The SRA reveals AML enforcement trends

The Solicitors Regulation Authority wants firms to beef up their AML systems in an effort to get them to avoid the most common breaches

The Solicitors Regulation Authority (SRA) is not impressed with how law firms are managing their anti money laundering (AML) systems. What’s most significant is not that money laundering crime has increased – it could be it has or at least remained the same. What bothers the SRA is that firms are not adequately prepared.

In a recent webinar, the SRA noted that law firms don’t have real control over their systems. Specifically, many aren’t conducting firm-wide risk assessments (FMRAs) and many don’t have policies, controls and procedures (PCPs) in place. Many firms are also not training and supervising their staff in AML procedures and they are not paying enough attention to warning notices and guidance.

All this, despite the fact that much of this is legally required. Since 2017, firms need to have an FMRA that reflects the size and nature of its business. They also need to have PCPs that are appropriate and risk-sensitive and they need to have an independent audit function.

The SRA also pointed out that many of those firms with robust PCPs were not communicating with the staff effectively on their application. The staff doesn’t really know what’s required of them, according to the regulatory body, and are not being effectively trained. 

This is significant in light of the fact that the SRA sees the biggest issue right at the start of the client relationship – in customer due diligence (CDD) which is not only required but also key to combating money laundering. And regulations require firms to be able to demonstrate that they conducted effective CDD. 

What the SRA is finding is that firms are not completing client and matter risk assessments and not identifying whether clients are sanctioned or politically exposed persons (PEPs). They are failing to check source of funds and, in many cases, fee earners are relying on centralised compliance departments. 

The issues the SRA is raising are significant for firms, especially in light of the agency’s updated fining powers and financial penalties.

Having an effective AML system is critical to avoiding not only financial crime but also SRA enforcement. The cost of an audit without an AML system could be high in fines – and in a damaged reputation. 

An effective AML system will ensure that your firm implements best practices in CDD as well as identifying source of funds and source of wealth and conducting the all important ongoing monitoring. Relying just on the compliance department could have disastrous consequences, especially if you need to provide evidence of actions.

With Omnitrack’s AML solution, every aspect of client onboarding, including ongoing monitoring, is in a centralised location and can be fully customised to suit your firm’s needs and processes. This ensures a seamless onboarding experience that is efficient, effective and timely.

Omnitrack’s AML compliance system will:

  • Simplify your know-your-customer process management
  • Reduce human error
  • Increase team efficiency
  • Minimise the risk of non-compliance
  • Streamline your customer journey

Click here if you would like to know more about our Omnitrack features or would like to book a demo.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.