Law Society of Scotland
This information reflects the Society's web site at the date you downloaded or printed it and you should check at www.lawscot.org.uk to see if it is still current.

Anti Money Laundering Guidance

Law Society of Scotland Guidance – Part 2

Matters in Part 1 that require clarification or additional guidance:

Scottish Legal firms that are not also regulated by the FSA

Nominated Officer / MLRO

Senior Management responsibility and Annual Reports

Risk Based Approach

Regulation

Reliance

Reporting

Legal Professional Privilege

Firms not Regulated by the FSA
Some firms of Scottish Solicitors are authorised by the FSA to carry out investment business and are therefore also regulated by the FSA in relation to financial services work.
Other firms may be licensed by the Society to carry out Incidental Financial Business or may not carry out any such business at all and are not subject to direct FSA Regulation.
The guidance notes deal with either type of firm, giving reference to what requirement the specific guidance relates to, with a detailed glossary of abbreviations provided.
Any firm not subject to FSA Regulation may choose to follow the guidance as if it were, in so far as that is practical. However, firms who are not authorised by the FSA to undertake investment business will not be expected to comply with the FSA requirements and the guidance relating solely to FSA requirements may be disregarded except where specified to the contrary in this Guidance.
In sections of the guidance, for example 2.3 - 2.6, FSA requirements are used to clarify and illustrate what may be required by all firms to comply with the Regulations. Care should be taken to read the guidance carefully and not immediately discount any reference to FSA Regulation or guidance.

Nominated Officer / MLRO
The regulations specifically require a nominated officer to be appointed, they make no reference to a money laundering reporting officer (MLRO), that is an FSA requirement.
The Society requires all firms to appoint a MLRO, whether or not they are FSA Regulated. This will not imply that a firm is FSA Regulated and will not require firms that are not FSA Regulated to comply with FSA requirements, unless stated to the contrary in this guidance.
Guidance in 3.14 -3.16 , but excluding 3.7, is to be followed by all firms as if they were FSA regulated.
In short this requires the firm to appoint a MLRO, who is responsible for the oversight of the firm’s compliance with the regulations. They must be suitably senior within the firm to be able to properly discharge their responsibilities. They must be supported by senior management.
It is envisaged that the same individual will undertake the duties of the nominated officer and MLRO.

Senior Management responsibility and Annual Reports
Regardless of whether a firm is subject to FSA regulation or not, the Society requires all firms to comply with guidance in sections 1.27 to 1.33, 1.41 to 1.44 and 3.28 to 3.36, inclusive, as if they were FSA Regulated.
For the avoidance of doubt, the responsibility for establishing and maintaining appropriate risk-sensitive policies and procedures, as required by Regulation 20, is not a nominated officer or MLRO responsibility specifically. It is the responsibility of senior management and requires senior management input and support. Senior management must support the MLRO and the MLRO must provide reports to senior management at least annually.
A suggested framework for a MLRO annual report
The complexity of the report will depend on the size and nature of your business.
It is suggested that this requirement is kept in mind when setting up, revising and documenting systems to ensure the information needed for the report is easily accessed.
Consider the most appropriate timing for the report and diary time now for both the preparation of the report by the MLRO and consideration of the report by senior management.

Risk Based Approach
The regulations are founded on a risk based and proportionate approach. There are clear benefits in that you do not need to apply the same anti – money laundering (AML) checks to every client or every piece of business so that you can “tick the box” for compliance. The other side of that coin however is that you must develop and document policies and procedures which allow the risk to be assessed in categories of client and types of business generally but also on a case-by-case basis.
Firms and staff must be more alive to: the requirements of the Regulations; the firm’s procedures and policies; and clearly understand: what they are trying to achieve; what their duties and responsibilities are and what the actual and potential risks are. The policies and procedures must be proactive and dynamic to anticipate and /or address new risk profiles as they arise. This could be, for example, engaging in a new type of work; opening an office abroad; recognising new ways in which criminals target and use solicitors to launder money; a change in personnel or office structure or a change in computer systems.
It should be simple to identify the different types of business that you carry out but it may be that you find it necessary or useful to sub divide that list once you gain experience of applying the risk-based approach.
Client profile will also have an impact on risk assessment. For example, a new client will generally be a higher risk category than an existing one. This depends of course on the level of checking and knowledge of existing clients as well as on going monitoring of the type of business you are instructed to carry out and how that fits with what you know about the client and their circumstances. This highlights that, within general risk groups, there may be indicators that require individual transactions or clients to be reassessed and treated differently.
Two examples highlighted by the regulations as high risk are non face-to-face customers, that is, where you do not meet the client, and politically exposed persons (PEPs). While many firms will require specific procedures to deal with non face-to-face customers, many will never act for a PEP. The issue however is that you must consider whether, if you were acting for a PEP, your procedures would highlight a level of risk that would require further due diligence than if the client were not a PEP. That does not require all firms to run checks on all clients to determine whether they are PEPs. For example, basic client due diligence will provide information about the client. If that, or the nature of the work you are instructed to undertake indicates a possibility of the client being a PEP then further checks must be undertaken. The same is true of any client, if normal procedures indicate that further checking is required then that must be acted on. A typical example might be a client where the funding for a transaction comes from a third party. It may be that the person providing the funds is the beneficial owner and further checks will be required on them. The initial client and transaction profile may not have indicated a particularly high-risk profile but subsequent actions or information require additional checking to be carried out.
While all firms are alert to the high risk of accepting anything other than a very small level of cash from a client, it is an obvious example of a trigger that would immediately escalate the level of risk associated with a client transaction.
The level of risk of money laundering, or terrorist financing, depends on a combination of factors. While certain high-risk categories may be definable, there is and can be no prescriptive list of what represents a high risk of money laundering.

