AML: Concern over client and matter risk assessments
Nearly 30% of firms probed by the Solicitors Regulation Authority (SRA) for their adherence to anti-money laundering (AML) rules in the last year were non-compliant, new figures have shown.
They also showed widespread ignorance about the rules around sanctions.
The regulator’s AML annual report, for the year to 5 April 2023, showed that it took enforcement action against 47 firms and individuals, including £137,402 in fines (either levied by the SRA or the Solicitors Disciplinary Tribunal), one individual suspended, and one made subject to controls on their employment.
In the most serious cases, where the SRA suspects money laundering has taken place, it makes reports to the National Crime Agency. In the year, it submitted 24 suspicious activity reports, similar to last year, relating to assets totalling more than £75m.
SRA chief executive Paul Philip said: “Despite most firms taking their responsibilities seriously, we continue to see a significant minority of firms that don’t give preventing money laundering sufficient care, attention or resources.
“As set out in the report, there remains a number of firms that are still not getting the basics of their firm-wide risk assessment (FWRA), policies, controls and procedures, and customer due diligence right.
“The main requirements of the 2017 money laundering regulations have been in place for six years and there is no excuse for firms to be no longer getting the fundamentals right.”
We have reported a steady trickle of firms being fined for not having a compliant FWRA in place and often for having made an incorrect declaration of compliance when required back in 2020. The report said that only 49% of the FWRAs reviewed during the year were compliant.
Around 6,000 firms fall within the money laundering regulations and the SRA received 249 money laundering-related reports to investigate, almost the same as the previous year.
Of the 224 inspections and desk-based reviews it carried out, 43 firms were compliant, 115 partially compliant and 66 non-compliant.
Partial compliance can lead to a ‘letter of engagement’ to bring firms that have a generally good approach back into compliance or a requirement to put a compliance plan in place for those with more issues.
In 68 instances, firms and individuals were referred for investigation and possible enforcement action. “Examples include failure to carry out customer due diligence, no firm-wide risk assessment in place, out-of-date policies or a failure to train staff on the regulations,” the report said.
Officials have identified three key themes that contribute to breaches. First was “inadequate importance” placed on having robust and compliant AML risk assessments, policies, controls and procedures. “This is often because of a lack of attention to this at senior levels at firms,” it said.
Inadequate supervision or training of fee-earners was the second, with the third “having systems and processes that allow events to happen unchecked, such as receipt of funds or moving to the next stage in the transaction (rather than an automated ‘stop’ being put to a transaction until customer due diligence has been completed)”.
The report said an emerging issue was a failure assess risk at client or matter level. “We are seeing that that this has either not been done at all or has been done poorly.
“For example, the risk was not correctly assessed, or a tick-box approach was adopted without giving any real thought to the risks involved. We expect further enforcement outcomes in the coming year on these types of cases.”
A fifth of the 1,245 files reviewed during period did not contain a client/matter risk assessment, while 27% did not reflect the firm’s FWRA. A further 43% did not clearly show when enhanced due diligence was necessary.
In all, just over half of client/matter risk assessments were ineffective, the SRA went on.
“We saw examples where this did not contain a risk rating, the rationale for selecting a particular risk rating was not clear, or the form did not assess AML risks. We also found some fee-earners followed their own risk assessment process rather than the one set out by the firm.”
The SRA has also seen an increased number of cases relating to breaches of the sanctions regime in relation to Russia.
As part of its work on sanctions, the SRA spot-checked 23 firms it identified as having exposure to the Russian market and checked their client lists against that of the Office of Financial Sanctions Implementation.
“Where we identified positive matches, we asked firms to provide details on what steps they have taken. Only one firm was identified as acting on behalf of a designated person without following the appropriate steps.”
A quarter of the AML policies reviewed failed to mention what steps a fee-earner should take to make sure their client is not subject to financial sanctions.
“While this does not necessarily need to be included in an AML policy, firms should record their approach to complying with sanctions somewhere in writing. This finding is concerning, given the importance of the financial sanctions regime, and its prominence in the media over the reporting period.”
The SRA also checked on sanctions compliance as part of onsite AML inspections. It found that 10% of firms did not check whether new clients were designated persons, 47% of firms did not check existing clients and only 20% checked counterparties.
Just one in five firms were aware of the steps they must take should they encounter a designated person.
“There is a strict liability on behalf of firms to comply with the sanctions regime,” the SRA pointed out.
“It is therefore important to check whether new and existing clients are subject to sanctions. Firms should also consider whether counter parties to transactions are designated persons.”
Leave a Comment