Featured

New AML Guidance needs a careful review.

On 20th January 2021 the Legal Sector Affinity Group (LSAG) finally issued their new draft AML guidance for law firms.

Since 2017 LSAG have agreed to issue one sector wide piece of guidance rather than different versions for each type of lawyer.

We were told to expect this guidance with both the Law Society of England and Wales and the Solicitors Regulation Authority talking about the project at events last year. However, it’s no surprise it’s taken a while to finalise since it does represent a comprehensive refresh of the existing guidance.

Part one (which applies generally to all legal professionals) is some 212 pages (about 50 more than the previous version) while part two contains specific guidance for Barristers and Notaries, but that is yet to be released.

Only a couple of pages in, you can detect a change in emphasis in the guidance, from focusing previously mainly on interpretation of the legislation for the sector to now setting out the Regulators expectations of good practice.

Practices must now pay attention to the parts of the guidance which LSAG think they should be doing, and if a practice decides to deviate from that, they need to be prepared to explain why. Clearly MLROs and MLCOs are going to have to consider this guidance carefully to ensure they’ve picked up all the areas of mandatory and recommended practice and that they can demonstrate they’ve thought about what is appropriate for their firm. This is not a small task!

That said, the guidance really is very good at setting out in some detail how to comply. In my experience many firms will welcome this additional detail, particularly for example the table listing out how to approach screening of staff, and a clear remit for senior management and nominated officers in the firm.

There are new chapters on the use of Technology and Internal Controls and a rewrite of the Privilege content.

With any new piece of writing which is over 81000 words long, there are some minor inconsistencies which will be resolved hopefully in the next draft. From our brief reading of the document there are some differences between early parts of the document (in the compliance principles) and the more detailed parts of the document further on. Therefore, we recommend reading the document cover to cover to ensure you pick everything up.

Conspicuous by its absence is the recent SRA Guidance on Tax Advisers, which if you’re not aware, could have some very substantial implications for the way your firm operates. It’s not that easy to find but here is the link – https://www.sra.org.uk/solicitors/resources/money-laundering/money-laundering/tax-adviser-guidance/

Do consider this at the same time as the guidance because it may be that for parts of your practice where you’d previously not considered the need to comply with the Regulations (Family Law, Employment and Litigation specifically) you may now have to.

One point we should make is that the guidance is draft, and it could be some months before it receives Treasury approval. From experience, any changes are likely to be minor but you should be aware of the possibility, particularly if you’re investing in new solutions.

We’ve put together a package of support for firms on implementing the new guidance which you can read about here –

[vc_row][vc_column][vc_message]

https://www.tealcompliance.com/guidance

[/vc_message][/vc_column][/vc_row]We’d love to hear your comments and queries about the guidance. Anything we can’t help with, we’ll gladly pass on to the Law Society to consider in any future redraft.

Coronavirus – Dealing with your client due diligence requirements (“CDD”)

In this Blog on some of the many queries received from our clients through our Ask Teal Service, we look at the most popular question we’ve had on how to deal with meeting your CDD obligations during a lockdown period.

We are in unprecedented times and it’s unlikely you’ll be able to obtain certified copy documents from the majority of clients as they will struggle to deal with this during a period of restricted movement or total lockdown. It’s worth remembering that the CDD documents we collect are not used purely for anti-money laundering purposes but also to satisfy other requirements such as those set by UK Finance (i.e. where a client purchases a property with a mortgage, you’re required by the UK Finance Handbook to see an original document and keep a copy of it) and also to identify fraudulent transactions.

With any instructions you receive from new clients not previously known to you, it’s unlikely you’ll be able to meet your clients face-to-face in the short term to check their identification documents. Usually this would lead you to having to seek enhanced due diligence. However, bear in mind that for one of the highest (and busiest) risk areas for AML purposes, property transactions, that it’s unlikely that any matters will be able to complete in the near future given the lockdown. Indeed, on 26 March the government issued guidance for buying and selling residential properties.

Should you wish to progress a matter in the meantime, you could consider using consider electronic verification services – something that many firms already use as part of their processes. Whilst UK Finance has not yet provided guidance on whether electronic verification may be used to satisfy their requirements, we understand that a number of law firms have spoken with them to see whether they will allow firms to obtain copy documents and then use electronic techniques to verify their authenticity. We recommend speaking with UK Finance and also with individual lenders to clarify whether they’ll permit this form of CDD during this period.

