The UK’s Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 (MLR2017) transposed the requirements under the EU 4th Anti-Money Laundering Directive (4AMLD), which brought law firms into scope for the respective AML requirements. MLR 2017 went into effect from 26 June 2017, and supervisory authorities within the legal sector allowed for a transitional period for legal professionals to adopt the new requirements.
Why it matters now
Two years on, the Solicitors Regulation Authority (SRA) has become very active in performing regulatory visits, as well as reviews and thematic assessments to ensure the circa 7,000 law firms regulated by the SRA have adopted these AML requirements. SRA reviews have demonstrated that many firms have not fully adopted all requirements, missing key components such as firm wide risk assessments, appropriate policies and procedures to protect the firm from being used to facilitate money laundering (ML) or terrorist financing (TF), as well as having an independent audit of the AML programme and controls conducted.
To underscore the level of concern in this area, the SRA issued a warning notice in May 2019 to highlight that although AML is a high priority risk area for the SRA, high levels of non-compliance have been noted across the legal sector. Additionally, the SRA’s newly established anti-money laundering unit is conducting 400 reviews of other law firms to check compliance with the regulations.
To date, at least 26 firms have been placed into a disciplinary review process as an outcome of SRA reviews with some leading to individual solicitors being struck off or suspended from practising. Paul Philip, SRA Chief Executive, said: "The stakes are too high for solicitors to be anything but fully committed to preventing money laundering and the crime its supports.”
Biggest challenges facing law firms
As the AML requirements are relatively new to the legal sector, it has taken time to understand and adopt the requirements, designate AML resources, and define roles and responsibilities to develop, implement and maintain AML programmes.
Firms now have a variety of requirements to adhere to including: conducting an AML/TF risk assessment; develop/update AML policies and procedures and controls; provide training to staff; complying with new customer due diligence requirements; disclosing suspicious activity and filing SARs, where appropriate; and adhering to data protection and record retention requirements.
Activities such as the performance of a ML/TF risk assessment, updating of policies and procedures as well as an independent audit of the control environment must also be revisited annually to ensure the ML/TF risks posed to the firm are accurately identified and mitigated through the AML programme and controls in place.
How Protiviti Can Help
Helping our clients embed and navigate through regulatory change is core to what we do. Protiviti has experience in assisting legal sector firms with the implementation of the MLR2017 requirements as well as the ongoing testing and validation of operational effectiveness.
Protiviti’s AML expertise, pragmatic approach to risk-based AML programmes and experience with change and implementation allows us to understand the AML journey your firm faces.