We have compiled answers to some of the most frequently asked AML queries to support the legal profession in complying with the regulations.
Remember, there is HM Treasury approved Guidance for the Legal Sector which you should familiarise yourself with if you have any queries on AML, along with lots of information across our own AML webpages, including a handy AML Toolkit.
We intend to update these pages periodically and as necessary with common questions from members.
Regulation 12(1) of the Money Laundering Regulations 2017 details the services which would bring a legal firm in scope for AML Supervision. These are –
(a) the buying and selling of real property or business entities;
(b) the managing of client money, securities or other assets;
(c) the opening or management of bank, savings or securities accounts;
(d) the organisation of contributions necessary for the creation, operation or management of
(e) the creation, operation or management of trusts, companies, foundations or similar
and, for this purpose, a person participates in a transaction by assisting in the planning or
execution of the transaction or otherwise acting for or on behalf of a client in the transaction.
While some of these are clear, we are often asked by members who, for example, work in family law, immigration or criminal defence, what constitutes “managing client money, securities or other assets”.
Although the Society does not advise on whether a firm should claim exemption from AML Supervision, we provide the following information in order to help firms come to a decision around what may not be managing client money.
The HMT-approved AML Guidance for the legal sector asserts –
“managing client money is more narrowly defined than handling it”.
Further, the guidance goes on to cover activities which are not covered by the regulations and lists –
- Payment on account of costs
- Provision of legal advice
- Participation in litigation or alternative dispute resolution
- Will writing
- Work funded by the Legal Services Commission
The view of the Law Society of Scotland is in line with the above. The following is a non-exhaustive list of actions which we do not believe amount to managing client money.
* Dispersal of funds as ordered by a court
* When acting in a divorce, dispersal of funds derived from the sale of marital assets when that sale was conducted by another practice, e.g. dispersal to your client of monies received from a separate practice which arise from the sale by that practice of the family home, most likely in terms of a Minute of Agreement
* Dispersing to your client an award arising from civil litigation e.g. a cheque received from an insurance company in connection with a personal injury claim.
* Dispersing to your client an award from the Criminal Injuries Compensation Board.
It is crucial to keep in mind that not undertaking any of the services in Regulation 12 above does not exempt you from statutory obligations under the Proceeds Of Crime act, particularly sections 327-329. You should always be vigilant to the possibility of money laundering through your business and your obligation to file a Suspicious Activity Report if necessary and therefore you should maintain a basic AML Policy and Procedure which would allow you to pass on basic due diligence to your supervisor or law enforcement.
Please also note, though your firm may be exempt from AML Supervision at a given time, if you should under take any business in future which does bring you within scope of Regulation 12(1) as detailed above, you must inform us timeously and comply with the AML Registration and AML Certificate processes.
The Association of Certified Anti Money Laundering Specialists (ACAMS) defines crowdfunding as
“the procedure of raising expansive amounts of cash from numerous people who are interacting via the internet in online consumer communities”
Crowdfunding brings with it various AML considerations, not least around identity and obfuscation.
Here are some quick tips on what to think about when considering business with crowdfunding…
- Is the crowdfunding platform regulated?
- Some crowdfunding in the UK is done through an FCA-regulated platform, which may give a higher degree of comfort.
- Is the payment service linked to the crowdfunding regulated?
- What electronic payment service is being used to transfer funds and is it regulated?
- What is the purpose of the funding?
- If the funding is intended to purchase an asset or could be recoupable in some way (paid into a trust or similar), this makes it inherently higher risk.
- Why is the funding being sourced in this way?
- Are you comfortable about the narrative you are given about why crowdfunding is being used as opposed to other traditional methods?
- Who can you identify/verify?
- If the recipient of the funds is a charity, or if the funds are to be used to inflate a trust, confirm the ownership and control structure of the entity in question.
- It stands to reason that crowdfunding will make it difficult to carry out due diligence on every source of funding. However, you should still expect to be able to identify and verify relevant parties. These could be the individual(s) behind the idea, those controlling the funding or those donating over a certain % of the funds (due diligence should be performed where this individual donates significantly more in comparison to other contributors). You should be comfortable that you are able to show you have gathered adequate due diligence,
What other typical AML rules apply?
Apart from “crowdfunding specific” considerations, you shouldn’t lose sight of the normal checks undertaken for AML, what the client’s background is, and including other factors such as high risk jurisdictions, PEPs, layering, value of transaction etc.
There is no panacea regarding due diligence where crowd funding is concerned - however you should clearly articulate and record the factors you have taken into consideration regarding your risk assessment, the due diligence performed and why you have performed it on specific individuals involved. EDD should be considered in cases where high value assets or recoupable payments are involved.
Regulation 4 (3) states:-
“For the purposes of these Regulations, an estate agent is to be treated as entering into a business relationship with a purchaser (as well as with a seller), at the point when the purchaser’s offer is accepted by the seller.”
On the face of it, this might mean that a selling solicitor has to, as part of their estate agency service, AML check the purchaser as well as their client.
