Today June 9, 2020 | 1PM EDT | 6PM BST Data protection compliance is one of the…
Shadow Payrolls: What You Need to Know
04 June 2020
Webinar: What does China’s Greater Bay Area mean to you and your business?
28 May 2020
International Expansion and Operations Now: A Finance Leader's Guide
27 May 2020
Compliance considerations when managing a global remote workforce
26 May 2020
Running a Global Operation Efficiently
21 May 2020