Over 45 leading law firms joining VinciWorks latest AML Core Group meeting

VinciWorks was proud to host over 45 of the UK’s leading international law firms at our recent AML Core Group meeting. VinciWorks Business Development Director Tom Evans and Compliance Office Managing Director Andy Donovan shared best practice in the field of AML, and encouraged a dialogue between firms on how to best manage AML risk.

The Core Group kicked off with a review of the latest news and issues from across the sector. The SRA’s sectoral risk assessment from the 5 March was an early topic of conversation, discussing how firms can best implement procedures to address the new risks highlighted by the SRA including vendor fraud and third-party managed accounts.

Firms also discussed learning points from a series of recent SRA fines and enforcement actions, including what we can learn and take away from nearly a dozen fines since the start of 2024. With the average AML fine for a small or medium law firm now sitting between £10,000-£25,000, it’s never been more important to implement strategies to reduce the risk of a breach. 

Drawn out from this discussion were some common themes in recent fines and enforcement action. Failure to properly conduct due diligence on clients, conduct matter risk assessments and identify third party funders. Client account being used as a banking facility, including large sums going into client accounts without connection to legal work. Not enough on-file evidence of having conducted source of funds and wealth checks. Some being caught without good enough paperwork, including practice-wide risk assessment. 

Following the news roundup, Amasis Saba, AML expert and Head of Business Acceptance at Simmons & Simmons discussed the LSAG proposed changes. A series of substitutions and changes to the legally mandated guidance have given new weight and effect to various requirements on law firms which are crucial for compliance teams to understand and affect. 

Then the Core Group participants divided into several smaller working groups, focusing on key areas of AML compliance including discussing the latest on the SRA’s thematic review of AML training and on best practice for sanctions compliance. Firms shared their challenges and ideas in each area, working collaboratively to pinpoint specific issues their firm is having and appeal to their colleagues for practical advice and support.

Ultimately the AML Core Group exists because VinciWorks believes there is no competitive advantage in compliance. Law firms supporting law firms is a more effective approach to promoting great AML compliance and meeting our regulatory obligations and sharing best practice as an industry.

Join our next AML Core Group meeting on Thursday 12 September at midday UK time, and bring your expertise and AML questions to your peers.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.