Kayleigh Smale, Author at Teal Compliance

What does an AML audit involve?

Anti-Money Laundering, Audit, Blogs, Legal Compliance / Kayleigh Smale

We love an AML audit and really enjoy reviewing law firms’ policies and procedures to see the different approaches they take in respect of AML. Most of all, we find it extremely interesting to see how a firms’ culture surrounding compliance is changing.

In this blog, we delve into what an AML audit is, and what an AML audit involves.

What is an AML Audit?

The AML audit process is a way to strengthen or improve a firm’s AML programme. It is a way of assessing whether Firm’s AML policies, controls and procedures are up to date, comply with The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR) and are functioning in practice as intended.

What's the purpose of an AML audit?

The purpose of the Audit is to:

Examine and evaluate the adequacy and effectiveness of the policies, controls and procedures adopted by the Firm to ensure compliance with the requirements of the Money Laundering Regulations;
Make recommendations in relation to those policies, controls and procedures; and
Monitor compliance with those recommendations.

Why conduct an AML audit?

There are two types of audit:

Mandatory Audit

Regulation 21 of the MLR requires a relevant person, where appropriate to the size and nature of the business, to establish an independent audit function. This does not necessarily need to be an external audit, however, it will need to be conducted by someone in the firm who is independent of the Risk/Compliance/Anti Money Laundering (AML) function, but equally has enough AML knowledge to be able to conduct the audit. It is important to note that any findings in an Audit Report carried out under regulation 21 are disclosable to the Regulator.

Non-Mandatory Audit (Internal Audit)

A Firm may choose to conduct an internal Money Laundering Audit as routine procedure, being a way of checking whether the Firm’s policies, controls and procedures are up to date and comply with the MLR. The Audit report in these circumstances would remain for internal purposes only and confidential to the firm.

What's does an AML audit involve?

There are four stages involved in an AML audit:

1. Review of policies and procedures

Firstly, a review of all the firm’s AML policies and procedures, Firm Risk Assessment and the Firm’s matter-based Risk Assessment is conducted by the auditor.

When carrying out the review the auditor will assess whether the firm’s AML policies and procedures meet the requirements of the MLR.

The auditor will use a list/table of each specific regulation and check this against the firm’s AML policies and procedures to confirm whether or not the firm has met that requirement.

2. Test

As part of the audit the auditor should test the knowledge, understanding and application of the firm’s processes. This is normally tested through staff interviews and matter file reviews.

Interviews

Interviewing staff will help the auditor assess the staff’s knowledge and understanding of money laundering, money laundering red flags and the firm’s processes.

File reviews

The auditor will carry out a review of files and assess whether the matters comply with the firm’s AML policies and procedures.

The auditor may also request to review some closed files. Reviewing a closed matter will assist the auditor in assessing whether there was on-going monitoring of risk and whether the completion instructions to accounts included information as to risk.

3. The Audit Report

The audit will result in a written report on whether:

The firm’s risk assessment and AML policies, controls and procedures comply with the minimum requirements of the MLR.
Changes which are required as a result of deficiencies identified (if any).

The audit report should:

Set out the law (what specific regulations of the MLR were checked against).
Explain what was examined for that specific regulation.
Document findings of areas of compliance and non-compliance as well as identifying areas for recommended improvement in behaviour and practice. It should be made clear which areas the firm is compliant, non-compliant or partially compliant.
Include an indication of where there are potential failings and a recommended course of action.

4. Review

The firm should conduct a review following an implementation period to establish compliance with the recommendations. As part of the review the auditor will be assessing whether the recommendations have been carried out and whether there is any evidence to show whether they are effective.

Get in touch

If you would like to discuss this further or feel your firm requires an independent AML audit, please get in touch and we’ll be happy to help.

What does an AML audit involve? Read More »

Anti-Money Laundering – What to expect from an Independent Audit

Anti-Money Laundering, Audit, Blogs, Legal Compliance / Kayleigh Smale

Regulation 21 of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (otherwise known as the Money Laundering Regulations) requires that regulated firms implement certain controls where it is appropriate to the size and nature of the firm. One of those controls is to establish an independent audit function.

