On 7 May, the Solicitors Regulation Authority (SRA) published its latest Anti-Money Laundering Thematic Review (the review), focusing on firms offering trust and company services.
While many firms were fully compliant with their anti-money laundering (AML) obligations, the SRA had substantial concerns about a significant minority and referred 26 firms into its disciplinary processes as an outcome of the review.
The referrals were for breaches of the Money Laundering Regulations 2017 (MLRs) and no evidence of actual money laundering or intentional involvement in criminal activity was found at any firm.
Summary of findings
The review was based on data collected by the SRA during visits to 59 firms that carry out trust and company service provider (TCSP) work.
The SRA interviewed the firms’ money laundering reporting officers (MLRO) and a randomly selected TCSP fee earner, and reviewed files involving TCSP work.
The conclusions of the review focus on firm-wide risk assessments and matter risk assessments.
The most concerning findings were that:
- four out of 59 firms did not have a firm-wide risk assessment and 24 firms failed to address all the factors set out in Regulation 18 of the MLRs
- twenty firms could not show that they had assessed the risks of providing trust and company services in their firm wide risk assessment
- five firms did not have a process in place for matter risk assessment and, of the firms that did have a process in place, the fee earner at 9 of those firms could not provide an adequate risk assessment for the file reviewed by the SRA
- four firms did not have adequate guidance in their AML policies on how to identify and scrutinise complex transactions
- seven did not have adequate guidance on identifying matters with no apparent economic or legal purpose
- the fee earner at 10 of the firms visited was unable to provide the relevant due diligence information for the files the SRA reviewed and 8 of those files did not contain adequate information/recorded evidence about beneficial owners
- three firms did not understand what a politically exposed person (PEP) was and two had an out of date PEP policy with an inaccurate definition
- one of the files reviewed featured a PEP but the firm’s policy had not been followed; eight firms had no PEP process and six had an inadequate process
- fifteen files did not feature adequate enquiries about source of wealth and 14 did not include adequate enquiries about source of funds
- the distinction between source of funds and source of wealth was not well understood by fee earners or firms
- seven firms had not provided training on beneficial ownership or TCSP work
- six MLROs had not received training and the SRA made three referrals related to concerns about the ability or understanding of a firm’s MLRO
In addition to the findings above, the review expressed concerns about the low number of internal suspicious activity reports (iSARs) made within firms.
The SRA suggested this may indicate issues with the policies and procedures adopted by the firms and fee earners’ understanding of AML.
What can I do?
It is clear from the review that the SRA has (rightly) set a high level of expectations for regulated professionals’ knowledge of the AML framework.
You can expect them to go in to detail during visits and to look for a culture of compliance throughout the firm, including by fee-earners.
Crucially, you should have detailed processes in place tailored to your firm’s individual risk profile.
These processes should be tweaked if necessary, to reflect any revisions you make to your risk assessment during its regular refresh.
You should use the contents and results of the review as a guide to what the SRA might expect from you during a thematic review or regulatory visit.
We have substantial resources in place to help you with:
- firm-wide risk assessments
- policies, controls and procedures
- due diligence and enhanced due diligence, including on PEPs
- SARs - external and internal
Webinar: What does a quality risk assessment look like?
Take part in our webinar on risk assessments on 26 June from 12.30pm to 1.30pm.
The live webinar will be chaired by our director of member services development (incorporating risk and compliance), Pearl Moses.
The webinar will feature a panel of speakers who will share their tips and experience in developing high quality risk assessments.
There will be plenty of opportunities to ask questions, so do prepare a few in advance.