Kayleigh Smale
Get AML audit ready: Hints and tips to avoid common pitfalls
Part 2 - Policies Controls and Procedures
Welcome to our next instalment of “Get AML Audit Ready.” In this article, we will discuss the common pitfalls to watch out for in your AML Policies, Controls, and Procedures (PCPs).
While having AML PCPs is a legal requirement, implementing effective AML measures ultimately protects the firm. Each firm faces unique risks and has a different risk appetite, so it is important to tailor your AML PCPs to your firm's specific needs.
So, let's dive into the common AML pitfalls to watch out for when preparing and updating your AML PCPs.
The requirement to report material discrepancies to the registrar of companies.
Under the Money Laundering Regulations (MLR) you must collect an excerpt from the relevant register and report any discrepancies you find in relation to the beneficial owner of your client to Companies House as soon as possible. As of 1 April 2023, only discrepancies which are “material” are reportable, so not typos or minor spelling mistakes and you only need to report a discrepancy if it can be reasonably linked to money laundering, terrorist financing or concealing details of the company.
This is something that is often missed from firms’ PCPs. It’s important to make sure staff are aware of these changes and that you have a clear policy and procedure to follow should they find themselves in this situation.
Do you have a process for transactions which might favour anonymity?
Do you have a process for transactions which might favour anonymity?
Firms need to be on the lookout for clients who want to stay anonymous —they might be trying to launder money! Staff need to know to watch out for clients who are evasive about proving their identity, provide unusual documents, or try to take too much control over how things are done.
Although most firms would not intend to act for anyone in these circumstances, staff guidance is often omitted from PCPs. If you wouldn’t act for a client in these circumstances include this in your AML PCPs.
Make sure your PCPs include the firm’s process for Reliance.
There is a provision within the MLR (Reg 39), where in some cases, you can rely on another regulated professional to perform Client Due Diligence (CDD) for you, provided they agree to do so. Relying on another professional's CDD checks doesn't always mean you'll see the documents and if they haven’t completed the CDD correctly, you will still be responsible for any non-compliance with CDD requirements. Because of this risk, most firms choose not to use this provision and prefer to conduct their own CDD checks.
Whether you decide to accept reliance or not, it's essential to have a documented process for staff to follow within your AML PCPs.
Don’t forget Proliferation Financing
Proliferation financing involves financial support for the spread of weapons of mass destruction or their delivery systems. This means giving money or resources to people, groups, or countries involved in making, getting, or using weapons of mass destruction. The goal is to stop the spread of these dangerous weapons and technologies that threaten global security.
From April 2023, law firms are required to assess the risks of proliferation financing, which includes having PCPs in place for identifying matters at high risk of being related to proliferation financing. This one is a bit tricky, as regulators have indicated that the risk of proliferation financing will be low for most law firms. However, the risk may be higher for firms providing services in the following sectors:
- Trade finance
- Commercial contracts
- Manufacturing, particularly in relation to dual-use goods
- Commodities, particularly mined metals and chemicals
- Shipping/maritime
- Military/defence
Regardless of the sector, all firms must have robust policies and procedures in place to address these potential risks.
Does your firm allow Simplified Due Diligence (SDD)?
Whatever your answer, make sure it’s recorded in your AML PCPs.
SDD is the simplest form of due diligence, but it should only be used when you're sure the client is low risk for money laundering or terrorist financing. Even if you decide SDD can be applied, you will still need to consider source of funds and source of wealth.
Enhanced Due Diligence (EDD) - do your staff know what to do if their client and/or matter is high risk?
Many firms include an EDD section in their AML PCPs to inform staff when EDD needs to be applied. However, this often doesn't specify the steps staff should take to carry out EDD. Let's use Politically Exposed Persons (PEPs) as an example. EDD must be applied when acting for a PEP, and staff must also:
- obtain senior management sign-off for the business relationship;
- obtain evidence of both source of funds and source of wealth; and
- conduct enhanced ongoing monitoring of the business relationship.
In my experience, the above three points are usually included in the AML policy. However, there would often be nothing to explain to staff:
- the name of the member of senior management responsible for signing off PEPs and what the escalation process is;
- what evidence should be requested for source of funds and source of wealth;
- what additional evidence to gather to ensure they are applying EDD; and
- how often they should conduct ongoing monitoring.
Providing detailed guidelines for these steps is essential to ensure staff can effectively apply EDD.