The Solicitors Regulation Authority is looking more closely at anti-money laundering compliance in law firms. Harriet Holmes considers what you can do to prepare for a possible inspection
Recent estimates suggest that economic crime costs the UK between £290bn and £350bn each year – around double the budget of NHS England. With a growing focus on anti-money laundering (AML) and economic crime in the legal sector, solicitors, law firms and legal compliance professionals are having to pay ever more attention to their AML compliance. Unfortunately, there’s no ‘one-size-fits-all’ approach when it comes to AML compliance, particularly regarding source of funds (SoF) and source of wealth (SoW) verification. So, what do lawyers need to know?
The SRA findings
The Solicitors Regulation Authority (SRA) released its Anti-Money Laundering annual report 2022-23 on 13 October 2023. The report provides insights gleaned from the outcomes of 224 inspections and desk-based reviews conducted during the reporting period, revealing that only 20% of firms investigated were fully compliant with AML regulations. Of the rest, 29% were non-compliant, while 51% demonstrated partial compliance. Among the common issues identified were inadequate customer due diligence, insufficient risk assessments, and a lack of comprehensive staff training.
Source of funds and wealth checks are integral components of AML compliance and the report flagged a number of areas in need of improvement. Common issues raised in the SRA’s report included:
- firms obtaining bank statements without conducting in-depth inquiries into fund sources;
- making written notes on transaction funding without supporting documents; and
- providing transaction details only after regulatory requests.
The report also underscored the significance of customer due diligence (CDD) in AML compliance and flagged some common issues faced by legal firms, including:
- failures in identifying clients
- insufficient diligence regarding politically exposed persons (PEPs)
- sanctions violations.
The SRA emphasises the importance of understanding the source of funds in assessing transaction risk and signposts to updated guidance from the Legal Sector Affinity Group (LSAG) for firms to follow.
New powers and reforms
Recently, the SRA was given new fining powers and it is now able to fine individual solicitors up to £25,000 for non-compliance. It also wants to penalise partners who have allowed misconduct to happen on their watch. Automatic fixed penalty fines – previously reserved for administrative mistakes – are being considered for AML non-compliance in a bid to crack down on this.
We’ve also seen the introduction of the Economic Crime and Corporate Transparency Act (which received royal assent on 26 October 2023); a comprehensive piece of legislation to fortify the fight against corruption, money laundering and fraud.
The act introduces several wide-ranging reforms, including:
- a new offence of failure to prevent fraud for large firms
- reforms to Companies House
- introducing identity verification
- requirements for new and existing directors, and
- increased fines for law firms.
Why checks matter
SoF and SoW checks are central to the AML regime because they address the crucial question of where the money for a transaction or business relationship originated. The ability to trace and verify the source of funds is vital in preventing money laundering and terrorist financing. By identifying and understanding the source of a client’s funds, legal professionals contribute to the integrity of the financial system.
Legal practitioners often have questions and concerns about SoF / SoW checks, including whether they are always necessary, how far back they should go, and whether they apply to all clients and transactions.
Source of funds
Source of funds checks are undertaken to uncover where the money for a transaction or business relationship originated. These checks involve a comprehensive examination of the activity that generated specific funds. Legal practitioners must continually assess whether the client’s financial circumstances align with their stated source of funds.
The responsibility for conducting SoF checks cannot be outsourced. While technology and support staff can assist in the process, the conducting fee-earner remains ultimately responsible for assessing transaction risk and understanding the alignment between the client’s story, the transaction, and the evidence provided. This underscores the importance of individual accountability in the process.
Source of wealth
The LSAG guidance states that: “The source of wealth refers to the origin of a client’s entire body of wealth (total assets).”
It is important to understand that SoF and SoW are two distinct concepts: SoF means the specific funds used for a particular transaction and where they originated from; SoW means the origin of a client’s total wealth and assets, encompassing more than just one transaction.
SoW describes the economic, business and/or commercial activities that generated, or significantly contributed to, the client’s overall net worth / entire body of wealth.
