44% of UK Solicitors Tested Are Not Meeting ML/TF Regulatory Requirements – but Unlike Their American Counterparts, At Least They Have Regulatory Requirements

A review by the UK’s Solicitors Regulation Authority (SRA) results in 44% of solicitor firms tested will be subject to disciplinary process. That’s bad, but what is worse is that US lawyers performing the same type of work are not subject to equivalent regulations

There are 7,000 regulated law firms in England and Wales that are subject to the anti-money laundering program and reporting regulations promulgated as a result of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Act 2017. Among other things, those firms are required to have a risk-based ML/TF compliance program, including customer due diligence and suspicious activity reporting requirements.

Note 1: not all “lawyers” are subject to these regulations. In the UK (and Canada) lawyers are either barristers – representing clients in criminal and civil proceedings in court – or solicitors – acting for clients in all other legal matters. The ML/TF regulations apply, generally, to solicitors, or “independent legal professionals and trust of company service providers” that provide “legal or notorial services to other persons, when participating in financial or real property transactions concerning” the buying or selling of real property and businesses, managing client money or asserts, opening and management of bank, savings, or securities accounts, and creating companies, trusts, and foundations. Put simply, financial, company, or property transactional work outside the court systems is covered by the ML/TF program and reporting requirements.

Note 2: the money laundering and terrorist financing compliance program requirements address at least (or only) three (3) of the enumerated thirty-eight (38) risks identified by the SRA in its Regulatory Risks Index. Ten (10) of the risks relate to the market and are not given a “severity” score: twenty-eight (28) of the risks relate to individual firms and are given a severity risk. Those risks range from a low of 4% for geographical or jurisdictional conflicts to a high of 96% for misuse of money or assets. The mean (average) risk is 43%, and the median (middle) risk is 38%. The second highest severity score was for criminal association (77%), the third highest was for money laundering (73%), and the fourth highest was for bribery and corruption (67%). Other than stealing clients’ money, the Solicitors Regulation Authority considers financial crimes – associating with criminals, money laundering, and bribery and corruption – to be the risks with the greatest severity. So with such severe risk, one would assume that firms would be serious about their compliance requirements: the results of the SRA’s review suggest otherwise.

In 2018 the SRA reviewed the programs of 59 law firms. On May 7, 2019 the SRA published the results. The actual report is at Go to the review. The press release is at https://www.sra.org.uk/sra/news/press/aml-tcsp-review-2019.page.

The SRA’s press release provided as follows:

A review has shown that a significant minority of law firms are not doing enough to prevent money laundering, with some falling seriously short.

The review did not find evidence of actual money laundering or that firms had any intention of becoming involved in criminal activities. However, it did find a range of breaches of the 2017 Money Laundering Regulations, as well as poor training and processes.

One of the biggest areas of concern was firms’ risk assessments. A firm risk assessment is required in legislation and should be the backbone of a firm’s anti-money laundering approach. We found that more than a third (24) of firms reviewed fell short in this area, including four that had no risk assessment at all.

There were also issues around appropriate customer due diligence. This included inadequate processes in almost a quarter (14) of firms to manage risks around Politically Exposed Persons, known as PEPs. However, in some instances effective customer due diligence did result in firms turning down work. Fifteen firms had done this, with one of the main reasons being evasive clients.

As a result of the review we have put 26 firms [out of 59] into our disciplinary processes. We have also published a warning notice reminding the profession of their obligations, particularly in relation to firm risk assessments. And we have begun a further review of 400 other law firms to check compliance with the Governments 2017 Money Laundering Regulations. This review will be led by a new dedicated anti-money laundering unit, being set up to bolster resources to prevent and detect money laundering.

But as important as what the press release did include is what it did not include. According to the actual report:

“Firms had raised low numbers of internal suspicious activity reports (ISARs).” The actual data, represented by the graphic below, suggests an even bleaker picture: only three (3) of fifty-nine (59) firms  – or one out of twenty – averaged more than one internal report on potential suspicious activity per year.  And the report noted that “only 10 firms had submitted SARs in the last 24 months”, but like the ISAR data, the actual SAR data was even more bleak, with only two (2) of the fifty-nine (59) firms filing more than one SAR a year over the last two years. 

Other results are worth highlighting:

  • two firms failed to consider the countries that they operate in and failed to have a PEP process in place
  • two firms failed to consider the geographical location of their clients or the nature of their firm’s work
  • five firms failed to consider the types of transactions that they undertake. They also failed to provide information and procedures in their AML policy about scrutinising complex and/or unusual transaction or transactions that have no apparent economic or legal purpose
  • one firm failed to address how they deliver legal services and also acknowledged that they do not see 5% of their clients
  • five firms that did not have a file [client] risk assessment process in place. This is concerning and suggests that some firms are not systematically addressing money laundering issues. This undermines the ability of fee earners to detect issues, report concerns and mitigate risks.
  • nine firms that had a [client risk assessment] process in place, but the fee earner was unable to provide an adequate risk assessment for each file. These failures suggest some firms struggle to monitor the compliance levels of fee earners and/or fail to implement the process/policy
  • We made eight referrals into our disciplinary processes about inadequate AML policies. This included one referral for a complete lack of written policies
  • of the 59 firms we visited, the fee earner we spoke to at 10 of the firms (17%) was unable to provide the relevant CDD for each of their files
  • eight files did not contain adequate information and/or recorded evidence about beneficial owners of the relevant trust or company
  • eight firms had no PEP process. These firms were referred into our disciplinary process

These same firms are advising financial institutions on how to comply with UK AML laws and regulations. It is inconceivable that these firms would ignore their own advice – assuming it is good advice – by having programs that have inadequate risk assessments, missing or inadequate customer due diligence files, no or inadequate internal processes for escalating unusual or potentially suspicious activity, and missing SARs. In fairness, though, where five firms have no programs, fifty-four have programs; where eight firms have no PEP process, fifty-one have a PEP process. And, as the headline indicates, at least the UK solicitors are equal partners with their financial institution clients in the global fight against money laundering and terrorist financing … unlike their American counterparts.