Speaker 1: Good afternoon, and welcome to this webinar on anti-money laundering, what you need to know. I'm Zoe Allen-Robinson. I manage the AML Proactive Supervision Team. I'm a qualified solicitor myself, and my team is responsible for undertaking compliance visits with law firms, reviewing firm-wide risk assessments, and you may have seen our guidance on that, and also reviewing policies, controls, and procedures, and undertaking thematic reviews, trying to identify emerging risks. So it's worth noting as a fairly new AML team that we aim to engage first with law firms where we identify issues and bring you into compliance, or where there's room for improvement to promote that good practice across the sector. So the purpose of this webinar, as you know, we only have a short amount of time, 20 minutes, with some extra time at the end for questions. This webinar is targeted at small firms, but hopefully the general principles that I discuss will be relevant to all firms dialing in. It is fairly high level because of the time we've got, but I have tried to throw in as many practical tips as possible. So I think a good place to start with this is why do we care about money laundering, and why is it important? So the government's 2018 Serious Organised Crime Strategy put the cost of serious organised crime in the UK at more than £100 billion annually. Money laundering is not victimless, it's been described as giving oxygen to organised crime, it pays for human trafficking, and facilitates drugs and terrorism. The National Risk Assessment has identified the legal sector as being high risk of being targeted for money laundering, and consequently this is a priority risk for us, and for you as the firms that we supervise. So as a law firm that we regulate, you have a responsibility to disrupt this activity, by reporting suspicions of money laundering, and where you undertake work subject to the regulations, to do the necessary checks on clients and transactions, to ensure you are not enabling criminal activity. So moving on to what legislation applies to you. So no doubt you're familiar with the Proceeds of Crime Act 2002. So the offences of money laundering apply to all of us, it's not just those doing work in the regulated sector. And these definitions are purposefully wide, so you'll see I've listed the relevant sections and the offences, but particularly highlighted arrangements. This is very wide and I think where potentially law firms may be at risk in terms of facilitating these transactions. And I've heard law firms and solicitors say that, well I've removed the risk of money laundering because I don't have a client account. I think it's really important to dispel the myth that money laundering is not just about money. You could still facilitate an arrangement without touching any money, so by setting up a company or trust structure. I've also touched upon the terms placement, layering and integration. So you know that come across those terms, and whilst that's a useful working definition, I think it's important not to be married to those terms. So this dates from the mid-1980s, ahead of the US Money Laundering Control Act, and it's about the whole process of money laundering. But you tend to find that most people are only involved in one element of it, or a small part of it. So I would air caution in terms of looking out for all three stages. You don't need to do that to be suspicious or to be involved in money laundering. It may indeed only be a part of it, and it's extremely unlikely that you'd encounter all of those stages. So moving on to reporting suspicion. So this is particularly important because if you report suspicion, it's likely to be a defence to the offences that I just mentioned. So you'll see that suspicious activity reporting by the legal professionals went up last year. So independent legal professionals submitted 2,774 SARs. However, that's pretty depressing, 0.58% of the total SARs submitted. So there's still some room for improvement there. So what do you need to do? You need to know the warning signs of money laundering. So maybe looking out at the media and sharing those articles that you see or sharing the NCA guidance that comes out. We see criminals time and time again, targeting law firms for that veneer of professionalism, veneer of trust, sorry. So what can you do? You can make sure your staff know what to do if they come across somebody suspicious, where they can go for help and who they can talk to. So particularly important, the role of the MLRO and having an internal reporting procedure. It's also worth noting that the NCA or indeed the SRA or the Law Society's helpline, we can't infer suspicion to you or tell you what you need to report. It's about your own suspicion, but I would say that the bar is fairly low in terms of what is suspicious. So how and when to submit a suspicious activity report if you have concerns. So this isn't just about where you want consent from the National Crime Agency to continue with a transaction. It's also defence against money laundering SARs, DAMLs. It may also be at the beginning of the matter where somebody approaches you and you're suspicious and that warrants you deciding not to act with the client. That may also trigger your need to report a suspicious activity report. So if it is a defence against money laundering SAR, we've had discussions with the NCA and understand that it can be frustrating for you if you're having documents back or request further information or clarity. So what can you do in the first instance to avoid that? Well, you can be really clear about what is it you want consent to do. What is the potential criminal act? Is it an arrangement of some kind? And separate that from what it is the client's done or the