Over the past year, both the SRA & CLC have emphasised that the prevention of economic crime and money laundering will be high on their agenda in 2024. Take a deep dive with us into their recent enforcement and how law firms should respond.


    A review of recent enforcement action

    Over the past year, both the SRA & CLC have emphasised that the prevention of economic crime and money laundering will be high on their agenda in 2024.

    They have made it clear that they expect firms that fall under their supervision to play a valuable role in preventing the transformation of crime proceeds into assets and have committed to increased resources to ensure compliance.

    2023 saw record fines issued by the SRA for lack of AML compliance, the first-ever solicitor being convicted for tipping off offences and the CLC revoking a law firm’s licence.

    In 2024, expect intensified efforts by both organisations to ensure solicitors understand and comply with the financial sanctions regime, conducting thematic reviews and spot checks on law firms.

    Future plans include proactive sanctions inspections and reviews to assess firms’ risk management and compliance procedures with a call for firms to allocate appropriate resources and foster a culture where everyone takes the risk of money laundering seriously.

    Key Findings from the 2023 SRA AML Assessment

    This year’s SRA Annual AML Assessment identified new and existing areas of concern for the regulator that all law firms should be aware of.

    Following the report, the SRA made it clear that the level of compliance was too low and that they will introduce additional measures to address their concerns including the possibility of automatic fines.*

    The report identified a high number of firms were either non-compliant or only partially compliant with just 1 in 3 firms being fully compliant.

    The main areas of concern were:

    • Firm-Wide Risk Assessment
    • Client / matter Risk Assessments
    • Sanctions
    • Ongoing Monitoring
    • Customer Due Diligence
    • Enhanced Due Diligence
    • Source of Funds

    In addition to thematic reviews, this year the SRA introduced spot checks to see if law firms were compliant with the latest sanctions. The SRA has confirmed they will continue to perform spot checks through out 2023/24 while working in conjunction with the OFSI.

    Key statistics from the SRA report

    • 249 reports of suspected MLR breaches
    • 39 resulted in action of which 23 received a fine
    • 47 firms and individuals received enforcement action
    • 177 on-site and thematic inspections
    • 73 desk-based reviews
    • 23 firms involved in sanctions screening exercise
    • £137,402 in fines issued
    • 24 suspicious activity reports submitted to the National Crime Agency, by SRA
    • £75m of assets as a result mainly in conveyancing
    • 6,000 firms supervised by the SRA for money laundering purposes

    Area of Risk assessments

    Areas of concern

    The lack of client and matter risk assessment was a major concern for the SRA with 20% of files reviewed missing a risk assessment and 50% lacking a rating or rationale.

    Some firms used incomplete or improperly filled template matter risk assessment forms that often lacked commentary or justification for risk levels and actions to mitigate risks. Many forms didn’t include high-risk factors or alert fee earners as to when they were required to conduct enhanced due diligence.

    Another area of concern was a lack of consistency between the Firm Wide Risk Assessments and the Client/Matter Risk Assessments forms. For example, one firm considered all cash purchases in property matters to be considered high risk but this wasn’t reflected in the Client/Matter risk assessment forms, allowing the fee earner to make their own risk rating.

    The SRA praised firms that had tailored templates for transactional and non-transactional work as well the forms that included risk-weighted factors, requiring compliance approval if certain risk thresholds were met.

    How Credas can help

    Our end-to-end solution ensures a seamless and tailored approach to compliance by incorporating cutting-edge features like ID verification, AML checks, and dynamic risk assessment forms.

    Empower your team with dynamic risk assessment forms that adapt to specific case nuances like transaction type or geographic jurisdiction. This precision ensures that your compliance efforts are not only thorough but also precisely tailored to each matter.

    Save crucial time for your fee earners by allowing them to pre-populate client forms based on submitted information. Our system streamlines the process, eliminating manual data entry and enabling your team to focus on higher-value tasks.

    Efficiently manage your risks with internal escalation procedures / protocols allowing to you effectively delegate time intensive tasks while keeping a full audit of any outcomes that can be easily exported.