Estate agent is defined in Regulation 3, General Interpretation:-
“estate agent” has the meaning given by regulation 13(1);”
Regulation 13(1) states:-
“In these Regulations, “estate agent” means a firm or a sole practitioner, who, or whose employees, carry out estate agency work, when the work is being carried out.”
Estate agency work is defined in Regulation 13(2). The relevant part is underlined.
“For the purposes of paragraph (1) “estate agency work” is to be read in accordance with section 1 of the Estate Agents Act 1979(a) (estate agency work), but for those purposes references in that section to disposing of or acquiring an interest in land are (despite anything in section 2 of that Act) to be taken to include references to disposing of or acquiring an estate or interest in land outside the United Kingdom where that estate or interest is capable of being owned or held as a separate interest.”
Section 1(2)(a) of the Estate Agency Act 1979 is immediately below. The relevant part is underlined.
This Act does not apply to things done—
(a)in the course of his profession by a practicing solicitor or a person employed by him or by an incorporated practice (within the meaning of the Solicitors (Scotland) Act 1980) or a person employed by it;”
- The 2017 Regulations define estate agency work in terms of an Act which does not apply to our members.
- For that reason, it is our view that solicitors are exempted from the definition of ‘Estate Agents’ in the 2017 Regulations.
Therefore, Regulation 4(3) does not apply to our members.
Source of Funds (SoF) relates directly to the literal origin of funds to be used in a transaction.
This is likely to be a bank account. Generally, this would be evidenced by bank statements or similar. When recording the Source of Funds you should record the:
Amount and currency
The remitting account details (bank, account number, sort code, name on account)
The transfer type (BACS, CHAPS, etc)
In circumstances where a client declares that they have been given funds for a transaction from a third party (e.g mum and dad financing a house purchase deposit) you may wish to record information relating to that original transaction too.
Where you have undertaken your client/matter risk assessment and you have deemed the client/transaction to be of higher inherent risk, you should complete Enhanced Due Diligence (EDD). As part of your EDD process, you should request historic bank statements to evidence incoming payments to the remitting account to establish the transaction value in order to be comfortable about where the monies originally came from.
As above, where monies have been received from a third party (e.g. mum and dad financing a house purchase deposit) you should verify this again by requesting bank statements and other relevant documentation relating to this transfer into your client account.
Crucially, Source of Funds evidences the transit of the funds, so you should be comfortable that you have evidence commensurate with the risk.
Source of Wealth (SoW) is the origin of the accrued body of wealth of an individual.
Understanding SoW is about taking reasonable steps to satisfy yourself that the funds to be used in a transaction are not the proceeds of crime.
In a low/medium risk transaction, you may be comfortable only identifying the SoW - asking and recording how the client has accrued their wealth.
Where you have undertaken your client/matter risk assessment and you have deemed the client/transaction to be of higher inherent risk, you should be completing Enhanced Due Diligence (EDD). As part of your EDD process you should verify the SoW with evidence obtained from the client and/or independent sources until you are comfortable that you understand and can evidence where the client's wealth has been derived from and (to the best of your knowledge) is legitimate.
You should also document your rationale in a file note.
This table gives a few examples of ways you might consider evidencing Source of Wealth.
When addressing SoW, consider -
- Whether you are comfortable that the funds are not the proceeds of crime
- Whether the SoW is commensurate to your client in general i.e. does it make sense that the client in front of you obtained their wealth in the way that they have advised you?
Remember, you should document your decision-making processes and your reasons, along with any evidence you obtain for Source of Funds and Source of Wealth.
There are certain jurisdictions around the world which have been deemed as presenting various risks in terms of the funds you may receive from them (for example increased risks of money laundering, corruption, bribery, tax evasion etc).
Risk profiling countries is a difficult task and there is no single global arbitrator on this. For example, the US State Department's Money Laundering Assessment is separate from Transparency International's Corruption Index.
We have some useful links in our Jurisdictions and Sanctions section found on our Additional Support page.
In light of the information in these resources, should you deem the client or transaction to be of higher risk, based on jurisdictional risk and/or other factors, Enhanced Due Diligence should be applied. This would include verification of the source of wealth involved in the transaction, as per the previous FAQ.
Remember, certain jurisdictions, entities and individuals are sanctioned. This is different from the client/transaction or jurisdiction simply being of higher risk and it may preclude you from acting without applying for a licence to do so from the Office of Financial Sanctions Implementation (OFSI).
You should consult the UK government website for further information before progressing any such business. You may also wish to speak to our Professional Practice helpdesk.
A method for screening clients for Sanctions, Politically Exposed Persons (PEPs) and adverse media should be part of your usual procedures. You should implement a procedure relative to the size and nature of your business i.e. you may wish to carry out manual public sources checks or you may wish to employ a third party electronic platform to carry out these searches for you. See our later FAQ on electronic providers.
You will find helpful information in the Financial Sanctions Guidance provided by The Office of Financial Sanctions Implementation (OFSI), (which is part of HM Treasury) and the UK Sanctions List on the UK Government website.
If your client cannot attend your office at any point in the transaction, you may first wish to consider why. A client who avoids much interaction with you may be a red flag, especially if that client is local to you. You should also consider any compounding risk factors.
