Coronavirus has not prevented the Solicitors Regulation Authority (SRA) from continuing its review of law firms, in a number of cases auditing remotely. Nor has it changed firms’ obligations under The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR).
It follows, that if firms have, out of necessity or practicality, adapted their compliance procedures, for example by conducting verification by video conferencing such as Zoom or Teams, or using biometrics, a risk-based approach is still required, and notes of deliberations, reasoning and decisions on the firm’s approach must be kept. The SRA has published a coronavirus update covering Help with common compliance queries, which includes a section on Client Due Diligence and ID checks and we mentioned the Legal Sector Affinity Group (LSAG) Advisory Note: COVID-19 –and preventing Money Laundering/Terrorist Financing in Legal Practices in our May 2020 Risk Update.
The SRA has also been active in prosecuting those who breach the MLR, and two cases in the Solicitors Disciplinary Tribunal (12071.2020 and 12084-2020) have identified issues which apply to firms of all sizes.
The need for appropriate Customer Due Diligence (CDD) was emphasised: in one case, the respondent did not obtain certified copies of identity documents, and did not obtain complete identity documents from all the directors; a driving licence appeared to show tape marks to the left of the digits and the passport photo was not central to the photo box, with the neck of the person in the photo going outside the bottom of the box, and the person in the photo not appearing to have any shoulders. In the other case, a document had been signed by an unnamed notary in the Isle of Nevis.
The agreed outcome in one case noted that the MLR require ‘ongoing monitoring of a business relationship’ (see regulation 28 (11)) and ‘scrutiny’ to ensure that the transactions are consistent with the source of funds and nature of transactions in the context of the customer’s business and risk-profile. The agreed outcome in each of these cases noted –
‘The word ‘scrutiny’ is important to underline. The Regulations do not require a superficial check or even an averagely comprehensive check, rather they require scrutiny – which implies a critical, probing examination or exploration and it is submitted clearly places importance on the level of ongoing monitoring expected.’
Other breaches identified include failure to have a firmwide risk assessment, failure to train staff, failure to identify clients as Politically Exposed Persons (PEPs), failure to apply enhanced CDD measures and enhanced ongoing monitoring to PEPs, and failure to maintain adequate client records.
We have audited many of the larger UK and US firms under regulation 21 of the MLR, including remote audit. Even those firms which may strictly not require an external audit may wish to consider how they can prepare for an SRA visit. The SRA has proposed visits to all firms which they perceive as high-risk on a three-year rolling basis, along with visiting a sample of lower risk firms.
Fraud continues to be a significant concern. The Law Society has issued an updated Practice Note on Property and Registration Fraud, and the SRA has published a thematic review entitled Investment Schemes That Are Potentially Dubious.
Our News page, www.legalrisk.co.uk/News, contains links to the guidance referred to above, and to recent HMRC guidance for Trust and Company Service Providers (TCSPs) in carrying out risk assessments, the HM Treasury AML and CTF Supervision report 2018-19, JMLSG guidance on pooled client accounts and the latest Basel AML Index ranking money laundering and terrorist financing risks around the world. Further materials are on www.legalrisk.co.uk/AML.