As regulations are tightening and the risk landscape is continually evolving, firms are facing increasing pressure to make sure that their Anti Money Laundering (AML) compliance programme is effective. Beyond the implications of fines or damage to reputation is the very real danger of disruptions to operations and in particular criminal liability.
It’s critical for firms to assess if their AML framework is strong and robust enough to prevent and detect instances where the business can be manipulated to clean money or to finance terrorism.
An independent audit provides this assurance and enables the firm to address issues before they become a problem or are detected by the authorities.
Who needs to conduct an independent AML audit?
SRA-regulated law firms are subject to Money Laundering Regulations 2017 (MLR’s), and should have an independent AML audit function in place. A firm is likely to require it if it works in:
- Conveyancing
- Corporate transactions
- Trusts
- Other entity or asset structuring work
- Tax, including inheritance tax planning and potentially settlement agreements in employment law
Under SRA regulations, firms need to carry out an independent audit. If firms consider they do not need to carry out an audit, they will need to justify this in writing. Over half of the firms the SRA inspected last year had not conducted an independent audit. Out of those that didn’t, the SRA indicated that half of those firms actually should have conducted one.
Some of the firms misunderstood the requirement to conduct an independent audit and failed to test the effectiveness of their AML regime. More than half (38, 51%) required follow-up action in this area. Of those, 14 firms (19%) had never conducted an audit.
Internal or external AML audit?
Under the MLRs, independent audits can be conducted internally, but over 50% of firms opt for an external auditor due to the complexities of conducting an independent audit and the requirements of doing so. The Legal Sector Affinity Group (LSAG) guidance sets out the requirements for conducting independent audits.
What are the warning signs that AML audits typically reveal?
Lack of ongoing screening checks of employees
Many firms are compliant with the requirement to initially screen employees on appointment but neglect conducting ongoing checks.
Incomplete matter risk assessments
Firms are often unaware of high-risk matters passing through their hands and therefore don’t conduct the proper matter risk assessments.
Missing source of funds
Many firms fail to adequately check a client’s source of funds. This is likely to mean a failure to properly understand the risks involved in the transaction.
Incomplete focus on location
Many firms are missing details on where their clients and transactions are based and if any of the firm’s clients have overseas connections.
Insufficient assessment of transaction risk
Firms often do not adequately explore transactional risk, such as how many high-value transactions they deal with, whether transactions are complex and what types of payments are accepted.
Insufficient assessment of client risk
Many firms failed to explore the type of clients they deal with, as in whether these clients are individuals or companies, if any of the companies have complex structures and if any clients pose a higher risk, such as PEPs.
Incomplete assessment of delivery channel risk
Often firms miss out on assessing how they deliver their services, whether they meet their clients face-to-face or if they deliver those services by email or video meetings.
An ineffective compliance framework
Many firms do not have an efficient system in place for their AML policies, controls and procedures.
How can Omnitrack help?
The Omnitrack Undertakings Register makes it easy for fee earners to record undertakings when they are given by your firm, and to keep track of any which have yet to be discharged. Some of its key features include:
- Built on best practice
The questionnaire encourages lawyers to anticipate issues before they arise, making it less likely breaches will occur. Users are asked to record any deadlines for performing the undertaking, and system admins review proposed undertakings, deciding whether the promise is one the firm is likely to be able to deliver.
- Conditional logic
The form adapts as it is completed, so users only answer relevant questions. For example, a partner who wants to record an undertaking may only need to complete a shortened version of the form. Whereas an associate seeking approval of the draft wording of a proposed undertaking may need to provide more information.
- Admin Review
Once a user completes the form, admins can assess the risks involved and decide whether to approve the proposed undertaking. They can later mark undertakings as discharged or breached, add deadlines, or send information requests to the user.
- Track status of undertakings
The graphical dashboard provides an overview of all undertakings and their current status, including whether or not they have been reviewed or discharged. The dashboard can also be used to generate reports or identify missing information.
As with all Omnitrack use cases, the Undertakings Register is built in line with best practice, but can be adapted to suit your needs. Its flexibility means you decide whether to use the workflow as a simple register of all undertakings or, in addition, as a means for junior lawyers to obtain approvals for proposed undertakings.
Whether you wish to change the automation rules for the frequency of reminders, add guidance notes or links to the SRA Code of Conduct to the workflow, amend specific questions, or even build your own form from scratch, Omnitrack can help you. VinciWorks’ intuitive and sleek system can ensure you fulfil all undertakings.
Contact us now to book a demo
To book a demo, complete the short form below and we will be in touch.