Managing higher-risk practice in a credit crunch

Two recent headlines, involving severe penalties on financial institutions, serve as a timely reminder to monitor client risk, particularly in higher-risk jurisdictions and higher-risk practice areas.

The first was the report by the US Department of Justice of the agreement by Lloyds TSB “to forfeit $350m to the United States and to the New York County District Attorney’s Office in connection with violations of the International Emergency Economic Powers Act ...The violations relate to transactions Lloyds illegally conducted on behalf of customers from Iran, Sudan and other countries sanctioned in programs administered by the Office of Foreign Assets Controls”¹.

The second was the £5.25m fine imposed by the Financial Services Authority (FSA) on Aon² (reduced from £7.5m because of cooperation), for failing to “take reasonable care to establish and maintain effective systems and controls for countering the risks of bribery and corruption ... particularly in high risk jurisdictions”. The breaches alleged included: failure to require adequate levels of due diligence before relationships were entered into or before payments were made; failure to monitor relationships; failure to provide sufficient guidance or training to staff on the specific risks; and failure to ensure that the relevant committees received relevant management information. The allegations related to the work in the aviation and energy sectors.

My last article concluded by mentioning the recent FSA fine on a financial advisory and asset management firm Sindicatum³, and a personal fine on its Money Laundering Reporting Officer⁴ (MLRO) for inadequate client due diligence systems. The breaches included: failure to implement adequate procedures for verifying the identity of its clients; failing adequately to verify the identity of a significant number of its clients; failure to keep adequate records with regard to the verification of the identity of its clients; and, in the case of the MLRO, failing to take reasonable steps to implement adequate procedures for controlling money laundering risk. The firm serviced small and medium-sized corporate clients in countries including Lithuania, Slovenia, Russia, Hungary, the Czech Republic and the UK.

The last article also noted that anti-money laundering compliance is even more important in view of the increased fraud risks in the current economic climate.

Firms should now be undertaking a compliance audit and checking training is up to date to ensure that they can demonstrate compliance with the Money Laundering Regulations 2007. The above examples amply demonstrate the need.

Regulation 20 (1) provides that in order to prevent activities related to money laundering and terrorist financing: “A relevant person must establish and maintain appropriate and risk-sensitive policies and procedures relating to: (a) customer due diligence measures and ongoing monitoring; (b) reporting; (c) record-keeping; (d) internal control; (e) risk assessment and management; (f) the monitoring and management of compliance with, and the internal communication of, such policies and procedures... ”.

Regulation 21 provides: “A relevant person must take appropriate measures so that all relevant employees of his are: (a) made aware of the law relating to money laundering and terrorist financing; and (b) regularly given training in how to recognise and deal with transactions and other activities which may be related to money laundering or terrorist financing.”

The profession’s compliance is supervised by the Solicitors Regulation Authority, and there is a positive obligation on them to do so effectively, and firms need to be able to demonstrate their compliance with the Regulations, as with all areas of conduct. Necessarily this must, in my view, involve firms in at least an annual review. Ideally, following practice in the financial-services sector, it would involve a board report on each of the points (a) to (f) above, including an analysis of reporting levels across offices and practice areas and any ‘incidents’, training and testing of staff.

The cases set out at the beginning of this article emphasise the need to identify high-risk sectors and jurisdictions. Of particular concern too is the issue of enhanced due diligence and ongoing monitoring, required by regulation 14 in cases of politically exposed persons and non-face-to-face clients and other high risk situations. My firm’s experience in auditing other law firms is that, in practice, firms are doing little more, if any, due diligence and the fear is that financial pressures will cause them to do less rather than more going forwards. This must be a particularly serious problem with regulatory consequences in the case of firms doing volume conveyancing for distance clients under investigation over mortgage frauds. Are these cases even identified in your records?

Remember – regulators do not relax their grip in a credit crunch!

1. http://www.usdoj.gov/opa/pr/2009/January/09-crm-023.html

2. http://www.fsa.gov.uk/pubs/final/aon.pdf

3. http://www.fsa.gov.uk/pubs/final/sindicatum.pdf

4. http://www.fsa.gov.uk/pubs/final/m-wheelhouse.pdf

Frank Maher is a partner at Legal Risk LLP and a member of the editorial board. He can be contacted at frank.maher@legalrisk.co.uk