The Joint Money Laundering Steering Group (JMLSG) has released new draft guidance for banks and other financial institutions regarding the treatment of ‘Pooled Client Accounts’ (PCA) for Anti-Money Laundering (AML) purposes. Broadly speaking, this guidance means that practice units can now expect more contact from their client account holder about potential Anti-money Laundering (AML) risks arising from the operation of that account.
The JMLSG is a private sector body made up of leading financial services sector trade associations.
Compliance with JMLSG guidance is considered closely by the Financial Services Authority (FCA) in the context of any disciplinary action or criminal prosecution they may take against banks or financial institutions, during the course of their AML supervisory work. Departure by banks from the guidance may need to be justified to the FCA.
This guidance may have significant implications for legal firms, many of which use client accounts to administer clients’ funds, co-mingling them and transferring them as appropriate.
The key features of the JMLSG guidance are summarised below – Money Laundering Reporting Officers, cash-room managers and compliance officers are advised to read the full guidance and carefully consider how their businesses may be impacted.
Your bank should be satisfied as to the purpose of the client account, including likely deposit sizes and transaction sizes and types, as well as your exposure to industries and geographies of known AML risk.
Your bank should consider the risk impact of the account, for example, whether the account will be used for a limited, domestic purpose, whether your law firm is supervised for AML Compliance by a body such as the Law Society of Scotland or the Solicitors Regulation Authority, and what services the account opener will provide while using the account. The bank must also take reasonable measures to satisfy itself that the firm it provides the client account to, applies robust and risk sensitive customer due diligence (CDD) measures to its clients, in line with its obligations under the Money Laundering Regulations (MLRs)
Your bank must enter into a written agreement with your firm, in which you agree to provide, upon request, information on the identity (including verification documents/data) of the owners of the funds held in the account(s). The timescale associated with such requests must be reasonable in the context of the business relationship, but must allow the bank to comply with the terms of any court order should one arise relating to the client account it holds on behalf of your firm.
If your bank assesses your firm as having a low AML risk, it may choose to apply Simplified Due Diligence. However, where the bank assesses the risk to be anything other than low and Simplified Due Diligence cannot be applied, the guidance details that the bank must “either take reasonable measures to identify and verify the identity of the owners of the funds held in the PCA (e.g. by entering into a formal reliance agreement allowed under the MLRs), or take measures to decrease the money-laundering /terrorist financing risk until simplified due diligence measures can be applied.” Examples of measures the bank could apply are listed in the guidance.
It is important that you consider what this draft guidance might mean for your business. It could be that some of the following actions may be taken by your bank in the future.
- You may be asked to enter into a written agreement with your banking provider, as described above
- The terms of business between you and your bank may be amended and/or you may be asked by your bank to amend your own terms of business for your clients, allowing for GDPR-compliant transfer of information. You may be asked to provide a firm level risk assessment, AML policy and procedural documents and/or other documentation to satisfy the bank as to the level of AML risk in your business, and the strength of your AML controls.
- You may be asked to enhance your AML procedures to a level that satisfies your bank. The bank may otherwise impose restrictions on the use of your client account or the types of client whose funds you can accept, conduct further/enhanced due diligence on your firm or, in extreme circumstances, the bank may demand that you enhance AML controls as a condition of the continued operation of your client account.
- The guidance states that banks should allow firms reasonable time to implement any improvements or measures requested, taking into account the level of AML risk, the complexity of the relationship, compliance with regulatory obligations as assessed by their supervisor, legal privacy issues and the perceived level of co-operation by the firm.
The guidance is live and effective now. We are aware that banks have already started reviewing and updating their policies and procedures to align to it, and therefore you should be prepared to hear from your client account provider relatively shortly regarding any changes they will make to comply with the guidance.
The more robust your AML measures, the better placed your firm will be to respond. We would therefore strongly suggest your firm familiarises itself with the guidance and reviews its AML policies and procedures to ensure they can meet the requirements therein.
You can find further information and support to help your firm meet its AML requirements on our AML pages.