There is a difference between many law firms’ anti-money laundering (AML) policies and procedures, and what actually happens in practice, the Solicitors Regulation Authority (SRA) has found.
It also revealed that nearly two-thirds of the firms it reviewed in the first year of a new programme of AML checks needed “some form of engagement” with the regulator as a result.
A further nine of the 74 firms involved were referred to the SRA’s AML investigation team to uncover whether there had been “serious breaches” of the rules.
The regulator said, in a report published this week, that these failings included “a lack of an effective compliance framework, or indeed a lack of any AML policies, controls, and procedures at all”.
In other cases, at least half the files reviewed had “serious issues” such as a lack of due diligence, or the firm had a money laundering compliance officer who “did not appear to understand their obligations and was failing to carry out their role properly”.
In a further case, a head of department failed to carry out sufficient AML checks on a politically exposed client.
For the 64% of firms that required “some form of engagement”, the SRA said this ranged from asking them to update their AML policies to agreeing a compliance plan, such as a review of live files to check customer due diligence.
Half of the law firms reviewed failed to carry out effective AML audits, while 19% had never conducted an audit.
Just over a fifth (21%) were failing to carry out ongoing screening of staff and the same proportion were failing to make adequate checks on the source of clients’ funds.
The SRA said that a large number of files showed differences between the firm’s policies and procedures and “what actually happened on the ground”.
However, the regulator said the law firms were “for the most part, united in their determination to keep the proceeds of crime out of their client accounts, and we were able to assist many of them in meeting their obligations”.
Speaking at the SRA’s virtual COLP and COFA conference yesterday, Zoe Allen-Robinson, its AML proactive supervision manager, said the majority of law firms “took their obligations seriously”.
She said the report found that those failing to carry out proper audits were often checking policies and controls but not effectiveness, failing to keep written records of audits or failing to implement recommendations.
Other firms screened staff only on appointment, did not keep records of screening, or limited screening to their conveyancing departments.
Ms Allen-Robinson added that some firms based their source of funds checks on “anecdote and perception rather than evidence” or did not read the bank statements they obtained.
Suzie Ogilvie, global head of financial crime and sanctions at top City firm Freshfields Bruckhaus Deringer, said the pandemic had created “a number of challenges” in terms of AML, such as a rise in impersonation frauds because lawyers were not meeting people face-to-face.
The “flip side” was the reluctance of some elderly and vulnerable people to appear on a screen.
“It’s about what you yourself feel comfortable with in all the circumstances, rather than getting bogged down by the new requirements during Covid.”
Ms Ogilvie said it could be “quite difficult” with remote working to get an immediate second opinion from a colleague but it was “always good to talk to other people”.
Amasis Saba, chair of the Law Society’s AML taskforce, said electronic identity checks could be a “very useful tool”, and the key thing was to understand how they worked.
“You can’t just point to a website and say it told me that it was OK to take on the client.”
He suggested asking clients to take a photo of their passport together with a selfie holding that passport up to their face, rather than a video.
Mr Saba added that staff screening should focus on those presenting the highest risk, such as compliance and accounts staff and anyone with ‘super-user’ access.