Running the risk

Private client services can be an attractive vehicle for criminals to launder money, particularly in relation to estate administration, the creation and management of trusts, companies and charities.

From my experience, this risk is sometimes underestimated by private client practitioners, particularly in high street firms dealing predominantly with local and longstanding clients. While some practices, client profiles and matter types will inevitably be lower risk than others, it is impossible to eradicate the risk completely when dealing with transactional work.

When dealing specifically with estate administration, it is important to have a broad understanding of how the deceased accumulated their wealth and further enquiries should be made where there are unusual features of the estate. It is also important to understand and undertake the appropriate level of due diligence in relation to the deceased, the executors and the beneficiaries. One obvious red flag in this type of work is where the deceased is known to have been convicted of crimes that have generated proceeds. A less obvious red flag is indicators that the deceased had engaged in welfare fraud or tax evasion.

To illustrate how the risk grading of a relatively benign-looking instruction can change, I vividly recall receiving a telephone referral involving a tip-off from a care home that the deceased (while alive) had been receiving suspicious packages of cash through the post. That one took a little bit of work to unravel!

Relevant to estate management work but also to those involved in the creation and management of trusts, the National Crime Agency’s UK National Strategic Assessment of Serious and Organised Crime Report 2021 (NSA) highlights how professional enablers continue to be used to conceal and move criminal proceeds. It highlights how family offices that provide wealth and property management services as well as privacy for ultra-high-net-worth individuals and their families, are increasingly being exploited. The 2020 National Risk Assessment sets out the key money laundering and terrorist risks for the UK. This report highlights that independent legal professionals face risks, each of which could find their way on to the desk of a private client practitioner. These risks include:

• misuse of client accounts
• sale / purchase of real property
• creation of trusts, companies and charities
• management of trusts and companies
• sham litigation.

The threat to practices offering private client services is real without robust and effective control measures. If you and your practice are not alive to the risks, you may miss red flags, leading to you unwittingly committing a money laundering offence and incurring civil liability or falling foul of professional conduct rules.

The 2019 regulations and LSAG

The Money Laundering and Terrorist Financing (Amendment) Regulations 2019 came into force on 10 January 2020 and made changes to the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. It was this event that triggered the preparation of the fully revised Legal Sector Affinity Group (LSAG) guidance, published in draft in January 2021.

The guidance has been submitted to HM Treasury and is currently awaiting approval. The significance and impact of the guidance cannot be overstated: while it does not alter the 2017 regulations, once ratified, the court is required to consider compliance with the guidance in assessing whether a person has committed an offence or taken all reasonable steps and exercised all due diligence to avoid committing an offence.

The new guidance is more extensive and much more prescriptive than the previous version, and will be seen by some as a double-edged sword – providing reassurance and a road map to those that are following the guidance to the letter, but also a clear benchmark for an alleged offence or misconduct to be held against.

What’s new?

In the words of the immediate past president of the Law Society, David Greene, “the guidance includes fully revised and expanded guidance on risk assessments, expanded guidance on source of funds and source of wealth, an updated training section and a new section on how to effectively use AML-related technology to mitigate risk”.

“Must”, “should” and “may”

There is revised wording given to “must”, “should” and “may” in the terminology section, although the interpretation appears to be broadly similar. What is clear is that, should you choose to deviate from the guidance, notwithstanding the grading of the direction, expect to be called upon to provide an explanation if things go wrong.

High-level compliance principles

A feature of the new guidance is high-level compliance principles, of which there are 36 in total. These are the key areas to address to ensure that your practice is compliant with the 2017 regulations. The relevant high-level principles pertaining to each section of the guidance are helpfully repeated at the start of each section, where applicable.

Assessment of risk

There has been a complete rewrite of the guidance on risk assessments, which is dealt with comprehensively in section 5. This section deals specifically with anti-money laundering (AML) risk assessments and breaks down the three levels of risk assessment: practice-wide risk assessments (PWRAs), client risk assessments and matter risk assessment. While these are not new requirements, the guidance is more detailed and formulaic in approach. A flowchart illustrates the relationship between the various levels of risk and helps to break up the 23 pages of text.

The guidance emphasises that the PWRA is the central reference point and cornerstone for how a practice protects itself from money laundering and terrorist financing. The more informed and better quality your PWRA, the easier it will be to take a risk-based approach, a core principle of AML compliance.

