Contents
2.1 General comments
The possibility of being used to assist with money laundering and terrorist financing poses many risks for your firm, including:
- criminal and disciplinary sanctions for firms and individual solicitors
- civil action against the firm as a whole and individual partners
- damage to reputation leading to a loss of business
These risks must be identified, assessed and mitigated, just as you do for all business risks facing your firm. If you know your client well and understand your instructions thoroughly, you will be better placed to assess risks and spot suspicious activities. Applying the risk-based approach will vary between firms. While you can, and should, start from the premise that most of your clients are not launderers or terrorist financers, you must assess the risk level particular to your firm and implement reasonable and considered controls to minimise those risks.
No matter how thorough your risk assessment or how appropriate your controls, some criminals may still succeed in exploiting you for criminal purposes. But an effective, risk-based approach and documented, risk-based judgements on individual clients and retainers will enable your firm to justify your position on managing the risk to law enforcement, courts and professional supervisors (oversight bodies).
The risk-based approach means that you focus your resources on the areas of greatest risk. The resulting benefits of this approach include:
- more efficient and effective use of resources proportionate to the risks faced
- minimising compliance costs and burdens on clients
- greater flexibility to respond to emerging risks as laundering and terrorist financing methods change
Top of page
2.2 Application
The Money Laundering Regulations 2007 permit a risk-based approach to compliance with customer due diligence obligations.
This approach does not apply to reporting suspicious activity, because POCA and the Terrorism Act lay down specific legal requirements not to engage in certain activities and to make reports of suspicious activities once a suspicion is held. [See chapters 5 and 7] The risk-based approach still applies to ongoing monitoring of clients and retainers which enables you to identify suspicions.
Top of page
2.3 Assessing your firm's risk profile
This depends on your firm's size, type of clients, and the practice areas it engages in.
You should consider the following factors:
2.3.1 Client demographic
Your client demographic can affect the risk of money laundering or terrorist financing. Factors which may vary the risk level include whether you:
- have a high turnover of clients or a stable existing client base
- act for politically exposed persons (PEPs)
- act for clients without meeting them
- practice in locations with high levels of acquisitive crime or for clients who have convictions for acquisitive crimes, which increases the likelihood the client may possess criminal property
- act for clients affiliated to countries with high levels of corruption or where terrorist organisations operate
- act for entities that have a complex ownership structure
- are easily able to obtain details of beneficial owners of your client or not
Top of page
2.3.2 Services and areas of law
Some services and areas of law could provide opportunities to facilitate money laundering or terrorist financing. For example:
- complicated financial or property transactions
- providing assistance in setting up trusts or company structures, which could be used to obscure ownership of property
- payments that are made to or received from third parties
- payments made by cash
- transactions with a cross-border element
Simply because a client or a retainer falls within a risk category does not mean that money laundering or terrorist financing is occurring. You need to ensure your internal controls are designed to address the identified risks and take appropriate steps to minimise and deal with these risks. Read examples of possible internal controls.
Chapter 11 provides more information on warning signs to be alert to when assessing risk.
Top of page
2.4 Assessing individual risk
Determining the risks posed by a specific client or retainer will then assist in applying internal controls in a proportionate and effective manner.
You may consider whether:
- your client is within a high risk category
- you can be easily satisfied the CDD material for your client is reliable and allows you to identify the client and verify that identity
- you can be satisfied you understand their control and ownership structure
- the retainer involves an area of law at higher risk of laundering or terrorist financing
- your client wants you to handle funds without an underlying transaction, contrary to the Solicitors' Account Rules
- there are any aspects of the particular retainer which would increase or decrease the risks
This assessment helps you adjust your internal controls to the appropriate level of risk presented by the individual client or the particular retainer. Different aspects of your CDD controls will meet the different risks posed:
- If you are satisfied you have verified the client's identity, but the retainer is high risk, you may require fee earners to monitor the transaction more closely, rather than seek further verification of identity.
- If you have concerns about verifying a client's identity, but the retainer is low risk, you may expend greater resources on verification and monitor the transaction in the normal way.
Risk assessment is an ongoing process both for the firm generally and for each client, business relationship and retainer. In a solicitor's practice it is the overall information held by the firm gathered while acting for the client that will inform the risk assessment process, rather than sophisticated computer data analysis systems. The more you know your client and understand your instructions, the better placed you will be to assess risks and spot suspicious activities.
Top of page