This website uses cookies

This website uses cookies to ensure you get the best experience. By using our website, you agree to our Privacy Policy

Jean-Yves Gilg

Editor, Solicitors Journal

Cash in, cash out: The art of money laundering compliance

Feature
Share:
Cash in, cash out: The art of money laundering compliance

By

Lee Baxter provides some practical pointers for UK law firms on how to manage the risks of anti-money laundering compliance

It has been more than a decade since the implementation of the Proceeds of Crime Act 2002 and the Money Laundering Regulations 2003, which incorporated the European Commission’s second money laundering directive into UK law. Together, they extended anti-money laundering obligations to a defined set of activities provided by legal professionals. These have raised a number of regulatory challenges which have changed over the years as the UK anti-money laundering (AML) framework has evolved. This article offers some insight and practical suggestions to help manage the regulatory risks with which firms have to contend.

Screening clients

In the lifecycle of a client relationship, an early consideration is the verification of the client’s identity. This is a statutory requirement for work that falls within the regulated sector, but it would be wise to carry out due diligence on all new clients, with a particular focus on beneficial ownership. One benefit of such an approach is that all clients can be risk profiled effectively, enabling the identification of risk factors that might otherwise go undetected until after the ?client relationship is firmly established.

To assist with risk profiling, your firm should look to utilise one of the many web-based screening services that are currently available. These collect and validate data from multiple sanction and caution lists, law enforcement agencies and financial regulators. These services should be used to screen clients and, where relevant, any individuals who are able to exercise control over clients (such as directors, shareholders and beneficial owners).

Screening clients in this way will help you to comply with Regulation 14 of the Money Laundering Regulations 2007, which requires firms to take reasonable measures to identify higher risk clients and undertake enhanced due diligence and enhanced monitoring, where appropriate.

If such considerations are not currently taking place, they will soon be necessary. The European Commission’s fourth money laundering directive will extend enhanced due diligence for politically-exposed persons (PEPs) so that, when they are beneficial owners, firms will need to assess the source of the ?funds being used.

In any event, it is simply good business to know your client. Online screening is quick and inexpensive. It will reassure you and your firm’s professional indemnity insurers that your firm knows who it is dealing with. Insurers are showing increasing interest in how firms manage ?the risks associated with sanctions. You need to be confident that ?you have the controls in place that are appropriate to your business.

Of course, there is nothing to prevent your firm from taking on high-risk instructions in most cases. But, where such work is undertaken, it is important to go in with eyes wide open; be sure that the matter falls within your firm’s risk appetite and that appropriate (and well documented) measures are taken to mitigate the enhanced risks.

It is worth taking a quick look at the recent regulatory action taken by the Financial Conduct Authority (FCA) against EFG Private Bank. The bank had identified significant money laundering risks, but lacked records of how its senior management had mitigated those risks.

For example, in one account, EFG’s due diligence highlighted that a prospective client had acquired their wealth through their father, about whom there were allegations of links with organised crime, money laundering and murder. However, there was ?insufficient information on file to explain how the bank concluded that this risk was acceptable or how it was mitigating the risks. ?The FCA fined EFG £4.2m.

From a commercial point of view, verifying the identity of each and every client allows for more seamless cross selling within an organisation, something which is on the agenda of many firms in ?our increasingly competitive market.

Consider a new corporate client that is litigating over a contractual dispute. The work is non-regulated and due diligence ?is not carried out. The matter is successfully resolved and the client chooses to instruct another partner in the firm in relation to an investment opportunity. Undertaking due diligence at this point can appear clumsy and potentially aggravate a healthy client relationship, yet you are obliged to do so if due diligence has not been previously carried out. If the partner supervising the second matter proceeds on the presumption that it has, an inadvertent breach of the money laundering regulations may well be on the cards.

Even where your firm’s AML policy requires that due diligence is carried out on all new clients regardless of the type of work instructed, it remains vulnerable to this type of breach where, for example, a new client instructs on multiple matters simultaneously.

It would be wise therefore to ensure that your current AML framework contains controls to mitigate this risk. Whether your firm has a central compliance function that overseas client inception or such responsibility falls to individual client partners, business support teams should be able to develop a solution to protect against this typical scenario using existing systems to alert partners if a client’s identity has yet to be approved or due diligence needs to be updated.

Ongoing monitoring

The requirements around client due diligence do not end upon completion of the initial client verification process. Regulation 8 ?of the money laundering regulations requires firms to conduct ongoing monitoring of business relationships on a risk sensitive ?and appropriate basis.

Ongoing monitoring is defined as “scrutiny of transactions undertaken throughout the course of the relationship, (including where necessary, the source of funds), to ensure that the transactions are consistent with your knowledge of the client, ?their business and the risk profile”.

If future instructions are inconsistent, it is necessary to conduct further enquiries to determine why this is the case. How you approach the subject will depend on the circumstances and personalities at play. Often, the explanations offered by a client ?will demonstrate that the change in tack is perfectly legitimate.

