Guest blog from Amy Bell, Solicitor and Founder of Teal Compliance.
Compliance headaches are very real and now that the Solicitors Regulation Authority (SRA) has been given more powers with their fines for breach of compliance. You just have to read the Law Society Gazette or Legal Futures to get a better understanding of who the firm is, how much their fine is and the reasons for the fine.
In November 2024, the SRA demonstrated its power by clamping down on firms breaching money laundering regulations, with fines given of more than £57,000. Not only that, the SRA is continuing to pursue action against firms for historic issues.
It’s not all doom and gloom, though. My team and I are speaking to many firms up and down the country who work hard to train their teams on all issues of compliance, ensuring they evidence any evolving risks when it comes to financial crime.
The SRA’s focus on robust AML policies and risk management as part of its regulatory framework should be a constant reminder to put in place controls for your firm’s policies and procedures. No point just filling out a policy template online and then not continuously tracking and analysing the controls surrounding it.
The purpose of this guest blog is to provide you with practical tips when it comes to protecting your brand reputation, your colleagues and of course, your clients.
Here are my top tips:
Develop a Strong AML Policy and have Proactive Controls in Place
Firstly, you have to understand your obligations. The SRA requires compliance with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs).
The Key Components:
- Ensure your AML policy covers client due diligence (CDD), enhanced due diligence (EDD), and ongoing monitoring.
- Regular Reviews: AML policies should be reviewed annually or whenever regulations change - keep up to date with news flashes or of course, get in touch with Team Teal.
Conduct Comprehensive Risk Assessments
- Firm-Wide Risk Assessments: Identify risks specific to your firm, such as client types, practice areas (e.g., property transactions), and jurisdictions.
- Matter-Specific Risk Assessments: Evaluate risks on a case-by-case basis, ensuring consistent documentation. Remember, that for an existing client you should not presume they have CDD in place, always double check, and even if CDD was completed, is it still accurate? Have they moved house? Is the beneficial ownership still the same?
Ensure you understand what the SRA expects from you and your firm at the very minimum. Risk assessments must be well-documented, specific, and proportionate.
Train Staff Regularly
- Provide tailored training to all staff, including fee earners and support staff, and MLRO/MLCOs covering AML regulations, SRA compliance and role specific responsibilities such as suspicious activity reporting.
- Training frequency is vital. I recommend it at least annually, with updates for any significant regulatory changes and new starters.
- In your training provide practical scenarios such as case studies or role-playing exercises to reinforce key concepts.
Effective Client Due Diligence (CDD)
- Know Your Client (KYC): Verify the identity of clients and understand the source of their funds.
- Enhanced Due Diligence (EDD): Apply stricter checks for high-risk clients and high-risk matters, such as Politically Exposed Persons (PEPs) or those involving a high-risk jurisdiction.
- Stay up to date on Unexplained Wealth Orders.
- Regularly review client information and transactions for red flags, e.g. what if an existing client moves to a sanctioned territory?
Implement Robust Internal Controls
- Compliance Officers: Appoint a Compliance Officer for Legal Practice (COLP) and a Compliance Officer for Finance and Administration (COFA) with clear responsibilities. For smaller law firms, one individual can carry out this important role. Here’s more guidance from the SRA.
- The individual who oversees the compliance of the finance and administration of the firm (COFA) needs to ensure that financial controls prevent fraud and errors.
- Audit trails are your evidence for managing risk and transparency. Maintaining comprehensive records demonstrates your compliance with AML and SRA rules.
- Remember that MLCOs and MLROs can gain more information via the SRA’s resources page HERE.
Utilise Technology to Streamline Compliance
- Compliance and AML Software. Investing in the right tools and tech not only saves time, but keeps your evidence trail on track. For example, the Teal Tracker offers Incident management, records training needs, records of all file reviews and future steps, registers any gifts of hospitality received, keeps a register of affiliations to carry out conflict checks, details your firm’s undertakings, registers any high-risk clients.
Not only does Teal Tracker offer all the tech just mentioned above, but each firm receives a full library (Policies, Documents, Precedent Bank, Guides, Teal’s Compliance Chronicle, Compliance Updates, and our Help Centre).
- Case Management Systems. Have you integrated compliance checks into your firm’s workflows?
- Cybersecurity is a case of when, not if. For regulators and insurers, it’s paramount that you protect client and firm data with robust cybersecurity measures.
Prepare for SRA Audits
- Self-Audits are when your firm and designated person/s conduct internal reviews of compliance procedures and address any weaknesses. This complements all the training mentioned above.
- Ensure you have an external file audit completed, whether that is done by ourselves or by someone internally separate from your compliance functions.
- Document everything! Keep a well-organised record of policies, training sessions, risk assessments, and client files. If you use a tool such as Teal Tracker this will do the work for you.
- Cooperate transparently with the SRA (and insurers) to demonstrate a proactive approach to compliance.
Stay Updated on Regulatory Changes
- Monitor SRA Updates by subscribing to our newsletter and the SRA’s newsletters and guidance documents.
- Join industry forums or attend compliance conferences to stay ahead of emerging risks and regulations. The SRA’s Compliance Conference each year can be found online if you can’t attend the in-person event.
Common Pitfalls to Avoid
- Inadequate Risk Assessments: Overly generic or outdated assessments fail to meet SRA standards. I’d highly recommend tailoring your policies to your culture and your clientele.
- Red Flags. Please don’t ignore any red flags, however minor you think. Failing to investigate suspicious transactions (or even suspicious client activity) can result in regulatory breaches, huge fines and reputational damage.
- Lack of Proactive Training. By this I mean, are you keeping your employees and colleagues up to date and engaged in the firmwide compliance requirements? How are you monitoring the proactive and consistent training?
In conclusion, as you would (and should!) maintain your website like a well-oiled machine, so too should you think of your firm’s compliance as the very same.
To summarise my essential AML and risk management practices, I would seriously ask you to reinforce your own and your firmwide understanding of the importance of proactive compliance training, policies, and controls for maintaining SRA standards and protecting your firm’s cash flow and brand reputation.
Any friend of the Conscious Solutions team is a friend of ours, and if your firm would like some AML compliance or risk management support, consultancy, audits or integration of expert-led tech, do get in touch with us. We are here to help you safeguard your firm against financial crime and regulatory breaches.
Get in touch via hello@tealcompliance.com
P.S. Don’t forget that Conscious Solutions can help your law firm’s website stay compliant by updating your site with pricing and services, in accordance with the SRA’s Transparency Rules.