There is a huge problem with Anti Money Laundering regulation. The penalties, as we know, are incredibly serious. Yet very few people know exactly what their obligations are.
What’s going wrong?
We very often come across firms who, with the very best intentions, are breaching their AML duties. They simply take client ID as part of the file opening process. This is usually delegated by the main fee earner, who may not ever really look at it. Conveyancing departments, where the risk is high, are often the worst offenders.
The junior staff member diligently goes off and gets the usual documents: copy passport (sometimes certified, usually not) and a recent utility bill. “There,” they think, “AML checks done”. Except of course that is a dangerous assumption.
You have collected some identity documents – so what? Do they tell you anything about the risk of money laundering in this particular transaction? Back to basics. A solicitor’s duty under the Money Laundering Regulations is all about assessing risk, then undertaking appropriate client due diligence. You cannot do the latter without having done the former. Otherwise you are just blindly collecting ID documents to tick a box.
Risk assessment under the MLRs
What is meant by assessing risk? Well, it’s a big topic. But essentially it involves looking at the instructions in front of you and taking a view. Are there any clear ‘red flags’? Is there any reason why the risk level should be raised? Do you truly understand the instructions, the source of funds, the people involved and the flow of money? Does it pass the unscientific ‘sniff test’?
Clearly, this must be a job for the main fee earner. And the assessment really should be written down in some way. Ideally incorporated into a repeatable process.
Your risk assessment will then guide the level of client due diligence that is required. Higher risk matters are likely to involve a lot more digging before you can even start work. Low risk transactions may require very little – you might conclude that a passport and utility bill is sufficient.
What else should I be thinking about?
Don’t forget:
- CDD is an ongoing process, not a one time event
- The firm is also required to assess the overall financial crime risk it faces (based on its client base, practice areas, jurisdictions, internal processes etc), and that ‘firm-wide risk assessment’ must be made available to the SRA on demand. Very few firms have done this exercise.
- You must have a system for identifying PEPs and checking sanctions lists. I don’t think we are far from a position where running clients through online checks are de facto compulsory.
- Not all practice areas are covered by the MLRs, but all work is subject to the main money laundering legislation (Proceeds of Crime Act and Terrorism Act). Make sure you know the difference.
- The Law Society published its new AML practice note in September. It should be required reading for all solicitors.
AML regulation is a cost of doing business. It is not going away. For the sake of self-preservation, make sure your firm’s processes are not lulling you into a false sense of security.
