With law firms amongst the highest at risk of exposure to money laundering, terrorist financing and wider financial crime, there is constant pressure on the profession to do more, be more vigilant and keep abreast of the latest developments and expectations in a regulatory landscape which has to continually adapt and evolve.
The SRA is conducting an extensive and ongoing programme of investigations into firms’ AML compliance in practice which includes desk-based reviews as well as targeted, in-depth site visits. Action is taken and fines levied against firms who are not addressing their obligations properly.
Regulation 21(1)(c) of the Money Laundering Regulations requires firms to have an ongoing independent audit function. This was highlighted further by the Legal Sector Affinity Group (LSAG) guidance published in January 2021 which states “The practice must conduct an independent audit of the adequacy and effectiveness of its AML policies, controls and procedures.” SRA guidance issued in November 2021 following a thematic review of firms’ AML governance recommends stress-testing a firm’s AML regime to identify weaknesses and goes on to say that a mock regulator’s visit is an innovative way of keeping check on a firm’s AML procedures.
We have undertaken audits of a wide cross-section of firms and continue to work with our clients to ensure their policies, controls and procedures are effective and enable them to address regulatory requirements with confidence.
We often find that practice wide risks assessments have not been properly carried out or updated and policies and procedures not reviewed or ever put to the test. Not all fee earners complete client/matter risk assessments and many lack the necessary understanding of how to apply CDD, enhanced CDD, identify and deal with PEPs and establish source of funds and wealth and carry out ongoing monitoring requirements under the sanctions regime.
Depending on a firm’s specific circumstances and requirements, our independent audit typically starts with:
- a review of your firm’s practice wide risk assessment;
- a review of your firm’s existing policies, controls and procedures as required by Regulation 21(1) (c);
- a review of the effectiveness and practical application of your systems, controls and procedures in practice through a review of a sample of client matter files;
- interviews with your MLRO, MLCO and selected staff
We further assist firms by:
- drafting your practice wide risk assessment (or supplementing the existing document where necessary);
- drafting your policies, controls and procedures (or supplementing existing ones where necessary);
- conducting regular independent file reviews to continually test the effectiveness of your systems and controls as required by Regulation 21(1)(c);
- training your MLRO, MLCO and relevant staff at all levels.
We provide advice and guidance on:
- client engagement and due diligence procedures;
- suspicious activity reporting;
- record keeping;
- employee screening;
- responding to law enforcement requests.
We have already assisted a number of firms to successfully negotiate SRA desk-based reviews as well as in-depth site visits.