tm blog

The European Union’s Fourth Anti-Money Laundering Directive (EU4MLD) has been implemented into UK law as of 26th June 2017. Relevant legislation includes the Money Laundering Regulations, Policing and Crime Act and the Proceeds of Crime Act. The directive includes fundamental changes to AML procedures at law firms, including changes to Customer Due Diligence (CDD) and a strong focus on risk assessments.

What is changing?

Under EU3MLD and the current Money Laundering Regulations, firms could automatically apply simplified CDD under certain circumstances. Under the new regulations, firms will be able to use these circumstances as a partial justification for simplified CDD only after conducting a documented risk assessment.

Exemption from enhanced CDD is no longer automatic, a decision to apply simplified CDD will need to be evidenced by a documented risk assessment and include PEP and Financial Sanctions screening. Local politically-exposed persons (PEPs) must now be identified and will be subject to the same scrutiny as foreign PEPs. The regulations direct firms to develop risk-based policies, and practitioners to conduct client risk assessments as a part of their CDD.

UK regulations already incorporate a risk-based approach, but the new directive goes considerably further requiring documented client risk assessments.

For law firms this will mean:

• Demonstrating that risk assessments are conducted and kept up-to date, including; clients, countries or geographic areas, products, services, relationships, transactions or delivery channels.

• Policies and procedures that take the firm’s risk assessment into consideration.

• Testing of the internal policies, controls and procedures.

• Training staff in conducting Risk Assessments, CDD and ongoing due-diligence.

• Compliance reporting, electronic and hard copy records management.

Law firms with majority-owned subsidiaries in other countries where the minimum AML requirements are not as stringent, must also implement the same procedures with the subsidiaries. 

Additionally, for all businesses, CDD will be required when trading goods in cash with a value over €10,000 (rather than €15,000).

What can law firms do to prepare?

• Review existing providers of CDD services for compliance with the new regulations.

• Review integrating AML risk assessment and compliance systems to reduce costs, streamline and unify your procedures firm wide.

• Implement staff training.

• Money laundering reporting officers (MLROs) should;

• Perform and document an internal risk assessment.
• Update policies to incorporate Client Risk Assessments, on-going due diligence, documentary evidence and compliance reporting, to reflect the directive.
• Audit and test procedures.

• Policies should be reviewed and approved by senior management.

With thanks to Greg Roach, Director of Searches Group Limited

In line with the changes in UK law in relation to the European Union’s Fourth Anti-Money Laundering Directive (EU4MLD), AML Search v4 will be released soon.

AML Search v4 builds upon AML Search v2's data analytics to include fully automated Risk Assessments, Compliance Reporting, conflict checking, documentary evidence management, on-going monitoring and automated record keeping.

Here, we’ve answered some frequently asked questions to help you understand exactly what these changes and implications mean for your firm:

What do the regulations mean? 

• There is no longer an automatic exemption from undertaking Enhanced Due Diligence

If, like many firms, you simply take a copy of a Client's identity documents, your procedures and processes are likely to have to change significantly to be able demonstrate your compliance with the new regulations and laws. 

The regulations are clear – there is no longer an automatic exemption from undertaking Enhanced Due Diligence, as opposed to Simplified Due Diligence, which has often been carried out by simply obtaining a copy of a Client's Identity documents, for example a Passport and Driving License. 

• Firms will be required to evidence they have identified the Client and screened them against alert sources

After 26th June, you will need to demonstrate compliance by being able to evidence that you have risk assessed clients in accordance with the regulatory requirements. Therefore, clients who would have previously been on-boarded using Simplified Due Diligence must be Risk Assessed, with a minimum requirement of documenting and confirming the Clients Identity and electronically screening them for Financial Sanctions and Politically Exposed Persons (PEP) – including UK nationals.

• Additional requirements for on-going due diligence monitoring

There are additional requirements for the period of time that your firm will have to be able to demonstrate and deliver up to regulators your compliance records in relation to specific clients, on-going due diligence monitoring and how long records may be kept. 

What are the penalties for failing to comply?

The penalties for failing to comply with obligations under the new regulations have been increased. 

In addition to penalties that can be imposed by regulators and other legislation, the Policing and Crime Act 2017 has increased fines up to £1,000,000 and prison sentences from 2 to 7 years; where 'the person has breached a prohibition, or failed to comply with an obligation, that is imposed by or under financial sanctions legislation'. 

Click here for more information about the European Union’s Fourth Anti-Money Laundering Directive (EU4MLD)

How does AML Search v4 support compliance?

