AML Compliance update: How to avoid unnecessary fines and reputational damage according to Osprey Approach
The latest annual AML Report from the Solicitors Regulation Authority (SRA) makes for sobering reading. Despite the 2017 Money Laundering Regulations having been in place for six years, almost a third of law firms are failing to get the basics right, leaving themselves open to large financial penalties.
In response, the SRA has brought enforcement action against a combined total of 47 firms and individuals over a 12-month period. Just last month, a prominent South-West law firm was fined over £100,000 for failing to act over money laundering ‘red flags’ on three property transactions.
The SRA recently warned that it may need to get tougher on routine non-compliance and is weighing up whether to extend automatic fines to other areas, including failure to complete mandatory AML and diversity data returns, which could attract fines of up to £25,000.
To avoid financial and reputational damage, firms must review their existing processes to ensure the fundamentals are in place to mitigate risk. Read on to discover the tools and best practices you need to implement to avoid the common pitfalls most SMEs face from compliance experts at Teal Compliance, the ILFM, and The Law Factory.
Client and matter risk assessments falling short
From reading the SRA’s recently published Warning Notice, it’s clear that the regulator is unhappy with firms’ ability to conduct effective risk assessments on clients and transactions. Over 50% of risk assessments checked by the AML investigation team were not compliant with the Money Laundering Regulations.
The SRA highlighted the following risk assessment concerns:
- not completed when they should be and treated as a one-time event, rather than being continually reviewed;
- basic, tick-box based, without the ability for a fee earner to record their risk rationale;
- based on templates, which are not aligned to the firm-wide risk assessment; and
- reliant on complex risk-scoring systems that are not consistently completed or understood.
The SRA outlined their expectations when addressing AML and completing client due diligence. First, firms must monitor fee earners to ensure the policies in place are being followed. This involves effective training, continuous reviews, and proactive control measures.
The SRA expects firms to record the rationale for the risk rating assigned to a client or matter to complete the audit trail. A record of justification to the rating is expected to show how the decision was made.
It’s important that firms conduct ongoing monitoring on clients and matters to ensure the risk is consistent with the rating given. As new details and information is collected, additional risk assessments may need to be completed and recorded.
And finally, ensure risk assessment templates are tailored to the firm’s policies and enable a comprehensive record of the assessment to be carried out.
How to avoid the common compliance pitfalls
In the last episode of Build Better Habits, series two, our expert panel shared their best digital practices and habits for avoiding the common compliance pitfalls they see daily in SME firms.
Amy Bell, from Teal Compliance, Karen Edwards at the ILFM, and Alex Simons from The Law Factory shared the top three habits all firms should adopt to mitigate risk; we’ve listed four top tips and effective legal software tools to help your firm combat money laundering. Access the best practices for staying AML compliant in this free article here.
Amy Bruce is head of marketing at Osprey Approach, which provides an all-in-one legal practice, accounts, and case management software solution to UK SME law firms. With over 30 years’ experience in the legal software sector, Osprey’s software solution and dedicated partnership helps make running a law firm easier.