Law firms have been warned they must do more to properly assess money laundering risk after a report last week identified 1/3 of firms are still not fully compliant with their obligations. The scale of non-compliance has forced the Solicitors Regulation Authority (SRA) into issuing a warning notice to “remind the profession of its obligations and warns that fixed financial penalties for AML systems and controls failings will be reviewed in the next year.
The warning notice says it is designed to help firms “understand (their AML) obligations and how to comply with them,” going on to say
“The money laundering regulations have been in force since 2017.
“Despite this, we continue to see a persistent level of non-compliant client/matter risk assessments, and this remains an area where improvement is necessary. This was first raised as an issue in our 2019/20 report when we found 29 per cent of files had no written matter risk assessment. In our last reporting period (2022/23) we found 51 per cent of the client/matter risk assessments were deemed ineffective.”
One of the key issues identified in the report is the continued failure to properly assess risk at a client, matter and firm level. Assessing the risk will inform the correct level of client due diligence to apply, as well as any relevant ongoing monitoring. In their report the SRA has identified a number of common issues including
- No identification of client and/or matter risk level (high, medium, low), or a tick-box approach without giving any real thought to the risks involved
- Client and/or matter risk assessments not reflecting or taking into consideration the firm-wide risk assessment. For example, a fee-earner assessing a conveyancing matter as being low risk when the firm-wide risk assessment stated all conveyancing matters should be treated as high risk
- Failure to clearly identify circumstances when enhanced due diligence was necessary
The warning notice also raises the risks associating with using templated documentation without tailoring them to their own circumstances and processes. While the SRA suggest it is “comfortable with firms using a template as an initial starting point,” it must be relevant and specific to the firm and aligned with their client and firm risk profile. The latest AML Report identified almost half of firms do not update the AML policies annually, often referring to outdated legislation or government agencies.
The SRA does have a client matter risk template for firms to develop their own assessment from and encourages COLPs and those responsible for AML to review the guidance provided on how to develop the template further.
As part of the annual review the SRA visited 30 firms and all but two had a process for client/matter risk assessments. A large portion of the 28 however were only partially compliant with regulations because their process wasn’t properly used. Most firms visited considered client and matter risk together in a single document, but failed to complete them comprehensively. One firm’s assessment of risk was limited to client risk only, and three firms’ risk assessment processes were limited to considering matter specific risks.
The review looked at the systems firms use to assess the money laundering risk posed by clients and services. And while the vast majority of firms were aware of the need to have an individual assessment and had a process in place to deliver one, in practice many of these did not properly identify and manage risk. The failure to provide a clear audit trail was also an issue identified by the SRA.
SRA Chief Executive Paul Philip, said
“Solicitors play a key role in keeping money launderers out of legal services. Assessing, and acting upon the risks posed by work in scope of the money laundering regulations is a vital part of fulfilling that role.
“What’s clear from our thematic review is that firms are well aware of what is required of them, but aren’t getting it right on the ground. That’s why we’ve published a warning notice, to remind the profession of its obligations.
“There were also examples of both good and bad practice brought out by the review. We’ve brought those together with a template as a ‘starter for ten’ and other support materials to help firms develop compliant risk assessments, which will help them manage their risk.”
The full thematic review is available on the SRA website alongside supporting materials, templates and further guidance.