Anti-Money Laundering (AML) July 19

We commented in our May 2019 Risk Update on the thematic review by the Solicitors Regulation Authority (SRA), 26 of the 59 firms reviewed having already been referred for disciplinary action. We have advised many firms on disciplinary action arising from AML breaches, as well as on compliance, including policies, controls and procedures, risk assessments and audits.

Money laundering is a priority risk for the SRA which has now launched its #staySHARP campaign. Not every firm has to have an inde-pendent audit under Regulation 21 of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. However, with another 400 firms now under SRA review, even firms which are not required by law to have this may want peace of mind and assurance which an independent audit can provide, rather than rely on an internal review which may be tan-tamount to ‘marking their own homework’. As we are practising solicitors, our advice will generally attract legal professional privilege, in contrast to non-practising solicitors, accountants and consultants.

There have been two important publications since our May Risk Update –

  • Anti-money laundering: the SARs regime –Law Commission report;
  • Financial Action Task Force (FATF) Guidance for a Risk-Based Approach for Legal Professionals.

Links are on www.legalrisk.co.uk/News.

The Law Commission report recommended retaining the SARs regime, creation of an advisory board and provision of advice to theprofessions, a prescribed reporting form using technology, and limiting the scope of the reporting obligation to exclude reportson ‘technical’ breaches. Legal Risk partner Sue Mawdsley participated in the symposium held by the Law Commission in July 2018.

The FATF guidance contained little in the way of surprises following the consultation paper of February 2019. It should however be one of the documents to be considered when preparing the firm’s risk assessment.

Conflicts – July 19

We recently defended successfully a complaint against a law firm to the SRA made by an opponent in litigation alleging that our clients had a conflict of interests.

A recent case on this point, FBME Bank Ltd v Dangate Consulting Ltd, involved an unsuccessful application by the defendant for an order that the Second and Third Claimants’ solicitors cease acting due to an alleged conflict with the First Claimant. Unless the Court is given cogent evidence of a conflict, it should and does trust solicitors to police their own professional obligations. In any event, the Court does not have the means to look into privileged communications as the SRA would do if, after a full trial, the trial judge thought that there was something meriting the regulator’s attention. If any conflict did arise, though one was not found, on the facts it would have been historic, because the solicitors were no longer acting for the First Claimant.

Note that the Court of Appeal decision in Hood Sailmakers Ltd v The Berthon Boat Company Ltd was not cited. Both decisions can be found on www.legalrisk.co.uk/Conflicts.

Help! I’m a new Compliance Officer/MLRO…

As people move on, many firms are having to appoint people to roles in anti-money laundering (AML) and compliance who may feel that they are walking on a tightrope, not having been involved since the start of the compliance regimes which apply to Money Laundering Reporting Officers (MLROs), Money Laundering Compliance Officers, Compliance Officers for Legal Practice and Compliance Officers for Finance and Administration.

We provide mentoring and support to many in this position (and many experienced compliance officers and MLROs too) across a wide spectrum of firms, with legally privileged advice from practising solicitors who have all been involved in advising law firms over many years, even before the compliance regimes commenced. When a difficult decision is called for, the chances are that we have seen it before and can help cut through the process to answer questions such as ‘Do we have to report?’, ‘Can we carry on acting?’ or ‘Do we need to appoint a separate Money Laundering Compliance Officer?’

Data protection

The Information Commissioner’s Office (ICO) published GDPR: One year on. Regulatory priorities going forwards include a number which may impact on law firms to varying degrees -cyber security, artificial intelligence and machine learning, and (depending on their client base) freedom of information.

The ICO has also published its Audit Report on the Legal Ombudsman (LeO). This contains some potentially useful pointers for law firms. The issues identified included –

  • physical security in LeO’s main office and their third party document storage,
  • failure to dispose of records in accordance with their document retention schedule,
  • lack of a data flow map recording all processing activities,
  • deficiencies in information asset registers,
  • lack of assurance from their IT provider in relation to network management, including anti-virus and anti-malware protection, and
  • training deficiencies.

We advise many firms on data protection issues, including data breach reporting. Causes of data breaches remain unchanged –letters in the wrong envelope (including two letters stuck together), files left in taxis and emails sent to the wrong person. An illustration of the dangers of email autofill addressing appears in the case of Advertising Standards Authority Ltd v Mitchell[2019] EWHC 1469 (QB).

Links to the above documents here www.legalrisk.co.uk/news.

Back To Top Download PDF Publication