More than ever before, law firms are striving to increase fees through faster, easier and lower-cost, digital channels. Yet, the current regulatory and cybersecurity landscape creates a layer of complexity. Consumers want the convenience of accessing legal advice through digital channels, but law practices must comply with stringent anti-money laundering (AML) and Know Your Client (KYC) regulations that typically mean clients bring in ID documents and proof of address to their lawyer’s office, which could be hundreds of miles away, simply for basic identity verification, address validation and source of funds checks.
Today’s AML regulations are placing more pressure on law firms to comply and verify their clients’ identities and source of funds. Yet, at the same time, large-scale data breaches like the recent Mishcon De Reya AML breach (and many others before it) have made identity verification methods that rely heavily on manual checks and non-legal specific AML platforms less secure and more vulnerable than ever.
Consequently, the risk of fraud in the legal sector is skyrocketing. The number of reported suspicious transactions is rising. According to Verify 365, financial and identity fraud increased 40 percent in 2021, with thousands of lawyers reporting suspicious activities. And both these statistics come from before the recent Mishcon De Reya AML breach! The fraud numbers are sure to only increase.
Regulatory and Cybersecurity pressures are making Identity Verification and AML compliance a challenge for Law Firms
Over the past few years, AML and ID regulations have become increasingly stringent, requiring law firms to do more to verify the identities of their new clients when taking on new matters. Both the U.K and the U.S. governments have made each iteration of AML legislation more complex in an effort to prevent terrorists from using laundered funds to launch future attacks. With each iteration of the legislation, the standards are higher and the penalties for failure to comply are harsher. To avoid steep fines, lawyers are expected to know who their client is, the source of their funds and the level of risk that each client presents. However, even today, many of the details remain vague, making it difficult for law firms to effectively comply.
At the same time, fines for non-compliant law firms have been increasing significantly. Mishcon de Reya, one of the UK’s most prestigious law firms, has been fined a record amount for committing “serious breaches” of money-laundering rules. The London-based firm agreed to pay a fine of £232,500, plus a further £50,000 towards the costs of the investigation, which was carried out by the Solicitors Regulation Authority (SRA). In its decision, the regulator said Mishcon de Reya’s conduct had “potential to cause significant harm by facilitating transactions that gave rise to a risk of facilitating money laundering”. The SRA investigation concerned work the firm carried out for two unnamed individual clients between September 2015 and April 2017, and corporate vehicles connected with the same two individuals.
The work included the proposed acquisition of two separate entities that had “higher risk of money laundering or terrorist financing” under relevant money-laundering legislation, because they involved companies in high-risk jurisdictions. The regulator found Mishcon de Reya failed to carry out the required level of due diligence or ongoing monitoring.
Additionally, between 22 July and 28 July 2016, a payment of £965,000 was made into Mishcon de Reya’s client account and three payments – the highest of $1,099,015, equivalent to £810,000 – were made out of it, none of which related to the delivery of services by the firm, contrary to SRA rules that forbid client accounts being used “as a banking facility”.
How can law firms avoid fines in this constantly shifting landscape of regulations?
The Law Society of England & Wales recommends that AML due diligence measures should include the following:
· Verifying the client’s identity
· Understanding and obtaining information on the purpose and intended nature of the business relationship
· Ensuring through ongoing analysis that transactions are “consistent with the lawyer’s knowledge of the client, their business and risk profile, including where necessary, the source of funds”
Other pieces of the AML-check process should involve background checks for criminal records, political exposure and proof of address. The extent of these measures should depend on the amount of risk each client or business transaction presents.
In an effort to meet compliance with these requirements, law firms are increasingly investing in new AML and client onboarding technologies and tools. In fact, law firms are projected to spend $8 billion on AML compliance in 2023. With the harsh fines possible, solicitors’ practices have a strong incentive to comply, but what they should do is unclear, and there are a variety of options to choose from. Lawyers are clearly trying, but what they have been doing thus far hasn’t been working.
