AML and Compliance Update
It has been an exceedingly difficult year for many law firms due to the sudden and dramatic impact of Covid-19. Recent events have certainly been a test for all firms’ business continuity plans, and firms without adequate backup systems in place will certainly have been hit the hardest.
For many firms, the last few years has seen a clear shift towards “paperless” or “paper light” working. This has been achieved by making better use of case management systems, cloud based storage and the ability to work remotely. It is likely that firms that have embraced these new ways of working will have been better placed to deal with the sudden and far reaching changes that we have recently experienced. Although remote working has clearly shown its benefits it does also bring with it inherent risk; particularly in relation to supervision and dealing with client due diligence and anti-money laundering (AML) obligations.
Throughout the Covid-19 crisis guidance has been issued by both the SRA and Law Society on how best to deal with the new challenges. In part, this guidance has been focused on dealing with AML obligations. Something that has been very apparent is that no matter how difficult this may become it is a statutory obligation and firms must continue to deal with it properly.
The strong stance by the SRA in relation to AML compliance continues the position that they have adopted in recent years. This has been demonstrated by:
- A series of thematic reviews looking at AML compliance.
- Desk based reviews of firms risk assessments.
- The formation of a new AML Team to deal specifically with AML compliance issues.
- An increase in the 2020 – 2021 budget for AML supervision and compliance related activities.
- The intention to visit all “high risk” firms on a three year rolling programme.
- Increased inspection visits to “low risk” firms.
- The intention to open an office in Wales.
- An increasing level of disciplinary action against firms relating to AML issues.
It is clear that at least in part the SRA’s proactive approach to AML compliance has been driven by the formation of the Office for Professional Body Anti-Money Laundering Supervision (OPBAS) in 2018. OPBAS is a new regulator set up by the government to strengthen the UK’s AML supervisory regime with the intention of ensuring that professional body AML supervisors, such as the SRA and CLC, provide consistently high standards of AML supervision. The SRA therefore have someone looking over their shoulder to make sure that they are looking over yours!
It is therefore important that all firms ensure that their approach to AML compliance is appropriate and fit for purpose in the changing times in which we now find ourselves. In part this will include:
- ·Making sure risk registers, compliance plans and risk assessments reflect the recent changes.
- Ensuring that AML policies and procedures are up to date and compliant.
- Where necessary, changing the way that client due diligence is dealt with. This may include increased use of electronic systems.
In addition to the AML related issues brought about by the changes to working practices, consideration should also be given to the information security risks that these have created. This may be due to more people working from home, and also an increase in the amount of information being sent electronically within firms. This can give rise to issues relating to the physical security of paper files and documents as well as electronic security. One of the key obligations that applies to both AML compliance and information security is supervision and how this can be most effectively dealt with.
The requirement for adequate supervision is two-fold as it applies to general supervision relating to compliance and the provision of an appropriate level of service, and also in relation to AML. It is generally accepted that one of the most useful supervision tools is regular file reviews as they provide an insight into what is really happening within a firm. The Money Laundering Regulations (MLR) 2017 include a requirement for an independent audit function. Recent Law Society guidance has stated that all firms within scope of the regulations should perform independent monitoring of their AML arrangements. That monitoring “needs to include an element of file review” as the firm needs to assess the adequacy of their AML policies, plans and controls.
If you require any help or assistance with any of the issues raised in this article then please contact cpm21: https://cpm21.co.uk/Contact-CPM21
We will also be delivering online training on the 18th August 2020 in relation to AML matters. If you would like more information in relation to this, or to book a place, please contact us.