The annual anti-money laundering (AML) report from the Solicitors Regulation Authority (SRA) revealed that, while most solicitors and law firms are taking their AML obligations seriously, a “small minority” are not yet doing enough to fight economic crime. In response, the regulator has called on those firms “to take your obligations seriously and play your part”. It also warned that, as it increases its inspection and desk-based review supervision, “now is the time to put your house in order”.
Having carried out 163 inspections and 109 desk-based reviews of solicitors and law firms, here are some key findings from the report.
The legal sector is a key target for money laundering
We all know criminals are interested in the profession. Still, the SRA states that while most firms work hard to combat money laundering (and a very small number knowingly cooperate with criminals), some get involved unknowingly.
Typically, solicitors fall victim to money laundering in the following ways:
- Criminals are using the proceeds of crime to buy houses to live in, rent or sell
- Criminals are setting up shell companies or trusts
- Criminals seek to misuse law firm client accounts to ‘clean’ dirty money
- Solicitors are failing to carry out proper due diligence, including sufficient Source of Fund (SoF) checks
- Law firms are failing to train staff to spot and report potential money laundering adequately.
Types of reports received, and actions taken
In 2021/22, while 70% of firms were either partially or fully compliant with their AML obligations, 252 money laundering-related reports were made. Such reports can come from various sources, including the media, legal professionals, and consumers. The SRA also receives intelligence from the National Crime Agency (NCA) and other law enforcement bodies. Furthermore, it can make its own reports should it identify a potential breach (e.g., during an inspection).
The most significant reasons for the AML reports were:
- Failure to carry out/complete initial CDD (49 reports)
- Failure to carry out a money laundering risk assessment (40 reports)
- Failure to carry out a source of funds check (39 reports)
- Failure to identify client (28 reports)
- Failure to have proper AML procedures (26 reports).
- The SRA can take action against solicitors or firms for failing to comply with AML regulations. In 2021/22, it issued 29 fines, totalling £286,976 for such failures.
The SRA refers more serious breaches to the independent Solicitors Disciplinary Tribunal (SDT) as it has powers that the regulator does not. In 2021/22, eight money laundering-related cases were referred to the SDT. Of these, five firms were fined a total of £92,500, while three reports resulted in suspension.
Of the 51 enforcement outcomes concerning money laundering, around 50% were issued for failing to respond to the SRA and its requests for information/declarations. The rest related primarily to the “buying and selling of property and poor customer due diligence (CDD).” In particular, the SRA highlighted failures regarding adequate ID and SoF checks.
Other identified issues included:
- Failures to apply enhanced customer due diligence (EDD)
- Failure to have a firm-wide risk assessment (FWRA) or having a FWRA that was inadequate
- Poor policies, controls and procedures
- Failure to notify the SRA of the appointments of money laundering reporting and compliance officers or seeking approval as a manager (BOOM)
- Failing to have sufficient regard for issued warning notices and red flag indicators in transactions.
As well as receiving reports, the SRA submits suspicious activity reports (SARs) regarding money laundering to the NCA. In 2021/22, it made 20 such reports. As in other years, property conveyancing transactions saw the most reports. In the majority of cases, these were made due to inadequate or no due diligence or SoF checks. According to the SRA “many of the transactions bear multiple red flags and risk indicators which appear to have either been missed or ignored.”
Key themes contributing to AML breaches
As well as setting out the most common AML breaches (and the subsequent consequences), the SRA’s report also identified three reasons for these failures.
- A lack of understanding of the importance of the SRA and its role as a professional body supervisor, and complying with data requests from the regulator
- Inadequate supervision or training of fee earners on firms’ AML policies, controls, and procedures.
- Poor AML policies, controls, and procedures.
- Firm-wide risk assessments are improving
When it came to the firm-wide risk assessments (FWRAs), the SRA was pleased to report an improvement in 2021/22 compared with previous years. It also identified a lot of good practice in this area. However, according to the report “there are still a very significant proportion of firms with FWRAs that are not compliant.”
Of the 224 FWRAs the SRA reviewed as part of its AML inspections and AML desk-based reviews:
- 113 firms were compliant
- 91 firms were partially compliant
- 16 were not compliant
- 4 firms failed to provide a FWRA and were referred for investigation.
The SRA identified several common themes where a firm was not compliant. These included not having a FWRA, providing an alternative document (e.g., an AML policy or operational risk assessment), or not providing a correctly completed FWRA. The SRA also highlighted the importance of regularly reviewing and updating FWRAs.
The regulator also stressed the requirement for robust client/matter risk assessments to prevent money laundering. During the reporting period, the SRA found that 20% of the files it reviewed did not contain a client/matter risk assessment. This is an area that requires improvement.
AML controls are falling short
According to the SRA, 58% of the AML policies it reviewed needed improvement. The SRA also highlighted its concern that many firms still needed to update their AML policies. These policies often “referred to outdated legislation or outdated government agencies”. The SRA warned firms that it “will consider taking further action where AML policies have not been maintained or kept up to date”.
The SRA also warned firms about using ‘off-the-shelf’ AML policies “which had not been tailored to the firm and/or were not being applied in practice by fee earners”.
Fims must carry out an independent audit – or justify why they do not need to
Depending on the size and nature of firms, they must undertake an independent audit (you can find guidance on this here). However, of the 143 firms inspected by the SRA, 51% had not done so; of these, 45% should have. The report stressed that “most firms need to carry out an independent audit. If firms consider they do not need to carry out an audit they will need to justify this” to the SRA.
Firms must ensure they are compliant with the latest regulations and requirements
Looking at emerging risks and areas of focus for the year ahead, the SRA warned firms that, as legislation evolves, they must ensure they are fully compliant. The regulator also highlighted two areas where it sees the most risks relating to money laundering – conveyancing and dubious investment schemes. It warned firms to treat such matters as high-risk when it comes to due diligence and ongoing monitoring. Taking a “risk-based approach to firms and desk-based reviews, to gain a richer understanding of AML systems, processes and procedures in place”, the SRA also promised to help “firms put strong controls in place to prevent money laundering” and bring “enforcement action against firms that are not meeting their responsibilities under the regulations”.
For compliant, intelligent client onboarding™ that will help your firm with its AML obligations in 2023 and much more, contact Minerva today.