VinciWorks’ AML Core Group continues to grow

Last week saw the third in VinciWorks’ successful series of AML core group meetings and the first of 2024. These meetings are an opportunity for AML professionals in the world’s leading law firms to come together to share ideas and best practice hosted and facilitated by the VinciWorks and Compliance Office team.

Impact of ECCTA

VinciWorks’ Business Development Director Tom Evans gave a recap of the Economic Crime & Corporate Transparency Act (ECCTA) and its impact on KYC processes for firms. ECCTA has brought the biggest ever changes to Companies House since its inception, giving it new powers to act as an active gatekeeper to check and reject company registration details. ECCTA also introduces reforms to how LLPs are managed. LLPs must now have a UK-registered office. Many of the core group members have set up working groups on ECCTA.

Failure to prevent fraud

ECCTA also introduced the new offence of failure to prevent fraud, a topic covered in more detail in the VinciWorks webinar held later that week. If you missed that you can access the recording here.

Pooled client accounts and bank demands

Managing Director of Compliance Office, Andy Donovan, introduced an issue that is being increasingly raised by his clients. What level of information must a law firm share with its bank about clients’ identities and their source of wealth when that money is held in a firm’s pooled client account? Andy reiterated the inherent conflict between providing the bank with the information that they need to carry out their due diligence while maintaining client confidentiality. Banks are entitled under the regulations to apply simplified due diligence to pooled bank accounts and have the right to ask for the details of client identity but not verification. There is a concern that banks may be overstepping their entitlement to information with some of the requests recently seen. 

A deeper dive into the SRA’s templates

Facilitated by Ruth Mittelmann Cohen, VinciWorks’ Head of Omnitrack Product, the AML core group continued its analysis of the SRA templates for client and matter risk assessments introduced last year. At a previous meeting, we discussed the pros and cons of the new templates. Most firms agreed that while the intentions of the SRA were sound in improving the general adherence to best practice, the templates themselves were not being adopted, at least not in wholesale terms by the members of this group. It was posited that their real purpose was for firms with weaker policies and procedures and that the main benefit as far as this group was concerned was to use the templates as a wake-up call to check their own risk assessments were up to scratch.

For more information on joining our AML Core Group complete the form below and we’ll be in touch.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.