SRA steps up supervisory action in the legal sector

Background

Throughout 2020 and 2021, the Solicitors Regulation Authority (“SRA”) has become increasingly focussed on enhancing anti-money laundering (“AML”) standards amongst the legal firms which they supervise.

These years have undoubtedly presented a number of challenges for the sector, including for the SRA, which was limited in the extent to which it could conduct its site visits to support its supervision. However, the regulator remained vigilant and levied fines against six law firms in June 2021 regarding their compliance with risk assessment obligations per Regulation 18 of the UK Money Laundering Regulations (“MLRs”).

Moving into 2022, the SRA has kicked off the year by further solidifying its stance on AML. On 5 January 2022 it published its largest fine to-date to law firm Michon De Reya for committing “serious breaches” of the MLRs. The Firm accepted a total of 14 regulatory breaches and will pay a settlement of £232,500, plus an additional £50,000 which will support the costs of the upcoming SRA investigation.

Looking forward

This latest fine arguably exemplifies a stepwise change in intensity of scrutiny on the legal sector from the SRA and, given the topics and themes identified, it’s likely that more fines may be imminent. One guarantee is that it is critical for the legal sector to place an emphasis on AML and fostering a strong compliance culture.

Regardless of a firm’s size or operating footprint, the obligations in MLRs and expectations of the SRA remain constant. Therefore, to support the development and ongoing maintenance of a robust AML framework, legal firms should look to deploy a suite of well-designed and operationally optimised controls to mitigate the unique and specific business risks which they face. In the below table, we set out examples of AML topics and questions which firms in the sector may wish to consider in light of recent SRA developments:

AML topic	Questions for consideration
Policies and procedures	Do my policies and procedures adequately reflect MLR obligations as well as the most up-to-date guidance published by the SRA?
Governance and oversight	Is senior management actively involved in the AML agenda, and is there strong and consistent ‘tone from the top’? Have I optimised my three lines of defence model to appropriately educate and deploy the business, compliance and internal audit functions to mitigate risk?
Risk assessment	*Business wide* Does my business wide risk assessment (“BWRA”) cover all expected risk factors and control areas, and is it fully documented to articulate the approach taken? Is my BWRA undertaken at regular, frequent intervals? Has the latest BWRA iteration been signed off by senior management? *Customer and matter* Are my customer and matter risk assessments applied consistently? Do they inform the level of due diligence applied to each relationship? Are they undertaken at the start of a relationship and kept up-to-date throughout?
Customer Due Diligence (“CDD”)	Do I have controls in place to correctly capture and screen the names of my clients, as well as relevant parties, at onboarding and on an ongoing basis? Do I use my customer and matter risk assessments to inform the level of due diligence applied, following a risk-based approach? Are CDD records retained as required for 5 years after client relationships end?
Enhanced Due Diligence (“EDD”)	Do my policies and procedures reflect the mandatory EDD measures set out in the MLRs as amended in 2019? Are source of funds/wealth checks (identification and corroboration) well understood and consistently executed as required? Do I provide training and guidance/manuals to my staff to help them to understand how to apply due diligence arrangements for higher risk relationships?
Transaction monitoring and reporting	Do I perform ongoing monitoring of relationships consistently following a risk-based approach? Have I adequately trained my staff on how to identify and escalate potentially suspicious activity?
Reliance	Where I outsource AML controls, do I have suitable arrangements in place to meet my obligations? Have I provided training to business partners on my firm’s AML standards and expectations?
Training	Have I undertaken a training needs assessment to understand which individuals/functions hold roles which could expose my firm to an elevated level of risk, and is tailored training deployed accordingly? Do I continuously monitor training completion rates, and is action taken for non-compliance?

In addition to the specific AML considerations above, the SRA has shown that they remain acutely aware of other areas which are not directly within their regulatory scope, but may present money laundering and terrorist financing risks. For example, its latest fine highlights a common issue in the legal profession regarding customers who attempt to use their account(s) as a banking facility in an attempt to forgo certain money laundering obligations and requirements. This is further exacerbated by the somewhat ambiguous nature of the current SRA guidance whereby activity such as litigation is not captured in scope of the MLRs, whereas other advisory-related activity is. Therefore, firms may easily become caught out when undertaking significant proportions of out-of-scope work for a client who during the relationship requests a single, one-off in scope piece of work.

How can BDO help?

Our industry leading Economic Crime Advisory team has a wealth of knowledge and diverse expertise across all AML regulated sectors, including professional services, financial services, real estate and gaming. By understanding our clients’ unique needs and business models, we can not only help to develop any specific AML controls, but also develop a complete, holistic, and robust AML framework from the ground up, to ensure full compliance with the legal requirements, supervisory expectations, and industry standards.

BDO’s Economic Crime Advisory team work closely with regulated firms in the legal sector to support them with the practical implementation of their anti-financial crime obligations. Our team brings extensive experience in reviewing and helping legal firms to enhance their AML frameworks, including risk assessments, policies and procedures and BWRA. This includes support with respect to the themes identified within the SRA’s latest supervisory action, such as helping law firms to develop and maintain robust customer ongoing monitoring frameworks to ensure that record retention is undertaken accurately and updated on a defined periodic basis. We are also provide bespoke guidance and assurance to law firms with respect to the that the appropriateness of the EDD measures undertaken in line with the complex nature of their client matters.

Our Team also has a track record in the provision of tailored AML training to staff as well as Senior Management, which can be delivered onsite or on a remote-basis. This positions us well to focus specifically on any specific framework gaps as well as our clients’ AML controls across all three lines of defence.

We have a deep understanding of legal business models and the specific environments in which legal practices operate, and our team benefits from members who have previously worked in legal firms and regulatory bodies. This enables us to act as a strategic partner, providing clear advice which is both balanced and constructive.

Please do not hesitate to contact a member of our Economic Crime Advisory team if you have any questions regarding how your economic crime framework can be optimised to meet the expectations of the SRA.