Amy Bell Q&A: your compliance questions answered
Someone who knows how important compliance in the legal space is, and what a robust and effective programme looks like, is industry advisor to Encompass Amy Bell.
An experienced Compliance Consultant, she is director of Teal Compliance, where she helps firms adapt to the changing legal landscape by supporting everyone in a firm to understand compliance and how to apply risk management principles to improve client service and deliver efficiency.
Amy is also a current member and former chair of The Law Society’s Money Laundering Task Force, and, through her years in the industry, has become a crucial source of knowledge and advice.
That knowledge was put to use when Amy took part in a question and answer session for Encompass, tackling queries on key topics.
Delving into subjects including ongoing monitoring and risk assessments, Amy offered her expertise on day-to-day issues, as well as looking ahead and sharing what firms should be thinking about and prioritising when they are planning for the year ahead.
Take a look back at the session through a recap of the Q&A below…
Who takes responsibility for ongoing monitoring and at what point in the customer relationship this is conducted, reviewed and agreed?
The relevant person is responsible for ongoing monitoring of the customer relationship. This is usually going to be the fee earner who is dealing with the matter.
In some firms there is a client partner – someone who has the main relationship with the client, but, if there are other lawyers working on their matters, it is important to make sure everyone communicates any changes that they become aware of (such as a change of beneficial owners). Sometimes I find that everyone assumes the client partner will know about changes, but that’s not always the case.
Regulation 28(11)(b) requires a system of regularly reviewing information to ensure it is kept up to date. It would be for the firm to decide what “regularly” means, but some firms set a timescale based on risk, the higher the risk, the more frequently they review the client relationship.
How do you gain buy-in from the wider team (particularly from Partner level) as they introduce new review processes across the business?
Such a good question.
Processes are in place to protect the firm, including the Partners. There needs to be clear support from the leaders of the business. The key message is that compliance is important, and particularly in law firms – if not here, then where?
The systems can save time, which is one of the benefits of the Encompass platform, and in turn money, and those are important considerations but by far the most important one is compliance is important and not optional!
What are the pros and cons of automating the client due diligence (CDD) process?
Conducting CDD is a time consuming process. Automation can allow firms to realise significant time and cost efficiencies. Encompass often helps reduce KYC execution time by as much as 80% allowing lawyers to get started quicker.
One of the things I really like about the Encompass platform is that firms can exercise greater control over how the KYC process works, by having an automated “policy” or process that is consistently applied.
As with anything, technology is part of an effective solution. You will still need some human interaction with the information which is provided to complete the process.
on demand webinar
Aligning customer and vendor due diligence through technology
How can firms feel confident that the processes and frequency of checks that they are implementing are sufficient to be compliant?
The regime is risk-based, meaning that the approach can be tailored to meet the needs of the business. The firm should have a risk assessment which considers the particular risks faced by a firm. The CDD processes which are implemented should reflect both the firm’s identified risks, and the fee earners’ risk assessment of each matter.
If the costs of CDD are particularly high (e.g. overseas company searches or independent EDD reports) can these be charged to the client with consent and an explanation of the likely costs?
In my opinion, and for SRA regulated firms, as long as you are transparent with the client, you can charge whatever they agree to pay. There is mention in the current SRA code of conduct of not advertising overheads as disbursements, but there is nothing to stop a firm charging for the activities as professional fees.
Is there any obligation to re-verify a client’s ID if it has previously been satisfactorily verified and there are no concerns?
The regulations say (Regulation 27(8)) a relevant person must apply CDD measures at appropriate times to existing customers on a risk-based approach, or if they become aware of a change.
Many firms have a policy that states they will rely on existing CDD unless there is a gap in instructions, (typically I see three years), or they become aware of a change.
I think the issue is how does a firm “become aware” and what is required by way of investigation.
I have always preferred to have a “shelf life” for the information, after which I would re-verify the client ID – but that’s just me. Each firm needs to come up with their own risk-based policy.
Should you collect ID&V for all directors of a corporate client or just the one’s instructing?
Regulation 28(3)(b) requires the relevant person to verify the full names of all of the directors. This does not necessarily mean the equivalent of ID&V for them as an individual. That said many firms still ID&V at least one director in the same way as you would an individual.
Key differences between an MLRO and MLCO obligations?
The MLRO receives reports as required by POCA, the MLCO is responsible for compliance with the Regulations. They can be the same person, and for SRA regulated firms it is technically with the COLPs job to perform the MLCO role.
What are the differences between source of funds and source of wealth?
Source of funds is information about the money being used for the transaction, source of wealth is where it came from.
Here is the link to a webinar I recorded with Encompass which provides much more info than I can put in a comment.
on demand webinar
Source of wealth, source of funds
anti-money laundering compliance for law firms
What happens if CDD has not been completed but a matter has progressed/completed – does this need to be reported?
If by reported you mean in a SAR, then no, there is no defence available for failing to comply with the Money Laundering Regulations, unless you are suspicious about the matter (and lack of CDD).
In an SRA regulated law firm this may need to be reported to the COLP, who may consider whether it is a material or serious breach of the code.
Should you corroborate that the source of funds information provided by your client matches the actual source of funds coming into client account in all transactions?
This is very difficult to do. I have clients who do, but I think the decision to do this will depend on the firm’s risk assessment. In the future, when banks are able to provide more information about payments, I’d hope to see this done more routinely.
What CDD can/should you undertake on any identified third party payments and or cash payments – if a third party pays funds on behalf of our client what should you do?
There is nothing specific in the regulations about this, but the current Legal Sector Affinity Group Guidance at 12.4.2 provides some guidance.
Do I have to do a matter risk assessment for every matter?
If you look at Regulation 28(12) (a2), it does say the ways in which the person complies with their obligations to carry out CDD includes an assessment of risk of each matter, so I think, if you’re doing regulated activity or transactional work, the answer is going to be yes.
What will the impact of 5MLD be on regulated firms?
At the beginning of next year, the UK is likely to implement 5MLD. To be fair, 5MLD really is focusing on issues outside of the legal sector – around cryptocurrencies and pre-paid cards – but I think there will be some impact on firms, particularly if they act for Trusts, in terms of the new Trust Registers.
I think the main thing that people need to be thinking about as we go into 2020 is how we make sure we can demonstrate compliance with the regulations. We’re moving into a phase where the regulator will want to check that you’ve got everything in place that you should have – so you really need to be regulator ready.
Is approved guidance likely to be in place prior to January 2020?
I think, with Brexit, it’s very clear that the government is quite preoccupied at the moment, so I wouldn’t be surprised if we see the regulations quite late in the day and quite close to the 5MLD implementation time. That means it’s going to be challenging for any regulator to be able to get their guidance approved by Treasury – the process does take quite a while – but hopefully there will be some draft guidance out in time for firms to get ready to comply.
about Amy Bell
Amy worked for many years as a solicitor before moving into compliance and eventually launching her own firm. A leading figure helping law firms adapt to the changing legal landscape, Amy is also the author of The Law Society’s Elearning and Toolkit on the Bribery Act, and current Chair of their Anti-Money Laundering Task Force.
Amy specialises in AML regulations mainly professional services and runs ABC Consultancy.
Connect with Amy on LinkedIn.
Encompass’ intelligent process automation conducts live document and data collection, analysis and integration from public and premium sources to bring transparency to complex corporate structures and ultimate beneficial ownership, delivering the most accurate and complete KYC on demand.