property that is raising their suspicion. Also ensuring you use full names of parties and personal details such as date of birth and the appropriate glossary codes throughout. The NCA has also released guidance on this and updated their glossary codes. So do look out for their guidance on this and also glossary codes on the more technical and portable matters. It's also worth noting that if you are submitting a DAML, do you need to ask yourself whether you should be acting in that transaction at all? So again, in looking at preventing money laundering, we go to the money laundering regulations. So who is in scope with the regulations? So not all lawyers are covered. The focus is on certain activities that are more likely or high risk to facilitate money laundering. So the two relevant definitions are under Regulation 12 and those are independent legal professionals and trust and company service providers. So an independent legal professional is a firm or sole practitioner who by way of business provides legal or notarial services to other persons when participating in financial or real property transactions. So that could be buying and selling a property. So we're quite familiar that conveyances are potentially high risk in this area. It could be the opening and management of banks, savings or securities and also around the creation, operation of companies and trusts, which overlaps with the trust and company service provider definition, which could also include acting or arranging for another person to act as a director, providing a registered office or business address. In terms of how many of our law firms are in scope with the regulations, we regulate around 10,000 law firms and of those seven and a half thousand are in scope. So it's a big chunk of our regulated population that do this work. And I think although we're familiar with conveyancing falling into this pot or also setting up companies and trusts, it's also worth noting the activities that could come into scope. So we may not think family or person injury law is initially in scope. It's unregulated. However, if you set up a PI trust at the end of the matter, that will bring you into scope. Similarly, with family, if it's a divorce and you're dealing with shares or company assets that may also bring you into scope of the regulations. So just to be mindful of that too. So it's also worth noting the changes that came into force on the 10th of January 2020. The biggest changes obviously came to force with the 2017 regulations. So there's only been a couple of minor changes as a result of the 5th Money Laundry Directive compared with the more drastic changes of the 4th Money Laundry Directive. A couple of things to make you aware of. The tax advisor definition has expanded. So this is more general now and it used to be around the advice about the tax affairs of other persons. However, that's been substituted with material aid or assistance or advice in connection with the tax affairs of other persons, whether provided directly or through a third party. So that may well bring some activities that you do or where you refer people on for tax advice, say with probate or again with family matters, that may also bring you into scope. Other changes worth noting, policy controls and procedures. You now must cover this off in your policies where you act for what would amount to a complex or an unusual large transaction for your firm. Obviously, that's very different whether you're a small firm or even if you're a boutique law firm and you do regularly act for high value transactions. So setting out what is large or complex or unusual for your firm in your particular circumstances. You also now must cover off in your policies, controls and procedures, assessments of new products or practices and information sharing within a group if you have other entities within your structure of your firm. So moving on to your obligations and other regulations. So POCA has the offences and the regulations are there as preventative measures to stop you from getting to that point. So what do you need to do? You need to know your risk. So that's on the firm wide level, which was a new requirement in the 2017 regulations. We put out a lot of guidance on this. We put out templates and also a checklist of the stages you need to go through. You have to keep a record of the steps you've taken. So that's a firm wide risk assessment. I'll go into a bit more detail about good and bad practice in that area, but you also need to risk assess on an individual client and matter basis. You must have robust policies, controls and procedures, train your staff and identify and verify customers, their source of funds and their source of wealth. So in this in this area, it's really important to note the source of funds is about the origin. It's not just a case of having a bank statement on file and seeing that there is £100,000. You still need to look at the origin of that money. So is that coming from a regular payment in whereas source of wealth is about is that regular payment? Does that align with their particular circumstances? So you'd be looking at what is their job and how do they generate that money to start up that business? That sort of thing where you do some more digging around that. But I think there is a misconception around source of funds is simply identifying the funds exist. It's not. It's the origin still. Also, you need to monitor those business relationships that's ongoing. So making sure that that your fee earners are aware of and involved in matter risk assessing. And also they know what sites to look out for that might change that matter risk assessment. And that's where sometimes having a centralised team that deal with that. You can fall foul if you're not ensuring that