SRA announces new requirements for firms

Regulated firms will have to provide AML and sanctions data

UK regulated firms, the Solicitors Regulation Authority (SRA) is about to contact you with a new requirement for more of your money laundering and sanctions data.

What information are they looking for? Regulated firms will be asked provide information on:

  • work they carry out within scope of the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017
  • any contact or involvement they have with the sanctions regime and any persons who are designated under it
  • submission of suspicious activity reports to the National Crime Agency

Firms not involved with one or more of these regimes are still required to submit a nil return.

Take note: The window for responses opens in early August and closes in mid September.

Why are they collecting this data?

The SRA is required by its regulator, the Office for Professional Body Anti-Money Laundering Supervision to take a risk-based approach to supervision. It states that to supervise the legal sector effectively, it needs to have accurate data to see the distribution of risk across the legal profession. This in turn informs its programme of inspections and its guidance.

The SRA further states that collecting this information enables it to determine where the risks lie and how it can better allocate resources. Most importantly, the SRA notes, data needs to be up to date and relevant so its approach can evolve and adapt.

Significantly, the SRA adds that if it decides to publish this data, it will make sure that no one can be identified from what it publishes or shares.

Register now for our AML webinar – 31 July 2024

Join us in this free, one-hour webinar where we provide critical information on AML legislation, the many ways in which law firms can get caught up in money laundering and the implications if a firm doesn’t have effective AML workflows in place. Significantly, we will guide firms in how to implement best practice AML workflows to manage their money laundering risks so they can develop an effective AML programme and mitigate their risks of being exposed to financial crime. We’ll also discuss new SRA requirements on collecting AML data.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.