One of the issues here is that it is highly unlikely that every partner within your firm will be familiar with every client profile. This is something money launderers prey on. A sophisticated criminal may instruct a firm in several legitimate matters to develop trust before attempting to use that firm to launder funds.

Although partners will discuss clients with one another when referring work, having easy access to summary details about the client’s identity and business can bring great benefit. It may be that a partner has not acted for a particular client recently and needs to refresh his knowledge. Or perhaps the client relationship partner is unavailable or has retired from practice when new instructions are received.

Whatever the circumstances, it is important that, when advising a client for the first time, partners familiarise themselves with the makeup of that client and the risk profile your firm has attributed it so that they are well placed to detect anything suspicious.

Regulation 8 also requires firms to keep “the documents, ?data or information obtained for the purpose of applying CDD up-to-date”. So, if during a client relationship, a partner becomes aware of changes to the client’s identity (such as to its management, ownership or commercial activity), he must ensure your firm’s records and summary information sheet are updated.

Staffing defences

Communication and training are key factors in the fight against money laundering. Your staff are the most effective defence against launderers, who would seek to abuse the services provided by your firm.

Regulation 20 of the money laundering regulations requires that you communicate your AML obligations to your staff, while regulation 21 requires that you give staff appropriate training on their legal obligations and information on how to recognise and ?deal with money laundering risks.

Staff should be informed to a level that is appropriate to their position and be aware of the money laundering typologies that are prevalent in their areas of practice. For example:?

  • property teams should be alert to the signs of mortgage fraud (e.g. direct payment to the vendor by the purchaser; using a corporate vehicle to purchase a property where there is no ?good commercial or other reason);

  • dispute resolution teams should be aware of the signs of scam litigation (e.g. scant paperwork supporting an alleged debt; a quickly settled debt – sometimes even before the first letter of demand; a client’s willingness to pay fees even when very little work has been done); and

  • corporate and commercial teams should recognise the signs of front or shell companies (e.g. large payments for unspecified services to consultants, related parties or employees; corporate directorships with no apparent commercial or other purpose).

The level of understanding required will vary depending on the size of your organisation and the processes you have in place to ensure compliance with the AML regulations.

Such knowledge should be delivered in multiple ways to ?ensure maximum impact. There is an abundance of web-based products available that are popular within the profession as a way of meeting the training requirements of regulations 20 and 21. Attending AML forums and conferences is another way of increasing awareness, as is circulating written material to keep partners abreast of recent developments.

The greater variety you are able to offer when delivering AML training, the better your organisation will be in protecting itself against money laundering and, should the worst happen, the more rapid and effective will be its response.

 


Anti-money laundering compliance checklist

  • Ensure your anti-money laundering framework is well documented in the form of a handbook or policy that includes a clear explanation of the firm’s regulatory duties, personal responsibilities, due diligence requirements and warning signs or typologies. Clearly identify your money laundering reporting officer and your internal reporting procedures.

  • Utilise web-based products to verify due diligence materials, identify ownership structures and screen all controlling parties and beneficial owners.

  • Risk profile all clients. For individuals, consider sources of wealth, where appropriate. For corporates, consider factors such as country of registration, main commercial activities, turnover, age, where the entity trades or operates, corporate structure and the nationality of beneficial owners. Use Transparency International’s corruption perceptions index as a guide. Score clients against each criteria and decide upon a threshold above which additional senior management approval is required to take on new clients.

  • Require an objective review of particularly sensitive client relationships so that the final decision on whether to accept the client does not lie with the individual who stands to profit most from the relationship.

  • Keep schedules of all high-risk clients and matters and then review them regularly to ensure your firm’s risk exposure remains within its risk appetite.

  • Use internal file review programmes to apply greater monitoring to high risk work or introduce a dual supervision approach.

  • Create a summary of due diligence information and your firm’s risk profile and ensure they are easily accessible and widely publicised internally. Make it clear under which circumstances you expect fee earners to refer to this information.

  • When undertaking high-risk work, ensure partners record why the risk is acceptable and the measures being taken to mitigate the enhanced risks.


 

Demands on MLROs

Money laundering reporting officers (MLROs) clearly need to be ?on top of their game, particularly given the personal liability attached ?to their role.

Partners in larger firms with the ability to refer to centralised compliance teams will benefit from the specialised knowledge they hold. Smaller firms, in which the only point of contact about money laundering matters might be the MLRO partner, require a more in-depth understanding of the relevant issues.

Although the regulations contain a mandatory requirement to provide AML training, the most powerful driver is the preservation of reputation. A single incident – whether that involves a money launderer abusing the services of your firm or a regulatory review ?that exposes AML deficiencies – has the potential to bring an end ?to even the strongest of brands.

Lee Baxter is head of risk and compliance at UK law firm ?Collyer Bristow (www.collyerbristow.com)