COFAs are not necessarily responsible for the money-laundering requirements relating to a law firm’s clients. However, a recent disciplinary tribunal fined a principal, who was also the firm’s COFA, for failing to adhere to the relevant regulatory requirements.
In response to a number of requests from readers of COFA Corner, we look in this edition at how current legislation affects a law firm’s anti-money laundering procedures for its clients.
Because most law firms manage funds on behalf of clients, they are more likely to be targets for money laundering. They need suitable and effective procedures to manage these risks and the associated statutory requirements.
We outline below the relevant regulations and processes to help practices.
Anti-money laundering – regulations
The relevant legislation in place for the regulated sectors, which includes the legal sector, is:
- The Proceeds of Crime Act 2002 (The Act) as amended by the Serious Organised Crime and Police Act 2005, and;
- The Money Laundering Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (The 2017 Regulations).
Anti-money laundering - procedures required
Law firms will need to ensure they establish procedures to meet the following requirements:
- Identify, assess and manage the risks of money laundering and terrorist financing to which they are subject.
- Apply client due-diligence procedures.
- Keep appropriate records.
- Appoint a money laundering nominated officer (MLNO) to whom money laundering reports must be made.
- Appoint a member of the board or senior management as the officer responsible for compliance with the Regulations - this may be the same person as the MLNO.
- Establish systems and procedures to forestall and prevent money laundering.
- Monitor and manage compliance with, and communication of, the policies and procedures.
- Provide relevant individuals with training on money laundering and on awareness of their procedures in relation to money laundering.
Client due diligence (CDD)
Under the Regulations, law firms are required to undertake CDD procedures on their clients. CDD procedures include:
- Identifying clients and verifying their identity. This is based on documents or information obtained from reliable sources, independent of the client.
- Identifying where there is a beneficial owner who is not the client. The law firm must take reasonable measures, on a risk-sensitive basis, to verify the beneficial owner’s identity.
- Obtaining information on the client’s circumstances and, where applicable, business, including the intended nature of the business relationship.
You must apply CDD when you:
- Establish a business relationship with a client.
- Suspect money laundering or terrorist financing.
- Have doubts about information relating to a client’s identification, which you have obtained previously.
- Carry out an ‘occasional transaction’ worth €15,000 or more.
There are occasions when CDD measures must also be applied on a risk-sensitive basis to existing clients. For example, when a client requires a different service or where there is a change in the client’s circumstances. Practices must consider why the client requires the service, the identities of any other parties involved and any potential for money laundering or terrorist financing.
The purpose of the CDD is to confirm the identity of the client. For the client’s identity to be confirmed, independent and reliable information is required. Documents which give the strongest evidence are those issued by a government department or agency or a court – these include documents filed at Companies House.
For individuals, particularly strong sources of verification include documents from highly rated sources containing photo identification, such as passports and photo driving licences, as well as written details.
Records obtained during the CDD are required by law to be maintained for five years after a client relationship has ended. The law also requires clients to be notified about how their personal data will be processed and who the data controller is - the name of the entity or person registered under GDPR.
Enhanced due diligence
Enhanced CDD and ongoing monitoring must be applied where:
- The risk of money laundering or terrorist financing is assessed as high.
- The client is established in a high-risk, third country.
- The client is a politically exposed person or is a family member or known close associate of one - this now includes UK politically-exposed persons (PEPs).
- False or stolen identification documents or information have been provided and there is still an intention to act for the client.
- A transaction is complex and unusually large or has an unusual pattern and there is no apparent legal or economic purpose.
- By its nature, there is a higher risk of money laundering or terrorist financing.
- There is a ‘correspondent relationship’ with another credit or financial institution.
Additional procedures are required over and above those applied for normal due diligence in these circumstances.
The list above was amended in the 2017 Regulations: note particularly that PEPs are defined more widely, including where they are from the UK rather than just a foreign state. With the increased use of the Internet and other remote transactions, the requirement has been removed to apply enhanced due diligence, where not meeting the client face to face. However, additional checks will be required to give assurance that identity has been correctly ascertained and verified, if the client has not been seen.
The definition of money laundering includes the proceeds of any crime. Those in the regulated sector are required to report knowledge or suspicion - or where they have reasonable grounds for knowing or suspecting - that a person is engaged in money laundering – i.e. has committed a criminal offence and has benefited from the proceeds of that crime. These reports should be made in accordance with agreed internal procedures, in the first instance to the MLNO, who must decide whether or not to pass the report on to the National Crime Agency (NCA).
There is also an offence known as 'tipping off' under the Act. This happens if a person in the regulated sector reveals, for example, to a client that a suspicious activity report has been made about that client. An offence may be committed where this disclosure is likely to prejudice any investigation by the authorities. A tipping-off offence may also be committed where a person in the regulated sector discloses that an investigation into allegations of a money-laundering offence is being contemplated or carried out and, again, that this disclosure is likely to prejudice that investigation.
The requirements above are not solely the responsibility of the COFA. However, the COFA must ensure the firm’s money-laundering procedures provide an adequate framework to work alongside the SRA Account Rules requirements to ensure the continued compliance of both office- and client-money transactions.
These are some elements of the complex money-laundering requirements. Law firms are generally well versed on this topic, given its importance to the legal sector, but they should always seek professional advice when necessary.
This publication is produced by Francis Clark LLP for information only and is not intended to constitute professional advice. Specific professional advice should be obtained before acting on any of the information contained herein. While Francis Clark LLP is confident of the accuracy of the information in this publication (as at the date of its production), no duty of care is assumed to any direct or indirect recipient of this publication and no liability is accepted for any omission or inaccuracy.