Is your law firm regulator ready? Quick tips for success
I have been working in legal sector Anti-Money Laundering (AML) compliance since 2005 and I’ve never seen a time like it. Regulators are taking a keener interest in the sector’s performance when it comes to preventing money laundering and terrorist financing than ever before.
Visits are on the increase, expectations are raising and disciplinary action is becoming more frequent. Now, I for one don’t believe that we should comply with the AML/CTF regime just in case a regulator is going to check. Money laundering and terrorism is bad; it harms communities, families and the economy. But the fact is, firms are now much more likely to be checked up on, especially if they are engaged in those activities which the National Risk Assessment for AML/CTF flags up, including real estate, trust and company services and operating a client account.
Firms need to make sure they are regulator ready, or face the consequences, including hefty fines. It is important to note that these fines aren’t necessarily being levied for being involved in money laundering or terrorist financing – it is because their compliance programme is weak.
So, how do you make sure you are regulator ready?
- Make sure you have provided the correct information to your regulator about the MLRO, MLCO, the types of work your firm does and complete any declarations they have asked you to.
- Have an accurate and thorough Firm Wide Risk Assessment. Be detailed. Aim for the reader to understand the size and nature of your practice from reading this alone, and without having to look at your website.
- Make sure your policies, controls and procedures are detailed in writing. There is no point having written processes that don’t reflect the practice, so make sure they align.
- Whatever you are asking your staff to do, make sure you are confident that they are. Implement regular testing so you know before they look, because they will look.
- When people don’t comply with your policies or when you end up with suspicious activities, ask whether you need to tweak your policies and procedures. Conduct a root cause analysis of what happened, and ask yourself why people haven’t followed the process or why a client who you reported got through initial risk assessment and due diligence. It might not have been preventable but, usually, this kind of analysis will throw up great ideas for improvement.
- Ask yourself whether you think the number of Suspicious Activity Reports you make is proportionate for your firm. Whilst there can never be a ‘right number, many firms report none per year and law enforcement are concerned that this indicates non-compliance with the AML regime. If you have low numbers that might be fine for your firm’s profile but, if not, consider whether your staff have had adequate training to help them spot issues. Be ready to answer questions on this.
- If you are using technology to assist in your Client Due Diligence (CDD) process, make sure you know how it works. Get training from the provider if not and make sure you keep abreast of any development in the tool.
- Make sure the MLRO and MLCO (if you have one) have had specialist and detailed training. Whilst the law remains relatively static it is important that those role holders remain up to date.
- Make sure all staff have had regular training. The Legal Sector Affinity Group (LSAG) now recommends at least an annual refresher.
- Consider whether you should have an independent audit of your AML/CTF programme.
An overarching theme through all of this is keep notes. Of everything. Every decision you make, the work you have done, your thought process. You will be glad you did when the interview with them comes.