Sadly, law firms (along with other professionals) are still being labelled ‘ProfessiEnablers’ an arguably harsh term that has been in place for quite a few years now. This label was repeated by the National Crime Agency (NCA)’s UK Financial Intelligence Unit in their August 2023 update which stated that Professional Enablers’ “skills, knowledge and expertise are exploited by criminals to launder the proceeds of crime”.
For those of us that have dedicated our time, passion and finances to pursuing a legal career, this term is considered highly offensive. However, the term continues to be thrown at the legal sector because the levels of suspicious activity reports received by the NCA don’t reflect the level of serious organised crime that’s taking place within the UK. Their observations? Those of us within the profession are failing to spot the red flags of money laundering.
So, what are the SRA doing to enforce lack of AML compliance within law firms? As promised, they’ve continued to ramp up their anti-money laundering supervision and investigation measures, with dedicated AML teams being in place since 2019. This demonstrates their desire to dedicate time and resources to ensure AML compliance within firms.
Now, let’s take a look at some of the key trends they’re finding as a result of their supervision and investigation activities:
1. Firm-Wide Risk Assessments (A requirement since 2017)
Much to their despair, the SRA was finding that many firms didn’t have a Firm-Wide Risk Assessment in place, despite their numerous warning notices.
Similarly, a common trend was a failure to suitably tailor precedents according to the firm’s specific risks, namely client risk, product and service risk, jurisdiction risk, transactional risk as well as delivery channel.
They also addressed the fact that firms have returned Declarations to them stating that their Firm-Wide Risk Assessments were AML compliant, when this was far from the case. Whether this was intention or based upon reasonable belief that they were remains to be seen.
2. AML Policies, Controls and Procedures
Again, the SRA marked their disapproval at those firms who lacked any AML Policies, Controls and Procedures, a requirement that has been in place since the 2003 Regulations, and reiterated in the updated 2007 Regulations.
Surprisingly, they also found that some firms have robust and comprehensive suites of AML Policies, Controls and Procedures but these were effectively pointless as they weren’t communicated to staff who are the ones carrying out the day-to-day casework.
3. Lack of Independent AML Audits (where appropriate to the size and nature of the firm)
The SRA said that they expect most firms to have an independent AML Audit.
This is something that we see here at Teal Compliance. Many firms either don’t realise that they should have an Independent AML Audit or it’s something firms know they need to do, but don’t have the time, resources or budget to do.
Independent AML Audits can be a vital opportunity for your firm to address any deficiencies in your AML Policies, Controls and Procedures as well as to interview staff members and carry out review files to see whether the policies, controls and procedures are actually being adhered to as intended.
The SRA has confirmed that they intend to carry out AML audits for every firm, it’s a case of when this takes place as opposed to if this takes place.
4. Lack of AML Training within firms
Lack of targeted AML training within firms was another finding picked up by the SRA during their supervisory and investigative functions. Knowledge is power, so failing to equip staff with the knowledge and resources to spot red flags for money laundering can create large holes in a firm’s AML framework.
AML training should be a key focus for all firms, starting with the staff induction process and continuing on a regular basis (recommended annually as a minimum). Staff who work in higher risk sectors would expect to have more frequent bespoke training to their work type. However, distributing AML blogs and enforcement cases to staff can also form a supplementary part of the training framework, helping to keep staff members engaged.
The SRA has confirmed that its next Thematic Review will be in respect of AML training. This means they’ll also be visiting firms to review firms’ AML training processes. So, make sure your house is in order. The SRA will expect to see a training record detailing what training each staff member has had and when.
Now, let’s turn to some of the statistic findings from the SRA’s supervision and investigations. In 2022, 249 AML Reports were made from the AML Supervision team with the most common breaches being as follows:
- 61 Reports of failing to have proper AML Policies and Procedures
- 60 Failure to carry out source of funds and source of wealth checks
- 58 Failure to carry out risk assessment at client/matter level
- 48 Failure to carry out Firm-Wide Risk Assessment
- 47 Failure to carry out /complete CDD
SRA Enforcement Measures
Aside from sometimes causing catastrophic reputational damage, SRA enforcement measures can have a crippling financial impact on firms of all sizes. However, the SRA have continued to use their full fining powers – both at an individual level as well as a firm level. Let’s have a look at some of the key cases:
1. Mrs A - £2,000 fine
- Failure to follow firm’s PCPs
- Failing to establish appropriate level of risk
- Failure to obtain source of funds and source of wealth information
2. Firm B - £20,000 Fine
- Failure to have Firm-Wide Risk Assessment
- Incorrect Declaration made to SRA regarding the Firm-Wide Risk Assessment
- No independent audit
- Failure to provide staff with AML training
- Failure to carry out client and matter risk assessments
- Failure to carry out source of funds and source of wealth checks
3. Mr C - 12 month suspension on Practicing Certificate
- Failure to perform CDD adequately
- Failure to perform EDD where appropriate
- Found manifestly incompetent
For further information on the SRA’s New Fining Powers, please click here.
What should law firms take away from this?
At the SRA’s conference in March 2023, Paul Philips, Chief Executive of the SRA, recognised that most firms are still trying to ‘catch up’ with the large amount of regulatory guidance and legislation that’s come into force in recent years. He stated that these firms will have nothing to fear.
It’s apparent that firms that are demonstrating wilful disregard to the requirement to have a comprehensive AML framework in place are those that are likely to feel the full force of the SRA’s fining powers, in addition to firms who return Declarations that they know to be incorrect.
The SRA also recognised that in times of wider economic pressures (such as the current cost of living crisis) there may be a tendency for firms to reduce their AML resources, whether that’s staffing levels or technology. However, they confirmed that AML resources must not be reduced and must remain a key priority for all firms.
Get in touch
If you require assistance with any of the topics discussed in this blog, such as assistance with your Policies, Controls and Procedures, AML training for your firm or you’d like to discuss our Independent AML audit services then please get in touch.