SRA updates AML Sectoral Risk Assessment

The Solicitors Regulation Authority says it is keeping up to date with emerging risks and trends

An updated anti-money laundering (AML) and terrorist financing (TF) sectoral risk assessment was just published by the Solicitors Regulation Authority (SRA) that covers proliferation financing and sanctions.

The regulatory body, which oversees solicitors in England and Wales, also noted that firms are not allocating sufficient resources to AML work as an emerging risk, mostly due to increased economic pressures.

Sectoral Risk Assessment is a process that firms use to identify and manage the risks associated with money laundering and terrorist financing. The Money Laundering Regulations 2017 require firms to conduct firm-wide risk assessments that take into account several factors.

The SRA notes that money laundering is how criminals make the proceeds of their crimes appear legitimate. The National Crime Agency (NCA) believes that serious and organised crime costs the UK £37 billion a year. They believe that if they can prevent money laundering, they can remove the incentive to commit crimes. Similarly, terrorist financing can be facilitated by the same weak controls that allow money laundering to take place.

The SRA points out that the sanctions regime has recently expanded, mainly due to the Russian invasion of Ukraine in 2022. The long-standing involvement of Russian interests in UK business has meant that many firms are being exposed to the sanctions regime for the first time. But there are many sanctions regimes beyond Russia and firms cannot assume that sanctions are not relevant to them. The sanctions regime is separate to the money laundering regimes, but overlaps with them in many ways, involving the same risk factors and complex corporate structures.

All firms must now carry out an assessment of their exposure to the risk of proliferation financing (PF), which means being involved with the global proliferation of weapons by groups or countries which are not permitted to have them under international treaty. While the SRA considers the overall PF risk in the legal profession to be low, and it can be part of an AML firm-wide risk assessment, there are some sectors which have heightened exposure to PF. Those firms need to undertake a more thorough risk assessment.

Firms should review their own firm-wide risk assessment in the light of this updated sectoral risk assessment and ensure all of the risks mentioned are addressed.

Read about it here.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”