With the 2017 Money Laundering Regulations just over a year old, Amy Bell reminds us of the risk based approach demanded in their deployment.

The 2017 Money Laundering Regulations came in a little over a year ago. They implemented the 4th EU Money Laundering Directive in the UK. The common thread running through the Regulations is ensuring firms deploy an approach to anti-money laundering which is truly risk based. This emphasis on assessment of risk starts at the highest level, the European Supranational Risk Assessment and runs right through to the individual assessments of risk you make on each matter. This article looks at the issues which have been raised by the Government and the Law Society of Scotland (LSS), and what issues you need to consider in your own risk assessments, both at firm and matter level.

EU Supranational Risk Assessment

Released on the 26^th June 2017, the first EU Supranational Risk Assessment considered the EU's vulnerability to Money Laundering. It is intended that the risks identified would be considered by member states when preparing their own national risk assessments. In terms of the legal profession they highlighted the lack of visibility of beneficial owners, real estate work and improperly claiming legal privilege as high risks to the success of the anti-money laundering regime.

National Risk Assessment (NRA)

We now have the second NRA. The first NRA was published in October 2015 and whilst it is acknowledged that progress has been made since then, the legal sector is still considered to be high risk. This does not necessarily mean that all solicitors are inevitably involved in money laundering, but rather when money laundering occurs, there is a high risk of solicitors being targeted. The NRA identified 3 areas of legal services which are high risk, the provision of Trust and Company Services, Property Transactions, and of the Solicitor's client account by criminals.

Regulator Risk Assessment

In March 2018, the LSS published its risk assessment of Money Laundering in the Solicitors sector. The LSS endorsed the views expressed in the NRA. To assist firms, they have produced a number of useful resources including:

• AML Good Practice Guide
• AML Good Practice Developing Policies and Procedures Guide
• Various AML Risk Assessment Templates.

These documents can be found here - https://www.lawscot.org.uk/members/regulation-and-compliance/financial-compliance/anti-money-laundering/aml-toolkit/

Firm Risk Assessment

Regulation 18 requires that the firm must take appropriate steps to identify and assess the risks of money laundering and terrorist financing to which it is subject. If your firm engages in work which is subject to the Money Laundering Regulations, you must now, if you have not already done so, carry out a risk assessment of your firm. In carrying out the risk assessment the firm must take into account any information made available by their supervisor, so you will need to consider the LSS's Risk Assessment. The template document entitled 'Firm Level AML Risk Assessment Template April 2018' should provide some useful guidance and prompts to help with the risk assessment process.

Chapter 2 of the Legal Sector Affinity Group Guidance, which has been approved by the Treasury, and which is available on the LSS's AML pages, provides more detail on how to complete your risk assessment. The LSS have also produced a number of templates which can assist firms when carrying out their risk assessments.

Firms I have spoken to have considered the services they provide and considered each in relation to the areas identified in the regulations, and the Legal Sector Affinity Group Guidance, and decided what would be appropriate client due diligence (CDD) to mitigate the risks of becoming involved in money laundering.

When carrying out your risk assessment, the issues could vary from department to department, and as a result some firms have developed slightly different processes depending on the departments.

Matter Risk Assessment

Whilst the regulations do not provide specifically for a written risk assessment for each case, it does say in regulation 28(12)

The ways in which a relevant person complies with the requirement to take customer due diligence measures, and the extent of the measures taken—

(a) must reflect—

(i) the risk assessment carried out by the relevant person under regulation 18(1);

(ii) its assessment of the level of risk arising in any particular case;

Accordingly, firms will want to ensure that staff consider the factors identified in the firm risk assessment for each individual retainer. To demonstrate they have done this, firms may want to implement an AML Matter Risk Assessment form to capture the assessment of risk at the beginning of the matter.

Risk can arise at any time during the retainer, so it is important that although risk will be considered during the file opening process, it should remain a “live” issue and revisited at appropriate times during the case (for example if the source of funds changes).

Finally, criminals are resourceful people, they will be looking for new ways to target law firms to launder money, so keep yourself up to date with training, and information published by the Law Society.