"When Assumptions Lead to Risk: Lessons for Law Firms from the Barclays FCA Fine"
When news broke that Barclays has been fined over £42 million by the FCA for poor handling of financial crime risks, many of us in the AML world let out a collective sigh! Not because we’re surprised, but because we’ve come across this kind of complacency before.
Barclays, one of the UK’s biggest banks, failed to conduct basic checks before onboarding clients. In one case, the FCA pointed out that they could have avoided the issue altogether by simply checking the Financial Services Register. The client, WealthTek, wasn’t authorised to hold client money, and yet Barclays opened an account for just that. In another, millions flowed through a client relationship linked to a known money laundering network, yet the bank failed to act…even after receiving intelligence from law enforcement.
Now, you might be reading this as a law firm and thinking, “But we’re not a bank.” True. But how many times in audits have I heard, “Well, our client is a fund manager, we assumed they were fine”, or “The bank is doing their checks, so we don’t need to.”
That assumption, that someone else has done the due diligence, is exactly where risk creeps in.
The danger of delegation
Just because your client is a professional (a financial institution, a pension fund, or a property investor) doesn’t mean they’ve passed every check. If banks are getting it wrong (and they have whole departments and budgets dedicated to financial crime prevention!) then law firms must be even more alert and guarded.
You might be surprised to hear that when we are running risk assessments and audits, we are often told, “Our client funds are coming through a UK bank account, so we didn’t think we needed to question it.”
If this case teaches us anything, it’s that a UK bank account isn’t a guarantee of clean funds. You still have a duty to conduct your own client due diligence, verify source of funds and source of wealth, and document your reasoning.
Practical takeaways for law firms:
- Don’t assume just because a client is FCA-regulated (or says they are). Check the register.
- Don’t rely on the bank’s due diligence. The funds reaching your client account may already be tainted.
- Don’t forget to keep CDD under review, especially if there are unusual transactions, red flags, or changes in behaviour.
I say it often… AML isn’t about box-ticking, it’s about professional curiosity.
And this Barclays case is a reminder that even sophisticated institutions can get it wrong. But for law firms, the stakes are just as high: fines, sanctions, and reputational damage are very real risks if you don’t challenge assumptions and act on red flags.
If you’re not sure whether your CDD processes are robust enough, now is a great time to review them. At Teal, we work with law firms every day to make compliance practical, not painful.
Because when it comes to financial crime, a simple check can make all the difference.
Need support reviewing your AML framework?
My colleagues and I at Teal Compliance can help you test assumptions, tighten up procedures, and train your team to spot the risks others miss. Why not book yourself in for a free discovery call? Gary Yantin can chat with you to guide you to our best solution to support you and your business.