• Regulatory Compliance

AML Search v4 has been designed to meet and exceed Anti-Money Laundering compliance requirements including but not limited to;

• Fourth European Money Laundering Directive (EU 4MLD)

• United Kingdom Money Laundering Regulations/Laws

• Joint Money Laundering Steering Group (JMLSG)

• The Law Society

• The Solicitors Regulatory Authority (SRA)

• Financial Conduct Authority (FCA)

• International Bar Association (IBA)

• Financial Action Task Force (FATF)

• Council of Mortgage Lenders (CML)

• Sarbanes–Oxley

• Risk Assessments

Regulations make it mandatory for firms to carry out Risk Assessments on their Clients as a part of their Client Due Diligence (CDD).

AML Search v4 automates Customer Due Diligence Risk Assessments to enable your users to simply and quickly enter Client data, include documentary evidence and carry out a Risk Assessment and Simplified or Enhanced Due Diligence in a few minutes.

• The CDD Record

AML Search v4 introduces a unified view of your Client Due Diligence (CDD). Both Individual (Personal) and Organisations (Non-Personal) CDD records are contained in one fully searchable view.

The CDD record for a Client contains your Risk Assessments, Client Data, Documentary Evidence, and Client Relationships – which aids in your conflict checking and provides a complete audit trail, making it easy to evidence your regulatory compliance.

Click here for more information about AML Search v4 

Are existing AML v2 Searches compliant?

Yes. 

AML Search v2 provides Enhanced Customer Due Diligence Searches which are fully compliant with the new regulations. There are however other changes that you need to consider including how you will carry out Risk Assessments, On-Going CDD, record keeping and reporting in order to demonstrate your firm’s compliance.

Can I continue to use AML Search v2?

Yes. 

It is recommended that you review your Risk Assessment procedures in line with the new regulations. The regulations stipulate that there is no longer an exemption from Enhanced Due Diligence. Therefore, clients who would have previously been on-boarded using Simplified Due Diligence must be Risk Assessed, with a minimum requirement of documenting and confirming the Clients Identity and electronically screening them for Financial Sanctions and Politically Exposed Persons (PEP) – including UK nationals. 

AML Search v2 already provides all of the features for enhanced CDD with the exception of documented Client Risk Assessments which must be carried out manually by firms if using AML Search v2 – AML Search v4 provides fully automated Risk Assessments.

Should I review our Risk Assessment Criteria and Procedures?

Yes. 

There are significant changes in the regulations as to how you are required to Risk Assess your Clients, carry out On-going Due Diligence, how quickly firms must demonstrate their compliant procedures and how long records can be kept.

Why should I upgrade from AML Search v2 to AML Search v4?

AML Search v4 extends the features of AML Search v2 adding robust compliance tools to reduce the time and cost to firms of implementing, maintaining and running compliant AML procedures. 

These include automated Client Risk Assessments, Simplified and Enhanced Due Diligence for individuals and organisations (UK and International). 

This means that you can complete the process of carrying out a Risk Assessment and Customer Due Diligence by running an AML v4 Risk Assessment, ensuring you can demonstrate compliant procedures across all users. 

AML Search v4 also includes your real-time compliance status and reporting, on-going due diligence monitoring, which ensures your client due diligence is always up-to-date, document, file and archive management to ensure you meet the new record keeping criteria.

With thanks to Greg Roach, Director of Searches Group Limited

During July, the SRA published the latest Risk Outlook 2015/16 with an overview of their risk priorities. The identified risks fell neatly into either an internal risk: such as service standards, acting with integrity and standards of service; or external risk: notably bogus law firms, money laundering and cybercrime.

In August, we asked you what you perceived to be the major risks as identified in the latest SRA report.  The findings were startlingly clear as the chart below shows. 

Internal risks

There is no obvious concern with any of the SRA’s ‘internal’ risks, with firms confident in the way they conduct themselves and act with clients, which is probably to be expected. After all it is unlikely that any of these issues would be aired publically in a survey!

External risks

Of the external risks, the primary concern was money laundering, followed by bogus law firms, and lastly cybercrime and security.  Perhaps money laundering, or should I say the prevention of it, may well have a higher profile at the moment on the back of the SRA’s focus on this during the first half of the year.

Bogus law firms

'Bogus law firms' has been identified as a high risk area for around two years now and was identified in SRA Risk Review in 2014. The number of reports to the SRA about bogus law firms continues to increase and so does the number of scam alerts, with 183 issued in 2014 which is up from 97 in 2013 and only 19 in 2012. A worrying trend.

