Risk assessments: Persistent non-compliance
The Solicitors Regulation Authority (SRA) has warned law firms that they must carry out client/matter risk assessments (CMRAs) or risk being subject to a new system of fixed penalties.
The regulator said that while 94% of the firms it reviewed had a process to risk assess their clients, nearly half the files reviewed did not contain a CMRA.
In a warning notice published yesterday, the SRA said the 2017 Money Laundering Regulations required law firms to take steps to identify risks posed by a particular client and matter, which meant completing a CMRA.
Despite this, the regulator identified a “persistent level of non-compliant CMRAs”, while a lack of CMRAs across several fee-earners’ files could indicate “wider systemic problems, such as not having processes in place to undertake client due diligence or enhanced due diligence”.
The SRA said it would consult next year on fixed financial penalties for AML system and control failings, including not undertaking a CMRA.
This would be similar to the fixed penalties currently handed out for various relatively minor compliance failures, such as around the transparency rules.
These are £750 for a first breach and £1,500 for a subsequent breach of the same category within three years, but speaking at yesterday’s SRA compliance conference in Birmingham, chief executive Paul Philip indicated that the figures could be higher for AML breaches.
He recognised that “most people trip over non-compliance – they’re not criminals… they’re just inundated with rafts of compliance issues”.
The SRA would be saying that next time a firm did this, it would receive a fine. “What we’ve seen with the transparency arrangements is that people come into compliance really quickly when we introduced automatic fining. It’s worked so we’ll do it again.”
The SRA said common issues with CMRAs were that they were “not being done at all” or not being completed correctly.
“We saw examples where the correct level of risk (i.e high, medium, low) was not identified, specific AML risks were missed out, fee-earners failed to take into account AML risks and instead targeted business or other types of risk, or adopted a tick-box approach without giving any real thought to the risks involved.”
Other examples did not take into account the firm-wide risk assessment or put much too reliance “on template risk assessments which are not tailored to the firm, missing areas which should be covered”.
The SRA said every law firm must record a risk assessment for every client as part of due diligence measures and provide a copy to the regulator on request.
Law firms could choose whether they used a ranking system, such as ‘high/medium/low’ or a numerical system to risk assess matters, so long as they could identify high-risk matters requiring enhanced due diligence.
“We continue to see forms that are very basic or tick-box in nature, where fee-earners only had to mark whether a file was high risk, medium risk, or low risk. “Often, these forms did not have space where the fee-earner could record their justification or any commentary on how they had arrived at a particular level of risk.”
In an accompanying thematic review of 30 law firms’ CMRAs, the SRA found that while 94% of firms “had a process in place to risk assess clients and matters”, 47% of files reviewed did not contain a documented CMRA.
Of the files that did, 77% were completed properly, while 67% contained good evidence of ongoing monitoring.
Two law firms which did not have a process to risk assess clients or matters were referred for investigation.
Two-thirds of firms assessed client and matter risks “using various templates which were manually filled in”, while eight assessed those risks via their case management systems.
The SRA said it had published a “base template for firms to develop their own assessments” and guidance on how to develop it in a way that suits how that firm works”. The aim was to help support “those firms that have not quite got it right”, which the review suggested was “a significant majority”.
Mr Philip added: “What’s clear from our thematic review is that firms are well aware of what is required of them, but aren’t getting it right on the ground. That’s why we’ve published a warning notice, to remind the profession of its obligations.”
Leave a Comment