Under the United Kingdom’s anti-money laundering (AML) legal regime, it has been clear for some time that the United Kingdom Money Laundering Regulations 2007 and 2017 (MLR) apply to multiple business sectors, including accountants, financial service businesses, estate agents, and solicitors.[1] Although some lawyers might still chafe at the notion that they are subject to such regulations, there is no doubt that United Kingdom solicitors, as legal professionals, are obliged to comply with AML legislation.[2]
A recent enforcement action by the Solicitors Regulation Authority (SRA), which regulates all solicitors and most law firms in England and Wales, shows the potential risks for firms that do not maintain robust AML compliance programs.[3] On January 5, the SRA announced that it had imposed a fine of £232,500 on a leading United Kingdom law firm, Mishcon de Reya LLP, for multiple violations of the United Kingdom Money Laundering Regulations.[4] This post will briefly discuss the principal identified AML violations and the calculation of the financial penalty, and conclude with some observations about the enforcement action.
Identified Violations
The agreement between the SRA and the firm relating to those violations identified five major categories of anti-money laundering (AML) issues:
- Customer Due Diligence (CDD) Record Retention: Between September 2015 and April 2017, the firm carried out work for two individual clients, and corporate vehicles connected with those same two individual clients. The work related to a non-SRA regulatory investigation, asset planning for one of the individuals, and the initial stages of the proposed acquisition of two separate entities (as well as the onward sale of one of them). In relation to the two individual clients, however, the firm did not retain the hard-copy file of customer due diligence (CDD) documents. Those documents appeared to have been misplaced, and no electronic copy of the records was retained.
In relation to one of the corporate vehicles involved in one of the proposed acquisitions, some documents, but not a full set of CDD documents, were obtained. In addition, both of the proposed acquisitions reportedly presented a “higher risk of money laundering or terrorist financing” under the relevant money laundering legislation in force at the time, because the acquisitions involved companies in high-risk jurisdictions. That fact required enhanced customer due diligence (EDD) and ongoing monitoring, but both of those measures were “not adequately applied.” - Payments Unrelated to Legal Transactions: One payment was made into, and three payments were made out of the firm’s client account, between 22 July and 28 July 2016, “which did not relate to an underlying legal transaction in relation to which the firm was instructed. Funds belonging to one corporate vehicle were transferred to the client ledger for another corporate vehicle, and used to discharge the firm’s fees and disbursements on the matter relating to the latter entity.” Moreover, the firm did not send a bill of costs or other written notification of the costs incurred to the relevant entities before two invoices were raised and paid out of monies held in client account.
- AML Training: During an external investigation that the firm commissioned into its AML compliance, it came to light that the former partner at the firm responsible for the relationship with the above clients and instructed in relation to most of the above matters “had not received mandatory training as required by anti-money laundering regulations.” Although the firm usually would provide such training, it was not due to a personnel absence and “there was no contingency plan at the firm for AML training to be implemented if such a personnel absence occurred.”
- CDD and Special Purpose Vehicles: Separately, between September 2017 and October 2018, the firm acted in relation to three property transactions which were related to one another. For each transaction, the firm client was a separate special purpose vehicle (SPV) with the same ultimate beneficial owner. The firm secured CDD in relation to the ultimate beneficial owner but, because it opened each matter file in the name of a different entity in the corporate structure, did not secure full CDD for each SPV before each relevant transaction took place. In addition, the firm also did not retain copies of some of the CDD information obtained in relation to the ultimate beneficial owner, and in relation to another individual who instructed the firm on a fourth and related matter.