Commonly, we see firms using EVS running a two track approach: they still obtain documents from clients and then use their EVS to validate those documents. EVS generally:

1) check against data that they hold (usually credit reference agency files and other data such as electoral roll registers) to verify whether clients actually exist,

2) on most EVS you can use their functionality to authenticate your documents by checking algorithms contained on documents provided to you (for example, those you find on a passport or driving licence).This can be a much more robust check than reviewing original documents yourself, as it can often be difficult to spot a fake.

You can also hold a virtual call (for example using Skype or Zoom) with your client to check the picture contained within the document, if they have the facilities to do so. Firms then run the document through their EVS.

Shazia Zamir of Team Teal has recently written a blog on EVS, where she takes us through the different types of services available and gives an overview of their “pros and cons” (https://www.tealcompliance.com/single-post/2020/02/02/The-benefits-of-Electronic-Verification).

Using CDD in this way was envisaged by the Fifth Money Laundering Directive. The 2019 version of the Money Laundering Regulations state that where you have an electronic verification which is protected from fraud and misuse (i.e. by authenticating the document), then you may use that for verifying a client – and the risk of the client being non face-to-face and the need to undertake EDD falls away, provided you know that your client has had the document authenticated.

However, if you feel these processes aren’t as robust as your current procedures, remember these are only temporary measures for you to consider. If you decide to depart from your usual Policy, we recommend that you prepare a Policy Addendum detailing the changes. It’s open to you to carve out any types of work where you do not wish any new measures to be deployed.

The SRA has now issued guidance on CDD issues arising due the epidemic. They have pointed out that Rule 8.1 of the Code of Conduct for Solicitors (Rule 7.1 of the Code of Conduct for Firms applies this Rule equally to firms) says you must identify who you are acting for, but that this is not prescriptive and up to you to determine what is necessary. They go on to state that you have discretion to put together a risk-profile for work and appropriate requirements. They acknowledge that face-to-face contact is not necessarily required and you may consider using other means, giving examples such as email, telephone and virtual appointments, whilst highlighting that you should ensure that you comply with the CDD requirements in the Money Laundering Regulations.

The SRA also discusses whether electronic verification is sufficient for EDD purposes, stating that it may be enough, provided that the service provider uses multiple sources of data in the verification process. They also point out that e-verification only confirms that someone exists and not that your client is who they say they are, so that if there is anything to suggest that they aren’t, you will need to do further EDD.

For full details see: https://www.sra.org.uk/sra/news/coronavirus-qa

Coronavirus – Dealing with compliance remotely

In this Blog looking at some of the many queries received from our clients through our Ask Teal Service, we consider how to deal with compliance obligations remotely.

How can we ensure compliance works remotely?

The Solicitor’s Regulatory Authority will still expect compliance to happen and undoubtedly some elements of compliance, such as supervision of staff, are likely to be more challenging than others to deal with remotely.

If you are the Compliance Office for Legal Practice it’s your job to take steps to ensure compliance is working at your firm and to detect and to report serious breaches of regulatory obligations. This can be done:

Through complaints or claims: These processes are unlikely to differ in the current climate, whether you are offsite or onsite.

Supervision: As we think that supervision is likely to be one of the biggest challenges to law firms with significant numbers of staff working remotely, we will discuss this separately in other Blogs.

File reviews: Many firms undertake monthly file reviews, others quarterly. At this point, we don’t know how long we are going to be working remotely. We do know that vulnerable persons have been asked to keep social distancing measures in place for 12 weeks. We’ve also seen other jurisdictions extending their initial two week lockdown periods. We know that school exams have been cancelled. So, we could be preparing for at least one quarter’s worth of disruption.

Many firms still undertake paper reviews. We have been considering how to do this when working offsite. You will need to make arrangements to get files to your file reviewers to enable the work to be done.

For reviews usually done online, this raises other challenges. During onsite visits, the paper files we are given to review often don’t contain all the necessary information. Client due diligence information is often kept in a separate file. The correspondence folder may be missing information or even empty as the Fee Earner has not yet filed communications from their desktop onto the file. Good file hygiene and discipline is going to be critical and you should remind your staff of this.

Self-reporting: It will be critical that staff understand why you ask them to self-report. We prefer to talk about staff reporting “incidents” rather than “breaches”, i.e. incidences of when policies and procedures have not been adhered to. At this time, it is highly likely that your policies and procedures will be applying to situations that you did not conceive of. For example, your Working at Home Policy will most likely be designed with Fee Earners in mind and how they operate, rather than support staff such as receptionists and secretarial staff or accounts staff. You will not have visibility of how staff will be working so it will be very important that you encourage staff to let you know if they believe that changes in your policies are required.