Minerva: Make sure your law firm adheres to Reg 21 of the AML Regs
As part of the current Anti Money Laundering (AML) Regulations, most law firms need to carry out an independent audit to establish the adequacy and effectiveness of their AML policies, controls, and procedures. So, what do you need to know about Reg 21 of the AML Regs?
Why have the regulations changed?
The UK is a high-risk jurisdiction for money laundering, with law firms particularly attractive to criminals. Firms that do conveyancing work, handle consumers’ money and create and manage trusts and company structures are especially at risk. With money laundering increasing, solicitors are under increasing pressure to tackle this issue, and the AML regulations set out their legal obligations to do so.
On 10 January 2020, the UK’s AML regulations were updated following the implementation of the EU’s 5th Money Laundering Directive. Read the full AML guidance for law firms here.
Regulation 21 says that, where appropriate, firms must establish an independent audit function with the responsibility to:
- examine and evaluate the adequacy and effectiveness of the policies, controls and procedures adopted by the relevant person to comply with the requirements of these Regulations;
- make recommendations in relation to those policies, controls and procedures; and
- monitor the relevant person’s compliance with those recommendations.
Crucially, a firm is only obligated to carry out an independent audit where “appropriate with regard to the size and nature of its business”, any firm that does not do so will have to justify why it thinks it is exempt. And, according to the SRA “all firms need to be more alert to the potential of being used to launder money”.
What do law firms have to do now?
Firms should use an appropriate person/company to carry out an independent audit. While this could be someone within the business who is not responsible for AML compliance, most law firms are looking to external third parties to ensure the necessary level of independence and the required knowledge and experience to conduct a thorough audit.
The audit cannot be done by the firm’s Money Laundering Reporting Officer, Money Laundering Compliance Officer, compliance team members, or anyone who did the original AML work.
What does an independent audit need to cover?
The SRA doesn’t specify precisely what needs to be covered by the independent audit, but it is likely to include:
- Current AML policies, procedures, and controls (including enhanced due diligence (EDD) checks)
- AML staff training on legislation, red flags and good practice to ensure compliance
- Internal AML assessments (firm wide (as required under Regulation 18), department wide and individual client)
- Those in key positions with regards to AML within the firm (beneficial owners, officers, and managers)
- AML technology the firm uses such as electronic identification verification (eIDV).
- How the firm monitors transactions to ensure compliance with AML regulations.
- Whether what happens in practice follows the firm’s AML policies procedures and controls.
As well as reviewing what is currently in place and identifying any areas of non-compliance, the independent audit should also set out any recommendations to improve the satisfactoriness and effectiveness of the firm’s policies, controls, and procedures (PCPs).
The SRA is actively checking that firms are complying with AML regulations, and it is becoming increasingly proactive. So, not staying abreast of the latest AML requirements could prove devastating.