Section 5.6 outlines various risk factors that should be addressed at any level of a practice’s risk assessment but also must be considered in the context of the PWRA. For example, a client that is unusual and high risk to a general high street practice, may be commonplace and low risk to a boutique practice dealing with that profile of client on a regular basis. Similarly, when assessing matter risk, the profile of the firm and its PWRA should give context to the application of a risk-based approach.

Key areas of risk for private client

While there’s no escaping the facts that the guidance needs to be read cover to cover to fully appreciate what is expected of firms and that each section is relevant and important to all work within scope of the 2017 regulations, there are specific areas of the guidance that may be of interest to those working in private client work.

Trusts and estate administration

Trusts are dealt with extensively in the guidance and the word “trusts” features 55 times in the document, compared with 35 times in the previous version. Guidance is provided throughout the document in relation to this type of work in the context of risk assessments, client due diligence (CDD), and the obligations of trustees of trusts with and without a UK tax consequence.

In the context of CDD for beneficial owners, it is directed that you should take a risk-based approach to verifying the identity of the ultimate beneficial owner(s) of a professional trustee entity (as they should have no interest in the assets placed in trust). Higher-risk indicators may be where the professional trustee entity is unregulated or the professional trustee is not independent of the settlor; family offices are singled out as an example which did not feature in the previous version of the guidance and is in accord with the NCA’s findings, as referred to above.

The red flags and warnings relating to trusts and the administration of estates are dealt with at section 18.4. Taken verbatim from the guidance, the red flags are:

• purpose of the trust is unclear (trusts can be used to evade tax and hide criminal property)
• unusual structure or jurisdiction
• unexplained use of express trusts, and/or incongruous or unexplained relationships between beneficiaries and the settlor
• settlor was accused or convicted of acquisitive criminal conduct, improperly claimed welfare or benefits, or had evaded the due payment of tax during their lifetime
• assets earned or obtained in a high-risk jurisdiction
• unexplained or incongruous classes of beneficiaries in a trust
• discrepancy between the supposed wealth of the settlor and the object of the settlement.

Charities

There is a concern that charities are being used for terrorist funding. The guidance directs the reader to HM Treasury, which maintains a list of individuals and entities to which you may not provide funds, economic resources and, in relation to terrorism, financial services.

Further guidance is provided on the circumstances where you are asked to receive money on the charity’s behalf from an individual or a company donor, or a bequest from an estate. The advice is to be alert to unusual circumstances, including those involving large sums of money. It is acknowledged that charities registered with the Charity Commission are likely to be lower risk.

Longstanding clients

A common myth across all work types is that having a longstanding or personal relationship with a client removes the need to undertake CDD. The guidance expressly and succinctly states at section 6.2 that there is no provision in the 2017 regulations for waiving CDD requirements on this basis and that taking this approach will not satisfy the requirement to undertake independent verification, although this may inform your risk-based approach.

Next steps

Webinars, bulletins and compliance updates and industry articles can be a valuable staring point to help you understand the key changes to the LSAG guidance, but if you are responsible for your firm’s AML strategy, I stress that you must read all 200 pages of the guidance. Even if you outsource the preparation and implementation of your policies, controls and procedures (PCPs), you still need to understand what is expected of you and, if you are in one of the identified roles, you can’t delegate ultimate responsibility.

Once you’ve digested the guidance, your first task should be to review and update your PWRA (you can outsource this part). The changes required to your PCPs will flow from this piece of work, so make sure that it is well thought-out and accurately describes and assesses the relevant risks. You can use the guidance as a ‘how to’ manual as you work your way through your existing PCPs.

Once your PCPs have been updated to reflect the new guidance, the 2019 regulations and the specific risks of your practice, it is important to train all relevant personnel in relation to these – you will need to update your existing AML training as required. Section 8 of the guidance goes into detail on who should be trained, what should be included and what might be considered training.

If you are not responsible for your firm’s AML strategy, you may first breathe a huge sigh of relief, and then consider whether you feel as though you have been adequately trained to tackle the issues that may arise in your caseload. If the answer to that is no, or you feel as though your firm’s procedures could be tightened up, do raise this through the appropriate channels in your practice. While lack of training is one of the defences to the various money laundering offences, it is preferable all round to avoid having to prepare a defence in the first place.