5.2.1 Beneficial ownership – the practical challenges

Described as the ‘single most difficult aspect’ of the UK AML regime, beneficial ownership requirements presented a ‘huge number’ of issues for participants.¹⁷ As one participant stated, ‘Is it difficult? – yes. Is it time-consuming? – absolutely.’¹⁸ Complying with UK beneficial ownership requirements is resource intensive for law firms in every sense. As one compliance participant recounted:

We spend a lot of money and time trying to get beneficial ownership information, it’s what takes the most time for us.¹⁹

As all participant firms were large commercial law firms, their client base was predominantly corporate in nature. Yet the beneficial ownership challenges do not lie with listed companies, as confirmed by the transactional partner who said, ‘if the ownership is simple, like it’s a listed company, it’s dead easy.’²⁰ Nor do they lie with EU private companies on the basis that:

in jurisdictions like the UK where there’s a lot of shareholder information available on corporates, those are not difficult.²¹

Rather, beneficial ownership issues arose in relation to two features: (a) the involvement of clients in non-EU jurisdictions, and (b) in respect of certain types of clients: namely trusts and private equity clients. Each of these features will now be explored.

5.2.2 Register of people with significant control

Participants were asked for their views on the PSC Register, outlined at the start of this chapter. The PSC Register brings to fruition one of the commitments made by the UK at the Anti-Corruption Summit held in London in May 2016 and was yet to be fully implemented at the time of the interviews.⁵³ Many participants felt that the PSC Register would proffer some benefits, although many participants also expressed their reservations. As one deputy MLRO noted, ‘it will make it easier, but is it a panacea? – no, it’s definitely not.’⁵⁴ The PSC Register will assist law firms in fulfilling some of their beneficial ownership obligations in respect of UK entities with two caveats: (i) law firms may not rely solely on the PSC Register when conducting beneficial ownership CDD, and (ii) a PSC is not always the same as a beneficial owner as defined under MLR 2017.⁵⁵ The register will not assist, however, in respect of those non-EU jurisdictions which pose the greatest compliance challenge for law firms operating an international practice. As one deputy MLRO noted, reflecting on their firm’s client demographics, the PSC Register would probably make, ‘not a huge amount of difference based on the profile of who we act for.’⁵⁶

There is a further issue with the information held at Companies House in that it is both ‘largely unverified’ and ‘sometimes inaccurate’.⁵⁷ The Economic Crime Inquiry Report noted the weaknesses in this area, both in that AML checks were not required on incorporation, and that Companies House had ‘no powers to verify information on the register’.⁵⁸ It is for this reason that FATF designated improving the quality of information on the PSC Register as a Priority Action for the UK in its mutual evaluation report in 2018, with reforms due at the time of writing.⁵⁹ Such reforms are targeted at enhancing Companies House’s powers to check the information submitted to it.⁶⁰

5.2.3 Vulnerabilities in the UK beneficial ownership requirements

Participants raised a number of issues in relation to the UK’s beneficial ownership provisions. Such vulnerabilities are explored below.

5.2.4 Concluding comments on beneficial ownership

Establishing the beneficial ownership of their clients is undoubtedly costly, time consuming and challenging for participants, particularly in relation to those jurisdictions that do not have comparable disclosure obligations in place and in respect of certain clients such as trusts and private equity funds. Dedicated money launderers will always try and circumvent any AML regulatory system in place, or simply fail to declare their ownership interests in an act of pure deceit. Nor will the inevitable and frequent changes in ownership interests that form part of a legitimate business economy cease to be effected, meaning that any beneficial ownership register will almost immediately be out of date.

The majority of participants had no view, were ambivalent, or found the 25% beneficial ownership threshold satisfactory. The reason behind such ambivalence may be influenced by the view, vocalised by a number of participants, that beneficial ownership issues lie not in any threshold percentage, but rather in the level of control exercised over an entity.

There are many changes underway in this area. For example, the reforms to Companies House proposed by BEIS, if adopted, will strengthen its powers to check information on its registers. The scope of PSC requirements has also expanded since the interviews took place to include Scottish Limited Partnerships.⁸⁴ Once 5MLD is transposed, lawyers in the regulated sector will be required to notify Companies House as to any discrepancies between information collected during CDD, for example, and the information appearing on the PSC Register (voluntary notification may be made prior to this). 5MLD also extends the trust registration requirements to include all UK express trusts, as well as non-EU express trusts which acquire UK real property or enter into a new business relationship with a relevant person such as a law firm.⁸⁵ Any person may request beneficial ownership information on trusts holding a controlling interest in non-EEA corporate structures.⁸⁶ At the time of writing the draft Registration of Overseas Entity Bill is also moving towards finalisation, with the intention that the register be operational by 2021.⁸⁷

There are a number of issues that need to be addressed globally in order to enhance the transparency that the beneficial ownership requirements were set up to achieve. One is dispensing with nominee shareholdings, with the limited exception of narrowly defined categories to be determined following consultation in the area, coupled with a requirement to disclose the nominator across all jurisdictions. This would serve to swing the transparency pendulum in favour of a legitimate economy.

