You are here:
  1. Home
  2. Support services
  3. Advice
  4. Articles
  5. AML compliance for small firms - customer due diligence and red flags, part three

AML compliance for small firms - customer due diligence and red flags, part three

12 February 2018

This three-part series looks at the Money Laundering Regulations 2017 from the perspective of small firms and provides tips on effective compliance. Part three explores what conducting customer due diligence (CDD) entails, and lists a few 'red flags' that might indicate suspicious activity by a client.

More detailed information can be found in the draft legal sector AML guidance.

Customer due diligence

Your process for carrying out CDD needs to be informed by your risk assessment of the client and the matter (see Part 1).

Unlike many large firms, smaller firms may not have the resources to employ a centralised compliance team, utilise electronic verification, business intake software or operate a database to record CDD information.

Where this is the case, one of the ways that smaller firms can meet the requirements set out in the Money Laundering Regulations is by creating a CDD form to be completed for each new client/matter according to whether it is categorised as low, standard or high risk. Such a form should contain the following checklist:

  • Risk assessment for client and for matter:

• Low (when simplified due diligence measures can be applied taking account of the risk factors in Reg 37, including, for example, when the client is a bank, publicly listed company or public body).

• Standard (for example when the client is a private company or an individual)

• High - usually enhanced due diligence (EDD) measures will need to be applied. There is an obligation to apply EDD in certain circumstances including, for example, when the client is in a high risk third country, the client is a politically exposed person (PEP) or the transaction is complex or unusually large and has no apparent economic or legal purpose. Other high-risk factors can be found in Reg 33 and at the end of this article.

  • Record the reasons for your risk assessment.
  • List what identity information and documentation you will require from the client and relevant parties. Record details of beneficial owners (BO) and verification of BO if appropriate, for example, if the client/matter are high risk.
  • Record source of funds and supporting documentation (including documentation relating to third party payers if appropriate).
  • Where necessary, obtain confirmation that the individual is authorised to instruct you on behalf of the client in accordance with Regulation 28. Taking a risk-based approach, it should not be necessary to verify the individual’s identity unless they 'purport' to act on behalf of the client, so for example if they are an individual from outside the client organisation, an agent or an intermediary.
  • Level of ongoing monitoring - consider whether this should be standard or high.
  • Record the client’s PEP status

• Consider the likelihood that the client is a PEP, and the level of risk associated with the matter. Record PEP status. Check both the client’s and beneficial owners’ status, and confirm whether the client is a family member or known associate of a PEP. You can do a PEP check by accessing publicly available information online, but some electronic verification providers do offer a pay as you go charging system.

• If your client is a PEP, in addition to applying EDD you should conduct and record a source of wealth check and get your MLRO’s approval before continuing to engage the client.

  • Record the sanctions check.

• You should check the client against HM Treasury and the Office of Financial Sanctions Implementation’s consolidated list.

If a US citizen is involved in the transaction, for example as the lawyer or the client if the transaction is in US Dollars or the transaction is based in the US then you should also check the Office Foreign Assets Control’s consolidated list and specially designated nationals and blocked persons list.

All documents concerning your client and matter risk assessment can be kept with your standard form and stored in a central paper folder or electronic folder. An Excel spreadsheet can be used to record an overview of new and ongoing clients and matters, their risk rating and the reason for the risk rating, and CDD clearance status. An Excel spreadsheet can help ensure that files are reviewed on a regular basis.

back to top

Ongoing monitoring and refreshing CDD

Ongoing monitoring means scrutinising transactions to check that they remain consistent with what is known about the client. For smaller firms ongoing monitoring will usually be undertaken by the fee earner. Firms may consider implementing a system of file reviews or using a matter spreadsheet to track high risk matters and send reminders to fee earners, so they remember to undertake ongoing monitoring.

You must also refresh your CDD information when the client’s circumstance change. For example:

  • when an individual changes their name
  • when there is a change in the beneficial ownership of a client
  • when the client instructs you in relation to a transaction that is not consistent your knowledge about them.

In addition, it is good practice to refresh your CDD information if there has been a long gap in instructions. Smaller firms may find it most convenient to check the CDD each time you open a matter for the client and either note that no refresh is necessary or update the CDD information.

back to top

Red flags: Client/instructions

  • Why me? No obvious reason for instructing you, and/or the transaction falls outside your usual practice.
  • Sudden change of instructions without a reasonable explanation.
  • Transactions or private funding of a value not consistent with client’s profile or financial position.
  • Secretive behaviour/reluctance to meet you/lack of interest in the transaction.
  • Reluctance or refusal to provide adequate identification, or reliance on another professional.
  • Transactions which are unusually complex or do not make commercial sense.
  • Use of intermediaries purporting to act on behalf of the client or group.
  • Criminal convictions/activities/associations or Confiscation/Restraint Orders.
  • High level of knowledge about money laundering processes.

back to top

Red flags: Funds

  • Money transferred to your client account before it is required.
  • Transactions aborted with no clear reason and return of monies.
  • Request that you act as a bank or escrow agent or pay bills unrelated to matter.
  • Cash; sums paid in or requests to pay out.
  • Request that funds are paid in by or are paid out to a third party.
  • Funds from an unexpected source/non-institutional lender and/or discrepancies in names or amounts.
  • Request that funds are paid out at intervals.
  • Funds coming from multiple accounts.
  • Offer to pay large sums, and/or refund requested.
  • Funds said to be the benefits of an off-shore tax avoidance scheme.

back to top

Red flags: Transaction

  • Back to Back property transactions, less than 6 months apart.
  • Deposit or part of purchase price being paid direct to seller.
  • Deposit paid as a 'gift' by the seller, so distorting the value.
  • Sales and purchases between associates or related companies.
  • Unusual differences in valuations.
  • Unexpected early repayment of a mortgage.
  • Unusual language, e.g. “grand master collateral commitment”.
  • Strong interest in completing quickly/taking shortcuts without good reason.
  • Bearer shares.
  • Transactions involving diamonds/precious stones/gold/oil/carbon credits/hotel rooms/forestry/antique documents/luxury goods/paintings.
  • Bogus law firms; check the Law Society website if in doubt.

This warning signs information is not intended to be exhaustive. For further information on red flags and warning signs, please refer to the FATF report – Money Laundering and Terrorist Financing Vulnerabilities of Legal Professionals – June 2013.

If you suspect or know that money laundering is occurring, you must raise the matter with your nominated officer (MLRO) immediately, and they will determine whether a Suspicious Activity Report (SAR) needs to be filed with the National Crime Agency.

The Law Society will hold a webinar with the National Crime Agency on submitting good quality SARs in early March. Look out for further announcements on this on our webpage in the coming weeks.

back to top