The recent warning from the SRA that “too many firms are falling short on anti-money laundering” will have caused many a shudder on the part of money laundering compliance and reporting officers.
The news release, published on 7 May, reported on an initial exercise to survey the degree of money laundering compliance and stated that of the 59 firms surveyed almost a half – 26 firms – had “entered the disciplinary process”. The news release was accompanied by an SRA Warning Notice which although not part of the SRA Handbook would be relied upon by the SRA in any disciplinary investigation.
First, to gauge what should be in place in your firm some basics about the legal and professional requirements. There is more to ensuring compliance with firms’ anti-money laundering obligations than simply ensuring that no money laundering or terrorist financing activity is undertaken by the firm. One of the enduring complications of this topic is that there are criminal offences that can be committed under the Proceeds of Crime Act 2002 and the Terrorism Act 2000, some of which are limited to the “regulated sector”(i.e. those firms that are subject to the Money Laundering Regulations 2017 (“MLR”)) but the MLR have to be complied with in any event and it is an offence not to do so.
In turn the MLR do not apply to all law firms – merely those that undertake, broadly, transactional work as listed at regulation 12(1). In addition, a firm will be caught by the MLR if it qualifies as a “trust and company services provider” under r.12(2) by providing trust or company formation or related secretarial services. A firm would also be caught by the MLR if it were to provide tax advice under r.11(d). Trust and Company Service Providers.
The recent SRA review concentrated on firms that are trust and company service providers – an area of concern for some time for HM Treasury which is the Government department with responsibility for AML enforcement. The HMRC is the supervisory body for trust and company service providers, but professional firms do not have to register with them if they are regulated by one of the other accountancy or legal bodies designated as such by the MLR, including the SRA. Law firms are not therefore required to register with HMRC if they are authorised by the SRA and in turn the SRA has to show to Government that it is an effective regulator in this regard.
As to the MLR themselves, it is important to stress that it is a criminal offence not to comply with the regulations where they apply, regardless of whether any money laundering or terrorist financing is actually occurring within the firm. Despite recent pressure from HM Treasury for more prosecutions for non-compliance with the Regulations it remains much more likely that disciplinary measures will be taken at a professional level, as evidenced by the recent SRA review.
Required Action
Although the recent report confirms that there was no evidence of any such illegal activity occurring within the firms that were inspected, the report was nonetheless critical of the degree of compliance with the Regulations. To address such concerns, not just in relation to trust and company service provision but more generally, a practice that is subject to the MLR should ensure that it does the following.
First, and as highlighted by the report, it is essential to have conducted an AML risk assessment which itself needs to be kept under continual review within the firm (r.18 MLR). This exercise is core to the operation of the MLR and, in turn, the EU Directive on which the Regulations are based. Logic dictates that greater checking is required in high risk situations and less where the risks are low, but the nature of those risks must be determined by each “obliged entity” for itself. When conducting a risk review, reference must be made to the supervisory body’s risk review for its sector and its guidance (to be found in the Legal Sector Affinity Group’s AML Guidance). Crucially, a written record of the outcome of the review must be made available for inspection (r.18(6) MLR).
Secondly, the whole point of conducting the risk review is that the firm’s policy should be based on its findings in what is described as an “independent collection of policies and precedents”. It may well be that a one-size-fits-all approach to AML compliance within the firm is not the best arrangement and that additional controls are appropriate within the higher risk departments such as conveyancing as opposed to family or employment work.
It is also essential that the firm’s policy is demonstrably up to date: references to the MLR 2007 (now repealed) or to SOCA as the predecessor body to the NCA to report actual or suspected money laundering activity will immediately count as noncompliances.
The review report also highlights insufficient evidence in many cases of checking for particular risk factors such as politically exposed person (“PEP”) status. Here, depending on the nature of the instructions received, greater checking is likely to be required to assess the source of not just the client’s funds but also their wealth if they do qualify as such.
Finally, continuing training in this topic is a requirement of the MLR at r.24 and was another common failing in the review.
This article first appeared in the Birmingham Law Society Bulletin