We have been contacted by a number of firms about a questionnaire that the SRA is sending out questioning the arrangements that they have in place for the management of sanctions risks. The need to respond to this exercise in a manner that will be acceptable to the SRA once again throws light on the recently changed imposition of strict liability for having financial dealings with any designated person under the regime, and so including counter-parties to live matters as well as the firm’s own clients.
The sanctions regime is a fairly recent development for those in the legal profession and all others besides. When first introduced by the Sanctions and Anti-Money Laundering Act 2018 it became a criminal offence to have dealings with a client if done so to the usual mens rea standard of having been done intentionally or recklessly. The Act also required firms to notify the Office for Financial Sanctions Implementation (“OFSI”) as soon as practicably possible if they knew or reasonably suspected that they were dealing with anyone who had been listed as being a “designated person” within the regime.
These obligations became much more stringent, however, as a result of the Economic Crime (Transparency and Enforcement) Act 2022 which made it an offence of strict liability to have any financial dealings with clients who are or are suspected to have been listed as such. The strict liability basis of the offence as is now the case has also meant that the firm’s responsibilities are no longer limited to its own clients and have been extended to counter-parties also. In the case of solicitors’ firms the responsibility for the enforcement of these provisions has been delegated to the SRA and they duly set out their guidance on what would be expected of firms and how they would handle any such breaches in their guidance note of the 28th November 2022.[1]
The guidance note made the recommendation that although the conduct of a sanctions risk assessment is not specifically required by the Act this was recommended by way of best practice. Those who are subscribers to Infolegal may, if they have not already done so, use our revised “three in one” risk assessment form for money laundering, proliferation risks and sanctions which will be found on the Infolegal InfoHub in the AML Compliance Zone.
So far as the need for a linked AML risk assessment is concerned, the SRA require AML risk assessments to be reviewed annually, or perhaps every two years at least, if the firm’s operations have not changed greatly in the meantime. As to the need for the much less likely issue of proliferation risks for firms, which would be the case if they have any dealings with those who are dealing with nuclear or other forms of weapons of mass destruction, this is required for all firms that are subject to the Money Laundering Regulations 2017, and so who find themselves as being part of the “regulated sector”. Taking into account these various obligations it will be timely for most firms to update their risk assessment so as to be up to date with each of these three different but related strands.
As to the firm’s own clients, this should be addressed by an AML e-verification system to check for sanctions listings, and if wanting to check on the status of counter-parties there is the quick and easy to use OFSI facility at https://sanctionssearchapp.ofsi.hmtreasury.gov.uk/. In this regard it is worth considering the true risk potential here. The SRA recommend (but do not require) checks on all counter-parties but most firms will feel able to live with the risk that a breach might occur in relation to a party represented by another firm who should therefore be monitoring their own clients. On the other hand it might be worth the precaution of checking on any other persons who become involved in any current matters if they are not represented. In the unlikely, but possible, situation that the firm does find itself acting against a party who turns out to be a sanctions target, the SRA have said that they will prosecute if the breach is intentional or reckless, but if merely negligent or through blameless inadvertence they will “take a view”.
A further complication has arisen in relation to dealings with companies rather that individuals. In their guidance note the SRA suggested that dealings with companies would amount to a breach judged not on the AML basis of who might be regarded as being a beneficial owner (usually by holding 25+% of the issued shares) but who might instead exert control over its operations by having a shareholding of 50% or more, or where other internal arrangements might mean that they should be regarded as such. On this basis there would seem to be no need to check on the shareholdings of most larger PLCs or private companies where the main personnel are known about; this would therefore also extend to other local advisers such as estate agents that will probably be well known to the firm in any event.
Whatever the measures to be taken, this is another burden to add to the many others that law firms now face. Most will take the view that having a policy in place that recognises the risks, and shows that the firm has considered what steps it will take by way of risk management, should be a realistic and practicable way to deal with the it. If this is still required, then Infolegal subscribers can use the recently updated policy templates set out in Part 3 of our Draft Office Procedures Manuals for Firms and Sole Principals.
If you feel that we can assist further, please contact Infolegal Director Matt Moore at mattmoore@infolegal.co.uk.
[1] (https://www.sra.org.uk/solicitors/guidance/financial-sanctions-regime/).