Anti-Money Laundering (AML)
The SRA has been increasing its investigations and enforcement of the AML regulations with firms that are caught by the regulations. We are often asked for help once the SRA have confirmed that they will be visiting, which is often too late! Therefore, please ensure that you are aware of your obligations and take action now to ensure you remain compliant.
As publicised in January 2023, the SRA issued a record fine to a law firm for AML failings. Details about the £20,000 fine handed to the two Partner firm, Ferguson Bricknell, have been reported by the Law Society and Legal Futures.
Does your firm undertake any of the following work?
- the buying and selling of real property or business entities
- the managing of client money, securities or other assets
- the opening or management of bank, savings or securities accounts
- the organisation of contributions necessary for the creation, operation or management of companies
- the creation, operation or management of trusts, companies, foundations or similar structures
- provide tax advice.
If the answer is ‘Yes’ to any of the above, your firm falls under the scope of the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 (the Regulations) and, at some point, the SRA will be contacting you, if they have not done so already.
The SRA will carry out an audit, either at your firm or desk based, and will review your policies, controls and procedures and files. They will also interview members of your staff.
If your firm does not undertake any of the above work and is not covered by the Regulations then you won’t be included in this audit process. However, there are still money laundering risks in other areas of practice and every firm, irrespective of the work undertaken, will remain liable to comply with other money laundering legislation including the Proceeds of Crime Act 2002 and Terrorism Act 2000. Therefore, it is our opinion that all firms should ideally look to voluntarily comply with the MLR 2017 and ensure that all staff are aware of their obligations.
What Should Be In Place?
You are required to maintain, and therefore the SRA may ask you to provide, the following documents:
- your firm’s AML firm-wide risk assessment (as well as evidence of it being reviewed and updated)
- your firm’s AML policy (or policies) and procedures including record keeping
- your firm’s template client/matter AML risk assessment
- data protection statements provided to clients
- copies of any independent audits on your firm’s policies and procedures carried out, to include any recommendations or follow-up action arising from them
- AML-related training records.
The SRA will also review samples of casefiles and interview staff (including your MLCO & MLRO) to ensure that your controls have actually been implemented across the practice and that your client and matter identification and verification processes are effective.
How We Can Help
We have a number of senior AML specialists who previously worked for the SRA who can assist you with, amongst other things:
- The preparation of your firm-wide risk assessment
- AML training for your staff
- AML independent audit
- AML file reviews.
AML Independent Audit
The requirement for an independent audit is set out within the LSAG AML Guidance (most recently approved by Treasury in July 2022). The purpose of the independent audit “is to examine, evaluate and make recommendations regarding the adequacy and effectiveness of the practice’s anti-money laundering and counter-terrorist financing policies, controls and procedures”. Therefore, the individual undertaking the audit must:
- be independent of the work being audited (e.g. not the MLRO/MLCO)
- have the requisite skills and knowledge of AML/CFT to conduct the audit
- be able to make recommendations about the policies, controls and procedures and file remediation.
There are no prescribed timescales for how frequently an independent audit should be conducted – this should be on a risk-based approach – however it is recommended this is conducted regularly e.g. annually. More frequent independent audits may be required where the firm’s risk profile, structure or services have changed since the last independent audit.
As DG Legal’s consultants are experts in the field, with experience of working for the SRA, we are able to conduct an external independent audit for firms to assess the effectiveness of policies, controls and procedures in place and to identify any areas requiring attention and improvement.
As explained within the LSAG AML Guidance, the MLR 2017 require that firms provide regular training to their staff and consultants on how to recognise and deal with transactions and other activities which may be related to money laundering or terrorist financing. This training should be effective in enabling staff to identify and report suspicions of money laundering and terrorist financing.
DG Legal can provide training to firms and individuals to cover the key areas outlined with the LSAG AML Guidance, including:
- an explanation of the relevant law within the context of the services and products your practice supplies
- AML/CTF ‘red flags’, risk assessment and an explanation of the risks identified in your firm-wide risk assessment
- AML/CTF policies, control and procedures including CDD and EDD as applied in your practice
- identifying suspicious activity and the processes for internal reporting and, where necessary, for making a SAR, and
- record keeping and data protection requirements.
The frequency of training is not prescribed within the MLR 2017 or the LSAG AML Guidance, however the following guidelines are outlined:
- new employees and consultants should be trained as soon as possible after joining your firm, ideally as part of their induction and before undertaking any regulated work
- all employees and consultants should receive training at regular and appropriate intervals to update on new developments and to refresh existing knowledge
- role-based AML training should be scheduled on a risk-based approach, although basic AML awareness/refresher training should be completed annually for employees and consultants
- additional in-depth training should be undertaken based on:
- any changes in legislation, regulation or professional guidance
- changes in your practice’s policies, controls and procedures, and
- changes in your practice’s risk profile and potential red flags.
All firms must maintain records of all training to outline:
- the type of training
- any course materials received
- dates of training
- names of those who attended
- results of any evaluation of training carried out.
DG Legal can offer awareness/refresher training for staff and consultants of your firm.
We can also provide more in-depth AML training focussed on the areas of work undertaken by your firm to ensure staff are aware of the key risks faced by your practice.