Traditional manual approaches to AML compliance and identity verification are no longer sufficient
The most traditional form of verifying client identities is having a new client go to an office location to have their personal identification documents verified by a receptionist. However, in an age when law firms are closing hundreds of office locations and consumers expect to be able to conduct their transactions – from beginning to end – through digital and remote channels, expecting them to journey to the office is not realistic. In fact, according to Lawyer 365, client visits to law firm offices are set drop 40% between 2023 and 2025, with mobile and virtual legal consultations rising 500% percent during the same period. Furthermore, office receptionists and law firm administration staff are not experts in AML compliance or ID verifications and are simply not trained to spot sophisticated forgeries or prevent fraud.
How can law firms simplify remote ID and AML verifications and improve client onboarding compliance?
For many law firms, the ability to accurately execute remote AML checks and ID verifications in a timely manner is essential for the practice to function, allowing them to make contractual agreements, comply with regulations, and deliver legal services to clients. Automated AML and ID verifications are essential for business growth. Digital AML platforms provide better experiences and in a compliant manner. Digitisation of the process drives significant efficiencies as manual processes are causing negative experiences and increased risk.
So how can lawyers approach remote identity verifications? Fortunately, there is a solution, Verify 365, a fully digital and automated ID and AML verification platform that allows law firms to automate ID verification for photo and electronic ID, source of funds, PEPs and sanctions and address validation.
Transforming digital client onboarding process
Digitising the onboarding process reduces risk, increases trust, and supports legal validity and compliance. A client can verify their identity quickly and easily with a passport, drivers’ licence, or national identity card. The user can simply use a mobile device to take a photo of their documents. What’s more, using remote identity verification platforms ensures agreements are legally enforceable and compliant with preferred regional identification processes.
Why Switch to Verify 365 AML & ID Verification Platform?
Verify 365 is an award-winning AML and ID verification technology that provides automated anti-money laundering and NFC-based ID technology in one easy-to-use software app. Verify 365 makes the client onboarding process more streamlined, efficient and compliant.
The verification platform includes the following technology blocks:
1. Biometric & NFC ID Verification: instant verification of the client and their ID document using the latest biometric and NFC-chip reader technology using Verify 365 app. Verify 365 supports over 10,000 government issued IDs from over 195 countries. Verify 365’s global reach allows lawyers to verify clients from all corners of the world. Verify 365 offers highly automated biometric verification to make this quick and simple, so lawyers always know their clients.
2. Digital Bank Statements through Online Banking technology: providing lawyers with the financial and risk profile information, including instant digital bank statements directly from the bank. Verify 365 will verify source of funds securely and easily through our FCA-regulated Open Banking technology. The Account Information Service (AIS) extracts individual or company transactions and balance data from multiple accounts, using bank-side authentication and consent processes.
3. AML Enhanced Source of Funds Checks: allowing the client to provide detailed information and a breakdown of where the funds have come from, along with supporting evidence.
4. AML Global PEPs & Sanctions and Adverse Media Checks: verification and confirmation that a client isn’t included on any international PEP or Sanction lists, including global adverse media checks.
5. Address Verification: validating the client’s address automatically through the app with proof of address upload and verification against 20+ global address databases.
6. Know Your Business (KYB) Verification: instant verification of the business or company, including the accounts, shareholders, persons with significant control, ultimate owners, etc.
With the new NFC-chip reader verification technology, Verify 365 can verify a person’s identity document in a matter of seconds. Not only does this make the mobile verification flows more convenient, but NFC verification is also a much more secure method of data validation and compliant with HM Land Registry’s Safe Harbour Digital ID Standard and the Solicitors Regulation Agency’s AML framework.
New client onboarding technology platforms provide a solution
Given the increasingly stringent regulatory environment and the complexities added by large-scale AML breaches, law firms are already faced with quite a challenge when it comes to complying with AML and ID requirements. But, the situation becomes even more complicated when you factor in client expectations. In today’s age of mobile apps, clients expect a seamless digital law experience. They increasingly expect not only the convenience of being able to get legal advice through digital channels, they also want the speed of a nearly-instant onboarding and approval.