The size and nature test requires some objective thought and firms are directed by the Legal Sector Affinity Group’s Guidance to consider a number of factors including the number of staff and offices your firm has, your client demographic, and the nature and complexity of work you undertake. The Solicitors Regulation Authority’s take on it is that most firms (but not all) will need an independent audit. In its latest AML Report of October 2021, the Regulator found that a high number of firms visited (49 out of 69) failed to implement an independent audit where required. For those firms where an audit had been carried out, some common areas of concern were that the reviews were not sufficiently thorough or lacked an element of testing, they weren’t independent, and firms had not implemented the recommendations in a timely way. Such concerns could lead to firms being referred to the SRA’s Investigations Team.

So if you have considered the size and nature test and determined that you need an independent audit, what should you expect from your review? It is key that your audit:

- Is independent from the people in your firm who are involved in setting and following the policies. The Regulations don’t prescribe that your audit must be carried out by a third party; but consider whether you are of a sufficient size to be able to resource a truly independent audit. Do you have staff with the right knowledge and capacity to carry out the audit? Even larger firms who have an audit function may find they do not have the necessary experience in AML.
- Is adequate in its scope and depth in order to give the firm assurance that the policies, controls and procedures they have in place are working. It should include a review of the existing documentation including firm and matter risk assessments and training plans, and a detailed review of how those processes have been implemented through file reviews and interviews with staff members to test understanding. The frequency of the audit should also be considered. Many firms decide to carry out an annual audit based on the size and nature test, but you may also consider focusing more frequent audits on higher risk areas as identified in your firm-wide risk assessment.
- Effectively identifies where processes are working well and roots out any problems with the process or where the process is not being followed. This means having the right person with the right expertise to carry out the audit so they know what they are looking for. It means carrying out an adequate number of interviews and file reviews across all locations and matter types so the Auditor can get a good feel for the firm and the types of issues that are occurring. Staff members from your fee earning teams, finance and any centralised onboarding teams should expect to be interviewed, along with the firm’s MLRO/MLCO. You may also consider focusing more frequent audits on higher risk areas as identified in your firm-wide risk assessment
- Provides feedback on where the firm’s current policies and procedures are not meeting the requirements of the Regulations and makes recommendations for improvement. A written report will provide you with the evidence that an independent audit has been carried out should the Regulator ever ask you for that information. The report should clearly set out the actions that should be taken to rectify any non-compliance. Recommendations should be implemented in a timely way and you should keep a record of the actions taken to meet the recommendations.
- Is part of an ongoing monitoring process to help you continually evaluate and improve compliance with the Regulations. Keep records of independent audits carried out for future reference and to evidence a robust auditing regime.

There is no doubt that an independent audit requires some forwarding planning and investment in resources, whether that be internal resource or if you plan to engage an independent firm to carry out the audit on your behalf. It’s not a tick box exercise. Senior level commitment to the importance of implementing good anti-money laundering controls is therefore crucial and sets the tone for the firm and for the staff whose files may be reviewed or who may be interviewed as part of the audit process. But the reward for your investment is obtaining a real learning opportunity to understand what your firm is doing right and where it can make improvements and effectively manage money laundering risks.

Get in touch

For more information about our independent audit service, get in touch with our experts today.

Photo by Scott Graham on Unsplash

Anti-Money Laundering – What to expect from an Independent Audit Read More »

What is a Politically Exposed Person (PEP) and how do I know if my client is one?

Anti-Money Laundering, Blogs, Legal Compliance, Regulatory Compliance / Kayleigh Smale

The SRA expect solicitors and firms to continue to meet the high standards the public expect (which includes upholding the rule of law). It’s therefore important to ensure that all staff are aware of their obligations when onboarding clients, and this includes understanding what a politically exposed person is.

On a number of occasions, we’ve seen panic set in as soon as someone sees the words “match” for their client on a politically exposed person screening request, but there’s no need to panic! Just because someone is classified as a politically exposed person does not necessarily mean they are a “baddie”!

What is a politically exposed person and why are they considered high risk?