There will, of course, be times where a client legitimately cannot attend. In this instance you should obtain a copy of their ID which should be certified by an appropriate person. The UK Government website lists these persons. You should be satisfied that the person certifying the document genuinely holds the position they claim to.
Alternatively, you may wish to use R.39 "Reliance" to obtain relevant Customer Due Diligence (CDD) information (including ID and verification) on your client from another regulated professional. This is different to simply obtaining an appropriate certified document. For further information on using this regulation please see the Legal Sector AML Guidance. Please note that at all times the relying firm will remain responsible for the adequacy of the due diligence you obtain under the terms of R.39.
If your client is not attending and someone else claims to be acting on behalf of this person, this is a separate issue and you must (under Regulation 28.10) verify that that person acts on behalf of your client as well as verifying the representative's identity.
There may be legitimate requests to send payments to a third party (e.g. pay Registers of Scotland or similar providers necessary to the smooth running of the underlying transaction) and therefore there is no Accounts Rule permitting or disallowing this, however, you should keep in mind that there are risks associated with undertaking this, especially if the request is unusual or there appears to be no normal business rationale for doing so. This may represent a risk as these payments can circumvent all the good CDD work you have carried out on the parties in a transaction. We therefore do not recommend paying money to a third party, other than in the normal course of business.
Generally, we recommend paying funds back to the client, who can transfer it on from there.
There are various commercial providers of electronic identification/verification (including Sanctions, PEPs, Adverse Media Checkers, Company Registry Information Providers, and verification of Identification Providers), which collate information from sources such as electoral rolls and other governmental records, credit agencies etc.
These may be acceptable as part of Identification and verification however the onus is on you to take appropriate steps to understand how the tool works, where it derives its data from, how it searches and be satisfied as to the validity and reliability of the information the tool is reporting. Further, you should consider the GDPR/Data Protection implications for incorporating one of these systems into your procedures.
Please note, we do not endorse any particular provider of these services, nor can we make any statement regarding the quality of the underlying data they use or how they collect/use/store this, or your client's data.
Your AML policy statement is the organisation-level document which sets out your approach to AML within your business. You can find an outline policy here, which outlines all necessary sections. Please tailor this to the individual circumstances of your business.
Where you conduct any business on an ongoing basis or which has a recurring element, you must conduct ongoing monitoring. This allows you to ensure you remain compliant. The Money Laundering Regulations stipulate that ongoing monitoring must include;
- Scrutiny of transactions to ensure that the transactions are consistent with your knowledge of your customers business and risk profile
- Undertaking reviews of existing records and keeping the documents or information obtained for the purpose of applying customer due diligence measures up to date.
For long-term business/clients, you should have a clear policy and procedures around how often, and in what way, your AML checks are to be refreshed. At a minimum you should assess the service provision, any changes in ownership and Identification and verification documents for anything which may represent a material change to the risk profile or the validity of your records. These refreshes should be recorded by your business.
If a transaction/matter is undertaken over a more significant timeframe (where significant factors may change such as those involved in the transaction, the amounts involved or even the underlying assets) it may be necessary to undertake interim risk assessments to ensure the risk profile of the transaction has not changed. These interim assessments should also be recorded.
The 2017 Money Laundering Regulations dictate that where “there is more than one supervisory authority for a relevant person, the supervisory authorities may agree that one of them will act as the supervisory authority for that person.”
We have agreed a memorandum of understanding, with the Solicitors Regulation Authority, which assigns responsibility for AML supervision, based on the location of law firms’ registered offices.
For clarity, firms whose registered offices are in Scotland will be supervised for AML compliance by the Law Society of Scotland and the Solicitors Regulation Authority will supervise firms whose registered offices are in England or Wales for AML compliance.
Read more here.
When verifying the identity of a Client, pursuant to Regulation 28 of the Money Laundering Regulations 2017, it is generally understood that you will request to see an identification document, such as a passport, and an original proof of address for a natural person as a minimum.
In order to evidence the date received and, indeed, that you have seen the individual and the documentation at the same time, we recommend that you certify with copies with a statement similar to the following –
For the ID document:
“Having seen the individual and the identification document at the same time, I certify that this is a true copy and the photograph bears a reasonable likeness of the individual.”
For other documentation, such as a proof of address:
“Having seen the original and the photocopy at the same time, I certify that this is a true copy of the same.”
For both of the above, the certifier should include the following–
- Name of Firm / Organisation
- Contact details, namely their physical address and / or email address plus a contact number
The same applies to certifying the due diligence documentation for any legal entity or arrangement such as a Trust and the connected Principals.
Furthermore, when requesting due diligence from a Third Party such as another regulated entity / relevant person, you should ensure that you receive the original copies of the documentation with a similar statement to those suggested above, signed and dated.
If applicable, the certifier should include the relevant professional body of which they are a member as well as their membership number.
Please note: It is your decision using the risk-based approach as to whom you regard as a suitable certifier. Furthermore, this process should be clearly documented in your policies, controls and procedures.