SRA money laundering review – Firms not taking money laundering regulations seriously

Photo of British money

The SRA announced earlier this year that it would be launching a crackdown against firms who fall foul of money laundering procedures.

As an initial assessment, the SRA wrote to a sample of 400 out of the approximately 7,000 SRA-regulated firms required to comply with the Money Laundering Regulations 2017, asking them to demonstrate compliance with the regulation. The SRA was mainly checking that firms have a money laundering risk assessment and implementation plan in place. The assessment came in response to an increase in dirty money entering the UK and a lack of reporting of suspicious activity by lawyers and accountants, with lawyers often seen as an easy target for laundering money.

What did the assessment find?

The survey discovered the following concerns:

  • 21% of firms were not compliant with the Money Laundering Regulations 2017
  • 10% sent over a document that was not considered a risk assessment by the SRA
  • 11% did not address all the required risk areas
  • 64% sent risk assessment templates which were “generally of lower quality”
  • 34% sent risk assessments that were recently dated, meaning at least some of those firms may only have created an assessment in response to the request, rather than as a genuine effort to mitigate the risk of money laundering

Paul Philip, SRA chief executive, said: “Money laundering supports criminal activity such as people trafficking, drug smuggling and terrorism. The damage money laundering does to society means that every solicitor must be fully committed to preventing it. The vast majority would never intend to get involved in criminal activities, but poor processes open the door to money launderers.”

The SRA is now planning to write to the 7,000 law firms that fall under the scope of UK money laundering rules with the aim of evaluating their risk assessments. This will form part of a major crackdown on non-compliant firms, with the government planning to put in place their own anti-money laundering rules post-Brexit and the Fifth Money Laundering Directive, coming into force in January 2020, requiring enhanced due diligence to be carried out when dealing with transactions from high-risk countries.

Take our AML risk assessment for law firms

How can firms improve their anti-money laundering risk assessments?

Screenshot of Omnitrack

The recent review found that 64% of risk assessments sent to the SRA were considered low quality. One contributing factor was that firms were “copying and pasting” from previous assessments rather than actually considering specific risks and issues the firm may be facing. VinciWorks’ reporting and tracking portal can be used by firms to create, deploy and monitor solicitor risk assessments. All responses are stored on a centralised portal and any concerns can be flagged and monitored. Entries can then easily be exported and sent to the SRA.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.