If Solicitor firms didn’t already know it before, they certainly do know now about how serious the Solicitors Regulation Authority is about policing the Money Laundering and Counter Terrorism Financing Regulations 2017 (MLR 17). The spate of fines handed out to firms in the first 6 months of this year, as reported by the Law Society Gazette effectively demonstrates this, and we are seeing an increase in AML desktop and on-site SRA audits amongst our solicitor clients. As well as this, the SRA are currently sending out “COLP AML declarations” to firms that will need to be completed and submitted in August 2024.
And the likelihood is that it will not get any easier for firms.
The MLR 17 has a large number of mandatory requirements which need to be implemented, but more than that now, need to be demonstrated to be implemented. Some of these may be relatively straightforward, but others may be more onerous.
One such requirement is Regulation 19(4)(c).
What is Regulation 19(4)(c)?
(4) The policies, controls and procedures referred to in paragraph (1) must include policies, controls and procedures—
(c) which ensure that when new products, new business practices (including new delivery mechanisms) or new technology are adopted by the relevant person, appropriate measures are taken in preparation for, and during, the adoption of such products, practices or technology to assess and if necessary, mitigate any money laundering or terrorist financing risks this new product, practice or technology may cause.
So, as most solicitor firms are already aware, there is a requirement to have written Policies, Controls and Procedures to mitigate the risk of Money Laundering. In these procedures must be a written mechanism to ensure that if any new products, business practices or new technology are adopted, “measures are taken in preparation for and during the adoption of…”
What then does this mean for solicitor firms?
Well, if a firm wants to;
Then it will need to demonstrate that it considered any potential issues that could compromise its ability to comply with its Money Laundering obligations.
How would such demonstration work in practice?
The SRA appear to approve of “risk assessments” given their requirements for Money Laundering, Proliferation Financing and Sanctions Risk Assessments, so that would be our suggested starting place.
To carry out a risk assessment for this purpose would need an analysis of all the client interactions and steps that the new system/technology/business practice would use and consideration of any “vulnerabilities” that it could introduce to a firm that could mean it would not be complying with all of its MLR 17 obligations.
It may be that this activity could be supported by any technology provider working with the firm, however the duty to ensure full consideration and discharge of obligations under MLR 19(4)(c) remains with the solicitor firm and the Money Laundering Compliance Officer.
And don’t forget that there is an obligation to ensure that any new system/technology/business practice is monitored during its lifecycle to ensure that it allows a legal firm to meet its MLR 17 obligations…