Insight & Analysis

Press release: Firms under the spotlight as a result of SRA investigation – what you need to know

Published: Jun 2019

3rd June 2019 – A review by the Solicitors Regulation Authority (SRA) has shown that a number of law firms are not doing enough to prevent money laundering – and the ramifications look set to be felt far and wide as the regulator steps up efforts to stamp out the problem.

Almost half of those under scrutiny due to concerns over potential breaches could face disciplinary proceedings after alleged failures were exposed, with this being just the tip of the iceberg as more work of a similar ilk is to follow.

During the review process, which is the first of three of its kind, 59 firms that provide trust and company services – seen as a particular area of risk – were used as a sample and put under the spotlight, with 26 of those now having their practices further examined.

While it is important to note that the review did not find evidence of actual money laundering or that the organisations included had any intention of becoming involved in criminal activities, breaches of the 2017 Money Laundering Regulations, concerning a number of areas, were flagged, as well as poor training and processes.

Areas of concern

One of the biggest causes of concern was firms’ risk assessments and how these are carried out. An integral part of a robust and effective Anti-Money Laundering (AML) compliance programme, a risk assessment is required in legislation and should be key to tackling money laundering and ensuring the issue is given the attention it requires.

Despite repeated warnings over the need to comply, the SRA found that more than a third of firms reviewed did not meet the standards expected when it came to their risk assessment procedures, while, likely to cause even more concern, four had no risk assessment at all.

There were also found to be issues around appropriate customer due diligence, including inadequate processes in the way that many of those assessed and managed risks around Politically Exposed Persons (PEPs). In addition to this, it has also been discovered that 15 firms had turned down work following due diligence.

Further SRA action

The importance of compliance when it comes to fighting money laundering is something that the SRA has tried to convey throughout the last few years. The fact that sweeping hardline action is now a very real possibility, involving dozens of firms, shows just how seriously the body is taking its responsibility, and that of every firm it represents.

In terms of what this means for the future, the net is set to be cast wider in the coming months, with the regulator beginning a further compliance review of 400 firms, showing this is not an issue that will not go away.

With SRA chief executive Paul Philip warning of the need for substantial improvement and adding that “strong action” will be taken if there are considerable concerns that a firm could be enabling money laundering, the time for action is now.

The encompass view

Analysing the situation, and likely developments, compliance consultant and legal industry advisor to encompass Amy Bell said that the stance taken by the SRA at this early stage shows that this review – and what will come next – is not something to be taken lightly.

She commented: “It is important to remember that this is only the first piece of work, with more to come. The fact that the SRA have issued the warning notice in relation to risk assessments based on a small selection of firms shows the level of inadequacy that is evident and that this is a situation that requires urgent attention.

“The importance of risk assessments cannot be underestimated – they simply must be accurate from the very beginning if firms are to tackle any issues successfully. In order for this to be achieved, those designing assessments have to go back to basics, down to the granular detail and really understand how the firm operates, who the clients are, and the risks from the services they deliver.

“When it comes to AML, what firms have to realise going forward is that regulatory risk for non-compliance is high and meeting expected levels of AML compliance is entirely separate to the risk of committing a money laundering offence. You can fall down by not doing enough due diligence and this review itself is further evidence of regulators being prepared to take disciplinary action connected to risk as opposed to actual offending.”

Reiterating that firms should be viewing these first stage findings as a serious milestone and an opportunity to get things right in future, Amy said: “There will be more to digest in the months to come and this is a major warning to those in the sector to make sure they do what is needed to fall in line. A vital part of that is establishing a tight risk profile and being comfortable with turning work away if it falls outside of that, but the establishment is what really matters.

“This review was focused on Trust and Company Service Providers, a high risk area identified by the Government’s National Risk Assessment in October 2017. This review highlights a potential weakness is focusing too much on the instant instruction rather than the purpose of the business relationship.

“A main concern at the moment is that firms don’t complete thorough enough due diligence. They are too often focused on the creation of the vehicle rather than questioning why and how facts line up and this is something that must change if complicit compliance is to be achieved,” Amy explained, adding that the consequences of not heeding this review and taking what the SRA say seriously will undoubtedly be felt for a long time to come.

All our content is free, just register below

As we move to a new and improved digital platform all users need to create a new account. This is very simple and should only take a moment.

Already have an account? Sign In

Already a member? Sign In

This website uses cookies and asks for your personal data to enhance your browsing experience. We are committed to protecting your privacy and ensuring your data is handled in compliance with the General Data Protection Regulation (GDPR).