It is not uncommon for law firm owners and senior staff to feel a sense of apprehension upon receiving an email from the Solicitors Regulation Authority (SRA) requesting confirmation of an upcoming SRA AML audit for their firm.
However, with the proper preparation and understanding of what to expect, it is possible to navigate this process with confidence.
In this guide, we will provide you with the knowledge and resources necessary to ensure your law firm is fully prepared for an SRA audit.
Why the SRA want to visit your law firm
The Solicitors Regulation Authority (SRA) is a regulatory body that oversees the conduct of solicitors and law firms in England and Wales. It is responsible for ensuring that solicitors meet professional standards and adhere to the rules and regulations set out by the SRA. The SRA also oversees non-lawyer employees and managers of regulated firms to ensure compliance with regulations. The main objective of the SRA is to protect consumers by promoting and enforcing the highest standards of professional conduct within the legal profession.
An SRA AML Audit is an annual review conducted but the legal regulator to ensure that solicitors are properly reporting and handling client funds. The audit is conducted to confirm that the firm has implemented appropriate measures to safeguard client money and is in compliance with the SRA Accounts Rules.
There are several reasons why the SRA might conduct an audit of your firm:
– As part of a regular, proactive inspection program to ensure compliance with regulations.
– In response to a complaint or report from a client
– As part of targeted particular focus to address specific issues or risks
– Based on intelligence received from organisations such as the National Crime Agency (NCA)
The SRA carefully evaluates all complaints and reports to determine if an investigation is necessary in accordance with rule 1.1 of the Regulatory and Disciplinary Procedure Rules. This process ensures that the SRA is able to effectively address and resolve any issues related to solicitors and law firms.
An SRA AML audit is a mandatory requirement for all solicitors and law firms operating in England and Wales that handle client funds as part of their services. The Solicitors Regulation Authority (SRA) has established certain criteria for exemptions to this SRA AML audit requirement. A firm may be exempt from obtaining an accountant’s report if, during an accounting period, they meet the following conditions:
–They hold small amounts of client money (average of less than or equal to £10,000 and a maximum of less than or equal to £250,000) at each reconciliation date; or
–They only receive money from the Legal Aid Agency.
10 tips to help prepare for an SRA AML audit
With these insights, you’ll be able to ensure your firm is fully compliant and ready for the SRA’s visit.
1. Understand why your firm has been selected.
The SRA may have chosen your firm for one of two reasons: either it wants to closely examine your AML controls due to a recent breach or complaint, or your firm falls under the Money Laundering Regulations (2017) and is being routinely investigated. Either way, understanding the reasoning will help you better prepare for the audit by knowing which areas may be looked at in more detail. Whatever the reason, it’s highly recommended that you do not panic and instead take the view that the SRA AML audit visit is one which can help strengthen your law firms operations, policies and professional development.
2. Take advantage of the advance notice.
When the SRA first makes contact, it will typically offer a few dates for you to choose from. It is unlikely that the SRA will turn up unannounced, so you will have some time to prepare. Consider this as an opportunity to get your AML procedures in order. Don’t be afraid to ask for help, you will have plenty of time to get advice ahead of the SRA AML audit and make changes.
3. Keep up with the recent changes.
Which leads us to this next tip. Keeping up with the changes. The SRA does not have any rules on how often law firms should update their policies or review their procedures. However, it is important to keep up with recent changes and implement them as soon as possible. Technology plays a huge role in helping your law firm to be fully compliant with the SRA by streamlining processes whilst providing a single source of truth for client due diligence, and delivering transparent audit trails. Your technology supplier can also provide information on the latest security measures to assure regulators that you are aware of risks and are well prepared to tackle them.
4. Follow through with planned reviews.
If you have future dates in mind for a review of your existing systems, make sure to follow through with them. Failure to review things in line with your policy may indicate to the SRA that your AML framework is not working.
5. Tailor your Firm-wide Risk Assessment (FWRA) to your firm’s specific risks.
The FWRA is the cornerstone of your AML controls and is required to be compliant with the SRA Standards and Regulations. Starting with a template is acceptable, but it must be tailored to the risks faced by your firm. The SRA has strict rules on law firms being able to evidence risk based approach to client matters and funds.
6. Include reference to the Legal Sector Affinity Group (LSAG) guidance in your FWRA.
The SRA will be looking for this in your documentation. You should make reference to this guidance to demonstrate best practice and being risk adverse. You can view this here Legal Sector Affinity Group (LSAG) guidance.
7. Have all your policies, controls and procedures (PCPs) ready.
This should include all your client and matter risk assessments and your core AML policy. The SRA will also want to review your AML policy and procedures, CDD and Source of Funds procedure (if separate), client care documents, client and matter risk assessments, procedure for monitoring compliance, training delivery logs, and central registers during an audit.
8. Be prepared to provide associated policy documents.
This will include anything referencing the firms Client Due Diligence procedures to how you store your client data. Be prepared to be able evidence the extensive information associated with the firms PCPs.
9. Review your fee earners’ and staff training and screening records.
The SRA will want to see evidence of AML training for all staff members. They will also want to see how often staff screening takes place all of this must be evidenced. A core pat of the SRA AML audit is that they will want to see your staff’s knowledge and understanding of the firm’s AML controls. They will also review files, including client care letters, open and closed files, client ledgers, verification and identity documents, e-verification results, search engine or adverse findings, company searches, evidence of source of funds and wealth, client and matter risk assessments, and SARs or defence against money laundering. Make sure to document any false positives and how they were resolved.
10. Be prepared to discuss recent transactions or matters.
The SRA may ask for information on specific transactions or matters to assess the effectiveness of your AML controls.
In summary, an SRA AML audit is an annual review conducted by the legal regulator to ensure that solicitors are properly reporting and handling client funds.
It is important for law firms to understand the reasons why they have been selected for an audit and take advantage of the advance notice provided. By keeping up with recent changes in regulations and preparing well in advance, firms can navigate the audit process with confidence and minimise any potential issues. It is essential to understand that the SRA audit is not only a regulatory requirement but also an opportunity for firms to improve their operations and protect their clients’ interests. With the right preparation and technology-enabled solutions, firms can ensure compliance and protect their reputation.
Implementing technology-enabled solutions such as Verify 365 can help with SRA AML audit massively as it has been developed as a client onboarding software that is specifically designed to help law firms with their compliance needs. The software uses a risk-based approach to client due diligence, ensuring that all necessary checks are performed in a consistent and transparent manner. This can provide a single source of truth for client due diligence throughout the client lifecycle and deliver transparent audit trails for SRA AML audits.. Verify 365 also ensures that your tech stack is secure from fraud and provides an appropriate level of assurance for CDD. By implementing a solution like Verify 365, law firms can have peace of mind knowing that they are fully prepared for an SRA AML audit and that their compliance needs are being met.
Are you ready to take the stress out of SRA AML audit and ensure your law firm is fully compliant?
Schedule a demo with us today and experience the benefits of Verify 365 for yourself.