AML update: How to avoid common compliance pitfalls and fines
The latest annual AML Report from the Solicitors Regulation Authority (SRA) found that almost a third of law firms are failing to get the basics right, leaving themselves open to large financial penalties.
In response, the SRA has brought enforcement action against a combined total of 47 firms and individuals over a 12-month period. Just last month, a prominent South-West law firm was fined over £100,000 for failing to act over money laundering ‘red flags’ on three property transactions.
The SRA has warned that it may need to get tougher on routine non-compliance and is considering extending automatic fines to other areas, including failure to complete mandatory AML and diversity data returns, which could attract fines of up to £25,000.
To avoid financial and reputational damage, firms must review their existing processes to ensure the fundamental AML practices are in place to mitigate risk. Shared by compliance experts from Teal Compliance, ILFM, and The Law Factory, below are the tools and best practices you need to implement to avoid the common pitfalls most SME firms face.
SRA advice for completing client and matter risk assessments
The SRA’s Warning Notice makes it clear that the regulator is unhappy with firms’ ability to conduct effective risk assessments on clients and transactions. Over 50% of risk assessments checked by the AML investigation team were not compliant with the Money Laundering Regulations.
The SRA highlighted the following risk assessment concerns:
- not completed when they should be and treated as a one-time event, rather than being continually reviewed;
- basic, tick-box based, without the ability for a fee earner to record their risk rationale;
- based on templates, which are not aligned to the firm-wide risk assessment; and
- reliant on complex risk-scoring systems that are not consistently completed or understood.
The SRA outlined their expectations when addressing AML and completing client due diligence. First, firms must monitor fee earners to ensure the policies in place are being followed. This involves effective training, continuous reviews, and proactive control measures.
The SRA expects firms to record the rationale for the risk rating assigned to a client or matter to complete the audit trail. A record of justification to the rating is expected to show how the decision was made.
It’s important firms conduct ongoing monitoring on clients and matters to ensure the risk is consistent with the rating given. As new details and information is collected, additional risk assessments may need to be completed and recorded.
And finally, ensure risk assessment templates are tailored to the firm’s policies and enable a comprehensive record of the assessment to be carried out.
How to avoid the common compliance pitfalls
In the last episode of Build Better Habits, series two, our expert panel shared their best digital practices and habits for avoiding the common compliance pitfalls they see daily in SME firms.
- Use tech to implement control mechanisms
Amy shares, “Use the tech to ensure control mechanisms are in place. For example, with AML, put something in place that allows you to open a file and start the initial work, but if the client due diligence processes aren’t completed within 28 days then a stop in put in place on that file. You’ve got to build these processes in your policies and the tech.”
2. Update little and often
Alex explains that it’s best to get into the habit of updating your files little and often. “If something goes wrong, and you’ve left it too long to update, then it’ll be picked up in your audit. If you’re in the habit of leaving things too late it’ll be picked up on the audit and classed as a systematic problem. Make the most of the software to help you stay up to date.”
3. Stay on the system
Karen warns: “It’s important people are staying on system to avoid data breaches and security issues, but it also ensures anyone can pick up the file in an unexpected absence. Capture all data on the file including key dates, client details, communications, WIP etc. This also helps to avoids complaints and delays which impacts your client experience.”
How firms can mitigate risk with legal tech
Utilising legal tech helps to reduce the resource required to stay compliant and eases the pressure of staying on top of requirements. Here are four top tips and legal software tools to help your firm combat money laundering:
Pre-supervise daily processes
Utilising workflows within your case management system helps you to pre-approve processes, align them with your agreed policies, and ensure consistency in operations across teams and individuals. The software removes ambiguity and helps you implement control systems for following compliance requirements and standardise all tasks within your client onboarding or case management processes.
Provide everyone involved with the data they need to stay up to date on compliance requirements and proactively mitigate risks. Set up automatic reports or dashboards to keep fee earners, support staff and management aware of current risks, upcoming actions, and required tasks so resource can be effectively managed and compliance is made easier.
Integrate systems and data
Ensure the data you hold is accessible and accurate. Integrate all your key business systems, such as your case management software and your AML tools so the data is shared and reports and results are automatically saved to your matter history.
Regularly review and offer software training
Employees will find workarounds, that could impact security risks, if they’re not confident on how the software works. Ensure your processes are regularly reviewed against your policies and for their effectiveness, and continually offer employee training. This will not only improve utilisation of the system, but also provide space to improve operations and reduce risk further.
Mitigate risk and stay compliant with AML requirements
AML compliance and client due diligence checks are key to any legal practice and its matters. It’s clear that the SRA intends to take a firmer line with firms whose systems and controls are found wanting, so managing this correctly through best practices and technology is going to be vital to the smooth running of the practice.
To access more exclusive recommendations and best practice for mitigating risk in your law firm, view the on-demand Build Better Habits episodes. You’ll hear from our expert speakers on how to utilise digital tools to make compliance easier across your teams.