Money laundering: Poor client account practices
The decentralised nature of consultant-led law firms carries extra money laundering risks that mean compliance officers may need to be “more interventionist”, the Solicitors Regulation Authority (SRA) has cautioned.
Capital flight from high-risk countries, client account issues and poor scrutiny of client due diligence (CDD) were other ‘emerging risks’ highlighted by the SRA in its updated money laundering and terrorist financing sectoral risk assessment.
It is required to issue this under the 2017 Money Laundering Regulations. The last one was published in March 2024. It comes in the wake of the National Risk Assessment issued by the government last month, which rated legal services as at high risk of being used for money laundering but low risk in relation to terrorist financing.
The SRA said firms of consultants, operating “semi-independently” and often remotely, had increased in number since the pandemic.
“These firm structures can be of benefit to firms and solicitors, but their decentralised nature can carry risks. We have noted that it is sometimes difficult for these firms to keep a central AML [anti-money laundering] policy in operation, to monitor compliance, and to ensure a consistent standard across the firm.”
Firms’ money laundering compliance and reporting officers (MLCOs/MLROs) “will need to be more vigilant and potentially more interventionist in order to make sure that the firm is not put at risk by non-compliance”, the assessment said.
“Firms should also check the level of AML knowledge of new entrants to the firm and undertake training where needed. A new consultant who previously occupied a partnership role may, for example, be unfamiliar with AML processes because these were delegated to other staff.”
The regulator said firms should be aware of how world events could present emerging risk, “such as autocratic regime changes in countries which are recognised as being high risk for money laundering, as well as other financial crimes such as bribery and corruption”.
It pointed as an example to the collapse of the Sheikh Hasina regime in Bangladesh, which has reportedly led to “an exodus of politically exposed persons (PEPs) who may have purchased UK property assets with funds illicitly taken from the country”.
The money may have been transferred out of Bangladesh using informal value transfer systems such as hawala, also known as hundi, or via various international banking routes before reaching the UK, the SRA added.
The assessment said the SRA has noted an increase in poor client account practice of late. “These are not necessarily indicative of money laundering itself, but could potentially facilitate it, intentionally or otherwise.”
This included using client accounts as a banking facility, retaining client funds for longer than necessary, and incorrectly recording funds on client ledgers, such as cash purchase funds being described as a mortgage.
Firms conducting CDD but failing to properly scrutinise it – and missing red flags as a result – was another concern.
“A particular incident involved due diligence being signed off by the fee-earner, partner and MLCO, but missing multiple issues of concern which were not identified or analysed. This demonstrates how diffusion of responsibility can lead to risks being missed.
“Every person in the process apparently thought than another person was responsible for scrutinising the documents. Firms should encourage all of their fee-earners and management to see AML as their own responsibility.”
The previous assessment warned lawyers who relied on video calls to identify clients of the risks posed by ‘deepfake’ technology but this year’s said the SRA had “not so far seen any evidence of the use of deepfake technology to impersonate legitimate clients. Firms should nonetheless remain alert to the potential of this new use of artificial intelligence”.
Other emerging risks from the last assessment – vendor fraud, proliferation financing and supply chain risk – have been moved into the main body of the new version, “reflecting that they are now part of the risk landscape”.
Among the SRA’s observations from its supervision work was that some firms “are potentially taking an overly simplistic approach to risks associated with PEPs and higher-risk jurisdictions”.
It explained: “A blanket assumption that PEPs would not instruct your firm, or that your firm would never accept instructions from a PEP, is not a sufficient protection against the risks they present. Neither approach would itself satisfy the requirement at regulation 35(1) to have measures in place to identify PEPs.
“It is for firms to decide their own risk appetite, but their policies should be realistic. With the proper policies, controls and procedures, there is nothing to prevent a firm taking on PEP clients.”
An overly restrictive PEP policy risked turning away clients for no good reason or “being counter-productive if the firm has a policy which is ignored or routinely breached”.
Legal Futures research has shown that many law firms fined for AML breaches have Conveyancing Quality Scheme and/or Lexcel accreditation, raising serious questions about how it is checked and enforced.
The assessment urged firms to “exercise caution when relying on accreditation schemes to fulfil AML obligations”.
It went on: “In particular, firms should check whether the scheme is intended to provide this kind of assurance. We have, for example, noted that the remit of some schemes only runs to checking that an AML policy exists rather than checking that it is compliant.
“Likewise, the training modules of some schemes are geared towards a particular part of the firm or its work, neglecting other key roles.”
I take AML very seriously. I was a criminal lawyer for 3 decades. I have been in police stations and Courts and I don’t want to be put through that because someone I employ can’t be bothered to follow procedures.
Therefore I make onboarding a priority. It’s not done fast but it is done with the assistance of technology.
It’s completed thoroughly. The risk assessment is hand written.
But I also find the level of bureaucracy to be excessive. This isn’t something that can be left to technology because the essential central point of AML is to assess the risk. There are people boasting on Linkedin that they complete onboarding in hours and issue requests for searches without any mention of a risk assessment or consideration of the client’s circumstances or the matter.
Giftors since April 2025 are to be treated in the same way as clients.
So we call onboarding Level 0. We explain to clients that they don’t get to Level 1 until AML completed to my satisfaction.
To be fair most don’t complain but if they do I point out:
it’s a legal obligation;
it’s a requirement of our Regulator;
it’s essential that I am content to proceed before the conveyancing work commences and it is their obligation to provide information and documentation when requested;
and I don’t wish to inadvertently breach AML Regulations or POCA.
Occasionally some say “but I thought you’d applied for Searches”. I query why they’d assume that given how clear our communication is about the process and that no work would commence until AML completed. That way we get responses that help us complete this awfully intrusive task thoroughly and as speedily as is possible..
Those firms that get on with it whilst undertaking AML compliance checks are potentially in breach of the Regulations and putting themselves and others at risk.
It’s not about speed but accurate, complete risk assessments-and avoiding a police investigation and court.