Each firm will have a different profile in terms of location, organisation, types of work undertaken, client profile and so on. The following are therefore suggestions of some aspects to take into account in assessing risk both in terms of categories and individual cases. You must ensure that in assessing your risk and formulating necessary systems, procedures and action to deter and detect money laundering on a risk sensitive basis, that you document the processes.
Further reading: Financial Action Task Force – Guidance on the risk-based approach to combating money laundering and terrorist financing. June 2007

Some suggested risk profile categories or considerations

Client
One off transaction or business relationship
New or existing client
Non face to face clients
Private individual or trust / corporate
Resident in UK or not
Client is acting as an agent for another party

Business
Division of work by category, for example:
Conveyancing
Trust work
Portfolio and investment work
Instructed to carry out work where there is no obvious legitimate purpose
Instructed in work you don’t normally carry out
Instructed in work where the timescales are tight / too tight and client is forcing the pace or there are penalties

Location of client / assets / transaction
Instructed where a solicitor would not be required and would not normally be involved in such a transaction.
The value of the transaction

Funding
Cash
Funds from abroad
Funds provided by someone other than the client
Funds not handled by the firm
Change of agreed arrangement at last minute
Instructions to make payment of funds /free proceeds to someone other than the client
Receiving or holding funds when there is no transaction or requirement to do so
Client claims not to have a bank account but transaction / circumstances indicate they should / could have

General
Current or known ways in which criminals use solicitors for money laundering purposes.
Traditionally organised crime use cash businesses as a means of laundering money.
Mortgage Fraud

Other
Local information
Client – for example: runs a local business, has convictions or connection to drugs, fraud etc
Transaction – for example knowledge of property values in an area versus purchase price/valuation

Regulation
The Society is a supervisory authority and as such has obligations, some of which are noted below as an extract from the Money Laundering regulations 2007:
24 (1) A supervisory authority must effectively monitor the relevant persons for whom it is the supervisory authority and take necessary measures for the purpose of securing compliance by such persons with the requirements of these Regulations.
(2) A supervisory authority which, in the course of carrying out any of its functions under these Regulations, knows or suspects that a person is or has engaged in money laundering or terrorist financing must promptly inform the Serious Organised Crime Agency.
(3) A disclosure made under paragraph (2) is not to be taken to breach any restriction, however imposed, on the disclosure of information.
The Society will monitor compliance with the Regulations and Rule 24 of the Solicitors (Scotland) Accounts etc Rules 2001 primarily through self certification by the profession on Accounts Certificates and on site monitoring at Guarantee Fund compliance monitoring visits.
Regulation requires to be and will be risked based and proportionate.
In so saying, the Society clearly recognises that firms that have no procedures, inadequate procedures or procedures which are adequate but are not complied with in practice, offer significant opportunities to clients who would attempt to launder money. Failings in procedural areas, whether or not there is any indication that money laundering has been attempted or has taken place, is a direct breach of Regulation 20 and will be dealt with accordingly.
A firm must be able to demonstrate the policies and procedures it has in place to comply with the Regulations and also compliance with those procedures.
Failure to document procedures will be taken as prima facia evidence that there are no procedures. The onus will be on a firm to demonstrate that this is not the case.
The Society is committed to education and training and seeks to assist members by providing this guidance. In addition the Society’s website will be used to highlight topical issues, including the inclusion of frequently asked questions (FAQ).
The Society invites dialog and constructive feedback on AML issues in general to ensure the support and guidance provided to the profession is as relevant and as helpful as possible.
The Society will seek Government approval of its guidance. You must be aware that this is of particular relevance in terms of Regulation 42(3), dealing with civil penalties and 45(2) dealing with criminal penalties for failure to comply with the regulations:
42(3) In deciding whether a person has failed to comply with a requirement of these Regulations,
the designated authority must consider whether he followed any relevant guidance which was at the time—
(a) issued by a supervisory authority or any other appropriate body;
(b) approved by the Treasury; and
(c) published in a manner approved by the Treasury as suitable in their opinion to bring the guidance to the attention of persons likely to be affected by it.
(4) In paragraph (3), an “appropriate body” means any body which regulates or is representative of any trade, profession, business or employment carried on by the alleged offender.
45 (2) In deciding whether a person has committed an offence under paragraph (1), the court must consider whether he followed any relevant guidance which was at the time—
(a) issued by a supervisory authority or any other appropriate body;
(b) approved by the Treasury; and
(c) published in a manner approved by the Treasury as suitable in their opinion to bring the guidance to the attention of persons likely to be affected by it.
(3) In paragraph (2), an “appropriate body” means any body which regulates or is representative of any trade, profession, business or employment carried on by the alleged offender.

