Over 30 leading law firms join VinciWorks’ second AML Core Group Meeting

More than 30 leading law firms joined VinciWorks’ recent AML Core Group Meeting. The mission of the Core Group is to share best practice in the field of AML compliance to improve policies and procedures for all and to actively manage AML risk. 

VinciWorks’ Director of Best Practice Gary Yantin gave an AML news update focussing on the recent announcements from the Scottish Law Society and the SRA. Both regulators have pointed out that the level of AML compliance in law firms under their purview is lower than they would like. The SRA reported that less than a third of firms are compliant with 51% only partially compliant. Issues include deficient Source of Funds checks, poor training records and below-standard Risk Assessments. The SRA recently released their standard templates for client and matter risk assessments.

Understanding firm-wise risk assessments

To help firms focus on improving their firm-wide risk assessment (FWRA), Andy Donovan of Compliance Office, a VinciWorks company, led a session on what an FWRA should include. Attendees pointed out that a good FWRA should address both geographical risks and sector risks. A robust FWRA should be updated with appropriate sanctions changes. Firms should keep an eye on the FATF countries coming on and off the watch list at any time. 

There was a strong consensus that communicating the themes of your risk assessment is just as important, if not more important than having one so make sure that you communicate this to everyone in your firm through regular and relevant training and updates. One useful suggestion was to have a separate FWRA for each practice area so that it can remain as relevant as possible.

Who should adopt the SRA’s new templates?

Ruth Mittelman Cohen, VinciWorks’ Head of Omnitrack Product, provided an overview of the SRA’s new templates. Most firms in the group had reviewed the templates; some had been on the working party. No one seemed to suggest that they would be adopting the templates in their current form, not least because they are generally believed to be not particularly user-friendly. They were seen as a good aide memoire of what the SRA expect you to cover in your risk assessments, although most attendees pointed out that they were not comprehensive enough. Smaller firms that were lower risk said that they were too long for their fee earners too. There is just one template which covers both client and matter risk assessments. We discussed whether two separate forms would be better, as was the SRA’s original plan. VinciWorks’ AML Omnitrack solution has adopted the questions in the template into our customisable workflow so that firms can take the best aspects of the template and adapt them to their particular needs.

Content beat time hands down for this meeting and gave us plenty to consider and include for discussion in our next session planned for 16 January. For more information on joining our AML Core Group complete the form below and we’ll be in touch.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.