A politically exposed person is a person who is or, within the last year, has been a:

Head of State/Government
Minister
Assistant Minister
MP
Member of judiciary
Member of Courts
Member of Auditors
Member of boards
Member of central banks
Ambassador
High-ranking officer in the armed forces
Member of administrative management
Member of supervisory bodies
Member of state-owned enterprises Member of governing body of a political party
Board of an international organisation (for e.g. FIFA)

In addition, a person will also be classified as a politically exposed person if they are:

A member of a politically exposed person’s family
A known close associate of a politically exposed person (whom the politically exposed person is in business with)
A beneficial owner of the politically exposed person’s property (someone who enjoys the benefits of ownership even though the title of the property is in another person’s name)

Why is a politically exposed person deemed high risk?

A politically exposed person is deemed high risk because they generally present a higher risk for potential involvement in bribery and corruption due to their position and the influence that they may hold.

Therefore, the main aim of applying Enhanced Due Diligence (EDD) to work involving a politically exposed person is to mitigate the risk that the proceeds of bribery and corruption may be laundered.

A politically exposed person is also an easy target for identity theft due to a great deal of their personal information being publicly available.

How do you find out if your client is a politically exposed person?

The best way to check whether someone is a politically exposed person is through politically exposed person screening solutions (PEP screenings) online. Many firms already have electronic verification which will normally include PEP screening as part of the checks that are carried out. Some online screening solutions will also provide additional information, such as adverse media and any criminal conduct – a good way to check whether your politically exposed person is a “baddie” or not!

Don’t forget Google, it is amazing what information you might find from a Google search.

The Regulations

Regulation 33 (1)(d) of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) states that EDD is required in situations where the client is a politically exposed person, or a family member or known close associate of a politically exposed person. Therefore, it is important to establish whether or not your client is a politically exposed person at the outset.

In addition, under Regulation 35 of the MLR 2017, if your client is a politically exposed person you must:

Get senior management approval for the business relationship
Take adequate measures to establish the source of wealth and source of funds
Closely monitor the business relationship throughout

Get in touch

If you need any assistance when dealing with a politically exposed person, please get in touch and we would be happy to help.

Take a look at the compliance services we can offer or alternatively, get in touch with one of our experts.

What is a Politically Exposed Person (PEP) and how do I know if my client is one? Read More »

Who should certify client identification documents and what should they check?

Anti-Money Laundering, Blogs, Legal Compliance, Regulatory Compliance / Kayleigh Smale

Some of the certifications I’ve seen on client identification documents that fee earners have uploaded as part of their client due diligence checks, have led me to raise an eyebrow.

One of my favourites was a document certified by someone whose occupation was detailed as “Retired”!

Having worked in Risk and Compliance for over 7 years, one question I would regularly hear was “who can certify my client’s identification documents?”.

Firms will have different policies and procedures in respect of this. However, it is worth considering the following points when deciding whether you are happy to accept the certification on a document:

Is the person certifying the documents a professional person or ‘of good standing’ i.e. are they regulated, or do they work in a position of trust?
Is the certifier easily identifiable?
Would you be able to contact the certifier if needed to verify their certification? A bank, building society or post office official could move jobs/professions, making it difficult for you to contact them.
Does the certifier have the relevant skills to know whether what they are certifying is a true original document?
Has the document also been certified as a true likeness?

The majority of firms only accept certified client due diligence documents from a professional regulated person for example a solicitor, a banker or a notary. The reason for this being that they are then able to demonstrate to the relevant authorities, if necessary, that the person in question who certified the documents was of “good professional standing”, easily identifiable to contact if necessary and competent at document inspection and imposter detection.

We had a query a couple of months ago as to whether documents must also be certified as a “true likeness”. My view is that this wording should be used where the document being certified contains a photograph. If the certifier does not stamp a document containing a photograph with the wording a “true likeness”, and states a “true copy” then they are suggesting that they have ONLY seen the original document and therefore the individual who the document relates/belongs to was not present at the time the document was certified. This, to me, defeats the whole point of getting documents containing a photograph certified in the first place!

