We all know that anti-money laundering compliance is an important part of any law firm’s risk management. Get it wrong, and the consequences can be severe.
But AML compliance can place unnecessary friction between you and your client.
In other words, firms should consider whether they strike the right balance between meeting their legal obligations, internal risk appetite and client service.
Indeed, one of the conclusions we reached at a our most recent webinar (‘New LSAG guidance | Recent SRA focus | Client and matter risk assessments‘ – sign up to our COLP Insider newsletter for invitations to monthly sessions) was that the real challenge of AML compliance is not so much in keeping up to date with the complex web of law, regulation and guidance; but boiling it down into effective, efficient business processes.
Do our AML processes distinguish between “in scope” and “out of scope” work?
One of the things that often comes out of our independent AML audits is that most law firms treat all legal work as though it was within scope of the Money Laundering Regulations. That is particularly true of those firms that do a mix of “in scope” and “out of scope” work.
This means that every single client is subjected to the full due diligence process, regardless of whether the job or client in question is low risk.
Perhaps not a surprising trend. We are a relatively conservative and risk averse profession. The regulators are forever telling us that we are not doing enough to combat economic crime. Firms are regularly fined for relatively minor breaches of money laundering legislation. The rules themselves become more complex year on year. Official guidance extends to hundreds of pages. And at times it feels as though the legal profession is creeping towards becoming another arm of law enforcement.
There is always the fear that something will slip through the cracks if we operate differently between departments. Or that a litigation client that becomes a property client may inadvertently miss the full onboarding process unless we do the full bells and whistles CDD on every new piece of work.
Or maybe the overall AML message risks being diluted if we are seen to loosen the procedures in any way. People who straddle different areas of work may get confused about which stream of work they are currently working in, and what that means for AML compliance.
Which is why most compliance departments will take the safe approach. If you treat everything as if it were “in scope” there is less chance of getting things wrong.
Whilst that belt and braces approach probably keeps you safe (well, it gives a good defence in any event), it doesn’t do anything for client relationships.
Having instructed lawyers for low risk “out of scope” work personally, I know how frustrating it is to know that the solicitor you are paying for a service is making your life more difficult out of self-preservation. It gets the relationship off on the wrong foot entirely.
Would it not be better to remove some of the friction associated with “compliance”, where it is safe to do so? Could it make for a more client-focused service? After all, most law firm websites say that they do exactly that.
But what can be done? Don’t get me wrong, I am not suggesting for one second that firms should water down their AML processes for “in scope” work. That would be an unwise recipe for disaster.
I am just talking about legal services that are not caught by the Money Laundering Regulations in your role as ‘independent legal professional’, ‘tax adviser’ or ‘trust and company service provider’. Generally speaking, those legal services that do not involve a legal transaction of some sort, tax advice, acting as a professional trustee or some other fiduciary-type service. Although, it should go without saying that you need to take steps to fully understand which services are caught by the Money Laundering Regulations.
Risk assessment
One of the most important parts of the Money Laundering Regulations is the requirement for firms to conduct a firm-wide risk assessment. This goes back to the first principles of AML compliance: the risk-based approach.
The firm-wide risk assessment is the high level analysis of your firm, its practice areas, clients and overall money laundering risks. It is the cornerstone of AML compliance. Every other control (from the AML policy to your approach to onboarding and training) flows from the risk assessment. And it will change over time.
Some firms begrudgingly do this as a tick box exercise. “We do it because the SRA will fine us if we don’t”. That misses an opportunity to identify areas which are low risk, or not within scope at all, which can therefore be held to less rigorous controls – should that be desirable.
So an AML risk assessment could be seen as a golden opportunity to reduce compliance requirements in certain areas. Or at least to consider whether there is scope to do so.
We run firm-wide risk assessment workshops, where we help draw out the relevant risk information and attitude to risk. At the end of the session, the firm walks away with a bespoke (not template!) risk assessment. During these sessions, we come across areas ripe for streamlining.
A word of caution
It bears repeating that AML compliance is not to be taken lightly. If your current system works and you are not confident meddling, your best option is likely to be to keep the status quo.
There are also other reasons you might want to do full AML checks, even if you are not technically required to do so by the Regulations.
For example, sanctions screening is an increasingly important consideration for law firms. Breaching sanctions and acting for a ‘designated person’ without the required licence is a strict liability offence. And it applies to all legal services, not just those caught by the Money Laundering Regulations. If your sanctions screening process is tightly aligned with the rest of your money laundering checks, you might decide that you do not want to risk missing a sanctions issue. There are certain services, client groups, etc. that will increase the risk of sanctions breaches. Again, this could be caught by your firm-wide risk assessment.
The Proceeds of Crime Act – the main money laundering legislation, containing the principal offences – also applies to all law firms. It would be legitimate for you to conclude that only full AML checks will allow you to “know your client” well enough to come to a view as to whether a report to the NCA is required. (Remember that “failure to disclose” knowledge of suspicion of money laundering is an offence in its own right).
And let’s not forget our own regulator. The SRA Codes of Conduct require solicitors to “identify who you are acting for in relation to any matter”. Although in this context, “identify” does not necessarily mean full AML checks to the extent required by the Money Laundering Regulations.
Steps you could take
- Conduct or update your firm-wide risk assessment.
- Identify areas that are “in scope” and “out of scope” in relation to the Money Laundering Regulations.
- Canvass your front line staff. Do clients grumble about excessive AML checks in otherwise low risk practice areas?
- Work with the firm’s senior management (including the MLRO/MLCO and COLP) to formulate an agreed appetite for risk. Do we want to play it ultra safe, possibly at the expense of client satisfaction and efficiency?
- If you decide to streamline your controls for “out-of-scope” work, map out how that can be achieved without confusing staff or compromising the rest of your firm’s AML systems.
- Communicate any changes to staff, and involve them where possible. An ideal approach would be to:
- Draft proposed changes to the AML processes
- Present draft amendments to staff for comment
- Re-draft procedures, if necessary, based on feedback
- Finalise new policy/procedures
- Before launch, train all staff on the new systems and reinforce the importance of maintaining utmost vigilance, particularly with regard to “in scope” and higher risk work
- Update client engagement letters, if relevant
- Review the firm-wide risk assessment regularly as the new process beds in.
