5 easy wins to improve your AML compliance
What is clear from the SRA’s report is firm visits are here to stay, and that when they come, they are thorough reviews of what a firm is doing, nearly as in-depth as a full audit!
We’ve seen a surge on firms contacting us because they are due to have a review by the SRA and wanting to check what they need to make sure they have in place. That said, there are still relatively low numbers of visits compared to the 6500 firms that they regulate, but like the saying goes, you can “never say never”, your firm may receive a visit.
So if you are selected, these reports (put out annually by the regulator) are a good place to start, to find clues on where the focus will be.
Key issues which come up time and time again are
- The proper completion of matter risk assessments
- Obtaining appropriate identification information, and verifying it effectively
- Understanding the source of funds for transactions
- Conducting ongoing monitoring
I find myself saying the same things to firms, time and time again. I say that, not as a complaint, but to reassure you, that if you do have some minor issues, you’re not alone, many firms have many of the same things they need to get right.
Here are 5 easy wins we see, and which we know the regulators look for:
- Keep your Policies, Controls and Procedures (PCPs) up to date. Have they been updated since the 2019 Regulations came in, or the Legal Sector Affinity Group (LSAG) Guidance came in. Have you included the 2020 National Risk Assessment, and latest SRA Risk Assessment in your firm risk assessment?
- Think about how to prove your processes are working. What is the purpose of a risk assessment? To decide whether you want to ask. Presumably if you’re asking the right questions some new cases will fail that risk assessment. Keep a track of how many cases you turned down because you can’t get comfortable with them for AML purposes.
- Give yourself credit for the work you do in preventing money laundering through rigorous accounts procedures. I know you all have them, limiting who can pay in, checking who has, in fact, paid in, processes for authorising accepting cash, or refunding money. These are all AML controls but are rarely detailed in your AML PCPs so when the regulator asks to see them, you don’t send them. Include them or cross reference them in your policies.
- Make a decision on Reliance. Reliance on other people for CDD as a specific meaning and process in the Regulations, so if you are going to allow it, or ask for it, you need to be able to evidence the process. If you don’t use the provisions, say so in your PCPs.
- Find out how your CDD process actually works. Many providers sell an “out of the box” solution, but in accordance with chapter 7 of the LSAG Guidance, your compliance team, specifically your MLCO will be expected to know how it works, what it is checking and what the results mean.
Obviously, there are many more things to check, many of which I covered in my recent Ask me Anything webinar, which you can get a recording of by emailing [email protected].
Amy Bell, Director, Teal Compliance Limited