Anti-Money Laundering (AML) compliance is more than a regulatory checkbox for legal firms in the UK. It is a vital step in ensuring the integrity of the legal profession and maintaining public trust. The underlying aim of wider AML regulations is to prevent the proceeds of unlawful activities from being laundered to legitimise their illicit origins.
Solicitors and legal firms often deal with large financial transactions, property conveyancing, and trust management. These activities could be easily abused by criminals aiming to legitimise ill-gotten gains. A lack of diligence may inadvertently involve solicitors in serious crimes, damaging the reputation of the firm in question and profession as a whole.
As pillars of justice and legality, firms have a responsibility to prevent the misuse of their services. Ensuring AML compliance ensures that the services provided by solicitors are not misused for illicit purposes, thereby upholding public trust.
Financial crimes such as money laundering, terrorist financing, and tax evasion have severe societal impacts. They can destabilise economies, erode public trust, and even fund dangerous criminal activities.
Non-compliance can not only lead to heavy penalties,but also legal proceedings, and serious damage to a firm’s reputation. As such, having proper AML procedures protect not only the firm but also clients who could unknowingly be associated with financial crime and fraud.
Guidance from the Solicitors Regulation Authority (SRA) on firm risk assessments
The Solicitors Regulation Authority (SRA) is the regulatory body for solicitors in England and Wales, providing guidance for firms when conducting risk assessments for AML compliance.
This guidance loosely covers:
Tailored risk assessments: Each firm should have a risk assessment tailored to its individual circumstances, reflecting its client base, areas of practice, and methods of service delivery.
Regular updates: Risk assessments should be updated regularly to adapt to changes in the firm’s operations, client base, or external factors.
Identification and verification processes: Firms should have robust procedures in place to identify and verify clients, understand the nature and purpose of the client relationship, and monitor for changes or inconsistencies.
Training and awareness: All relevant personnel should undergo regular training to ensure they are aware of AML requirements and are equipped to spot and report potential red flags.
Record-keeping: Comprehensive records of client due diligence and risk assessments must be kept for a specified period.
Internal controls: Firms should designate a person responsible for AML compliance, establish clear reporting lines, and regularly review and update internal procedures.
Updated guidance for risk assessments in September 2023
As part of wider SRA activities, the regulator frequently conducts reviews of the firms it oversees through inspection and desk-based reviews.
While the regulator has recognised that most firms do have risk assessments in place that meet its expectations, some are falling short. Having a firm-wide risk assessment has been a requirement of regulated firms since 2017.
In its 2021/22 reviews, the SRA found that 10% of firms “did not properly consider the potential money laundering risks associated with how their services are delivered” (Solicitors Regulation Authority) and recommended that firms familiarise themselves with money laundering regulations and requirements.
The regulator issued a number of recommendations and reminders earlier this month for firms conducting risk assessments.
Using templated risk assessments
While the SRA doesn’t discourage the use of template risk assessments, the regulator stresses the importance of ensuring that any templates are tailored to the firm in question. Risk assessments must reflect the firm’s profile, its size, the sector within which it operates, its services, and clients.
Know the difference between matter and firm risk assessments
In its most recent review, the SRA uncovered that firms often confused matter risk assessments with firm-wide risk assessments.
Matter or client risk assessments are linked to a specific client and should evaluate the risk of money laundering with that particular client or matter, informing the level of due diligence and monitoring required.
Firm-wide risk assessments however, evaluate the money laundering risk that a firm is exposed to in its entirety. These risk assessments should outline the processes being taken to mitigate any risks identified.
Including proliferation financing in firm-wide risk assessments
Proliferation financing refers to the act of providing funds or financial services that are used, in whole or in part, to manufacture, acquire, transport, develop, or use nuclear, chemical, or biological weapons and their means of delivery.
While the SRA acknowledges that the risk of proliferation financing for firms will likely be low, it may be higher in firms providing services to sectors including trade finance, commercial contracts, commodities, aviation, military and defence.
Regardless, the SRA advises firms to carry out risk assessments that evaluate the risks of proliferation financing to their businesses as part of firm-wide risk assessment processes.
Dealing with PEPs
The latest guidance around working with politically exposed persons (PEPs) reinforces the importance of a clear understanding of what constitutes a PEP. While firms are at liberty to decide their own appetite to risk, having complete understanding of who is or isn’t a PEP is important
PEPs are not just those that are MPs or involved in politics. PEPs can also be those related to executives of state owned companies and even certain religious leaders such as bishops.
The SRA reminds firms the importance of having a clear, well-defined understanding of what a PEP is and isn’t, as well as comprehensive due diligence processes if, and when, firms are acting on their behalf.