    Identity verification

    Areas of concern

    The SRA’s review found that despite a high level of compliance 14% of files were still missing identification and verification documents.

    The SRA found evidence that law firms were only checking ID documents for one individual out of several individuals involved in the transaction and were not obtaining appropriate information on UBOs.

    In some cases, the SRA found that fee earners had waived CDD on the basis of long-standing or personal relationships. Taking this approach will not satisfy the requirement to undertake independent verification, though these factors may inform a risk-based approach and the level of checks needed.

    While neither the SRA or CLC has yet to issue guidance on the use of certified Identity Service providers the Conveyancing Association updated their protocols recommending the use of certified providers.

    The SRA also found continued failures to apply enhanced customer due diligence where appropriate.

    How Credas can help

    Mitigate risk seamlessly with a unified approach to customer due diligence across your firm. Liberating your fee earners from the burden of decision-making. Our robust set of tools leaves no room for doubt, providing a comprehensive and audit-ready Customer Due Diligence (CDD) process that stands up to scrutiny.

    Our ID checks combine biometric facial recognition and document analysis to verify your clients against their identity documents which have been confirmed as genuine and checked against national fraud databases.

    Optimise your team’s efficiency by automating routine compliance tasks such as PEPs/sanctions searches, address eVerification, adverse media and UBO / proof of ownership checks.

    Future-proof your compliance efforts with a platform designed to meet and exceed evolving regulatory requirements. As the only Identity Service Provider (IDSP) in the UK certified to deliver a ‘very-high’ level of confidence, we set the standard for secure and reliable digital identity verification.

    A lesson in familiarity

    The SRA recently fined a solicitor £3,500 for failing to conduct thorough due diligence and not following their firm’s AML policies.

    The reason why? They knew the customer personally.

    This is something we come across quite regularly.

    Money laundering isn’t confined to just London, it takes place across the entire country. Relying upon local knowledge and familiarity isn’t sufficient and exposes your business to risk.

    In this scenario had they adequately investigated the clients’ source of funds they would have identified that they came from an unregulated Foreign Exchange (FOREX) business. Unfortunately as did follow their firms AML procedures the solicitor who was punished for their action or lack thereof.

    By automating your AML due diligence you can take away this risk and ensure every client is checked thoroughly without exception.

    Source of Funds

    Areas of concern

    The SRA had a number of concerns when it came to Source of Funds. While they acknowledged that there had been an overall improvement they found overall there was a lack of information and evidence available on file.

    Thirty-three firms were referred to the SRA’s investigations team for further action after source of funds /source of wealth issues were identified, amongst other
    AML failures.

    The SRA was concerned that firms were simply taking copies of bank statements from clients but making few enquiries to understand how the funds in these accounts had been accrued. There was little evidence of analysis of submitted documents or awareness of high-risk factors. The CLC came to the same conclusion that firms under their supervision were “merely obtaining a bank statement… When they are obliged to go further and establish the source of the funds in question.”

    In other cases firms simply made written notes of how the transaction will be funded but did not obtain any documents in support. These notes were not always recorded on the matter itself and could not be easily audited.

    How Credas can help

    Our Source of Funds solution provides a holistic view by combining both client submitted evidence and open banking data ensuring that no detail goes unnoticed, and firms can confidently evaluate the legitimacy of funds.

    Our software provides the ability to capture digital bank statements through open banking streamlines the evidence collection process and removes the need to check if documents have been digitally altered / manipulated.

    By capturing the data digitally, the system can automatically categorise transactions and help identify high-risk factors, such as proceeds from gambling and international transfers. This proactive approach enables law firms to spot potential red flags and address them promptly.

    Our solution provides a holistic view of transactions, allowing law firms to assess financial activities comprehensively as well as the ability to take a broader look at clients’ financial situations, considering various factors beyond individual transactions.

    Ongoing Monitoring

    Areas of concern

    Effective ongoing monitoring involves regular reviews of risk assessments at key transaction stages. Concerns arise when firms do not integrate this practice consistently, especially in high-risk areas such as property transactions.

