A significant number of regulated law firms have recently pleaded guilty to failing to comply with anti-money laundering (AML) legislation. The Solicitors Regulation Authority said that these law firms have “failed to adequately monitor and therefore prevent money laundering.”
The Solicitors Regulation Authority were given new powers to fine rule-breakers up to £25,000, under measures introduced in June 2022. This recent news will undoubtedly add to the disappointment expressed by AML-tech industry leader and CEO of Verify 365 Rudi Kesic, in his missive to the partners of regulated law firms during his keynote speech at LegalEx 2022 in London.
Significant disregard for AML compliance systems and control frameworks
Rudi said although he had witnessed evidence of effective control measures, he was left disappointed to continue to identify “significant weaknesses and blatant disregard for AML compliance systems and control frameworks”. These included lack of governance and supervision, no risk assessments, no client due diligence, no source of funds checks, no transaction monitoring and lack of suspicious activity reporting.
Rudi added that the idea that firms need to check only whether their clients have a “UK bank account” when verifying source of funds and source of wealth is a myth. He added:
“The key is knowing and understanding who your client is, and understanding why they have come to you, and does it make sense? For AML compliance, you really need to be checking how did the person get the funds? Be it through salary, investment, or gifts. It can be many legitimate means, but you need to understand that and be evidencing that.”
Recently, a law firm that was non-compliant with the anti-money laundering rules for three years was fined by the SRA for showing “a complete disregard for statutory and regulatory obligations”.
Scarborough firm Pinkney Grunwells Lawyers agreed to pay the fine of £2,000 in a regulatory settlement agreement with the SRA. In 2020, the firm had declared to the SRA that its firm-wide risk assessment was compliant with the 2017 Money Laundering Regulations – 40% of its work was conveyancing and so within their scope. However, an investigation began soon after, following a referral from the SRA’s AML proactive supervision team, showed this was not the case.
There are five key risk areas which must be assessed as part of the identity verification and anti-money laundering process process – clients, jurisdictions, services, delivery channels and transactions – and the firm had not covered any of them.
Risk-based approach to AML compliance
Rudi explained that solicitors should regularly review which areas of their practice are at risk and must put in place measures to prevent money laundering by using what’s known as a “risk-based approach”, which involves following a number of steps, including identifying the money laundering risks that are relevant to their law firm, carrying out a detailed risk assessment of their practice and each department/office, carrying out a risk assessment of their clients, designing and putting in place controls to manage and reduce the impact of these risks, monitoring the controls and improving their efficiency, and keeping records of what they did and why they did it.
Further, the risk assessment undertaken by Pinkney Grunwells Lawyers “failed to have sufficient regard for the Legal Sector Affinity Group (LSAG) guidance, SRA sectoral risk assessment and SRA’s warning notice”. The firm did not have in place compliant policies, controls and procedures to prevent money laundering, as required by the regulations.
SRA’s Compliance Officers Conference 2022 in Birmingham
At the SRA’s Compliance Officers Conference in Birmingham in November 2022, the SRA said that a typical review of a sample of client files usually highlights multiple AML shortcomings, such as failing to keep records, and source of funds evidence not being collated or verified by fee-earners.
“Failure to properly identify where funds have derived from will put the firm at risk of committing a section 327 offence under the Proceeds of Crime Act 2002.”
The SRA pointed out that some of the main omissions with AML checks is identifying and scrutinising complex or unusually large transactions, or identifying transactions that have no apparent economic or legal purpose, as well as regular monitoring of transactions where the funds are coming from high-risk jurisdictions.
Failure to comply is significant
Regulated law firms are expected to adhere to regulations laid out in the amended Money Laundering and Terrorist Financing Regulations 2019. And failure to comply is significant, as many law firms are now finding out. Not only can these practices suffer fiscally (significant fines) and reputationally (it doesn’t look great being on the home page of the Law Gazette) but under the COLP and MLRO regulations all senior management are responsible for their firms countering risk from financial crime and they can be held personally liable for infringements.
The tone of Rudi’s address at LegalEx 2022 implies “No more Mr Nice Guy with the SRA” – they will start to come down hard on solicitors who don’t toe the line. And according to his estimates, over 80 per cent of regulated law firms are not compliant.
Rudi suggests that all regulated law firms should start with conducting a gap analysis to identify specific weaknesses and areas of risk. They can put in place measures to address any weaknesses identified. One of the main problems in AML and regulations such as KYC (know your customer) is data quality. Firms’ controls and their adherence to AML is only as good as their data.
What should solicitors firms be doing right now to improve their AML controls and address AML data issues?
Rudi outlined a five-point plan for law firms, which includes the following steps:
- AML Gap Analysis and Review. All solicitors firms should start with identifying the gaps in their AML systems, and in particular source of funds and identity checks control frameworks. This is something lawyers should do every year – and if they haven’t, they need to get to it asap. The gap analysis review gives law firms a framework to work with and objectives to meet.
