The Solicitors Regulation Authority (SRA) has issued a new warning to solicitor firms that they need to be more thorough in undertaking client/matter risk assessments when assessing whether there are any money laundering risks posed by their clients and the services that they are seeking.
The publication last week of a thematic report Client and matter risk assessments[1] dealing with how firms assess clients and matters to identify money laundering and terrorist financing risks, revealed that a third of firms are still not fully compliant with their obligations. This has resulted in the SRA issuing a warning notice also entitled Client and matter risk assessments[2] to remind the profession of its obligations and to warn that fixed financial penalties for AML systems and controls failings will be reviewed in the next year.
The thematic review looked at the systems which firms use to assess the money laundering risk posed by clients and services. While the vast majority of firms were aware of the need to have an individual assessment and had a process in place to deliver one, in practice many of these did not properly identify and manage risk. It has been a legal requirement since June 2017 that firms risk assess clients and matters under regulation 28(12) and (13) of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (‘MLR’).
The SRA are keen for firms to realise that taking a risk-based approach to preventing money laundering is vital if firms are to direct their resources appropriately to the highest risk areas and to ensure that they are mitigating the risk of money laundering, understanding and assessing the risk posed by each client and matter and acting accordingly.
The SRA inspected 30 firms with a view to better understanding how they were complying with the requirements of the MLR and to enable them to identify examples of good and poor practice. Whilst all but two of those firms had a process for client/matter risk assessments, a significant proportion of those 28 were only partially compliant with regulations. Most firms’ risk assessment processes looked at client risk and matter risk together, rather than separately. While this will normally be acceptable, those assessments do need to be comprehensive, which was not universally the case. One firm’s assessment of risk was limited to client risk only, and three firms’ risk assessment processes were limited to considering matter specific risks. The SRA are now working with those firms to bring their processes in line with the regulatory requirements.
To help firms to address these issues, the SRA have published the results of their thematic review together with the warning notice and a Client and Matter Risk Assessment Template[3] and supporting notes. The firm should consider the factors in the template to help them to assess the money laundering risk posed by the client or transaction. Although the factors listed are not exhaustive, nevertheless the template is a thorough review of the factors which should be taken into account. Firms should also note that this is not the same risk assessment as the firm-wide risk assessment (for which see the recently updated SRA Guidance note Firm-wide risk assessments[4]).
In relation to the risk assessment, the SRA state that firms should carry out and record a risk assessment for every client and matter that falls within scope of regulation 11(d) and regulation 12(1) and (2) of the MLR – i.e. in general those involving legal or notarial services to those participating in financial or real property transactions or providing tax advice. These assessments need to be undertaken at the beginning of a client relationship (in conjunction with performing customer due diligence) and should be reviewed throughout the transaction to pick up on risk issues that only emerge later in the transaction or as the relationship progresses.
Firms should also bear in mind that under regulation 28(12)(ii) of the MLR, the customer due diligence measure they apply must reflect the firm-wide risk assessment undertaken in accordance with regulation 18 of the MLR and the level of risk arising in any particular matter.
The SRA point out that it may not be necessary for firms to undertake a written risk assessment for every matter. Examples of this might be where matters undertaken for a given client are highly repetitive in nature and the risk remains consistent between one matter and another, and the risk is addressed comprehensively by the firm’s client risk assessment. Bear in mind, however, that where the firm does not carry out a risk assessment for every matter for a given client, it should ensure that it still regularly reviews the client risk assessment.
It should also be noted that the firm should review its risk assessments at appropriate intervals during the client relationship, during the transaction and just before the transaction is completed to identify if anything has changed.
In particular, firms should:
- assess if the service to be provided could be used to launder money,
- understand why the services of the firm are needed by the client and whether it appears reasonable or genuine,
- understand the source of funds and wealth of the client/owners,
- be vigilant as to red flags that arise during the course of the matter. In particular be aware of any information that does not fit with the firm’s assessment of risk,
- consult the firm’s policies to decide what action needs to be taken to mitigate any risks identified – for example raising the matter with partners/directors,
- determine what information or evidence needs to be collected for due diligence purposes and how this will be monitored, and
- document and record all steps taken.
To assist firms in achieving all of this, the Template form is broken down into Initial Risk Assessment, Matter Risks, Due Diligence and Ongoing Monitoring.
For firms that want to know about the SRA’s approach to risk assessments there is an SRA webinar[5] which explores the importance of matter risk assessments and which looks at the requirements of the money laundering regulations, the ways in which matter risk assessments can help protect the firm and relevant observations from the SRA’s inspection of firms’ AML controls. Firms should also refer to the Legal Sector Affinity Group Anti-Money Laundering Guidance for the Legal Sector 2023[6] and the SRA guidance on Sectoral Risk Assessment – Anti-money laundering and terrorist financing[7].
Finally, for more information see the SRA’s annual review of their anti-money laundering work, outlining some of the broader themes identified in 2022/23[8].
[1] https://www.sra.org.uk/sra/research-publications/client-matter-risk-assessments/
[2] https://www.sra.org.uk/solicitors/guidance/client-and-matter-risk-assessments/
[3] https://www.sra.org.uk/solicitors/resources/money-laundering/guidance-support/client-matter-risk-template/
[4] https://www.sra.org.uk/solicitors/guidance/firm-risk-assessments/
[5] https://www.sra.org.uk/sra/news/events/on-demand-events/anti-money-laundering-matter-risk-assessments/
[6] https://www.sra.org.uk/globalassets/documents/solicitors/firm-based-authorisation/lsag-aml-guidance.pdf?version=496f8e
[7] https://www.sra.org.uk/sra/research-publications/aml-risk-assessment/
[8] https://www.sra.org.uk/sra/research-publications/aml-annual-report-2022-23/