About a-team Marketing Services
The knowledge platform for the financial technology industry
The knowledge platform for the financial technology industry

A-Team Insight Blogs

Legal Compliance Planning Q&A: What Should Your Top AML Priorities Be for 2020?

Subscribe to our newsletter

Every bank needs a law firm, and the legal department is often the silent partner in the compliance dialogue – but their expertise is nonetheless essential. With 2020 on the horizon and regulations such as the EU’s Fifth Money Laundering Directive (5MLD) front and centre when it comes to compliance, many law firms will be looking at what they need to do to ensure best practice and avoid Anti-Money Laundering (AML)-related difficulties in the year to come.

We sit down with Legal Industry Advisor to Encompass Corporation, Amy Bell, to ask how important compliance in the legal space really is – and what a robust and effective programme should look like.

Delving into subjects including ongoing monitoring and risk assessments, Amy offers her expertise on day-to-day issues, as well as looking ahead to share what law firms should be thinking about and prioritising when they are planning for the year ahead.

Who takes responsibility for ongoing monitoring and at what point in the customer relationship is this conducted, reviewed and agreed?

The relevant person is responsible for ongoing monitoring of the customer relationship. This is usually going to be the fee earner who is dealing with the matter.

In some firms there is a client partner, someone who has the main relationship with the client, but if there are other lawyers working on their matters it is important to make sure everyone communicates any changes that they become aware of (such as a change of beneficial owners). Sometimes I find that everyone assumes the client partner will know about changes, but that’s not always the case.

Regulation 28(11)(b) requires a system of regularly reviewing information to ensure it is kept up to date. It would be for the firm to decide what “regularly” means, but some firms set a timescale based on risk, and the higher the risk, the more frequently they review the client relationship.

How do you gain buy-in from the wider team (particularly from partner level) as they introduce new review processes across the business?

This is a very good question. Processes are in place to protect the firm, including the partners. There needs to be clear support from the leaders of the business: the key message is that compliance is important, and particularly in law firms – if not here, then where?

The systems can save time, which is one of the benefits of the Encompass platform, and in turn money. Those are important considerations, but by far the most important one is that compliance is important and not optional!

What are the pros and cons of automating the client due diligence (CDD) process?

Conducting CDD is a time-consuming process. Automation can allow firms to realise significant time and cost efficiencies. Encompass often helps reduce KYC execution time by as much as 80%, allowing lawyers to get started quicker.

One of the things I really like about the Encompass platform is that firms can exercise greater control over how the KYC process works, by having an automated “policy” or process that is consistently applied.

As with anything, technology is part of an effective solution. You will still need some human interaction with the information that is provided to complete the process.

How can firms feel confident that the processes and frequency of checks that they are implementing are sufficient to be compliant?

The regime is risk-based, meaning that the approach can be tailored to meet the needs of the business. The firm should have a risk assessment which considers the particular risks it faces. The CDD processes that are implemented should reflect both the firm’s identified risks, and the fee earner’s risk assessment of each matter.

If the costs of CDD are particularly high (e.g. overseas company searches or independent EDD reports), can these be charged to the client with consent and an explanation of the likely costs?

In my opinion, and for SRA regulated firms, as long as you are transparent with the client, you can charge whatever they agree to pay. There is mention in the current SRA code of conduct of not advertising overheads as disbursements, but there is nothing to stop a firm charging for the activities as professional fees.

Is there any obligation to re-verify a client’s ID if it has previously been satisfactorily verified and there are no concerns?

The regulations (Regulation 27(8)) say a relevant person must apply CDD measures at appropriate times to existing customers on a risk-based approach, or if they become aware of a change.

Many firms have a policy that states they will rely on existing CDD unless there is a gap in instructions, (typically I see three years), or they become aware of a change.

I think the issue is how does a firm “become aware” and what is required by way of investigation.

I have always preferred to have a “shelf life” for the information, after which I would re-verify the client’s ID – but that’s just me. Each firm needs to come up with its own risk-based policy.

Should you collect ID&V for all directors of a corporate client or just the ones instructing?

