Q&A: Money Laundering Regulations 2007

Can you briefly describe the current money-laundering landscape? In particular, what new client-vetting rules will firms have to comply with?
As is now (hopefully!) well known, the AML landscape will radically change from 15 December when the new Money Laundering Regulations 2007 come into force. Criminal and disciplinary sanctions can be imposed on firms and individual lawyers within a firm (so not simply nominated officers), for system or process inadequacies, even if no money laundering actually takes place. It is therefore vital that all firms get to grips with, and are prepared for, the requirements of the new regime. At a minimum, every firm should review whether the new Regulations apply to the business it conducts and the client base it has or wishes to develop – for example, the Regulations do not apply to publicly funded work, will writing or litigation. But even firms engaged solely in those business areas must assess whether there is any prospect of ancillary work being done in relation to areas such as taxation advice, where the Regulations do apply.
The Regulations essentially divide clients into three categories – low risk, high risk and (by default) medium risk – and set out the criteria that determine which type of client falls into which category. There are then different client-vetting checks and rules for each category, which require different standards, timing and future monitoring to take place, all the time underpinned by an obligation to take a risk-based and proportionate approach that is documented, understood and justifiable. There are also detailed provisions that set out the extent to which a firm can rely on client vetting performed by someone else (for example, a bank or overseas law firm) rather than conduct its own checks. This might sound rather complicated, and parts of it are (for example, the extensive and comprehensive definitions of ‘beneficial owner’ and politically exposed person or ‘PEP’), but the Regulations take a practical and realistic approach in recognising that one size of vetting does not fit all.
As a general proposition, the new Regulations are a serious and credible step in getting professionals not only to confirm that the person instructing them is, in fact, the person they purport to be, but also to understand issues such as why the firm is being instructed at all, what the purpose of the instruction is and the source of funding. The policy reason for this is simple: if you know your client properly then you are better placed to assess risks and identify suspicious activity. The commercial benefit is also obvious: the better a client is known, the better the service you can provide to that client.

What key procedures do firms need to put in place to ensure they have adequate client-vetting procedures?
As a preliminary matter, all firms need to determine their own risk profile so that resources are directed towards the areas of greatest risk. This involves looking at the client base and assessing if there are clients, countries, business areas or services provided that have a higher likelihood of money laundering or terrorist financing associated with them than others. Systems, policies and procedures then need to be developed and implemented that comply with the legislative requirements and which will have the practical effect of minimising risk. Key ingredients here include:

Appointment of a nominated officer to receive disclosures from colleagues, and to make disclosures to the Serious Organised Crime Agency (SOCA);
A system that provides for the practical application of the timing, extent and evidential quality of client vetting – this will typically include forms to be completed and documents to be obtained at file opening, who is responsible for doing this, and procedures for file closure in their absence;
What reliance, if any, will be placed on third parties such as banks or overseas professionals who refer clients to the firm, or on outside providers of due-diligence client-vetting services;
The circumstances in which a disclosure should be made, what records should be kept, where, by whom, and for how long, as well as how and when those records should be reviewed and updated;
The communication with and training of fee-earning colleagues, as well as key accounting staff, on their obligations and how to recognise and deal with money-laundering risks;
Understanding that the information collected can be accessed by the client in certain circumstances (for example, by way of a subject-access request under the Data Protection Act 1998), and that client permission is best obtained for electronic verification, either specifically or via general terms of business;
A recognition of, and response to, the fact that once a client has been accepted into the firm by one department, then that is typically a gateway or passport to all the services the firm provides, so acceptance of a new client by (say) the litigation department with relatively minimal checks (because that is a low-risk area where the Regulations do not apply) has the potential to cause problems if, as all lawyers are encouraged to do, that client is then successfully ‘cross sold’ the services of the real estate or tax department (which are high-risk areas where the Regulations do apply).

How far are firms currently set up to manage effective client-vetting?
Present informal indications suggest that a significant proportion of mid-size to larger metropolitan firms are currently engaged in reviewing existing systems, policies and procedures, and are exploring what adjustments are needed in the light of previous experience and the requirements of the new regime contained in the Regulations. There is an increasing acceptance, certainly in the major cities, that if a problem arises the reputational consequences for a firm will likely exceed any financial impact. There is also a feeling that if a law firm in, say, the City of London experiences difficulties, it will have a knock-on effect on London’s financial reputation generally, so debate between various firms has taken place with that in mind.
There are also active discussions taking place between law firms and a variety of external due-diligence providers to explore outsourcing elements of the client-vetting process – for example, to assist in determining the accuracy of key client-identity material such as passports as well as establishing, with reference to various lengthy and constantly changing lists, who is, or might be, a PEP. Firms with overseas offices are also looking at an integrated approach to assess whether (say) a new client of the New York office (a jurisdiction where, perhaps surprisingly, law firms have minimal anti-money-laundering client-vetting obligations imposed on them) should be the subject of the same, or some other, level of checking from the outset as a new London office client. And, of course, because there are no ‘grandfathering’ provisions in the Regulations in relation to existing clients, many firms are also addressing the topic of what checks should be performed, and when, in relation to vetting existing clients.
The Law Society has just produced (3 September 2007) a practice note with a comprehensive and extremely valuable review and analysis of the new regime, with the added advantage that it also gives many practical tips and guidance to consider in particular circumstances.

What kind of further client checks will be needed on an ongoing basis?
The Regulations require ongoing monitoring to take place. The Regulations further require that this should be done during the initial instruction or transaction itself to ensure it is consistent with existing knowledge of the client’s business and risk profile. The obvious person to do this is the individual responsible for the transaction within the firm, provided that he or she is sufficiently aware of the money-laundering regime and the ‘warning signs’ of inappropriate behaviour. This means that it should seldom be necessary to conduct further client checks during the course of the initial retainer itself, unless something particular emerges that gives cause for concern. Similar monitoring should then take place on instructions received during the course of the business relationship, where again, as a practical matter, the responsibility can be left to the lawyer running the transaction.
The problem areas are more likely to be one of internal communication between lawyers in different departments or offices as the business relationship develops, and in keeping records up to date. Here, the Law Society practice note makes it clear that unless particular circumstances require, there is no need to conduct the vetting process on a regular basis, randomly audit files, or cross check every instruction to look for anomalies. It instead suggests sensible points to review – if there has been a gap of over three years between instructions, for instance, or if there has been a change in identity details.
Other than in the most unusual circumstances, most firms no longer accept payment in cash from any client for anything, and are keen to ensure that funds for a purchase or other payment to be made by the client come from a known account in that client’s name. Equally, in even relatively routine matters, firms are increasingly alert to receiving payments direct from the other side of the transaction for onward transmission to their own client, and are declining to accept payment on this basis either at all, or without obtaining suitable comfort from the payee’s solicitors. The involvement of a PEP, either as client or counterparty, means that firms should be particularly astute because there is a particular obligation to conduct enhanced monitoring in this area. The practical reality here is that it is often the accounts staff alone who are aware of information about source of funds, the fee earner’s knowledge typically being limited to knowing when funds have or have not arrived and in what amount. Firms need to assess if that is the case with them and, if it is, go on to consider what training should be given to those accounts staff and the detail of the information to be given to fee earners.

Simon Moore is a partner at Field Fisher Waterhouse LLP. He can be contacted at simon.moore@ffw.com