Upcoming SRA AML survey: Make sure you’re prepared!

Andy Donovan, Managing Director and Founder of Compliance Office
Andy Donovan, Managing Director and Founder of Compliance Office

On your marks, get set and complete your SRA AML Questionnaire! 

The deadline for completing the mandatory SRA AML survey is 31 July. If your firm does work that falls within the scope of the Anti-Money Laundering Regulations 2017, your COLP should by now have received an email from the SRA asking you to complete a questionnaire. 

All you need to do is follow the instructions provided and complete the survey by their deadline of 31 July. 

The questionnaire itself is fairly straightforward, but here are a few tips to bear in mind:

Insider tips for completing the questionnaire 

Is all your work subject to the Regulations?

On question 1, regarding the option to say whether or not you treat all work as being subject to the Regulations, take care and exercise caution when assuming that all of your work is within scope of the Regulations. It’s not possible to predict with absolute certainty how the SRA will follow up from this point but it seems likely that the SRA may use this question to help them decide whether to follow up with a visit. It would not be a good idea for the SRA’s starting point for a visit to be to “choose to visit all firms that treat all of their work as subject to the Regulations” unless that is strictly what you do, which frankly is unnecessary and depending upon your circumstances, could be disproportionate. Take care to give accurate information.

Multiple choice questions: numbers vs percentages

On all of the questions, rather confusingly, the SRA skips between multiple choice answers which are numbers and those which are percentages. We’ve seen a number of people accidentally answer percentage questions as if they were being asked for specific numbers and vice versa, so keep an eye out for that.

Don’t necessarily “just say no”

Don’t assume that saying ‘no’ is a good thing. The SRA may likely be looking out for firms who believe none of their matters is at higher risk, they never act for PEPs and have made no suspicious activity reports. Based on earlier SRA commentary they will likely find this hard to believe and so may well follow up with a visit. We would advise you to properly review matters. It would indeed be unusual, though not entirely inconceivable, that a firm would be able to answer no for each of those questions.

Sometimes, it’s ok to say “I don’t know”

For question 7, it is probably not common practice for small and medium-sized firms to track how many matters they consider high risk / perform enhanced due diligence upon. If you can’t estimate the percentage with a reasonable degree of confidence, you may have to answer ‘don’t know’. If you don’t track this data and it’s not realistic to gather it, answering ‘don’t know’ is probably your best option.

SRA and AML training and compliance solutions from Compliance Office

A team of SRA compliance specialists with years of experience and the right tools to meet your compliance needs, our partners at Compliance Office offer you the highest level of SRA compliance expertise, including SRA consultancy, training, templates and software solutions.

Why Compliance Office?

Founded by self-professed SRA geek Andy Donovan, Compliance Office delivers what you need quickly with the highest level of expertise. Their team of compliance consultants are either former lawyers or SRA staff with years of experience in their fields. With a vast library of risk and compliance resources on hand to save you time and money, Compliance Office knows how to tailor the best solutions that are just right for you. 

Compliance Office’s level of care and customer service is unrivalled, with almost half of Compliance Office’s customers coming from referrals and a 100% retention rate.

VinciWorks’ AML and SRA training and solutions

SRA compliance solution – personalised training and centralised reporting

SRA compliance solutions

Get your entire firm on board with the SRA compliance process with our complete SRA compliance solution. The SRA puts a significant burden on firms to train their staff on the Standards and Regulations in addition to managing compliance registers and processes such as annual declarations, undertakings, diversity surveys and more. Our SRA compliance suite allows firms to comply with every requirement of the SRA through personalised SRA training and centralised SRA reporting.

Anti-money laundering training and client onboarding solution

Our anti-money laundering training is interactive and customisable for any business and any user, anywhere. Our courses are packed with realistic scenarios, real-life case studies and every customisation option you can think of. We have everything from in-depth induction training to refresher courses and five-minute knowledge checks. 

Our AML client onboarding solution offers one central platform to complete client risk assessments, due diligence and ongoing monitoring. Using Omnitrack, our centralised, flexible tracking and reporting tool, our AML solution enhances both the risk assessment and document collection aspects of client onboarding.

If you are interested in any of our solutions, complete the short form below and a member of our team will get in touch.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.