Cybercrime & information security

The final issue of cybercrime and security is perhaps the glue that joins these other issues up. Firms holding client accounts are vulnerable to the risk of theft of confidential data which could lead to the theft of client money held in these accounts. The most common types of cybercrime in the legal sector are 'phishing' emails, cloned websites and the interception of solicitor-client emails.

So rather than viewing these three issues separately, perhaps they can be seen as one with a secure IT system supported by strong processes being the key? Without all three being addressed there will always be a weakness to be exploited.

With cybercrime and fraud on the rise and increasingly sophisticated being used it can feel like conveyancers are in the eye of an increasingly worsening storm. However there are some simple steps and a lot of excellent information readily available to help with these risks.

Practical steps to take

SRA

http://www.sra.org.uk/risk/risk.page
http://www.sra.org.uk/risk/resources/risks-associated-bogus-firms.page
http://www.sra.org.uk/risk/resources/risk-money-laundering.page

The Law Society

The Law Society has published a Practice Note in August, providing advice on what to do should a firm fall victim to a scam.

Searches

To assist firms in complying with the legal and regulatory requirements there are some inexpensive searches available for them to include as part of their conveyancing service, which includes:

• - Making independent verification checks using Lawyer Checker which is only £10 and widely available; and
• - Online AML verification which is readily available, inexpensive, comprehensive and instantaneous and covers UK and International clients from about £4 per name and £10 for commercial checks.

Last month saw the SRA publish their Risk Outlook for Spring 2015 which showed that little - in terms of the risks faced by firms - has changed much since their Autumn Update. The key areas of concern for the SRA remain bogus law firms, money laundering and the misuse of money or assets.

Some the figures associated with these issues are staggering.

In 2014 the SRA received over 700 reports of bogus firms which is the highest ever recorded. In 2013 the SRA received 548 reports about bogus law firms, up from 312 in 2012, so it is easy to see why bogus law firms are now seen as a real risk by the SRA to all sizes of law firms and should the rise in firms reported continue at the same rate in 2015 the figures will be near 1000.

Sadly this is reflected nationally across the whole economy with KPMG reporting a significant increase in fraud cases. There is little evidence to suggest that this trend will decline.

The SRA aim to visit 500 firms to audit their Anti-Money Laundering (AML) processes. Image copyright Images Money.

The SRA are now well into their assessment of a number of firms who are subject to the auditing of their current AML processes. They are aiming to visit 500 firms and their activity has been driven by an increase in reports concerning AML compliance - a handful of cases the likes of which they have not been seen before - as well as pressure from law enforcement agencies.

At a recent conference in March Steve Wilmott, Director of Intelligence and Investigation at the SRA, said that they will be looking at systems and procedures, record keeping, training and the activity of the MRLO at the firm. If they were to visit how confident would you be of passing their inspection?

Another area to feature in the Spring report is the misuse of money or assets.  The report revealed that things have changed little since Autumn with poor financial controls continuing to ‘provide opportunities for financial misconduct to occur.’

Within the update, the regulator states that they have seen recent cases where ‘poor systems and controls have been a factor in the misuse of money or assets’, citing that the root of the problem lies in inadequacies in training and supervision, as well as failure to control access to accounts.

So what can firms do to reduce these key risks? Well there is certainly quite a lot of information and service available which I will touch on.

1. 1. Use ‘Find a Solicitor’ on the Law Society website.
2. 2. Check the SRA website for updates on scam alerts.
3. 3. Make independent verification checks using Lawyer Checker which is only £10 and widely available.
4. 4. Online AML verification is readily available, inexpensive, comprehensive and instantaneous and covers UK and International clients from about £4 per name.
5. 5. Reliance on bank statements, passports and utility bills should be consigned to the past.
6. 6. Use secure search websites that are username and password protected and can provide an audit trail for every case.

Law firms need to be aware of their attractiveness to criminals who seek to launder the proceeds of crime through conveyancing transactions. Image copyright Images Money.

The Solicitors’ Regulation Authority (SRA) is stepping up its efforts to ensure that law firms do not become embroiled in money laundering activity and are compliant with the various regulations and legislation associated with anti-money laundering compliance.

In their Risk Outlook 2014-15, published in July, the SRA highlighted how law firms are an attractive vehicle through which to launder the proceeds of crime, such is the magnitude of funds being transferred by legal practices.