Fortunately, new mobile technologies make it possible to have strong AML and ID verification in digital channels while assessing client risk and delivering a superior client care experience. With the growing prevalence of smartphones, law firms can comply with AML and KYC regulations, as well as mitigate risk by leveraging clients’ personal mobile devices for ID document verification. Leveraging the same technology that is already in place for enabling NFC-payments, lawyers can also have clients use their smartphone camera and NFC chip reader to scan their government-issued IDs for verification.
The combination of smartphones and government-issued identity documents creates a powerful and credible weapon for lawyers to fight against money laundering by joining the trust people place in physical IDs with the convenience of the digital channel. Not only do government-issued IDs employ many sophisticated anti-fraud techniques designed to prevent forgeries, such as the new NFC-chips, an estimated 90 per cent of the world’s population has official government documentation. Clients are accustomed to visiting an office to show their identity documents and prove their address and source of funds, though many dislike the inconvenience. With new mobile technologies, rather than requiring a new client to make a special visit to an office, law firms can simply ask them to verify themselves and submit their AML check, biometrically verified ID and digital banking statements using their smartphone.
What are the benefits of digital client onboarding technology?
Using digital onboarding verification technology such as Verify 365 with advanced machine-learning algorithms, the law firm can instantly determine whether the ID is an authentic, government-issued document or a forgery. Using automated facial biometrics comparison technology, the lawyer is able to verify that the individual is actually a real person and that the person in the selfie matches the person pictured on the ID and the NFC chip. The algorithms can even take into account potentially challenging ID photo quality and that the ID holder’s appearance may have changed since the ID photo was taken. This combination creates strong identity assurance through two factors of authentication: something the customer has (the ID’s NFC chip) and something they are (biometric facial recognition). Best of all, all this is done remotely and quickly in less than 2 minutes and as easily as the snap of a camera, without the client needing to leave their home.
This approach to AML compliance and identity verification also works particularly well for the post-Covid world, as well as young people or new immigrants, who often have thin credit files and therefore little consumer history to verify their identity upon. Because 90 percent of the worlds’ population have government-issued identity documents, even if an individual has a thin credit file, they are still likely to have an ID – making digital identity verification a more viable option for authenticating these individuals in the digital channel. By comparing their ID documentation with facial recognition technology, solicitors and barristers can have strong identity assurance even for those individuals without many ID and address documents for verification.
What about client onboarding in the European Union countries?
Digital identity verification and client onboarding technologies are also becoming increasingly popular around the globe as an accepted solution for AML and KYC compliance. With the passing of the 4.1AMLD in the European Union, governing bodies have adopted a warmer approach toward digital identity verification, understanding that it is the most cost-effective way of responding to the demands of an increasingly mobile-first consumer population that wants an easy to use and secure identity proofing experience.
The new AML regulations support the use of such technologies, stating:
“Accurate identification and verification of data of natural and legal persons is essential for fighting money laundering or terrorist financing. Latest technical developments in the digitisation of transactions and payments enable a secure remote or electronic identification.”
This essentially paves the way for law firms across Europe to embrace digital identity verification over traditional manual processes.
A New Way Forward using Verify 365
Given the increasingly rigid AML and KYC regulations and the fact that traditional manual client onboarding is no longer a viable solution in the wake of large-scale data breaches, law firms need to immediately begin exploring new solutions for digital client onboarding and identity proofing. Using mobile technologies for digital ID document verification, biometric authentication, geolocation, digital statements, address verifications and PEPs and sanction checks, law firms can establish strong AML assurance while still providing clients the seamless digital experience they have come to expect. With verified digital identities, law firms have the assurance that their new clients are who they say they are. Moreover, they can mitigate the risk of fraud and enrol more new clients through the lower-cost, self-service digital channel, which helps drive top line growth.
It’s time to rethink AML compliance and ID verifications. By delivering a fast and easy, mobile-based, digital onboarding process, lawyers can meet the expectations of today’s consumers, restore trust in digital channels, and be well on their way to transforming themselves digitally for the future of law.