A leading law firm was fined £232,500 by the SRA, and ordered to pay the SRA’s investigation costs of £50,000 for breaching the Money Laundering Regulations 2017. What does this mean for AML compliance, and what lessons can be learned for compliance?
How did the law firm breach the money laundering regulations?
Between September 2015 and September 2018 the SRA found that the firm in question carried out serious breaches of the relevant money laundering regulations and the SRA’s rules. These included several failings.
Failure to maintain customer due diligence records
Failure to retain customer due diligence (CDD) for a minimum period of 5 years: The firm believed that customer due diligence was obtained for certain clients, but the firm did not retain the hard copy file of such documents and no electronic copy of the records was retained.
Not all client documents were obtained: Some documents, but not a full set of CDD documents were obtained in relation to a corporate vehicle.
Failure to conduct enhanced due diligence
Failure to conduct adequate Enhanced Due Diligence, or adequately apply enhanced ongoing monitoring: Certain transactions that the firm carried out presented a “higher risk of money laundering or terrorist financing”, but enhanced customer due diligence (EDD) and ongoing monitoring was not adequately applied.
The firm did not secure full CDD before each relevant transaction took place: The firm secured CDD in relation to the ultimate beneficial owner in a transaction but, because it opened each matter file in the name of a different entity in the corporate structure, the firm did not secure full CDD for each special purpose vehicle before each relevant transaction took place.
Failure to have firm-wide risk assessments in place
No firm-wide risk assessment in place: When the SRA requested a copy of the firm-wide risk assessment the firm did not have a risk assessment in place. The practice-wide risk assessment wasn’t put in place until March 2019, and wasn’t provided to the SRA until May 2019.
AML training was not carried out: A former partner at the firm had not received mandatory training as required by anti-money laundering regulations. The absence of training was due to personnel absence but there was no contingency plan in place for AML training if such personnel absence occurs.
Permitting a client account to be used as a banking facility
Permitting the client account to be used as a banking facility: The firm accepted four payments in the firm’s client account but they should not have been permitted under the SRA accounts rules.
Confusion with funds being used to discharge the firm’s fees: The firm improperly transfers funds belonging to one entity to the client ledger for another entity, which was then used to discharge the firm’s fees and disbursements in relation to the latter entity.
Failure to send notifications before transferring funds out of a client account: The firm did not send a bill of cost or other written notification to relevant entities before two invoices were raised and paid out of monies held in client accounts.
How the law firm mitigated their fine
In making their decision, the SRA emphasised certain actions that the firm took resulted in the basic penalty being reduced by the maximum allowable 40% discount. The mitigating factors taken by the firm included:
- Cooperating with the SRA’s investigation
- Not profiting from the breaches
- Retrospectively providing relevant CDD documents
- Amending internal policies and procedures
- Introducing and investing in new, more sophisticated IT systems which involve increasingly centralised record-keeping
In SRA’s 2020-2021 anti-money laundering work in numbers:
- 273 potential anti-money laundering breaches were reported to the SRA
- 85 firms were visited by the SRA
- 168 desk-based reviews were carried out by the SRA
The reports of potential breaches most commonly involved:
- No AML risk assessment
- Failure to carry out source of funds checks
- Failure to carry out customer due diligence
- Failure to carry out identity checks
It was found that the main causes of AML breaches were:
- Inadequate policies, controls and procedures
- Lack of supervision or training
- Staff not following procedures