If you come across documents containing a photograph that are only certified as a “true copy” it is worth double checking with the certifier that the individual was present at the time the document was certified or that the certifier has met the individual in person previously and can confirm that it is a true likeness.

Don’t forget to make sure the document being certified is in date – It’s surprising the number of times I have seen client identification documents that have expired but have been recently certified.

Get in touch

If you’d like to know about how our services can help, please get in touch with our experts today.

Who should certify client identification documents and what should they check? Read More »

Hand holding a small plant against the sky

SRA Standards and Regulations 2019 – Principle 4 To Act with Honesty

Blogs, Legal Compliance, Regulatory Compliance / Kayleigh Smale

The much-anticipated SRA Standards and Regulations 2019 have been live since 26th November 2019 and I am sure many law firms are still racing around updating policies and training staff on what this means for them.

The Solicitors Regulatory Authority (“The SRA”) have driven this change to the Regulations with a view to enabling innovation, growth and increased competition in the legal market, something which the legal sector seems to be falling behind on compared to other sectors. Not much has changed in the Regulations, as the SRA’s main aims were to make simpler rules which were focused on higher professional standards as well as making it easier for law firms to make their own decisions and have more flexibility in how they deliver their legal services.

The SRA have however made a few significant changes to the Principles. One being the addition of Principle 4 “You Act with Honesty”. But what does this mean for you?

It is important to highlight that the Principles apply to everyone who is employed by a law firm. This includes paralegals, support staff and managers, it does not just apply to Solicitors. This isn’t something new, however I feel this is something that isn’t always communicated to non-qualified staff. I have worked in several law firms and out of all those firms, only once was I made aware that the Principles applied to me. Even then I still didn’t really understand the importance and implications of this. It’s therefore crucial that law firm employees are given the necessary training so that they understand their obligations under the Principles.

The question is, why has the SRA added the Principle to act with honesty when there is already the Principle to act with integrity? The SRA recognises there is an overlap between Principle 4 “You Act with Honesty” and Principle 5 “You Act with Integrity”, however they have explained that a person can lack integrity without necessarily being dishonest and have said “The concept of integrity is wider than just acting dishonestly”.

To act dishonestly is a very serious matter, as a finding of dishonesty is likely to result in a solicitor being struck off. If an employee who is not a solicitor is found to be dishonest, the SRA can disqualify them from working in a law firm.

Only recently, the Head of Operations at international law firm Schillings was disqualified from working in the profession after he was caught selling mobile phones belonging to his employer. 95 mobile phones were sold for a total of £13,547, which the employee kept for himself. He is now disqualified from acting as the head of legal practice, head of finance and administration, or as a manager of any licensed body. He is also disqualified from being employed by any licensed body. A case which makes it clear to all employees that not adhering to the Principles can significantly affect your whole career!

So, what actions do the SRA consider to be dishonest? They have provided a few examples in their guidance which include;

Backdating or creating false documents – Whilst the SRA understand there are normally mitigating factors for this type of action, such as inexperience and stress, given its seriousness, the SRA have said that this cannot be a justification to act dishonestly
Taking or using someone else’s money without their knowledge or agreement
Lying to or misleading someone – In a recent case, a solicitor of 12 years was struck off for misleading his clients. For 6 weeks he told his clients he was awaiting a response from the court in respect of their application, when in fact he hadn’t even submitted the application. In his evidence he said that he was under enormous amounts of pressure and was too ’embarrassed’ to admit he was struggling
Giving false information to their firm’s insurer
Misleading a court, tribunal, regulator
Lying on a CV and misleading partners in their firm – Earlier this year a paralegal was banned from working for any regulated firm without the SRA’s permission after claiming on her CV she had a first class LLB law degree and had completed the Bar Professional Training course, when this was not true.

When considering if conduct is dishonest, the SRA have said that they will apply a two-stage test;

What was the individual’s genuine knowledge or belief as to the facts at the time?
In view of their knowledge or belief at the time, was their conduct dishonest by the standards of ordinary decent people?

BUT….. it is important to remember, even if someone is not found to have acted dishonestly, they may still be considered to have lacked integrity.

