Risky business: firm received record fine for anti-money laundering failings

Amy Bell, chair of the Law Society’s Money Laundering Task Force, considers a real case where a firm received the largest ever fine by the Solicitors Regulation Authority (SRA) for lacking sufficient anti-money laundering (AML) controls, including a firm-wide risk assessment.

Lack of AML policies, controls and procedures

A firm was fined ￡20,000 by the SRA for failing to have AML policies, training and systems in place, the largest penalty handed out since the regulator increased its fining powers from ￡2,000 to ￡25,000 in 2022.

The deficiencies were discovered by the SRA during an onsite audit to review the firm’s overall AML compliance.

The investigation identified areas of concern in relation to compliance with the:

• Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs), and
• SRA Standards and Regulations 2019

The small firm was found to have failed to put in place a compliant firm-wide AML risk assessment until mid-2022.

This was more than five years after the requirement was introduced in June 2017, and despite the SRA having issued warning notices about the need to ensure this was done.

It was only after the SRA’s onsite investigation that the firm put a compliant risk assessment in place.

Several years earlier, the firm also incorrectly declared to the regulator that its risk assessment was compliant and in line with relevant guidance, when it was not.

The policy was undated, did not state who wrote it, referred to outdated legislation and had not been regularly updated.

In addition, the risk assessment failed to have sufficient regard for the Legal Sector Affinity Group (LSAG) AML guidance, the SRA’s sectoral AML risk assessment and the SRA warning notices.

The firm was found to have no independent audit function established.

A review of the files found that the firm:

• did not always check on the source of funds from third parties
• had weak ongoing monitoring of transactions
• failed to ensure that a form accompanying the client care letter to verify the source of funds was completed and returned

No client or matter risk assessments had been undertaken and there was no documentary evidence to demonstrate how the firm identified and assessed the level of risk.

The SRA said the risks associated with conveyancing and controlling client money, which accounted for around 75% of the law firm’s income, “should have been addressed on the firm-wide risk assessment but had been omitted”.

Lack of training was also a factor.

The SRA said the only AML training employees received was in the form of a “personal compliance booklet” sent in January 2022. It was dated 2016/2017 and referred to the “outdated and superseded MLRs 2007”.

Of further concern was that a partner of the firm was not aware that the policy existed. The SRA said that “this in itself demonstrates a lack of adequate training practices at the firm”.

The SRA finding

The firm admitted, and the SRA accepted, that by failing to comply with money laundering legislation over a period of years, the firm breached both the SRA Handbook 2011 and the SRA Standards and Regulations.

The firm admitted that it had, among other things:

• failed to maintain public trust in the profession (in breach of Principle 6 of the SRA Principles 2011 and Principle 2 of SRA Principles 2019)
• failed to comply with its legal and regulatory obligations (in breach of Principle 7 of the SRA Principles 2011 and rule 2.1 of the SRA Code of Conduct for Firms 2019)
• failed to run a business effectively and to keep up to date with and follow the law and regulation (in breach of Principle 8 of the SRA Principles 2011 and rule 3.1 of the SRA Code of Conduct for Firms 2019)

The firm recognised that it failed in its basic duties regarding statutory money laundering regulations and regulatory compliance.

The SRA found no evidence of harm to consumers or third parties and noted that the firm assisted with the investigation and didn’t benefit financially from the misconduct.

The firm was fined ￡20,000 and paid ￡1,350 to the SRA toward the costs of the investigation.

The SRA said, “the agreed outcome is a proportionate outcome in the public interest because it creates a credible deterrent to others and the issuing of such a sanction signifies the risk to the public, and the legal sector, that arises when solicitors do not comply with anti-money laundering legislation and their professional regulatory rules”.

Protect yourself and your firm

This case demonstrates the serious consequences of not complying with your anti-money laundering obligations.

It highlights the importance of taking a risk-based approach that adjusts the level and type of compliance work done to the risks present.

Regulation 18(1) of the MLRs requires practices to carry out and maintain a documented practice-wide risk assessment that addresses risk factors relating to:

• your clients
• the countries or geographic areas in which you operate
• your products or services
• your transactions
• your delivery services

Originally Published by?Amy Bell

Founder of Teal Compliance and Money Laundering Task Force chair