The New Year has seen a growth in the number of investigations into AML processes within solicitors’ firms and has produced some significant reports in the legal press regarding fines imposed by the Solicitors Regulation Authority (SRA) on firms failing to implement AML provisions adequately. This is very much in line with the intentions expressed by the SRA in their 21-22 AML Report where they stated that they have “significantly increased the resource we dedicate to preventing and detecting money laundering” and their intention to continue in 22-23 to step up their monitoring of AML compliance.
The first two fines reported this year were in relation to firms that had not carried out a compliant risk assessment and which had therefore ‘failed to have sufficient regard for the SRA’s warning notice’. The first of these firms was fined £2,000 and ordered to pay the SRA’s investigation costs of £600 after failing a proactive AML inspection which had found that the firm in question had not put in place a compliant AML practice-wide risk assessment until 2 November 2020 and had incorrectly declared to the SRA prior to that date that its firm-wide risk assessment was compliant. The second firm was also fined £2,000 and ordered to pay the SRA investigation cost of £1,350 costs because it did not have in place a compliant AML firm-wide risk assessment until 5 August 2022 and but had stated that it was compliant over two years earlier. Both firms admitted to having failed to comply with AML rules.
The third fine, and by far the most significant one, was reported in the legal press on 18th January 2023 and related to the Oxfordshire practice of Ferguson Bricknell that had reported to the SRA that it had put in place a compliant firm-wide risk assessment when in fact it had not done so. The fine, which was possible following the change in fining powers that came into force in July 2022, was at least 10 times more than the SRA has ever issued for this type of misconduct and shows the level of seriousness that the SRA is now placing upon regulatory failures of this nature.
In their 21-22 AML Report, the SRA identified a number of themes that came out of their work with non-compliant firms. These included:
- failing to assess AML risks, either at firm level or client/matter level. Here, the SRA observed that a number of firms had submitted a false declaration when asked if they had a compliant firm-wide AML risk assessment and that several firms were not making an adequate assessment of their AML risk at client/matter level.
- where concerns existed in relation to the client due diligence (CDD) that the SRA found on client files. This included failure to identify beneficial owners (see our article “The Problems with Beneficial Ownership“) and a lack of source of funds/source of wealth information.
- not having compliant policies, controls and procedures (PCPs). This included a lack of fundamental controls (such as a failure to mention PEPs) or having references to outdated legislation, such as the Money Laundering Regulations 2007.
The SRA also referred a small number of firms to its AML Investigations Team for failure to notify the SRA that the firm was providing Trust and Company Service Provider (TCSP) work. Another issue presenting itself in this regard is that the SRA are pointing out – quite rightly – that although personal injury work as such is outside of the scope of the MLR 2017 and so is unregulated, where investments are made by way of managed trust funds, the work will become regulated instead under the provisions dealing with trust and company service providers. This is unfortunately made that much more complicated as the SRA is not able to deal with the registration of TCSPs itself, and your firm will instead need to be registered with the Inland Revenue via the SRA on your behalf if this applies to you. On this point see our Compliance Bulletin from October 2021 entitled “Responsibilities as Trust and Company Service Providers“. Please also remember that providing TCSP services without being registered as such is a criminal offence.
There has been guidance for firms on the SRA website for some time now as to what firms need to do to ensure AML compliance. This can be found, inter alia, in the SRA resource “What does my firm need to do?” which should be read by any firm intending to offer any of the services that come within the scope of the AML regulations. Notwithstanding this advice we are finding with a number of the AML compliance reviews that we have been conducting of late with firms that the SRA’s interpretation of the mandatory contents of firms’ AML policies has become ever more burdensome and specific, but that the regulator is not providing detailed guidance on all that they will require to be in place. We do therefore continue to update our model policies in the Infohub in the light of these reviews to keep up with these increasing demands and would recommend that you do cross check your own policy with our revised template to ensure that all that is now required is in place.
In order to comply with the regulations, firms should as an absolute minimum:
- carry out a risk assessment of the firm, relevant clients and matters;
- identify and verify the identities of their clients and any beneficial owners of their clients;
- identify sources of funds and wealth where relevant;
- ensure that all staff are trained as to the issues involved in AML and in particular to recognise any “red flags” that could indicate that money laundering was occurring;
- appoint a money laundering reporting officer to alert the National Crime Agency where they suspect they have encountered the proceeds of crime;
- where relevant to the size and nature of the business, undertake an independent audit, screening staff, and appointing a money laundering compliance officer (MLCO) to supervise the firm’s compliance work.
Infolegal can assist you firm with its AML compliance. Subscribers to the Infolegal InfoHub have access to a range of compliance materials including risk assessment guidance, draft AML policies, forms, factsheets and guidance notes and AML training courses providing information on all aspects of AML including CDD, risk assessments, source of funds, identifying beneficial owners, sanctions, dealing with PEPs and much more.
For more information go to our anti-money laundering section on this website or contact us on 0203 371 1064 or email us at firstname.lastname@example.org. In addition, Infolegal Director Matt Moore, who has provided training and advice on this topic ever since it first became a live compliance concern for law firms following the coming into force of the Proceeds of Crime Act 2002 and the early version of the Money Laundering Regulations 2003, and who has also written a number of books on the subject, is pleased to provide advice if required and has conducted a number of AML audit reviews for larger member firms in particular or those that are facing SRA monitoring visits. Please contact him at email@example.com if this might be of interest to you.