The most common AML/CFT breaches by law firms

Despite robust controls, money laundering and terrorist financing pose significant threats to the UK’s economy and standing. In January 2023, The Financial Conduct Authority (FCA) fined the UK subsidiary of Nigeria’s Guaranty Trust Bank £7.6 million for “serious weaknesses” in its anti-money laundering (AML) systems and controls. The legal sector is also at risk, with the Solicitors Regulation Authority (SRA) recently clamping down on firms that “failed to have sufficient regard” for its warning notices.

In December 2022, HM Treasury published its ‘Anti-money laundering and countering the financing of terrorism: Supervision Report 2020-22′. The report, which provides information about the performance of the UK’s AML and countering the financing of terrorism (CFT) supervisors, also looks at existing barriers to an “effective AML system” and admits that reform is needed (although what these reforms might look like is not yet clear).

Crucially, while the report found that there have been “significant improvements in both supervision and enforcement”, it also warned that more needs to be done to ensure the UK’s economy is resilient to those seeking to launder dirty money.

The supervisors

There are currently 22 Professional Body Supervisors (PBS) responsible for AML/CFT supervision for the UK’s accountancy and legal sectors. These include the:

• Chartered Institute of Legal Executives/ CILEx Regulation,
• Council for Licensed Conveyancers
• Faculty of Advocates
• Faculty Office of the Archbishop of Canterbury
• General Council of the Bar / Bar Standards Board
• General Council of the Bar of Northern Ireland
• Law Society / Solicitors Regulation Authority
• Law Society of Northern Ireland
• Law Society of Scotland

Other supervisors cover a range of services such as accountancy, auditing, bookkeeping and notarial.

Common AML/CFT breaches

Across the reporting periods, roughly 8% of the PBS’s supervised population was subject to direct supervisory activity. The most common breaches reported by the PBS were:

• Inadequate documented policies and procedures
• Inadequate customer due diligence (CDD) procedures
• Inadequate enhanced due diligence (EDD) procedures
• No ongoing CDD monitoring
• No periodic review of compliance with money laundering regulations
• Inadequate firm-wide risk assessment
• No or inadequate staff training on anti-money laundering (AML) compliance
• Inadequate record keeping
• Use of third-party policies that were not adequately tailored to the specific firm’s individual risk profile
• Inadequate resource allocated to AML compliance.

The PBS stated that “non-compliance and poor AML procedures were most common with smaller firms and sole practitioners, who often failed to understand the importance of having adequate AML controls in place”. Furthermore, the supervisors found that where a long-standing relationship between a client and firm existed, this often led to insufficient checks and instances of non-compliance.

 Supervisory Reviews

Supervision is a critical regulatory requirement for law firms, and failure to meet obligations can be potentially damaging. One way such failures are discovered is via desk-based reviews (DBRs) and onsite visits. When it came to non-compliance with the Money Laundering Regulations (MLRs), the legal PBS reported that:

• In the 2020-21 period, on average, 12% of those subject to a DBR were given a non-compliant rating. This dropped to 7% the following year.
• In the 2020-21 period, on average, 12% of those subject to an onsite visit were given a non-compliant rating. This increased to 18% in 2021-22.

All supervisors have a range of enforcement tools available to them, including fines, suspension, and referral to law enforcement agencies. Just as detrimental is the likely reputational damage and subsequent loss of business that could result should a firm fail to meet its AML requirements.

The supervisors are required to investigate failures to comply with the MLRs, and to consider using an effective, proportionate, and dissuasive sanction in response. Following a DBR/onsite visit, the PBS took informal action against 21% of their combined supervised population in 2020-21 and against 9% in 2021-22. More formal action was taken against 21% in 2020-21 and against 12% in 2021-22.

The total sum of fines across all PBS in 2020-21 and 2021-22 was £109,015,480 and £503,595,085, respectively. The SRA issued 16 fines in 2020-21 totalling £163,400, and 35 fines in 2021-22, totalling £385,476.

Such fines look likely to increase in 2023, with the SRA already fining one Oxfordshire law firm £20,000 for various “reckless” AML breaches. These failures included an out-of-date and incomplete AML policy, inadequate training practices at the firm, no client or matter risk assessments, the lack of an independent audit function, and an incorrectly made declaration to the SRA (amongst other violations). This is the highest penalty handed out so far by the regulator, but it will be interesting to see what happens next as the SRA’s fining power increased from £2,000 to £25,000 last year. Moreover, in addition to the higher-limit, the Lord Chancellor Dominic Raab, warned that the regulator will be able to issue fines for a broader range of offences.

There are steps firms can take to protect against such penalties. These include staff training to ensure everyone understands the regulatory requirements, implementing a robust compliance system, and employee supervision (including for remote workers). To achieve this, a firm-wide understanding of what good supervision looks like is essential.  Acting as your ‘professional friend’ at Legal Eye, we bring a fresh perspective and constructive approach to continually improving your risk and compliance systems. You can access a range of practical tips for effective supervision in law firms here.

Alternatively, contact us for a detailed review of how we can assist with this important aspect of managing compliance.