    A notable issue was the lack of consistency in documenting ongoing monitoring checks. Inadequate documentation poses the risk of creating gaps in the audit trail, potentially impeding the ability to demonstrate compliance and respond effectively to regulatory inquiries.

    While fee earners are recognised as the first line of defence in ongoing monitoring, relying solely on their judgment without a documented process introduces inherent risks. There is a pressing need for a formalised system that guides fee earners through established checks and procedures.

    Although certain firms have successfully implemented controls, such as digital alert systems, there is a prevailing concern that a significant number of firms may not be fully harnessing technology’s potential for ongoing monitoring. It is crucial to address this gap and explore innovative ways to maximize the benefits of technology.

    How Credas can help

    Effortlessly ensure the accuracy of your Know Your Customer (KYC) information through our ongoing monitoring solution. Stay abreast of changes in client status seamlessly, guaranteeing that your records remain current and compliant.

    Stay ahead of compliance risks with our proactive daily automated checks, available for less than 1p a day. Identify potential PEPs or sanctions matches promptly, enabling your firm to cost effectively uphold the highest standards of due diligence.

    Customise your risk management strategy by tailoring search criteria to your unique requirements. Whether it’s geographic jurisdiction or PEP tier, align our solution with your firm’s risk approach for targeted and effective due diligence.

    Document every update, decision, or remediation action taken during ongoing monitoring, providing a transparent view of compliance efforts for internal review or external audits.


    Areas of concern

    Sanctions were identified as an emerging risk during the SRA spot checks with an increasing number of cases relating to breaches of the sanctions regime

    During their spot checks and wider reviews the SRA found that 10% of firms were not checking whether new clients were sanctioned and 47% were not checking existing clients.

    The SRA is working with the Office of Financial Sanctions Implementation (OFSI) where they feel there are incidences of professional misconduct. As a result the SRA is expecting there to be enforcement action in the coming year.

    The latest penalties from the OFSI ranged from £5,000 through to £20,000,000. All businesses are prohibited from working with a designated individual regardless of whether they are AML regulated or not.

    How Credas can help

    Credas can help law firms stay compliant by automating your customer due diligence so you can ensure every client is checked against the latest official international sanction lists without adding to your fee earners workload.

    Our solution utilises the latest official datasets, supplemented by media reports, direct links to original sources, and, where available, head-shots. This comprehensive approach empowers you to easily remediate possible matches and demonstrate a high-level of compliance.

    Furthermore, you can maintain a thorough audit trail, documenting every action taken during the remediation process for complete transparency and compliance assurance.

    Other areas of concern

    Companies House
    Under regulation 30A, law firms must report any discrepancies in information to Companies House such as an unlisted UBO. In almost half of the firms reviewed there was little evidence that there was any formal process for reporting these discrepancies within their policies and procedures.

    Under regulation 39 firms may rely on another person to conduct CDD, subject to their agreement. While 96% of firms did not use reliance or permit other firms to rely on CDD they had collected, one third failed to document their stance within their policies and procedures.

    High-risk jurisdictions
    Regulation 33(1)(b) of the regulations requires firms to apply EDD measures in circumstances where high-risk third countries are involved. While it may be unusual for some practices to come across overseas clients, firms must make sure their fee earners are aware of any high-risk jurisdictions so they can exercise caution.

    MLRO independence
    In enforcement action brought by the CLC against a law firm, they noted that an MLRO was acting “effectively only nominally in that post” and “was not always conducting the role properly and with the required level of scrutiny and compliance”. MLROs need to operate with a sufficient level of independence and appropriate resources in order to conduct their role properly.

    Handling of client funds
    An area of concern for both the SRA & CLC was the handling of client funds especially in relation to property transactions. Both regulators found examples of firms failing to identify and challenge suspicious activity when handling client funds. In some cases clients were transferring funds across to firms, then cancelling the transactions and requesting that the funds be transferred to a different account than they originated from. Other examples included the proceeds of sales monies being divided up and sent piecemeal to several accounts across over a long period of time. Both of these scenarios could be seen as a way to obfuscate the original source of funds through layering and should have raised red flags for the firms involved.

    Further Reading