Below are a few suggestions to assist your understanding in this area;

Read the SRA guidance note on Acting with Honesty which has some useful SRA examples to help understand their approach.
Ensure your firm and all your employees are given the necessary training so that they understand their obligations under the Principles. It’s not always made clear to non-qualified staff that the Principles also apply to them.
Remember mitigating factors such as stress, inexperience and pressure can change the way in which someone would normally behave. This could be a trigger for them to act in a way that the SRA would deem as “dishonest”. If you are an employer, look after your staff and ensure they have the support they need to avoid this happening. If you are an employee and you feel like you are struggling, don’t feel embarrassed to ask for help, it’s likely there are others who feel the same as you do. Just keep in mind its ultimately your career that is at risk if you don’t speak up.

Get in touch

For more information about our services and how we can help, get in touch with one of our experts today.

SRA Standards and Regulations 2019 – Principle 4 To Act with Honesty Read More »

Two front doors. One with a correct number and one with a made up number

Preventing a repeat of Dreamvar

Anti-Money Laundering, Blogs, Legal Compliance, Regulatory Compliance / Kayleigh Smale

Dreamvar – more than a year on …….. so, what has changed?

It’s likely most conveyancers will shudder when they hear the name Dreamvar. It’s the case that changed the liabilities and responsibilities of lawyers and conveyancers when dealing with residential property transactions. But in practice, what has actually changed since this case?

Firstly, a brief background for those unfamiliar with the details of the case. The case involved the liability of solicitors in cases of identity fraud. A fraudster posed as the seller of a property in London worth about £1million and succeeded in selling the property to an innocent buyer, Dreamvar. Once the property was sold the fraudster seller and the purchase monies disappeared. Dreamvar went on to sue his solicitor, for negligence (in contract and tort) and for breach of trust. He also sued the fraudster seller’s solicitor in negligence, for breach of warranty and breach of trust.

The High Court ruled that only Dreamvar’s solicitor could be liable and dismissed all claims against the fraudster’s solicitors. This seemed a little harsh given the solicitors acting for the fraudster had not taken sufficient steps to verify their client’s identity as required by the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.

The case therefore eventually made its way to the Court of Appeal. The Judge ruled the solicitors representing the fraudulent property vendor should share responsibility along with those representing the duped buyer of any losses. The Court of Appeal ordered both firms involved to make financial contributions.

However, it wasn’t just the solicitors involved that were in the firing line, the Law Society was also criticised. The case discussed the Law Society’s Code for Completion by Post (“The Code”) and argued that its processes did not consider the prospect that a sale is not genuine.

The Law Society agreed that their Conveyancing Protocol (“The Protocol”) and The Code needed updating and confirmed they intended to take the courts comments into account when making the amendments. And true to their word, the Law Society updated The Code and The Protocol this year.

The Law Society have made it clear that there are no changes in substance to the Code. Their revisions to the Code aim to make it clearer that the seller’s solicitor only gives undertakings where there is a genuine sale, thereby providing better protection for purchasers.

Similarly, with The Protocol the Law Society confirmed the number of steps have been reduced, however the obligations under the Protocol remain the same. They have made some procedural changes that you should be aware of, especially if are acting for the seller. In particular, the Protocol now states that Solicitors in CQS firms who are acting for the seller must

Obtain instructions for dealing with remittance of gross/net sale proceeds and details provided by the seller of UK bank account for remittance of proceeds. Obtain evidence that the bank account is properly constituted as an account conducted by the seller for a period of at least 12 months. Confirm that remittance will be made to that account only.

This means the solicitor must, if they are a CQS firm, request details of the bank account for the sale proceeds and they must also obtain evidence that the account belongs to the seller, showing that they have had and been using the account for at least 12 months.

This is a great way to ensure the purchase funds are going to the correct person! Only last month a woman named Sarah Broadbelt was jailed for 20 months for fraud and possessing a false identity document, after she sold a property for £75,000 back in 2015, without the real owner knowing. This case shows the lengths criminals are willing to go in order to commit this type of crime. Broadbelt went as far as changing her name by deed poll to that of the property owner’s so that she could apply for a passport and open bank accounts! That is real dedication!

