Leading law firms join VinciWorks’ latest AML Core Group meeting

In a spirited series of conversations, over 30 firms gathered to share anti-money laundering (AML) best practices

Over 30 of the UK’s leading international law firms joined VinciWorks for its recent AML Core Group meeting. The meeting, based on the concept that there is no competitive advantage in compliance, provides top firms with the opportunity to hear from their peers – and share with them – how they manage AML processes.

VinciWorks’ Business Development Director, Tom Evans, and Compliance Office Managing Director, Andy Donovan facilitated the meeting, with the goal of sharing AML best practice and encouraging dialogue between participating firms on how to best manage AML risk.

This Core Group kicked off with a discussion of the SRA’s AML and sanctions data collection exercise. Not all firms had completed the SRA questionnaire but many of the lawyers said they found parts of it challenging not only to interpret at times but also to provide a response. This was especially true in regards to data about Trust and Company Service Provider banding (TCSPs) which are often used, wittingly or unwittingly, in money laundering activities. A number of the lawyers noted that they asked for clarifications from the SRA but, frustratingly, found the guidance inconsistent.

Adding notes to the responses was another challenge that was raised by a number of the firms in regards to the data collection request. It was agreed that it was more effective to document notes and/or evidence offline to support their responses, should the SRA at some point request it.

A review of what’s going on across the sector was presented with a series of cases in which the SDT ruled against the SRA leading the news. This is particularly significant because of the SRA’s increasing fining powers, which we discuss later in the meeting. But despite the SRA’s run of bad luck, the agency made it quite clear, with a series of fines, that it is still cracking down on firms that it believes does not have adequate money laundering systems in place. It is assumed that the SRA is flexing its new fining powers to issue unlimited fines for certain breaches under the Economic Crime and Corporate Transparency Act (ECCTA).

Another case we discussed is the court of appeal ruling against the NCA’s refusal to investigate cotton goods that were imported from the Uyghur region in China, overturning a high court decision from last year. This is significant for the AML regime, specifically, the ‘adequate consideration’ exemption under the Proceeds of Crime Act.

And finally, as noted, the SRA just closed its consultation on proposals to update its approach to financial penalties. This led us into our guest speaker, Iain Miller, Partner at Kingsley Napley, who discussed this recent consultation. Iain provided the Core Group with a detailed explanation of how fines are calculated by the SRA, with a focus on two key factors: conduct and impact, and the associated bandings. He pointed out that this response, at a whopping 900 pages, was the longest he has ever dealt with and he raised questions regarding the proportionality of potential fines for firms. As has been reported, there are some very serious concerns being raised about the impact and fairness of fining individuals and law firms sums of the type being proposed.

The Core Group participants then divided into several smaller working groups, focusing first on ongoing monitoring. By ‘ongoing monitoring’, we mean what steps law firms take after a client is first onboarded to monitor and respond to changes in the money laundering risk profile of the client work. There was broad consensus that changes in the client or matter risk profile is difficult for compliance teams to manage because, unlike onboarding, there is no uniform trigger point for the compliance teams to become involved. There were significant differences in the frequency with which firms repeated customer due diligence after initial onboarding – ranging from some one to three years. Some firms adopted a ‘3, 2, 1’ approach which adjusts the frequency with which customer ID checks are repeated depending upon the risk profile of the client. There was frustration among some at the lack of automated processes. For example, to remind fee earners to conduct further checks periodically depending upon risk profile. Many firms had good ongoing checks built into their screening processes such as ongoing sanctions check. But how to ensure appropriate capture and response in individual matters changes post onboarding in an efficient manner remains a challenge for many.

A second session of smaller working groups focused on the banking facility rule with two scenarios presented that determined whether a fee earner risked breaching the banking facility rule. It was largely agreed that there needs to be a direct nexus between the funds being transferred and the matter and that the application of the rule is ambiguous at times.

Ultimately, participants came away from the Core Group recognising that supporting each other and sharing best practice as an industry is a more effective approach to promoting AML compliance and meeting their regulatory obligations.

Join our next AML Core Group meeting on Thursday 16 January and bring your expertise and AML questions to your peers.

Contact Tom Evans at [email protected] to learn more.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”