The Solicitors Regulation Authority (SRA) made 20 suspicious activity reports (SARs) to the National Crime Agency in the past year, relating to solicitors handling £149m of potentially criminal funds.
Its supervision activity showed some improvement in law firms’ compliance but still identified plenty of non-compliance.
The regulator’s annual anti-money laundering (AML) report recorded that it conducted 163 inspections and 109 desk-based reviews, as a result of which 140 firms were taken from partial to full compliance. Only 22% of firms were fully compliant.
The 20 SARs to the National Crime Agency were half the number of the year before.
The SRA also looked at the quality of SARs made directly by the law firms it inspected – on average, firms submitted two defence against money laundering (DAML) SARs and one information SAR.
“Our findings after one year have not been indicative of significant quality issues in SARs submitted by firms. Most of the SARs we reviewed (from 36 firms) were written in a comprehensible manner…
“Our most consistent finding (in 66% of SARs) is that firms did not include glossary codes in their SAR narratives as recommended by the NCA. The inclusion of glossary codes helps triage SARs to the correct area of law enforcement.
“A quarter of DAML SARs firms did not describe the criminal act that they were seeking a defence against. This demonstrates a lack of understanding around the purpose of DAML SARs.”
There were 51 “enforcement outcomes” – eight referrals to the Solicitors Disciplinary Tribunal and 43 internal sanctions imposed by the SRA, the latter compared to just 16 the previous year. It issued 29 fines, totalling £287,000, as well as letters of advice, rebukes and warnings.
The SRA attributed the increase to firms failing to respond to the demand it made of all 6,500 practices within the scope of the AML rules to declare they had a compliant firm-wide risk assessment.
Most of the other cases related to conveyancing or poor customer due diligence, mainly inadequate identification and verification of clients and source of funds checks.
Although there had also been an improvement in firm-wide risk assessments, “there are still a very significant proportion of firms with [assessments] that are not compliant, so we would urge firms to review and update this key document.”
The SRA called in 224 assessments to review, although four firms did not have one, which led to an investigation referral. Of the 220 it reviewed, 113 were compliant (51%, compared to 41% in 2020/21), 91 partially complaint and 16 non-compliant.
It went on to look at client/matter risk assessments. Of the 1,325 files reviewed, 20% did not contain one, again leading to a referral for investigation. A similar proportion did not reflect the firm-wide assessment, 30% did not clearly show when enhanced due diligence was necessary, and 42% were “ineffective”.
“In some cases, firms had a template matter risk assessment form, but this was not being completed correctly, or even used at all. Many of the forms we saw were very basic and tick box in nature, where fee-earners only had to mark whether a file was high risk, medium risk, or low risk.
“Often, these forms did not feature any commentary or justification where the fee-earner could input how they had arrived at the risk level.
“Similarly, many forms we looked at failed to set out high-risk factors, which fee-earners need to consider when assessing the level of risk.”
More than half (58%) of the 224 AML policies reviewed needed improving. These are meant to set out the measures staff should take to protect the firm against money laundering. “This is another area where firms must be doing more.”
For example, the need to inform Companies House of any discrepancies in its information about beneficial ownership was absent in 46% of the AML policies, while 26% failed to mention what steps a fee earner should take to make sure their client was not subject to financial sanctions.
“This finding is concerning, given the importance of the financial sanctions regime, and its prominence in the media over the reporting period,” the report said.
The SRA was “concerned to see a number of firms had not updated their AML policies recently” – 15% of them did not reflect the firm-wide assessment, “suggesting the firm had failed to put in place mitigating actions for the risks they identified”.
“We also found a tendency for firms to use ‘off-the-shelf’ AML policies, which had not been tailored to the firm and/or were not being applied in practice by fee-earners.”
The AML regulations require firms to undertake an independent AML audit where appropriate to their size and nature,
Half of the firms the SRA inspected during the year had not done so, of which the SRA deemed that nearly half should have done. Firm size and number of offices were the main reasons.
“One firm we inspected had relatively few fee-earners. They felt they did not need to carry out an audit for this reason. We disagreed with this view as the firm carried out work in higher-risk areas, often for high-net-worth individuals, such as cross-border transactions and high value property purchases.
“Given the high-risk nature of the firm we decided that an independent audit was necessary.”
SRA chair Anna Bradley said that while most firms took their responsibilities seriously, “a small minority” did not.
“In the last year we have seen a polarisation of the outcomes from our proactive supervision with more firms being assessed as either compliant or not compliant and fewer firms being assessed as partially compliant.”