HM Treasury MLR Review
It was announced at the end of June that HM Treasury is to review the Money Laundering Regulations (MLR) that apply to the great majority of firms later this year. We are promised “clearer and more proportionate” regulations in an attempt to boost the professional services sector. Few will argue with the stated aims and intent, even if we might be excused a certain “wait and see” approach to judge the eventual value of what should now follow.
The HM Treasury response published on 1 July follows a consultation on proposals to improve the effectiveness of the MLR, which place requirements onto a range of businesses to identify and prevent money laundering and terrorist financing. That consultation lasted from March to June 2024. That response mentions lawyers only briefly but promises to implement reform through a draft statutory instrument by the end of the year ‘if parliamentary time allows’. The SRA has, according to the Law Society’s Gazette, promised to “work with other supervisors, and HM Treasury, to put these changes into action, and look forward to engaging with the government as they work to further streamline the regulations”.
Solicitors who come within the scope of the MLR will find the consultation response particularly relevant since, among the areas discussed are:
- Proposals to make customer due diligence (CDD) requirements more targeted and proportionate. This could in turn lead to a more streamlined processes – for example applying enhanced due diligence (EDD) only to transactions deemed to be unusually complex.
- Expanding the list of low risk factors that might trigger SDD.
- Ensuring far more that anti-money laundering obligations are made to be proportionate to the risks faced by different types and sizes of legal businesses.
- Taking steps to clarify the scope of the MLR as well as ensuring that any guidance produced is both coherent and tailored to the legal profession’s specific needs.
As if this wasn’t enough potential change, the Treasury has also published its “National Risk Assessment of Money Laundering and Terrorist Financing 2025” and guess what? Solicitors remain at ‘high risk’ of being exploited by money launderers. The report states at paragraph 5.195 that “Legal Service Providers that offer a combination of legal services, such as solicitors, are at the greatest risk in the legal sector”.
The report states at paragraph 5.193 that:
“Criminals are often drawn to legal service providers due to the veneer of legitimacy legal professionals can offer due to perceptions of the sector’s integrity.”
The report goes on to say that:
“Criminals may use a combination of legal services to frustrate due diligence efforts and complicate transactions. Whilst criminals typically seek to use a single lawyer or firm, ultra-high-net worth criminals wishing to avoid scrutiny may employ the services of several firms. This can make it more difficult for a single LSP to identify illicit activity, particularly where inadequate source of funds checks are performed.”
The message that undoubtedly comes across is, however, that AML compliance requirements are not likely to get any easier. The report makes particular mention of those legal professionals who “are complacent, take a ‘tick box’ approach to compliance, or lack sector specific knowledge and/or training on the money laundering threat, the risk of the services provided being exploited increases”. The report singles out conveyancing as “an inherently high risk activity” as is the provision of trust or company services.
No actual harm
A further consideration, however, is that the problems that surround AML compliance for law firms are not so much based on the wording of the current regulations so much as the way in which they have been interpreted and enforced by the SRA. Hardly a week goes by without a report appearing somewhere in the legal press of often eye-watering fines being imposed on firms for failure to comply with the regulatory obligations or, more precisely, the SRA’s interpretation of how firms should have complied with the MLR.
Concerns have also been expressed that a familiar by-line of most, if not all, recent reports is that there was no evidence of any money laundering activity having been conducted through the firms in question. Add to this that the awards often date back to previous years, when the SRA was not policing this aspect of practice nearly as actively as is now the case, and the outcomes can seem even more unjust.
Take, for example, the recent report of a firm that was fined £64,000 for their past failures to comply with the regulations “from June 2018 to May 2024”. In the SRA’s view, the actions of the firm amounted to a serious breach and had “the potential to cause harm to the public interest and the level of public confidence in the legal profession”. As in most other such reports there was a reduction to the initial sentence imposed to take account of “mitigation” – usually in the format of what was deemed to be a suitable apology and admission of fault. More importantly, however, and as in most other cases, there was no evidence of any actual harm having been done.
In another report from earlier this year a firm in the south east received a fine of £77,784 for, as reported in the Gazette, failing to comply with the rules on client checks for three years until November 2024. The required humble pie had again been expressed with the firm having shown remorse and then admitting and remedying the breaches. Once again there was no evidence of any harm having been suffered by clients or others, or of any financial gain by the firm.
Historic Failing
As to historical breaches it was reported in 2023 that national firm Ashfords had been fined £101,357. This followed their self report to the SRA that they had become suspicious about three transactions conducted in October 2017-March 2018, and so in the early days of the MLR 2017 taking effect. Here they had subsequently established a potential link between one of the beneficial owners involved and an entity that was subject to UK sanctions.
It is also worth noting that in this case part of the financial penalty related to the failure of certain fee earners concerned in the matter at the time, to have undertaken AML training. The importance of arranging AML training initiatives and then ensuring that credible attendance records continue to be available cannot be stressed too strongly.
At a more mundane and less costly level the experience of many firms from the monitoring inspections can often be demoralising. Familiar findings include firms being faulted for not stating that if adopting new IT technology in the future the firm will review its AML risk assessment. Whether it will actually remember to do so at a later date is, of course, open to question.
The need for due diligence
Another familiar failing requiring corrective action will be to distinguish between the level of enhanced due diligence that will be applied to domestically based politically exposed persons as compared to those who are based overseas. This seems to surface in reviews of general firms even though they have never had any dealings with any PEPs and nor are they likely to do so in the future. What was therefore introduced as a concession to recognise the different threat levels that might exist between those concerned the UK and elsewhere has been adopted by the SRA to find fault with firms regardless of the near theoretical nature of the point in practice for such firms.
The final chestnut to mention in this regard is the admonishment that a firm might expect if it fails to state that it will not undertake CDD by means of reliance. This is the formal process set out at r.39 MLR 2017 whereby a firm might skip undertaking its own CDD if it has a formal relationship with another regulated firm that their CDD evidence might be relied upon instead. Quite apart from the rather cumbersome formalities that are required if any such arrangement should take effect the law firm will also be held liable for any failure of the other organisation to have retained the evidence so that it can then be produced. Fear not, by the way, if merely requesting copy documents from elsewhere for you to undertake your own CDD and as envisaged by r.28 as this will not be regarded as being reliance.
Be that as it may very few firms will ever consider entering into such arrangements but the SRA will still nonetheless expect a policy statement that they will not do so. It should fairly be stated that this is one of the items that should be contained in the firm’s “policies controls and procedures” in accordance with r.19(3) MLR 2017 but surely this should only be required if it was intended that such arrangements would actually be adopted.
As for the future
So, we might hope for the best in any future regulatory reviews but it is probably realistic to continue to fear the worst. The continuing increase in enforcement measures has been in place for some time now, with yesterday’s less detailed risk assessments and policies now being unlikely to be considered satisfactory. Most firms will not be fined for the more mundane breaches even if they are “referred to disciplinary”. There are better prospects of emerging with a clean bill of health if including verbiage of little direct relevance to the firm itself but at the expense of making the more important aspects of that policy less accessible to all within the firm. As such the longer policies could fairly be seen to have the potential to do more harm than good.
All in all, simplify the regulations by all means, but until a more proportionate approach is adopted by the regulator this will be unlikely to achieve a great deal to allow firms to adopt better targeted and more effective policies.