Protect your firm in 2023


Harriet Holmes

AML Services Manager

Worldwide events have spotlighted money laundering, demonstrating the need for the global community to respond to the evolving risks. We all have a critical role to play in fighting against the baddies, creating a safer world for us all. 

All regulators are now consistent in their approach; increased engagement will be seen in 2023, and they are expanding their resources dedicated to preventing and detecting money laundering. Regulated firms and individuals must demonstrate to the regulator how they actively prevent money laundering in their businesses. 

Understanding the impact of non-compliance is fundamental. 

The is a range of negative consequences that come with non-compliance. It is essential to understand the range of sanctions the SRA can impose in-house is limited. However, the limit since July 2022 has increased considerably to £25,000 unless you are an ABS, in which case it is £250 million, and for managers and employees of an ABS organisation, up to £50 million. This a clear directional move from the previous £2,000 limit, demonstrating how seriously the UK government is taking things like non-compliance. 

There is also the consideration of disciplinary action, both internally and externally. 

Regulators expect to see improvements in 2023 regarding how firms assess and mitigate their risk exposure. Not only that, but the regulators are looking to see that the firms they regulate have an appreciation of the risks unique to the firm. They expect that assessment to be based on much more than bold statements and would require quantitative analysis supported by statistics. 

Four key areas that firms and regulated individuals should have a keen focus on in 2023 are; 

  • Client and matter risk assessment 
  • Source of funds 
  • Ongoing proactive Sanctions 
  • Policies, controls and procedures 

Client and matter risk assessment 

There are many factors to consider, and the requirements are set out in R(28),(12) and (13). Firms must consider factors such as purpose, asset, size, regularity and duration of the transaction etc. As well as this, firms also need to observe the LSAG guidance, which sets out a further list of considerations. 

The SRA identified several examples of poor practice they saw in their investigation: 

  1. Unclear risk rating
  2. Tick-boxing exercise
  3. No rationale to substantiate  decisions
  4. Didn’t set out mandatory high-risk factors for enhanced due diligence - e.g. PEPs
  5. PCP does not observe high-risk third countries and jurisdictions.

Understanding the extent of the problem and why risk assessment should be a focus area for firms into 2023; 

  • 42% of client/matter risk assessments reviewed were ineffective.
  • 30% did not show clearly when EDD was necessary, including where mandatory under regulation 33. 
  • 20% did not reflect the firm’s firm-wide risk assessment. 

Firms can take steps to ensure compliance: 

  • Document the risk level allocated to each matter, referring directly to the firm's firmwide risk assessment (FWRA). Any disparity will require consideration. Templates should be updated  to allow fee earners to capture this information.
  • Document and record when and why enhanced due diligence (EDD) is required – record complete and detailed notes of any EDD steps carried out. 
  • Carry out file reviews and assess whether they understand the risk attached to the client and matter based on the responses. No AML risk, for example, does not provide enough context to the reader. Consider additional training, guidance and support for the teams. 

Ongoing proactive sanctions 

Sanctions apply to all firms. Due to the political climate in 2022, this has never been more relevant. All firms may be at risk of being used to evade sanctions. It is important to truly know your client and all parties involved in a transaction, including any beneficial owners, to ensure they comply with the sanctions regime.

Understanding the extent of the problem and why sanctions should be a focus area for firms into 2023

  • 26% of the AML policies the SRA reviewed failed to detail the steps a fee earner should take to ensure their client avoids financial sanctions.
  • The SRA has plans to issue rolling sanctions compliance checks next year on the firms it regulates.  

Firms can take steps to ensure compliance: 

  1. Implement a Sanctions process for screening clients and those connected.
  2. Document the processes fee earners should take to ensure that designated persons are correctly identified.
  3. Ensure that all reporting obligations are fulfilled.
  4. If you use a third-party service provider you should understand the data sources used.

Source of funds 

Understanding the source of funds used in a transaction is a fundamental part of the risk-based approach. The main regulation that captures the need for a source of funds check is regulation 28. Regulation 28 defines the obligation:

“scrutinise transactions undertaken throughout the course of the relationship (including, where necessary, the source of funds) to ensure that the transactions are consistent with the relevant person's knowledge of the customer, the customer’s business and risk profile.”

Understanding the extent of the problem and why the source of funds should be a focus area for firms into 2023; 

Solicitors are becoming involved in money laundering (either knowingly or unknowingly) by a failure to carry out sufficient checks on a client's source of funds. The SRA did report a slight improvement in relation to the source of funds. It countered by saying that firm's need to do more in this area. 

The fundamental importance of the source of funds cannot be underestimated. The risk of money laundering is significantly reduced if you are clear about the legitimacy of the source of funds being used in a transaction. 

Firms can take steps to ensure compliance: 

  • Ensure your firm has put in place robust policies, controls and procedures to prevent money laundering, particularly regarding the source of funds checks. 
  • Train staff on how to deal with the source of funds, what questions to ask and spot red flags. 
  • Ask questions about money that is being deposited into your client account.
  • Ensure the firm has controls that prevent/mitigate instances when funds are received from the client(s) when no checks have been carried out and/or are unexpected. 

AML policy 

The SRA generally reported that they saw poor-quality AML policies. More than half, 58% - of the policies that were reviewed required improvement. A firm's AML policy is the foundation for the staff. The AML policy should set out the measures staff should take to protect themselves and the firm from money laundering.

The SRA findings consistently recorded key information that was missing from AML policy that should be documented; 

  • Taking additional measures where products and transactions favour anonymity. 
  • Stance on Reliance.
  • High-risk third countries.
  • Simplified due diligence.
  • High-risk jurisdiction. 
  • Checking the sanctions register.
  • How to identify and scrutinise unusually large or unusual pattern transactions. 
  • How to identify and scrutinise transactions that have no apparent economic or legal purpose. 
  • How to identify and scrutinise complex transactions.

Steps that firms can take to take to ensure compliance: 

A good starting point when reviewing your AML policy is to read it side by side in direct comparison to the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 and The Legal Sector Affinity Group guidance document. This can be your benchmark as to what is expected. Alternatively, you can use a third party to provide a checklist or a gap analysis.

Subscribe to our newsletter

Subscribe to our monthly newsletter for recaps and recordings of our webinars, invitations for upcoming events and curated industry news. We’ll also send our guide to Digital ID Verification as a welcome gift.

Related Articles


Regulations in Review - what last year's changes mean for 2023

Read Story


Five types of document fraud - what is the risk to you and your firm?

Read Story


Why the advent of digital property transactions is a win for conveyancers

Read Story