Money Laundering Regulations 2007 loom large

For many law firms, the risk of being hit by a fraud may seem remote, but with the draft Money Laundering Regulations 2007 now in consultation, there is little room for complacency.

By Frank Maher

First the good news – there is no increase in the maximum two year sentence, and no increase in the unlimited fines. Now the bad news – most law firms will have to tighten up their systems considerably to have any hope of demonstrating compliance with the Money Laundering Regulations 2007, issued in draft for consultation on 22 January 2007. Subject to any revisions, which are unlikely to be significant, they will be in force on 15 December 2007.

Much of the focus of the legal press has been on identifying those with beneficial interests. But as we shall see, this is only one of a host of issues to be addressed to obtain a ‘Get out of jail free’ card.

Firms will need to put in place systems that demonstrate proactive compliance, with documentation to prove it. They will also need to implement further training. Even the small number of firms that operate outside the regulated sector should not rest completely at ease, as the principal money laundering offences apply to all law firms, just as they do to the man on the street.

So, although this article is aimed at those in the regulated sector – broadly, real estate, corporate, trust and tax – others may wish to consider how they protect themselves too. It is easy to creep into the regulated sector unawares – for example, advising on tax in either commercial or personal injury litigation, or where disposal of an interest in property is a term of settling litigation.

The current Money Laundering Regulations 2003 require firms to:

Implement systems to have procedures for identification, record keeping and internal reporting;
‘Establish such other procedures of internal control and communication as may be appropriate for the purposes of forestalling and preventing money laundering’, and;
Train staff in the anti-money laundering and anti-terrorism legislation and how to recognise and deal with transactions that may be related to money laundering.

Many firms have fallen short on these requirements. First, many do not have any ‘procedures of internal control’ – by which we mean systems. Systems in this context require monitoring, audit and reporting. Second, many firms have completely overlooked the requirement to train staff on anti-terrorism legislation. And those firms that have provided initial training often fail to provide ongoing updates and tend to overlook new staff.

A culture of non compliance will not be an option after the new regulations come in force. The regulations contain specific, itemised requirements for compliance, and impose detailed obligations on the Solicitors Regulation Authority (SRA), the new regulatory arm of the Law Society, and other supervisory authorities to supervise adherence to them proactively. New requirements for customer/client due diligence (CDD) will impose additional burdens on firms too.

Most law firms are regulated by the SRA, but the Financial Services Authority also regulates a few. Regulation 5 will require firms to be able to demonstrate to their supervisory authority that their CDD measures are appropriate on a risk-sensitive basis. This will require a formal assessment of the risks that apply to the different types of work the firm undertakes on client engagement. They must also obtain information on the purpose and intended nature of the business relationship.

Enhanced due diligence is required where the client is not present, so firms that undertake bulk distance conveyancing may wish to reassess their position – the legislation specifically singles out acting for clients who are not present as higher risk activity.

Record keeping requirements, meanwhile, are set out in regulation 13. Keeping the records on the matter file is unwise, because files can be lost or handed over to clients or other solicitors.

System requirements in regulation 14 oblige a firm to ‘establish appropriate policies and procedures relating to CDD, reporting, record-keeping, internal control, risk assessment and management, compliance management, and communication, in order to prevent money laundering or terrorist financing’. Firms must also pay specific attention to any transactions, particularly complex or unusually large ones that have no apparent economic or lawful purpose.

Training must be provided to all relevant employees regularly. While every 20 years might appear to be ‘regular’, this is unlikely to be compliant because of the need to take ‘appropriate measures’ for relevant employees to be made aware of the law.

Every two years will be a minimum, more frequent for those in high-risk areas.

So what needs to be done? Whatever you have done in the past, no matter how compliant, you need to review the firm’s position fully. Remember, new risks emerge as the money laundering and terrorist threat changes, and the work of the firm and its clients changes.

The starting point is a thorough review of the firm’s work, its client base and work types, and its existing procedures. Few money-laundering reporting officers (MLROs) will know all of the firm’s clients and may have little understanding of the practical aspects of the work undertaken across all departments, which may include those giving the firm the greatest exposure. It may, therefore, be useful to form a small working party drawn from the firm’s fee-earning and accounts departments. The people involved in the process should be of sufficient seniority and experience to identify the risk. And don’t forget to cover the anti-terrorism elements either, which are harder to deal with because the sums of money involved may be small. For example, the recent London bombings are thought to have cost as little as a few hundred pounds to orchestrate.

Controls and checks, including a process of monitoring and auditing for compliance, need to be put in place. An annual report by the MLRO to the partners is also good practice and helps keep the issue on the firm’s agenda. Better still, tie it into the firm’s client-engagement process. Good CDD delivers better clients, longer-term relationships, less claims and enhanced profitability. That way, you may persuade people that it is about developing the business, rather than business prevention.

Finally, it goes without saying that the firm’s anti-money laundering policy and procedures need to be communicated to all members of the firm, and that training/re-training needs to be reviewed for all staff.

And it must all be in place by 15 December 2007, which means starting work now as the regulations offer no period of grace.

BOX OUT: Politically exposed person

You have just taken on Michael, who was a partner in another firm. He is particularly adept at drumming up business through the local rugby club. He agrees to act for Vanessa, the life partner of the local MP’s son who is buying shares in a local property business. Michael has a strong culture of compliance and takes copies of appropriate identification evidence before commencing work. The Solicitors Regulation Authority calls for your records, as it is entitled to do, and it immediately becomes apparent that they are concerned that both the firm and the consultant have committed an offence.

What can the problem be? Vanessa falls within the definition of a ‘Politically Exposed Person’, and under regulation 10 (4) (b) senior management approval is required for establishing a business relationship with such a person. As a consultant, Michael will not usually fall within the definition of ‘senior management’. The regulation also requires the firm to take adequate measures to establish the source of Vanessa’s wealth and conduct enhanced, ongoing monitoring of the business relationship.

Frank Maher is a partner in Legal Risk, solicitors, and co-author with Sue Mawdsley of The Money Laundering Reporting Officer’s Handbook: A Guide for solicitors. The firm advises leading professional firms on professional indemnity, risk management, anti-money laundering and compliance. He may be contacted at frank.maher@legalrisk.co.uk