Mishcon De Reya – the leading London firm heading for a stock market listing this year – has agreed to pay a fine of £232,500 over multiple breaches of anti-money laundering rules.
It is also paying costs of £50,000 to the Solicitors Regulation Authority (SRA) as part of a regulatory settlement agreement that means the matter will not go to a disciplinary tribunal.
Though it relates to two separate matters, it is the largest single fine the SRA has handed out, beating the £144,000 accepted by Co-operative Legal Services in 2020.
The highest fine issued by the Solicitors Disciplinary Tribunal is £500,000.
The agreement comes in the wake of Mishcon being fined £25,000 by the tribunal late last year for a separate matter in which it allowed its client account to be used as a banking facility. The full ruling has not yet been published.
When Mishcon first announced its intention to list last April, it mentioned that it “continues to engage with the Solicitors Regulation Authority on historic matters which it reported to the SRA”. It is likely that the firm has had to conclude these investigations to press ahead with the float.
According to the agreement, between September 2015 and April 2017, Mishcon carried out work for two individuals and corporate vehicles connected with them – a non-SRA regulatory investigation, asset planning for one of the individuals, and the initial stages of the proposed acquisition of two separate entities (and the onward sale of one of them).
While the firm “believes” that customer due diligence (CDD) was obtained in relation to the two individuals, it did not retain a copy of them, while only some CDD documents were obtained in relation to one of the corporate vehicles.
Mishcon also admitted that both proposed acquisitions presented a higher risk of money laundering or terrorist financing, because they involved companies in high-risk jurisdictions, but that it did not carry out the enhanced due diligence (EDD) and ongoing monitoring required as a result.
Further, one payment of £965,000 was made into, and three payments of $1,099,015, $10,000 and £10,000 were made out of, the firm’s client account in July 2016 which did not relate to an underlying legal transaction, meaning it provided a banking facility.
Also, funds belonging to one corporate vehicle were transferred to the client ledger for another corporate vehicle and used to discharge the firm’s fees and disbursements on the matter relating to the latter entity; and Mishcon did not send a bill of costs before two invoices were raised and paid out of monies held in client account.
An external investigation commissioned by the firm found that the unnamed former partner responsible had not received mandatory training as required by anti-money laundering regulations.
“The firm has stated, and the SRA accepts, that such training would usually be provided but was not, owing to a personnel absence. However, there was no contingency plan at the firm for AML training to be implemented if such a personnel absence occurred.”
Separately, further failures were admitted in relation to three property transactions between September 2017 and October 2018. For each transaction, the firm’s client was a separate special purpose vehicle with the same ultimate beneficial owner.
The SRA explained: “The firm secured CDD in relation to the ultimate beneficial owner but, because it opened each matter file in the name of a different entity in the corporate structure, the firm did not secure full CDD for each special purpose vehicle before each relevant transaction took place.
“The firm also did not retain copies of some of the CDD information obtained in relation to the ultimate beneficial owner, and in relation to another individual who instructed the firm on a fourth, related, matter.”
The CDD documents were obtained retrospectively and provided to the SRA.
When, in September 2018, the SRA requested a copy of Mishcon’s firm-wide risk assessment – as required by the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 – it admitted that it did not have one.
A risk assessment was prepared by an external provider and supplied to the firm in March 2019, and to the SRA in May 2019.
In mitigation, Mishcon said it had shown “genuine insight into its management of risk and actions during the relevant periods” and has since amended its policies and procedures, “including introducing and investing in new, more sophisticated IT systems which involve increasingly centralised record-keeping and are, in part, specifically designed to prevent future breaches of the type addressed by this agreement”.
The firm also said it had not profited from the breaches, “having divested itself of the fees earned once the breaches were identified”. The agreement did not say how this was done.
The SRA said a financial penalty was appropriate because, notwithstanding the serious breaches and “potential to cause significant harm by facilitating transactions that gave rise to a risk of facilitating money laundering”, there was no evidence of lasting harm and a “low risk of repetition”.
Mishcon had also “assisted the SRA throughout the investigation, admitted breaches, made changes to systems, policies and procedures as a result, and ensured training to all relevant employees is regularly provided”.
The fine was calculated as 0.25% of Mishcon’s average £155m turnover at the time, £387,500, reduced by the maximum allowable 40% discount to reflect the mitigating factors.
A Mishcon de Reya spokeswoman said: “We are pleased to have come to a settlement with the SRA relating to two separate and historic investigations in relation to which we have made appropriate admissions.
“Mitigating factors such as our cooperation with the SRA throughout the investigations and the corrective action we have taken since to prevent a recurrence have been recognised by the SRA in reaching this outcome.”