Law firms need to up their game with regards to ”Know Your Customer” (KYC) and Anti-Money Laundering (AML) requirements, as the Solicitors Regulation Authority announced that it would be checking in on all 7,000 firms that come under the scope of the regulations.
KYC and AML obligations are nothing new to the legal sector. Regulators implemented stringent requirements upon law firms under the Fourth Anti-Money Laundering Directive (2015/849/EU) (4AMLD) back in June 2017, and following that, the entry into force of the Fifth Anti-Money Laundering Directive (5AMLD) in January 2020.
It is now more crucial than ever for firms to have watertight compliance processes, to fully understand corporate hierarchies, sources of wealth and ultimate beneficial ownerships, and to be able to produce audit trails to demonstrate how KYC decisions have been reached.
Many small and medium sized law firms do not have a centralised due diligence process or teams, and often checks are done by the lawyer assigned to a specific case. This results in a lack of standardisation in approach across a firm, and the effort required to manually obtain the relevant information can consume valuable time.
What are the KYC requirements for law firms?
The AMLD regulations are incorporated into the UK legal sector as they are part of the SRA handbook, meaning that the SRA is responsible for both monitoring and enforcing compliance with 4AMLD and 5AMLD.
One of the main purposes of 4AMLD was to introduce the right controls, starting with a firm-wide risk assessment. This should provide a comprehensive view of all services, clients and delivery channels of a firm, in order to be able to identify any financial crime gaps or vulnerabilities. Whilst this has been a legal requirement for all law firms since 2017, thematic review by the Solicitors’ Regulation Authority (SRA) in October 2019 suggested that a fifth of law firms in the UK did not have the required risk assessment mechanisms in place to meet the 4AMLD requirements.
The introduction of 5AMLD improves the transparency required on Ultimate Beneficial Ownership (UBO), including a new requirement for firms to report any discrepancies between data listed on public company registers and data gathered through their own due diligence. Additionally, there is a new requirement on member states to keep a golden record of UBOs.
There are obvious challenges in sourcing UBO data, particularly when involving complex legal structures and corporate vehicles, which make the question of ownership and control difficult to answer. Without this information, it is impossible to remain compliant with regulation or specific requirements such as Suspicious Activity Reports (SARs).
Increasing regulatory pressure
The UK legal sector is under increasing pressure from its regulator, the Solicitors Regulation Authority, largely as a result of the thematic review it conducted in 2019. This review highlighted a number of shortcomings in law firms’ approaches to KYC and AML and has pushed AML compliance to the top of its list of priorities, setting aside increased budget to tackle AML.
This increase in spend will allow the SRA to monitor AML compliance in law firms more closely, with a total of 7,000 firms being checked every year. ‘Strong action’ will be taken where firms fall short of the requirements.
We are likely to see an increase in enforcement action as a result – whilst the SRA’s recent annual Risk Outlook for 2019/2020 highlighted 172 money laundering investigations resulting in fines of up to a maximum of £70,500 and the combined total reaching £340,002 across 2018/2019. These numbers are likely to increase in the coming years.
Law firms have been warned.
Tools and tricks of the trade
Regulatory and compliance requirements have increased significantly, placing huge burdens on law firms and in-house lawyers. Increased regulatory scrutiny of anti-money laundering (AML) and Know Your Customer (KYC) compliance are a good example of this, however the implementation of preventative measures is mixed.
RegTech vendors that have previously provided solutions to financial services and banking have started to pivot towards the Legal Sector, streamlining processes such as KYC and AML with a view to reducing time per case spent on unbillable hours with fast, automated checks speeding up client onboarding.
A recent survey endorsed by the Law Society, showed that 85% of legal firms use public websites, such as Google, when it comes to name screening procedures, but the processes specifically for PEP screening show a greater take up of technology, with 78% of firms actively using third-party data. Over half of the legal firms that responded now carry out ongoing monitoring checks on all clients, an increase from less than a third in 2016.
We can see that screening is performed continuously or more than once a month on high risk clients whilst lower or medium risk clients are screened less often, demonstrating that law firms are embracing a risk-based approach.
Whilst it is understood that automated workflows can reduce risk, improve efficiency and provide cost savings in the long term, less than one in five legal firms use this type of solution.
What’s the answer?
In order to remain compliant with 5AMLD a risk-based approach should be implemented, requiring the ongoing monitoring of a customer or counterparty throughout the commercial relationship. The risk profile of a company is likely to change over time, and the speed at which firms can react is clearly linked to their risk of exposure to money laundering.
Investing in technology to address this requirement will pay dividends for law firms over the long term, reducing the cost and risk involved in due diligence activities, while demonstrating efficiency to clients and compliance to regulators. This will become increasingly important in order to remain competitive.
With real-time access to over 180 company registries, Kyckr’s solutions can help firms to determine important company information at the touch of a button, while enabling the assessment of customers’ compliance risk on an ongoing basis by providing continuous and automated real-time tracking of registry changes for monitored clients.
Early detection of compliance issues gives organisations extra time to respond effectively and efficiently, resulting in reduced regulatory risk, operational cost and a compliance peace of mind.
Therefore, law firms must review current processes, reconfigure previous wrong thinking and take care to avoid complacency. Those that cannot evolve with AML regulation, risk falling foul of the regulator and the repercussions can be severe.