Anti-money laundering for law firms has always been a concern, what is “enough” information on a client to determine they’re legitimate, and their money is legal? But over the past few years there has been a growing concern within the industry as a whole, specifically pushed by the SRA and Law Society that enough simply isn’t being done. Take for example the story of Mishcon de Reya being fined for AML compliance breaches. They were smacked with a fine of £232,500 which highlights the reinvigorated push for better AML compliance and AML checks within law firms.
As we move forward into the Spring of 2022, let us all think of new beginnings. As the cold weather dies down and as frost melts, we all in the legal sector must decide do we continue with the old way of conducting AML checks, or do we embrace the need for a new generation of lawtech specifically designed for AML compliance for the legal industry? As you pounder, this question read our article on “Should the SRA introduce tough sanctions for AML breaches” to draw your final conclusion.
With all of the above in mind, and the need for more stringent anti-money laundering checks in the legal sector, we have put together a list of some top tips on how to help you combat money-laundering.
1. Carry out AML risk assessments
A big thing in the legal industry currently is what is called the “risk-based approach” (RBA) to AML compliance. What this means is a law firm being adaptable when presented with risks which may differ from client to client but still being able to carry out the necessary AML checks to ensure those risks are mitigated.
In order to apply an RBA within your law firm, it is necessary to have information on the risks inherent to your practice and in any particular client or matter. Take for example the risks associated with conveyancing practices. Naturally they face a higher risk of money laundering as fraudsters look to launder ill-gotten money through the legal purchase of a property, with the aim to then sell it and gain the money back, but in a legal way. Such practices need to under the risks associated with a house sale or purchase and the tell-tale signs for further investigation such as large cash deposits, a lot of various unrelated giftors or unexplained large money deposits into their account. If you have not fully assessed the risks present across your business or in any particular client or matter, you cannot then apply appropriate controls to mitigate those risks adequately and effectively.
The assessing of money laundering and terrorist financing risk is an important requirement of the Regulations and a vital step in protecting your practice. There are three important levels of risk assessment. Practice wide risk assessments (PWRAs) are required by R18 and should be comprehensive in identifying and assessing all the money laundering and terrorist financing risks your practice faces. The PWRA is central and fundamental to the AML controls implemented across your business and needs to address certain issues, prescribed by the Regulations. Client risk assessments should identify and assess the ML/TF risks identified at individual client level. Matter risk assessments should be undertaken on each new matter for a client, particularly where risks are novel or non-repetitive.
Approaching AML through a RBA is a great way in ensuring you protect your firm against fraudsters and their money laundering tactics.
2. Review the Practice Wide Risk Assessment (PWRA) for AML compliance
Building on the above point, reviewing the PWRA should be reviewed on a consistent basis every one to two years. This helps to maintain the accuracy of it and keep on top of any potential emerging risks. If there are any changes in the practice, it is vital that the PWRA reflects this.
Internal control reviews are needed on regulations in order to stay up to date. These should be hardcoded into your financial crime compliance programme with a frequency that reflects the risks your business is exposed to because of the types of clients it deals with, the products and services it sells and the jurisdictions it operates within. They should be essential, non-moveable processes in your AML compliance program.
3. Use emerging AI technology for AML compliance
Many existing, legacy, systems claim to verify clients. However, what most don’t realise is that most current AML solutions don’t do much in verifying clients. The Verify 365 team has extensively written and talked about how many web-based systems don’t verify the client. Why? Well simply put when you ask your client to send you a copy of their ID how do you know it’s them? How do you know it isn’t a look alike? Or the document hasn’t been tampered in some way? The point being that most web-based solutions only truly check that the document number is legitimate but everything outside of that isn’t checked and verified.
That is why the use of AI in the form of biometric technology and document fraudulency technology is important. Systems like Verify 365 use AI biometric technology to compare the image in/on the document the client provides against the client themselves, this way we can establish that the two are the same. Along with this, through our use of AI, systems like ours can establish ownership of the document and legitimacy of it to ensure that not only is the individual really your client, but the document is real and belong to them.
4. Make use of ‘Big Data’ for AML checks
Data is important, especially when trying to identify a client’s identity and finances and a very critical piece in combating money laundering. Analysing data to make insightful correlations and causations to then draw conclusions from is highly valuable. Not only does this make it a lot quicker to draw conclusions about money laundering since you can see the tell tail signs of it. But it also standardises the process and ensures staff are all equally equipped to pin-point money laundering immediately.
Systems like Verify 365 have made it easy for lawyers to draw conclusions easily when it comes to finances. From pulling in the financial data from clients and organising it into clear and concise tables. AML solutions like ours use data analytics to enhance our solution and make the ease of using it easy for all. So, if your system doesn’t rely on data then you’ve got a big problem. But if it does and it doesn’t do much more than provide you the raw data. Then you need to look at an alternative which provides you and your team more insight.
Conclusion
AML Compliance and AML checks are key to any legal practice and its matters. So ensuring the practice knows how to manage this correctly through best practices and technology is going to be key to the smooth running of the practice and to ensure that it doesn’t have any run ins with the regulator.
