The SRA regularly visit law firms to monitor their compliance with AML regulations.
Whether your law firm has received notice from the SRA about an impending visit, or you just want to be prepared (which we wholeheartedly advise), keep reading to get ahead of the game.
There are several reasons why the SRA might contact your firm:
- A proactive visit as part of a rolling programme
- Following a report or complaint from a customer
- As part of standard thematic work
- Intelligence received from the NCA
There are almost always some advisory or best practice comments following an SRA visit, regardless of the overall compliance result.
What to do if you get a SRA letter
The first thing to do is not to panic!
If you are offered a choice of dates for the SRA visit, try to choose the furthest in advance to give your firm as much time as possible to prepare. View the impending SRA visit as a collaborative exercise; they want to work with you, not against you.
Review your firm wide risk assessment and your policies, controls and procedures (PCPs) in advance and check that they are working in practice, as these will be tested throughout the visit.
In advance of your SRA visit...
Your firm will be sent a pre-questionnaire for completion ahead of review, together with a request for AML documents in advance. The SRA will interview your officers responsible for AML, including your MLCO and MLRO if they are different individuals. They will also typically want to speak with two fee earners to check their understanding of the Regulations and what is happening in practice.
In addition to this information, the SRA will want to review 4-8 files – including a review of your firm’s matter ledgers. The number of files as well as the number of fee earners interviewed will depend upon the size and nature of your practice.
Will we have a choice about which fee earners are selected for interview by the SRA? No
What else will the SRA want to see?
- AML policy and procedures
- CDD and Source of Funds procedure if separate
- Client care documents, including client questionnaires
- Client and matter risk assessments
- Procedure for monitoring compliance
- Training delivery logs
- Central registers
Your firm's written PCPs
Kate Burt, Legl’s Head of Risk & Compliance, revealed that there are some commonalities when it comes to omissions from written PCPs. To ensure that your law firm is compliant when the SRA come knocking, it makes good sense to prepare in advance:
- An overview of the ID&V process
- How often staff screening takes place – who, how and when
- How often staff training takes place – who, when, what, and how it’s recorded
- The process for auditing compliance with the policy
- The process for handling unexpected or accidentally deposited funds
- The requirement to undertake CDD on representatives and agents
- What happens if a client cannot provide relevant ID to pass CDD
- How and when your firm deals with enquiries from the authorities or regulators
- A statement of BOOMs and the process for notifying your regulator
Kate's Top Tip: Read the 36 High Level Compliance Principles set out in the LSAG guidance for a good starting point
There are things your firm can do across the board to be proactive about SRA visits.
The first one is to ensure that your AML officers understand their obligations and have sufficient resources to do their roles. In addition to keeping your PCPs up to date, you must test the effectiveness of them and put plans in place to make all your documentation readily available.
If training at your firm is an issue, there are companies available who can set up training quickly in readiness for a SRA visit and who will provide documentation to verify that the training has taken place.
How can technology help law firms with SRA visits?
The role of tech can play a big part in helping your law firm to be fully compliant with the SRA.
The right technology helps law firms to manage risk and reduces breach occurrences caused by human error. Other benefits of legal tech include:
- Helping to apply consistent processes across the practice
- A single source of truth for client due diligence throughout the client lifecycle
- Delivering transparent audit trails for SRA visits
Bear in mind that the SRA will ask how your firm’s tech stack is secure from fraud, and how it provides an appropriate level of assurance for CDD. Your tech supplier will be able to give you the information required to show the regulators
Seek tech for ease of use to ensure company-wide buy-in
How can Legl help with your SRA visit?
If you’re seeking a tech solution to get ahead of the game and prepare properly for a SRA visit, Legl can help.
Legl helps you to meet regulatory requirements, reduce risk, and drive streamlined processes internally.