Had the new Protocol and Code been in place (and been followed) it would have been far more difficult for Broadbelt to pose as the real owner of the property given that she, as the seller, would have been required to provide at least 12 months bank statements to show that not only was the bank account in her name, but it had also been in use by her for those 12 months.

So, what should you be doing now?

If you haven’t already, review The Protocol and The Code and ensure you have the right policies and procedures in place to enable your staff to follow them – do your firm and staff know about the need for further details about the seller’s bank account?

Don’t forget to communicate the changes to the relevant staff – there’s no point in updating policies and procedures if no one is told they have changed (they don’t have a crystal ball!)

Even if you are not CQS Accredited, it is good practice to follow The Protocol and The Code, it is not only there to protect your client and your firm but you as their solicitor/conveyancer too!

Get in touch

If you’d like to know more about the services we have to offer, get in touch with one of our experts today.

Preventing a repeat of Dreamvar Read More »

Conflict checking – Are law firms getting it right?

Blogs, Legal Compliance, Regulatory Compliance / Kayleigh Smale

Having worked in several different law firms over the past 10 years, it has been interesting to see how each firm has dealt with conflict checking differently.

Many medium to large law firms have teams running conflict checks for the firm. From my experience however in many of these firms the individuals running these conflict searches are simply looking for a match in data. But…. are they given enough training on the legal concepts surrounding conflicts of interest to really know what to look out for and to identify conflicts and potential conflicts.

Most smaller firms don’t have the resources to have a dedicated team to deal with conflict checking and it is therefore the responsibility of the fee earner to conduct a conflict check themselves. However, as a fee earner, is this “non-chargeable time” spent actually checking all the relevant parties? In some cases I fear not!

When I first started my legal career I worked as a paralegal dealing with debt recovery matters. I worked for a smaller firm so responsibility for conducting conflict checks was on me, which, having never been given any real training, proved quite difficult. Because of the lack of training I ended up opening a file and suing one of our client’s subsidiaries … whoops!

It is important to remember however that a conflict check is only as good as the data stored in a firm’s case management system. Firms need to make sure they have enough controls in place to ensure they are capturing the correct data for a conflict check to be properly carried out and have any value.

It then comes down to how a potential conflict of interest is dealt with. When I was buying my first property, I was informed by the estate agent that the Seller had instructed the same solicitor as me, but that this was “fine” because the Seller’s solicitor was based in a different office. Thinking back to this now with the legal experience I have, it is clear that, this was a conflict of interest and more should have been done by my Solicitor to make me aware of the possible implications and risks (rather than leaving it to the estate agent to tell me). I can’t really complain, they did a great job, however I do wonder what safeguards they actually had in place.

In November 2018, Sleigh Son & Booth solicitors were fined £2k and ordered to pay £20k in costs for acting where a conflict of interest breach may have arisen. The firm had acted for both vendor and purchaser in 9 conveyancing transactions where they had failed to advise either the vendor or purchaser that it was acting for the other and in 8 conveyancing transactions without obtaining either clients’ consent to do so. . The worst part was they had controls and protocols in place, they were just simply breached or forgotten.

This begs the question, should law firms be thinking more about what happens if they get it wrong?

Here are a few points I think Law Firms should consider when looking at conflict checking;

1. Training – Make sure your employees receive the training they require for their role and level of experience in respect of conflicts of interest and that they are aware of any internal systems, policies and procedures. It is always worth doing refresher training, as things do change!

2. Related Parties – Make sure all the relevant parties have been checked (You wouldn’t want to go suing one of your client’s subsidiaries!)

3. Data – It is important that all client and matter related parties are added to the case management system so they can be picked up in future conflict checks.

4. Potential conflict of interest? – Make sure you deal with any actual or potential conflict of interests appropriately. Do you require client consent, information barriers or do you simply have to decline to act? Remember the consequences if you get it wrong!

Get in touch

If you’d like to know more about our services, simply get in touch with one of our experts today.

Conflict checking – Are law firms getting it right? Read More »