Solicitors Regulation Authority Fine May Signal Steeper Compliance Penalties for UK Legal Sector

On 5 January 2022, the UK’s Solicitors Regulation Authority (SRA), the equivalent to the Financial Conduct Authority (FCA) for the UK legal sector, announced the conclusion of an investigation into breaches of UK Anti-Money Laundering (AML) regulations by the law firm Mishcon de Reya LLP (Mishcon). The SRA ordered Mishcon to pay a fine of £232,500, publish the agreement with the SRA and pay costs of £50,000 attributed to the investigation conducted.

The SRA found that between September 2015 and April 2017, Mishcon failed to comply with a number of AML requirements while carrying out work for two individual clients and associated corporate vehicles relating to a non-SRA regulatory investigation, asset planning, and in the context of acquisition support. The SRA concluded that Mishcon failed to:

1. Have a written, practice-wide AML risk assessment in place
2. Conduct adequate Customer Due Diligence (CDD) on its clients
3. Retain full CDD documentation on four clients for a minimum of five years
4. Conduct adequate Enhanced Due Diligence (EDD), or adequately apply enhanced ongoing monitoring
5. Provide adequate AML training to the former partner who maintained the client relationship

In addition, Mishcon permitted its client account to be used like a banking facility in some instances¹.

While the SRA had previously fined law firms for AML failings, such as Crawford & Company Legal Services Limited² and Law Together LLP³ for failing to declare a compliant risk assessment, the Mishcon fine—while small compared with fines issued by the FCA against UK financial institutions—is substantial for the legal sector.

This may give an indication of things to come, especially as increased scrutiny and enforcement action of the UK legal sector from an AML perspective has been on the horizon for some time: 

In December 2020, the UK’s National Risk Assessment⁴ (NRA) identified that the risk of abuse of legal services for money laundering is high⁵. The SRA’s own 2021 sectoral Risk Assessment⁶ identified weak controls and inadequate systems and controls in place to prevent, detect and report money laundering for firms supervised by the SRA. The report highlighted deficiencies within firms’ risk assessment, source of funds checks, lack of due diligence documentation and inadequate ongoing monitoring of risk. Furthermore, the misuse and exploitation of client accounts as a banking facility was identified as a red flag.

In November 2020, the SRA published a report on its AML supervisory visits between 2019⁷ and 2020. The report had identified deficiencies and gaps in AML⁸ policies and procedures during more than half of its examinations.  In 2021, the SRA fined six firms for failing to provide information required by the SRA regarding their AML controls. The fine against Mishcon seems a logical progression, with the SRA starting to take a tougher stance on firms who fail to comply with their AML obligations. This development is similar to that taken by other regulatory or supervisory bodies which started issuing increasingly severe penalties to instigate change within the regulated sectors under their remit.

What Does This Mean for Firms Regulated by the SRA?

The SRA is the regulatory and supervisory authority for independent legal professionals, trust and company service providers, and tax advisers. These groups are required to adhere to the AML requirements set out in the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, subsequently amended by Money Laundering and Terrorist Financing (Amendment) Regulations 2019 and the Money Laundering and Terrorist Financing (Amendment) (EU Exit) Regulations 2020, as well as the Proceeds of Crime Act 2002 and the Terrorism Act 2000.

The recent regulatory enforcement action should prompt SRA-regulated entities to review their financial crime framework to ensure they adhere to regulatory expectations and reporting requirements. This includes ensuring that individuals are aware of their and the firm’s AML obligations and adequate training has been provided. Where gaps are identified firms should take swift action, developing a clear plan to remediate any identified shortcomings.

How Guidehouse Can Help

Guidehouse can assist you in the review and assessment of your financial crime prevention framework to determine whether it is operationally effective and meets regulatory expectations and industry practice. We can also assist your firm to remediate identified gaps, and weaknesses identified. Guidehouse has in-depth knowledge of the regulatory environment, both in the UK and globally. Our relevant expertise includes the following: 

• Compliance Solutions
• Financial crime framework Risk Assessments and gap analyses
• Advising on the effectiveness and efficiency of financial crime processes and systems
• AML and Compliance Training
• Compliance system testing and system configuration

Guidehouse’s financial crime consultants work with regulated entities of all sizes to build effective and efficient risk management and compliance frameworks to help clients protect against legal, fiduciary, shareholder and reputational risk. Guidehouse experts include former prosecutors, regulators, compliance officers and consultants, who leverage their combined experience to help clients conquer their compliance challenges.

This article was co-authored by Sajeev Kanagarajah.