AML Audit Solutions

The SRA approach to Anti-Money Laundering (AML) supervision is based on assessing risks.

The SRA prioritises visits to firms categorised as high risk, but also inspect those with low and medium risk ratings. It's important to note that selection for an AML audit does not automatically indicate that your firm is perceived as highly susceptible to money laundering activities.

In identifying high-risk firms, the SRA refer to the relevant sections of the Office of Professional Body Anti-Money Laundering Supervision (OPBAS) source book. Additionally, they may utilise information in their possession when evaluating the risk level of firms.

Do not panic. The SRA are not in the habit of unexpectedly appearing at a law firm’s offices. Typically, the SRA will schedule visits with you with ample preparation time, opting for a date further in the future.

Rather than feeling anxious, consider the visit as a chance to organise your AML procedures. Contact our help desk. If you're aware that your records are not current or worry that recent legislative changes (and their subsequent amendments) may have caused oversights, there's still time to address any issues.

Prior to the audit, the SRA will request the submission of the following documents:

• Your firm's Anti-Money Laundering (AML) risk assessment, as mandated by Regulation 18 of The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017).
• Your firm's risk assessment concerning proliferation financing, as required by Regulation 18A of the MLR 2017. This assessment may either be a distinct document or integrated into your firm's comprehensive risk assessment.
• AML policies and procedures of your firm in accordance with Regulations 19 to 21 of MLR 2017.
• Your firm's client AML risk assessment template.
• Copies of any audits conducted on your firm's policies and procedures under Regulation 21 of MLR 2017, including recommendations or subsequent actions resulting from them.
• Records of AML-related training, as stipulated by Regulation 24(1)(b) of MLR 2017.
• A roster of fee earners handling work within the scope of MLR 2017. Additionally, we will require matter lists to facilitate the selection of files for review.
• If feasible through your case management system or processes, a list of open matters identified as high risk.
• Completion of a brief questionnaire detailing the services provided by your firm.

You must ensure these documents are provided within a 10-day timeframe

Generally known as a practice-wide risk assessment (PWRA), this serves as the foundation for your AML controls and is imperative for compliance with the SRA Standards and Regulations.

While initiating with a AML policy template is permissible, customisation based on the specific risks facing your firm is essential. Ensure that your AML Policy document undergoes regular reviews in line with your policy. To assist in this regard you may wish to consider subscribing to an AML Policy update service. Such services provide periodic updates, often in light of recent cases,legislation, or emerging best practice/behaviour. Additionally, your risk assessment should incorporate guidance from the Legal Sector Affinity Group (LSAG), if it doesn't already.

You will need to provide evidence and document any perceived risk in this regard.

For instance, are you requesting clients to provide court orders from a divorce, probate, or a completion statement from a related or recent sale? Relying solely on a client's verbal confirmation about selling a house and using the proceeds for another transaction is not considered good practice.

During a visit by the SRA will interview some fee earners and review a random selection of ongoing and historic files. Where staff members are absent (e.g. due to holiday), it's necessary to arrange for someone to step in.

During file reviews, the SRA will focus on aspects such as:

• A random selection of both live and archived files, along with the accounts ledger.
• Ts and Cs as well as client care letters
• E-verification results and the handling of failed or referred matters.
• ID as well documentation of any face to face meeting (inc remote meetings).
• Google or other search engine adverse findings.
• Company searches—reporting anomalies related to beneficial ownership to Companies House through a discrepancy report.
• Evidence of the SOF and SOW.
• Relevant Defence Against Money Laundering (DAMLs) or Suspicious Activity Reports (SARs).
• Client and matter risk assessments, and how risk is managed throughout the transaction life cycle, including post completion

We recommend informing all staff about the visit beforehand. Individuals selected for discussion can range from partner level to junior staff. It's vital that your MLRO (Money Laundering Reporting Officer) is also accessible for interviews with the SRA audit.

All staff should be well-prepared to articulate the firm's AML controls confidently. Firms do of course need to do ongoing training. The expectation and preparation for an SRA meeting should be raised annually.

The SRA offer various measures based on the compliance status of a firm post audit :

Guidance Issuance:

Applicable when a firm complies with the required standards in the regulations. This includes cases where minor adjustments are needed or where sharing best practices can enhance compliance.

Letters of Engagement:

• Applicable for partially compliant firms.
• Issued when some elements of a firm's controls require improvement, yet there is evidence of good practice.
• Involves engagement with firms to assist in refining processes and achieving full compliance.

Implementation of a Compliance Plan:

• Implemented for partially compliant firms with broader concerns.
• This plan is initiated when multiple elements of a firm's controls need improvement, or there are significant non-compliance issues.
• Outlines a series of actions with specified timelines to guide firms toward full compliance with regulations.

Referral for Investigation:

• Reserved for non-compliant firms.
• Triggered by issues such as failure to conduct customer due diligence (CDD), absence of a firm-wide risk assessment, outdated policies, or inadequate staff training on regulations.
• Involves referring the firm for investigation, potentially leading to regulatory sanctions.
• In some cases, a compliance plan may be established to support the firm in meeting its obligations.