those fee earners have access to the CDD documents, that they're involved in matter risk assessments and they know what to look out for that may trigger a change in risk level. And also it's reiterated in the regulations that you must report suspicious activity, have an MRO in place, excuse me, and that you must screen staff. We've noticed that firms may screen staff on appointments, but they're not doing that on an ongoing basis or they're unsure of what they need to do. So it is both on appointments and ongoing and there's lots of things you can do that are at no cost. So in terms of checking it with us about an individual's record. So that might be as a solicitor when they have any action against them, but also we are able to take action against non-solicitors such as section 43 orders. So you can always get in touch with us, check our solicitor's record online, also through our contact centre, also doing media checks on individuals. And of course it will be a risk-based approach as to whether you should be DDS checking all of your staff or staff in certain departments that are doing this work or at a higher risk and how often you might redo that. And also it's imperative that you keep records. You keep records of any changes you've made to your risk assessments and your policies and the certain record keeping requirements that do in some part align with the GDPR within the regulations. So moving on to something that's hopefully helpful to you in terms of a risk-based approach and that firm-wide risk assessment. As many of you know, we've done a lot of activity in this area. So we originally called in 400 risk assessments and we analysed those and we found that just over 20% of those weren't compliant with the regulations. They were either missing one of the five risk factors or it wasn't a risk assessment in the first place. It was instead a policy or something different or a training record. So what is it we're actually looking for here? We're looking for a document that takes a considered and thoughtful approach to identifying risk. Something that reflects who your client is. So firms will set out what their typical client base is, typical transactions, the typical services they provide and size and nature of those. Areas that firms seem to struggle with was around their transactions and delivery channels. So firms would say, we see most of our clients face-to-face, okay, so what about the other circumstances? What are those other methods that you use? Which is obviously particularly relevant in the current climate, that we understand, you know, what are the risks associated with remotely verifying clients or engaging with clients? And in terms of transactions, firms seem to fall down on this section again, so it's talking about what their typical transactions look like, what would make one of those unusual and more complex, which is now obviously a requirement in your policy controls and procedures too. I'd also flagged here, considering geographical risks. So this might not, it's firstly is about where do you operate as a firm? So it would look at if you have any branch offices overseas, but also where are your clients based? Where are the transactions that you're assisting them on based? And are any of those high risk? And there's lots of authoritative sources you can use on that in terms of the FATAP list, Transparency International, for example, lists are very helpful in identifying high risk locations. And you'll see, I've put there an honest rating of risk. So what I want to say is that firms don't need to avoid rating things as high risk. Obviously, you have to take into account our sectoral risk assessment and the national risk assessment, which, for example, rates conveyancing as high risk. Just because something's high risk doesn't mean you can't do it. It's about being aware of that risk, having suitable controls in place and mitigation. So don't shy away from being honest when you risk rate your matters. But that is down to you and your assessment. And we've also seen great examples from smaller firms and sole practitioners where they've really tailored it to their business and they can justify why their risk deviates maybe from the assessment we've done. So what isn't enough? It's not enough it's not written down. You must keep that record and you must keep it up to date and evidence the steps you've taken and how you've assessed your risk as a firm. You have to consider the national, the SRA sectoral risk assessments, which I've mentioned. So that is also a requirement in Regulation 18 and those are available on our website. And also we've seen it doesn't cover all the services or transactional work you provide. So if you do want to use our template, which is available on our website, that aligns initially with our sectoral risk assessment. But you must then go into if you do other services that within scope, you must then go into detail and list those. We've seen some great examples where they involve unregulated parts of the business and have department heads review that document, check it's appropriate and see if there's any overlap with other areas that you do. So moving on to some more good and bad practice that we've seen, maybe on our engagement with law firms. And I've touched upon this a bit when I was talking about a risk-based approach. So good that firmers have access to all of the customer due diligence documents and they're keeping a clear record on files, there's clear matter risk assessments and ongoing monitoring processes. Robust source of funds checks, as I said, looking at the origins, not just that the money exists and keeping evidence of those checks on the files or about noting your decisions. Because when we speak to firmers, they're able to explain what they