The SRA issued a revised and updated AML risk assessment for the Legal Sector on the 31st July. For those who doubt the relevance of this to their firm it should be remembered that the requirement for firms to conduct and keep under review an AML risk assessment on their firm must take on board the like exercise by their regulatory body. The SRA is then required to address the national risk assessment that has been created by the UK Government. This will mean that any references to the SRA’s sectoral risk assessment will be likely to enhance your firm’s own version when it is next updated.
In general terms the report states that “the money laundering risk for the sector is assessed to have remained high with no significant change in vulnerabilities since 2020”. There are nonetheless numerous comments and warnings that then accompany this general statement.
There are, in particular, numerous references to the many negative international developments of late that might have an impact on firms here even if they do not generally act for international clients. One such example is the collapse of the Sheikh Hasam regime in Bangladesh which has apparently led to an exodus by a number of politically exposed persons looking to purchase properties within the UK in particular. This is accompanied by a warning as to the use of offshore companies or accounts to disguise the true nature of any such underlying beneficial owners.
The SRA also add that amongst the most common failings that they have experienced in their monitoring visits and inspections are poor client account controls. They highlight in particular the provision of banking facilities to clients in breach of rule 3(3) of the Accounts Rules, and also retaining client funds for too long after the close of the matter.
Not investigating the CDD evidence that is submitted to the firm carefully enough is also mentioned, as where the photo evidence that is presented is of someone who is clearly of a different generation altogether to the person who has presented it.
There is also a warning as to the changing structure of many firms and the growth of remote working which has become more commonplace since the onset of the Covid lockdown. There is seen to be the risk of poor CDD controls as a result of the looser levels of supervision that are then likely to follow. Most chillingly of all is the comment that AI deepfake technology could make the impersonation of others increasingly difficult to assess. Although not referred to here there was a report some time ago of a bank official in Hong Kong who attended a virtual meeting of the senior management team who instructed him to make a transfer of many millions of dollars, save that the meeting was a hoax and the representatives were merely avatars.
A good deal is also said on the possible involvement of politically exposed persons (PEPs). A change was made to the level of checking required on UK based PEPs as opposed to those who are based elsewhere in 2020, but quite what this has meant in practice has been hard to assess as the need for enhanced due diligence continues to be required. There is also a warning as to the risks of taking an overly simplistic approach to the risks of PEPs based in higher risk jurisdictions. Be that as it may there would clearly be risks in failing to identify PEPs if the firm just uses the checking of documentary evidence for its CDD controls rather than electronic verification as well or instead.
Other than this there could perhaps be an element of contradiction in the advice that the diffusion of responsibilities for the CDD process can lead to risks being missed. On the other hand they state that all of the fee earners and management team should be encouraged to see AML compliance as their own responsibility. This would accord with the approach of the SRA’s City team who will see junior lawyers who join the substantial teams of lawyers working together on the most substantial matters as being as responsible for CDD as the partners or directors who are taking the lead on them.
Other than this there is little said on the linked issue of proliferation risks for which all regulated firms must also have a risk assessment. It is admitted that this is unlikely to arise for most firms but there is a warning of dual use products that might be used to create weaponry such as agricultural fertiliser. So far as the other closely linked topic of sanctions controls is concerned this should not be seen to be exclusively an issue for foreign based concerns and the now banned Blood and Honour group is quoted in this respect.
If you are not an Infolegal subscriber and you would lioke assessment with your AML compliance then please contact Matthew Moore at mattmoore@infolegal.co.uk