Reliance
In terms of Regulation 17 a relevant person may rely on another person, falling within specified categories, to apply client due diligence. One of those categories includes an “independent legal professional”. It is possible that you may choose to rely on another party, with their agreement, or that another party may choose to rely on you, with your agreement. You must refer to the Regulations and Part 1 Guidance for more detail.
The JMLSG guidance includes styles of forms to use in these circumstances. The styles make reference to FSA Regulated / EU Regulated Financial Services Firm/ Non-EU Regulated Financial Services Firm which may not be appropriate to your particular circumstances. It is recommended that you adopt the appropriate style and revise the heading of the form after “Introduction by….” to reflect the correct information in terms of the persons defined in Regulation 17 (2). All reference to “FSA Reference Number”, where that is not applicable, may be replaced by “Name of regulator” and “Regulator reference number”.
Where you are being relied upon, you will disclose your regulator as “The Law Society of Scotland” and your Regulator reference number will be the number quoted on Guarantee Fund Department correspondence. It is a 5-digit number and can be confirmed by the Guarantee Fund Department, if required.
 
Reporting
Regulation 20 (d) refers to reporting, and cross-refers to Part 7 of the Proceeds of Crime Act 2002 and Part 3 of the Terrorism Act 2000.

Consent
You can make a report without requesting consent to proceed. If you require consent to proceed with a transaction please ensure you request it when making the report to avoid any undue delay.
Clients under investigation
Subject to Legal Professional Privilege, where you act for a client who you know is under investigation for a reportable matter, never assume you have consent to proceed or to carry out subsequent or unrelated transactions merely because the authorities know that you represent the client. If a client was under investigation for VAT evasion, for example, there may be grounds to suspect that any assets or funds of that client are the proceeds of crime. In accepting funds from the client or carrying out transactions relating to property you may be committing an offence if you have not obtained consent to proceed in each and every case.

Complaints by clients
Where a firm has been unable to proceed with a transaction as a result of having made a disclosure to SOCA and awaiting consent and the client makes a complaint to the Society, the firm may advise the Society of the position, without being guilty of tipping off. In such circumstances firms should contact the director of the Guarantee Fund, whom failing the director of Professional Practice. They will liaise with the client relations office at the appropriate level and with SOCA if necessary.
Retention of information relating to potential or actual suspicious activity reports
Where consideration has been given as to whether a matter requires to be reported or where a report has been subsequently made, the documentation should be retained in a secure file separate from the client’s file. In the event that a client were to mandate their file elsewhere there is a risk that the papers would not be identified and extracted which may amount to tipping off.

Legal Professional Privilege
There may be circumstances where a solicitor has legal professional privilege (LPP) and will not require to make information available to the authorities.
The regulations refer to LLP specifically at 37(7)
Power to require information from, and attendance of, relevant and connected persons
37 (7) A person may not be required under this regulation to provide or produce information or to answer questions which he would be entitled to refuse to provide, produce or answer on grounds of legal professional privilege in proceedings in the High Court, except that a lawyer may be required to provide the name and address of his client.
37 (11) In the application of this regulation to Scotland, the reference in paragraph (7) to—
(a) proceedings in the High Court is to be read as a reference to legal proceedings generally;
and
(b) an entitlement on grounds of legal professional privilege is to be read as a reference to an entitlement on the grounds of confidentiality of communications.
Client Confidentiality
Client confidentiality is not a defence against making disclosures and producing documentation to the authorities, unless it amounts to legal professional privilege. However, client information should not be handed over without court authority, which would normally be in the form of a warrant or a production order.