The purpose of gathering information about a client’s SoW is not to determine their net worth. Instead, it’s to better understand the activities that have contributed to the accumulation of their wealth and to assess any potential risks associated with these activities.
Common problems
Several problems can arise in the context of SoF / SoW checks. Issues that pose challenges include:
- Inadequate documentation: firms may fail to adequately document their rationale and decision-making processes when conducting checks. This can make it challenging to demonstrate compliance when under regulatory scrutiny.
- Lack of clarity: firms must establish clear policies and procedures for SoF / SoW checks. It is crucial that team members understand when and how these checks are necessary to ensure consistency in compliance.
- Inconsistent adherence: some firms may struggle with consistent implementation of their SoF / SoW checks policies. This can lead to gaps in compliance and undermine the effectiveness of AML measures.
- Lack of risk awareness: legal professionals may fail to recognise red flags indicating potential money laundering or terrorist financing. Awareness of these red flags is essential for effective checks.
Risk assessment
A robust risk assessment is crucial for AML compliance, both at the client and matter levels. Risk assessments ensure that each client and matter is treated appropriately from the outset, allowing for the implementation of adequate customer due diligence measures. A genuine risk-based approach is not only best practice but is also embedded both in UK legislation and the AML regulations.
While risk assessments are vital, there are common problems and gaps in their implementation within legal firms. These issues can hinder effective AML compliance and include:
- Lack of clear templates: firms may struggle to establish clear templates for risk assessments, leading to inconsistencies and incomplete assessments.
- Inadequate training and knowledge: legal professionals may not receive adequate training in conducting risk assessments or may not fully understand the criteria for assessing risk
- One-time approach: some firms may treat risk assessments as a one-time requirement rather than a dynamic and ongoing process, neglecting the need for continuous monitoring.
- Incomplete assessments: firms may conduct risk assessments that are incomplete or fail to consider all relevant factors, leaving potential compliance gaps.
Role of technology
Technology can play an important role in streamlining SoF / SoW checks and enhancing AML compliance practice. Open banking, as an example, provides a secure and efficient avenue for law firms to gain access to their clients’ digital bank statements.
Instant access to clients’ digital bank statements removes the inherent delays in traditional document collection methods, speeding up the process significantly. It also enhances security by reducing the risks of statement tampering or interception via email or postal services, thereby safeguarding the integrity of financial data. This ease of access extends to the generation of straightforward and accessible reports.
Technology is also useful in analysing financial transactions. Using data analytics, it can discern patterns and anomalies, thereby facilitating the identification of potential money laundering or other illicit activities.
Data analysis also supports the risk assessment process by streamlining controls within risk assessment procedures and automating and optimising certain processes that can reduce the likelihood of human error. It can support ongoing monitoring through automated systems. These systems are adept at providing continuous surveillance of client and matter data, promptly identifying any changes or triggers that may indicate heightened risk levels.
Finally, technology simplifies and speeds up the process of client identification and verification, ensuring accurate determination of clients’ identities, and considerably strengthening the risk assessment process. This includes automated screening for PEPs and sanctions.
However, while technology offers substantial benefits in supporting compliance checks, there remain several gaps and challenges:
- Integration hurdles: the integration of open banking and data analytics tools into existing systems can pose difficulties for certain law firms, potentially impeding the seamless flow of compliance processes.
- Data privacy concerns: handling sensitive financial data necessitates robust data privacy and security measures. Legal professionals must meticulously adhere to data protection regulations when employing technology for SoF / SoW checks.
- Ongoing compliance vigilance: it’s crucial to recognise that technology alone does not guarantee compliance. Firms must remain abreast of regulatory updates and best practice in AML compliance to ensure ongoing adherence.
Looking ahead
The SRA’s report gives an indication of where things are moving; AML regulation is tightening, SRA fines are increasing, and firms are under growing scrutiny. Staying informed about regulatory changes, embracing technology, and continuously improving policies and procedures will help to combat money laundering and mean you’re prepared should you get a visit from the regulator.