did, but it's unclear from the file potentially. And that can obviously put you in difficulty. So do make a note of why you've reached a certain conclusion, what documents you've looked at to form that conclusion on that client matter. What's bad? A tick-box approach, and that then feeds into CDD evidence not documented or read. So with a tick-box approach, yes, I've got a bank statement. You're able to tick something as low without it pulling up any triggers or without you considering other factors. It's really concerning when we see documents that when we read it, it's clear that this potentially there's an issue. The names don't add up. There's deposits in the account. You can't see where those have come from, you ask, and Athena doesn't understand either or hasn't made inquiries. And that goes down to that tick-box approach. I have those documents, but they haven't maybe been read or investigated further when they should be. So I've run through that, and we're nearly at 20 minutes. So I think it's probably good to move to some questions, and we have got some questions. So let me just have a look at what people are asking. Okay. So the first question, does the client sending their proof of identity and address via email to us before a meeting and then showing it to us over Zoom satisfy the anti-money laundering regulations? Do I need to write anything on the ID? I mean, this obviously is particularly important with the current situation with this all being in lockdown. So I think the starting point is that the standards are still exactly the same under the regulations, but clearly there needs to be other practical steps taken. So there is LSAG guidance out there that we've co-written on COVID, and certainly this example of having the client via Zoom or another platform show their photo ID next to their face and some sort of live video conferencing, that is one of the steps that we have said would be a practical way of satisfying ID and verification. Do I need to write anything down on the documents that you have? Absolutely. Make a record of the circumstances of what you've seen and what you're satisfied on that that is the person you're talking to. As to whether you need to do anything else is really down to that particular matter and that particular client. So that might be sufficient for a low-risk client. You need to maybe track back to your firm-wide risk assessment and where you'd rate that individual and whether there's any other checks you need to do to satisfy yourself on the entirety of CDD. Okay, so I'm looking at some of the questions here. If client IDs check manually, is it acceptable to take scan copies during social distancing? So I think hopefully that's been covered by the original question in that in terms of how you evidence that if you have those documents in and in terms of verifying using other sources and the example given by some sort of video with the photo ID might be something you need to add to that and making sure you do make a note of why you've accepted certain documents or what checks you've done to satisfy yourself. And another question, what are the additional risks for anti-money laundering for law firms arising from the current situation caused by COVID-19? So yes, quite a big question there. I think that the problem is this is an unusual situation which may make it harder or easier to spot unusual activity in terms of money laundering. What we do know is that criminals are innovative and they certainly innovate and they are able to change and adapt to circumstances and we've heard a lot in the press about criminals taking advantage of the current situation. I think in terms of practical steps and the risk that I perceive is about with remote working and if it's a bit disjointed, this is something you haven't done as a law firm and you're having to adapt to this quickly in terms of getting staff able to do their job and you want to continue to provide services to your clients. Just being aware of any risk that has any sort of potential gaps in your processes that your team know what they need to be doing and what sorts of checks they need to be doing. I don't think it should necessarily require rewrites of your policies or process controls but I think certainly just revisiting those. Have we covered off in our firm wide risk assessment the risks associated with using Skype or taking ID and verification as we've discussed and satisfying CDD by different methods. So it might be that you need to send something round on an interim basis reminding people of their obligations and what checks they need to do. I think it's really difficult to exactly perceive what all risks might come out of that but hopefully that's helpful in terms of some practical steps you can do to mitigate that and just being really alive it may be that it's easier to identify because you're being more vigilant or the level of your services have slightly dropped in this time but I think certainly there's plenty of guidance on our website and a link to the LSAG COVID-19 guidance with typical Q&A's that are being updated if you need any more information. Which takes us quite nicely on to the final slide around other help that's available. So I've touched upon the LSAG guidance but we also have our risk outlook. We have our national sector risk assessments, warning notices and various guidance on our website but if you find that you have a specific question that can't be answered by what's on our website please do get in touch in the first instance with our professional ethics team who are also trained on the money laundering regulations and they can answer your queries but if not they'll be able to get in touch with our team too. So I hope you've all found that helpful, thank you very much for tuning in.