Can you guess how many inspections and desk-based reviews the Solicitors Regulation Authority carried out in 2023/24 to check that firms were compliant with anti-money laundering regulations? The answer is 512. But how many firms were fully compliant? Just 110. Partially compliant? 284.
These figures were shared again by the regulator at the Law Society’s flagship economic crime conference last week.
According to the Home Office and HM Treasury’s latest national risk assessment, the legal sector remains at ‘high risk’ of being exploited by money launderers. Criminals are drawn to legal services providers ‘due to the veneer of legitimacy legal professionals can offer due to perceptions of the sector’s integrity’. While the risk of AML non-compliance remains relatively low within the legal profession, the nature of the work and the volume of cash that can be moved through law firms contribute to the sector’s vulnerabilities.
Conveyancing, trust or company services, and client accounts remain most at risk of being exploited. Helpfully, the Society’s conference included workshops on source of funds and source of wealth.
The conference heard that transactional work involving the movement of funds falls within the scope of money laundering regulations, requiring firms to be compliant and to maintain appropriate controls. Some work, for example litigation, may start out of scope of the regulations but end in scope.
Once practitioners know what work they are doing, they can determine what documentary evidence is required, EMW Law’s head of operations Karen Voller said. Firms should write down the narrative behind a transaction, which will come in handy if they are audited (more on that below).
What evidence should firms collect and when? A firm is at high risk of AML or terrorist financing if it is dealing with (for example) a politically exposed person, someone based in a high-risk country, or the transaction is complex or unusually large, AML consultant Michelle Clement said. But decisions will be based on professional judgement and a risk-based approach.
‘You want to conduct the right level of checks for the specific circumstances in front of you. I encourage you to risk assess every client and matter,’ Clement advised. ‘Who is the client? What’s their profile? What’s the transaction in front of me? Are there other risk factors I should be considering? For example, are other jurisdictions involved? Assess that against the current guidance – what does the SRA say about this type of transaction?’
Once those questions have been answered, the firm should be able to determine if it is at potential risk of money laundering. ‘If there is a risk, you’re collecting the evidence to mitigate that risk.’
But collecting the evidence is not enough – it must be interrogated, Voller added. ‘If something goes wrong, you will be asked to explain what’s in those bank statements.’
Clement is a former AML auditor at the SRA. When she walks into a firm, she knows nothing about the firm or its client: ‘I pick up a file. I only have that file to go on. You understand what was happening. But if the file gets picked up three years later, you’re likely not to remember. Start from a defensive point. “This person was a longstanding client, we saw X property for them, which is why we only did these checks”.’
The risk if firms do not carry out checks? ‘The money laundering regulations say you have to conduct certain checks. If you cannot satisfy yourself, or the level of due diligence you have obtained, you need to cease the transaction,’ Clement said.
Firms may be afraid of offending the client or losing them, but Clement pointed out that regulation 31 of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 ‘would trump that feeling’.
To manage client expectations, Voller advised firms to explain their regulatory requirements and let the client know they are trying to protect them.
Asked for her top tips, Clement said: ‘Whatever you’re thinking at the point of that transaction, write it down. You’re going to think you [will] remember. But when the time comes and someone asks you the question, you won’t remember.’
As for keeping the SRA happy, Mandeep Sandhu, head of AML proactive supervision, later told the conference she can spot when a risk assessment has been treated as a tick-box exercise. ‘The purpose of that document is to enable you to scrutinise everything you have collected.’ And the SRA has inspected hundreds of risk assessments. ‘We know what templates exist and where they have not been amended.’
You have been warned.
2 Readers' comments