Regulation 28(3)(b) requires the relevant person to verify the full names of all of the directors. This does not necessarily mean the equivalent of ID&V for them as an individual. That said, many firms still ID&V at least one director in the same way as you would an individual.

What are the key differences between Money Laundering Reporting Officer (MLRO) and Money Laundering Compliance Officer (MLCO) obligations?

The MLRO receives reports as required by the Proceeds of Crime Act 2002 (POCA), while the MLCO is responsible for compliance with the regulations. They can be the same person, and for SRA-regulated firms, it is technically the Compliance Officer for Legal Practice’s (COLP) job to perform the MLCO role.

What are the differences between source of funds and source of wealth?

Source of funds is information about the money being used for the transaction, whereas source of wealth is where it came from.

What happens if CDD has not been completed but a matter has progressed/completed – does this need to be reported?

If by reported you mean in a SAR, then no, there is no defence available for failing to comply with the Money Laundering regulations, unless you are suspicious about the matter (and lack of CDD).

In an SRA-regulated law firm, this may need to be reported to the COLP, who may consider whether it is a material or serious breach of the code.

Should you corroborate that the source of funds information provided by your client matches the actual source of funds coming into client account in all transactions?

This is very difficult to do. I have clients who do, but I think the decision to do this will depend on the firm’s risk assessment. In the future, when banks are able to provide more information about payments, I’d hope to see this done more routinely.

What CDD can/should you undertake on any identified third-party payments and/or cash payments – if a third party pays funds on behalf of our client, what should we do?

There is nothing specific in the regulations about this, but the current Legal Sector Affinity Group Guidance at 12.4.2 provides some guidance.

Do I have to do a matter risk assessment for every matter?

If you look at Regulation 28(12) (a2), it does say the ways in which the person complies with their obligations to carry out CDD includes an assessment of risk of each matter, so I think, if you’re doing regulated activity or transactional work, the answer is going to be yes.

What will the impact of 5MLD be on regulated firms?

At the beginning of next year, the UK is likely to implement 5MLD. To be fair, 5MLD really is focusing on issues outside of the legal sector – around cryptocurrencies and pre-paid cards – but I think there will be some impact on firms, particularly if they act for Trusts, in terms of the new Trust Registers.

I think the main thing that people need to be thinking about as we go into 2020 is how we make sure we can demonstrate compliance with the regulations. We’re moving into a phase where the regulator will want to check that you’ve got everything in place that you should have – so you really need to be regulator ready.

Is approved guidance likely to be in place prior to January 2020?

I think, with Brexit, it’s very clear that the government is quite preoccupied at the moment, so I wouldn’t be surprised if we see the regulations quite late in the day and quite close to the 5MLD implementation time. That means it’s going to be challenging for any regulator to be able to get their guidance approved by Treasury – the process does take quite a while – but hopefully there will be some draft guidance out in time for firms to get ready to comply.

Subscribe to our newsletter

Related content


Recorded Webinar: Best practices for compliance with EU Market Abuse Regulation

EU Market Abuse Regulation (MAR) came into force in July 2016, rescinding the previous Market Abuse Directive and replacing it with a significantly extended scope of regulatory obligations. Eight years later, and amid constant change in capital markets regulation, technology and culture, financial institutions continue to struggle to stay on the right side of the...


Best Practice Approaches to Trade Surveillance for Market Abuse

In 2023, Openmarkets Australia was fined the largest ever penalty imposed by the?Australian Securities and Investments Commission (ASIC) of $4.5 million. Among other observations, the regulators noted that Openmarkets had not appropriately calibrated its post-trade surveillance system and that this resulted in an unmanageable volume of alerts, most of which were not reviewed.  “This outcome...


TradingTech Summit London

Now in its 14th year the TradingTech Summit London brings together the European trading technology capital markets industry and examines the latest changes and innovations in trading technology and explores how technology is being deployed to create an edge in sell side and buy side capital markets financial institutions.


Enterprise Data Management Europe 2010

he US may seem to be ahead of the rest of the world in terms of championing the data management cause with the inclusion of reference data focused items in the Dodd-Frank Act, but Europe is not too far behind. Senior European level officials such as European Central Bank (ECB) president Jean-Claude Trichet have taken...