The SRA continue to monitor and inspect many firms’ AML compliance arrangements. Those who follow the profession’s various news services are likely to have seen several reports of late of fines being imposed on a range of different firms for any such perceived failings.
Perhaps most eye-catching of all was news that major City and international practice Clyde & Co had been fined the eye-watering sum of £500,000 for its failures to comply with the provisions of the Money Laundering Regulations 2017, with a further personal fine for the partner most closely implicated with these failures and a very substantial costs award in the SRA‘s favour as well.
Also worthy of note was the award of a fine of £100,000 against Bristol based Ashtons who had self-reported their concerns that they had developed from earlier dealings where issues of beneficial ownership and possible sanctions listings had arisen.
Meanwhile on the high street it was reported that Essex firm TTS Legal had been fined £23,216 for its work on three conveyancing files where the regulatory requirements had not been complied with. This report is also worthy of note in that the award is close to the new fining power limit that now applies to the SRA for all unincorporated firms of £25,000.
All firms will, of course, wish to avoid financial penalties wherever possible, whatever the sum may be, if for no other reason than that the adverse publicity that such awards will attract is also likely to bring with it the risk of complications when the firm comes to renew its professional indemnity insurance. The imposition of a regulatory fine will be likely to be seen as a risk factor for future business by most brokers and insurers, and the higher the fine the greater the prospect of an enhanced risk weighting in any such renewal discussions. In this respect, please bear in mind the warning notice issued by the SRA on the 18th October – “Client and matter risk assessments – Warning notice” which stated that new matter identity and matter risk assessments must be more rigorous than they have needed to be in the past, and the rather chilling warning contained in this notice to the effect that “Failure to comply with this warning notice may lead to disciplinary action, criminal prosecution, or both. Given the continued levels of non-compliance, we will consult in the coming year on fixed financial penalties for AML systems and controls failings. This will include issues such as not undertaking a client or matter risk assessment.”
The Need to Renew Risk Assessments
In the light of the above, and if it is not too late in the new year to still be considering resolutions for the year ahead, we would recommend that if it has been as long as 12 months since you have done so previously, that it would be advisable to prepare or update your AML risk assessment if, as is the case in most firms, you are undertaking regulated work. Our recently updated template for these purposes is available to Infolegal subscribers on the InfoHub.
It is also important to ensure that you have conducted a related risk assessment for proliferation finances – a topic which we dealt with in our article “Increased Obligations on Money Laundering and Financial Crime: Proliferation Risks” in March of last year. Having worked of late with several firms that have been approached by the SRA with a request that they take part in one of their AML monitoring inspections, one of the questions raised is whether a proliferation finances risk assessment has also been undertaken. Failure to have done so will no doubt be taken to be a non-compliance. It should also be borne in mind that it is better by far to deal with this, and all other AML requirements, well in advance of such a request from the SRA being received, rather than as a last minute panic in the run-up to providing the required response.
The imperative in relation to risk assessments has also just been extended to encompass possible dealings with those who are “designated persons” under the sanctions regime as controlled by the Office of Financial Sanctions Implementation (“OFSI”). See “OFSI enforcement and monetary penalties for breaches of financial sanctions” guidance published by the Treasury. SRA Guidance entitled “Sanctions Regime – firm-wide risk assessments – Guidance” was published by the SRA on 23rd January. Whilst this is not actually a mandatory process, as is the case with AML and Proliferation Finances, the existence of a well-considered sanctions risk assessment is likely to count heavily in the firm’s favour should it find itself in the unfortunate circumstances of having become involved with such a person. The SRA have issued their own rather lengthy risk assessment template which firms may wish to use, but we have now adapted our own form so that it is now one element in a three-in-one risk assessment questionnaire form addressing AML, Proliferation and Sanctions Liability risks in the same document. This document is available to Infolegal subscribers in the Infolegal InfoHub.
Topical Fines for Former Breaches
Also to revert back to the cases quoted above the dates of all of the breaches in question are worthy of note. The finding against Clyde & Co was based on dealings with a client that had been taken on by the firm in 2014, at which stage CDD to the standard then required by the earlier 2007 Money Laundering Regulations had presumably been conducted. The failings of the firm were therefore the actions not taken several years later, that is to say the failure to conduct satisfactory ongoing monitoring and in not having addressed the possible matter risks of the instructions previously received. By this stage, of course, the client was an established client of the firm. The reports on the case quote the firm as having apologised for its failings in 2018.
In the Ashtons case, likewise, the matters in question concerned acting for purchasers in 2017-2018 and TTR were judged to have failed to check the source of funds in three cases before 2020. Part of the finding in the TTR case was the fact that the firm had not had an AML risk assessment in place until early 2020, and so some time after this had become a requirement, when the current MLR 2017 took effect.
In the circumstances it seems fair to observe that the SRA was not monitoring the wider issues of AML compliance nearly as actively in the final years of the last decade as they are now most clearly doing, and nor were they through most of the pandemic incident. Perhaps if this had been the case in the immediate aftermath of the 2017 regulations, then more firms would have attached a higher priority at the time for compliance with the requirements in the way in that they are now being enforced. Looked at in this way, and considering the timelines involved, we are perhaps now witnessing something of a “heads we win and tails you lose” factor in the regulator’s favour.
Be that as it may, and on this issue in general, do be prepared.
If you would like more information about how Infolegal can assist you and your firm with any of the issues raised in this article, please contact us at enquiries@infolegal.co.uk.