- AML Risk Assessments. All firms should undertake independent AML and financial crime risk assessments. This is essential – an objective assessment of the risks financial crime poses to their law practice is imperative. The conclusions of their practice-wide risk assessment are a matter of judgement and should reflect the nature of their work and clients. In their risk assessment, solicitors should assess what proportion of their work is made up of regulated activities, especially those identified as “high risk”. They should document what measures are in place to mitigate these risks, and adjust their policies, controls and procedures accordingly.
- AML Software and Digital Client Onboarding Solutions. There is an ever-growing list of AML technology providers that solicitors can rely on to help protect their firms from fraud. Verify 365 is the recommended AML solution for solicitors and conveyancers, which also provides HM Land Registry Safe Harbour Digital ID compliance. All law firms should be using digital client onboarding technology, such as Verify 365, which provide instant AML and identity checks to identify money launderers, therefore disrupt further criminal activity, as well as making the UK’s legal sector a difficult environment for those who seek to use it to launder criminal finances.
- AML Training. Law firms should follow the AML-tech implementation with delivering AML and financial crime compliance training to all staff. General online webinars on AML compliance are not recommended – they are a waste of time. One of the weakest links for AML compliance is the staff who don’t know what is expected from them, and unless they are completely up to speed on latest regulations and expectations of how they have to execute controls, then problems will occur. Data quality can suffer too, for example if they’re unsure of how to use the firm’s AML-software, what verification data to gather and how to review it.
- Lexcel and CQS Accreditations. Both Lexcel and CQS accreditations can help regulated law firms ensure their AML control frameworks meet the required regulatory expectations. All law firms should have adequate and independent accreditations in place which cover all three lines of defence with clear and useable reporting to relevant accreditation agencies, such as the Law Society.
Risk assessments: anti-money laundering policies, procedures and controls
Regulation 18 of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) requires law firms to carry out a written risk assessment to identify and assess the risk of money laundering that they face.
Carrying out a risk assessment will help law firms to develop policies, procedures and controls to reduce the risk of money laundering, apply a risk-based approach to detecting and preventing money laundering, understand the level of risk associated with certain business relationships and transactions, and make appropriate risk-based decisions about clients and retainers.
It’s important that regulated law firms keep their risk assessments under review as the Solicitors Regulation Authority may ask to see their assessments in 2023 – especially if something goes wrong with compliance at their firm.
Using AML technology to prevent fraud and money laundering
Rudi added that law firms should be using AML-tech platforms, such as Verify 365, to assist with digital client onboarding and prevention of money laundering:
“Money laundering is a major challenge in the legal sector as it underpins most forms of organised crime in the UK, which allows criminals to develop their operations, deposit funds and hide their assets. Although there are no exact figures, there is a realistic possibility that the scale of money laundering impacting the UK annually is in the hundreds of billions of pounds.”
Money laundering is an ongoing issue for solicitors and conveyancers and has the potential to threaten the UK’s national security, national prosperity, and international reputation. Rudi continued:
“The critical importance of the legal sector to the UK’s economy and London’s reputation as the world’s top legal hub, means that property transactions, particularly high value money laundering involving Indian, Russian, Chinese, or Arab clients, can undermine the integrity of the UK’s legal system and its international reputation.
The UK benefits from an active and dynamic market of law firms, supported by a limited number of restrictions on establishing a company in England and Wales. The ease with which a company can be established is frequently exploited by criminals who set apparently legitimate companies both within UK and offshore, but which are primarily a mechanism for laundering illicit funds.”
AML software can help solicitors and conveyancers to prevent fraud
Rudi reiterated the point that law firms should be using digital client onboarding technology, such as Verify 365, which enables solicitors to undertake instant AML and identity checks to identify money launderers, therefore disrupt further criminal activity, as well as making the UK’s legal sector a difficult environment for those who seek to use it to launder criminal finances.
By working in partnership with law enforcement and regulation agencies, Verify 365 are helping to support law firms by providing the best digital onboarding technology for AML checks to help solicitors and conveyancers to spot the signs of money laundering and identify and stop fraud.
If lawyers suspect they’re under threat from money laundering – call Verify 365
Rudi stated:
“If you work in legal services and suspect that your law firm is under threat from money laundering or terrorist financing, you should call Verify 365 to assist your practice with implementing a digital client onboarding system.”
Firms are well-advised to review their AML policies and their firm-wide risk assessments and take immediate action to ensure they are sufficiently robust or update them to achieve and maintain a compliant status. Time will tell how well solicitors’ firms have sat up and listened to Rudi Kesic’s plea at LegalEx 2022. But they are running on borrowed time – the SRA will really start to come down hard on AML regulation breaches.
After all, it’s in everyone’s interest to root out the financial criminals.