- Risk Assessment: In September 2018, the SRA requested a copy of the firm’s practice-wide (firm-wide) risk assessment, as required by Regulation 18 of The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs 2017). The firm did not at that time have in place such a risk assessment. A risk assessment was prepared by an external provider and supplied by that provider to the firm in March 2019, and to the SRA in May 2019.[5]
The Penalty
In light of those facts, the SRA concluded that a financial penalty was appropriate for six reasons:
- There were serious breaches of the relevant Money Laundering Regulations and the SRA’s rules, and the firm should have complied with those obligations;
- “[T]he conduct had the potential to cause significant harm by facilitating transactions that gave rise to a risk of facilitating money laundering, and because the firm was responsible for the overall conduct”;
- The outcome agreed between the SRA and the firm “is a proportionate outcome in the public interest because the issuing of such a sanction is necessary to maintain standards by highlighting the risks arising from the behaviours in question and deterring such repetition”;
- There has been no evidence that the admitted breaches caused lasting harm to consumers or third parties, “based on current knowledge”;
- There is a low risk of repetition, particularly in light of the improved IT systems that the firm has since put in place; and
- The firm “has assisted the SRA throughout the investigation, admitted breaches, made changes to systems, policies and procedures as a result, and ensured training to all relevant employees is regularly provided.”[6]
In setting the penalty, the SRA took into account the firm’s annual turnover, and, applying its guidance for setting financial penalties, determined that the basic financial penalty should be £387,500. The SRA and the firm then agreed that the basic penalty should be reduced by the maximum allowable 40 percent discount, to reflect the mitigating factors, “such as assisting the SRA with its investigation including by providing outputs of the external investigation commissioned by the firm, early admissions, corrective action taken including improvements to systems and training and commitment to reduce the risk of repetition of similar issues.” As part of the resolution, the firm agreed to pay a £232,500 financial penalty and £50,000 for SRA investigative costs, and to the publication of the agreement.[7]
Observations
Law firms doing business in the United Kingdom should scrutinize the details of this resolution. In particular, they should compare their AML compliance program against the relative types and severity of the breaches identified in this case. The absence of an AML risk assessment, shortcomings in AML training for partners, and failure to retain CDD records are all significant deficiencies that every firm should strive to avoid.
As the SRA has stated, “law firms and solicitors are attractive to money launderers because of the services they provide and the position of trust they hold.”[8] United Kingdom legal professionals have every reason to expect that the SRA will not rest on its laurels in monitoring and enforcing their compliance with the MLR.
Footnotes
[1] HM Revenue & Customs, Who needs to register for money laundering supervision (last updated May 21, 2020), https://www.gov.uk/guidance/money-laundering-regulations-who-needs-to-register.
[2] See The Law Society, Quick guide to the Money Laundering Regulations 2017 (July 7, 2021), https://www.lawsociety.org.uk/topics/anti-money-laundering/quick-guide-to-the-mlrs.
[3] See Solicitors Regulation Authority, Who we are and what we do (updated May 27, 2021), https://www.sra.org.uk/consumers/who-we-are/what-sra-about/.
[4] See Solicitors Regulation Authority, Mishcon De Reya LLP (Mishcon De Reya): Agreement (published January 5, 2022), https://www.sra.org.uk/consumers/solicitor-check/624547/.
[5] Id.
[6] Id.
[7] Id.
[8] Solicitors Regulation Authority, Anti-money laundering (November 23, 2020), https://www.sra.org.uk/sra/research-report/risk-outlook-2020-21/anti-money-laundering/.
Jonathan J. Rusch is a Senior Fellow at New York University School of Law’s Program on Corporate Compliance and Enforcement; Adjunct Professor at Georgetown University Law Center, American University Washington College of Law, and Washington and Lee Law School; and Principal of DTG Risk & Compliance LLC. He is a former Deputy Chief in the U.S. Department of Justice’s Fraud Section, and former Senior Vice President and Head of Anti-Bribery & Corruption Governance at Wells Fargo.
Disclaimer
The views, opinions and positions expressed within all posts are those of the authors alone and do not represent those of the Program on Corporate Compliance and Enforcement or of New York University School of Law. The accuracy, completeness and validity of any statements made within this article are not guaranteed. We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the authors and any liability with regards to infringement of intellectual property rights remains with them.