We have advised many firms who were concerned about the adequacy of their risk assessments required by regulation 18 of The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017). Their concerns follow the Solicitors Regulation Authority (SRA) request for confirmation by 31 January 2020 that firms who fall within the scope of the MLR declare they have a compliant firm-wide risk assessment in place.
The request is directed to Compliance Officers for Legal Practice (COLPs) rather than Money Laundering Compliance Officers appointed under regulation 21 (1) (a) or Money Laundering Reporting Officers. It also requires COLPs to notify the SRA if anything changes in respect of the information provided in the future. Increased personal obligations on COLPs were imposed by rule 9 of the SRA Code for Firms and this request serves to reinforce that burden.
It is important to remember that AML compliance is a journey, not a destination: compliance does not end with the risk assessment. Policies, controls and procedures need to mitigate the risks identified, and they need to be kept up to date with changes in regulation and best practice as well as changes in the firm’s business as a whole. The interaction between AML and data protection requirements should also be addressed, with particular reference to file destruction policies.
Firms which have until now relied upon generic templates with a tick-box approach for their risk assessments should bear in mind the SRA’s criticisms of these. They may be requested by the SRA at any time and they may therefore wish to consider reviewing them sooner rather than later.
The Money Laundering and Terrorist Financing (Amendment) Regulations 2019 implementing the Fifth Money Laundering Directive came into force on 10 January 2020. The Legal Sector Affinity Group has produced a summary of changes.
However, this did not include changes required to the registration of the beneficial ownership information of trusts. The government is now holding a detailed technical consultation on extending the Trust Registration Service to include the draft legislation and proposals on the types of express trusts that will be required to register, data collection and sharing, and penalties.
Links to these documents are on www.legalrisk.co.uk/news.