The other response required is an increased global move towards transparency in other non-EU jurisdictions. Since the establishment of FATF, there has been an increased global focus on tackling money laundering: indeed FATF is itself a global AML standard setting body. Central beneficial ownership registers are required across the EU under 4MLD, to be interconnected in due course.⁸⁸

It may well be possible in years to come, therefore, to implement a global register of beneficial ownership interests in relation to those nations implementing FATF Recommendations. This is the route contemplated by the compliance participant whose view was that, ‘if you could get a proper register globally you know well that would be really helpful but you, it’ll be years before you get that.’⁸⁹ This may well assist in the decades to come as there are already movements afoot in the form of a publicly available global Legal Entity Identifier detailing the entity’s ownership structure.⁹⁰ Its voluntary nature may limit its utility insofar as the committed launderer is concerned.

5.3.1 The administrative burden of equivalence

Particular issues were raised by participants with regard to determining whether equivalent specified disclosure obligations applied to non-EEA listed companies. This quest for ‘equivalence’ undoubtedly imposed a burden on law firms in that it required a detailed analysis of the listing rules across multiple jurisdictions. Whilst some guidance existed, most notably that produced by JMLSG, such guidance was not definitive in nature and was scattered with caveats throughout.⁹⁵ As one participant noted with regard to establishing equivalence, ‘it’s not easy and you just have to try and work your way through on a case-by-case basis.’⁹⁶ The challenge with regard to equivalence was detailed by the compliance participant who said:

to work out whether or not a market qualifies for equivalence you’ve got to look at three different pieces of European legislation and each, within those three different pieces about six specific sections and it’s just next to impossible.⁹⁷

Despite this challenge, participants were fairly evenly split between those who desired more robust guidance on equivalent markets to be produced, and those who either had no view or no issues with the application of SDD. Those participants who either had no view on, or no issues with, equivalence were virtually all transactional participants. This view may be attributable to the fact that in a large commercial law firm with a developed compliance function, such participants are typically not personally tasked with establishing whether equivalence provisions apply or not.

The views of those participants who wanted more robust guidance on equivalence in relation to regulated markets were typified by the MLRO who commented simply that any such equivalence guidance would be ‘enormously helpful’ on the practical basis that, as expressed by another participant:

there is so much that is left to the firms to grapple with and understand … that’s one less thing to try to work out.⁹⁸

5.3.2 A holistic approach to SDD

Some participants reported adopting a far more holistic consideration of their clients, with their qualification for SDD forming only one aspect of several in terms of risk factors attaching to a client. This was expanded on by the compliance participant who explained:

A list of exchanges is helpful but it’s only helpful to the degree that you caveat it and say ‘well this actually gives you some indication of what the requirements are, and what the disclosure obligations are’, but you’ve always got to say ‘okay well it’s prima facie low-risk’, but you need to look at the other factors to make sure that you’re comfortable.

This holistic approach was echoed more bluntly by the deputy MLRO who said:

we’re not just going to say because you’re listed on an exchange in, you know, Moscow that you are now simplified due diligence … the very low hurdle is regulatory compliance, but then the higher hurdle is reputational risk management … when you’re looking at things like Russia we want to have a higher bar and, you know, we’ll raise it ourselves.⁹⁹

5.3.3 Concluding comments on SDD and equivalence

Under Regulation 37 MLR 2017, the preordained categories formerly attracting SDD are replaced with provisions enabling a law firm to apply SDD:

if it determines that the business relationship or transaction presents a low degree of risk of money laundering.¹⁰⁰

Such determination will be made, inter alia, by reference to a number of risk factors surrounding any given client, product or jurisdiction. This approach was supported by many respondents during the HM Treasury 4MLD consultation process as an approach that fosters a risk-based approach to AML, whilst providing for emerging risks and avoiding a ‘tick-box’ approach.¹⁰¹

When assessing whether to apply SDD, a firm must take account of risk factors including whether the client is a company listed on a regulated market.¹⁰² The concept of equivalence is retained within the definition of a ‘regulated market’, capturing those non-EEA markets which apply disclosure obligations ‘equivalent’ to those specified under EU legislation.¹⁰³ In addition, the law firm must also consider the location of that regulated market.¹⁰⁴

The responsibility for assessing whether SDD applies to their clients now lies exclusively with the law firm itself, and no automatic categories apply. Therefore participant law firms will continue to undertake their own in house SDD categorisation and due diligence on equivalence in the absence of a definitive list. At the time of the interviews, SDD provisions were being debated as part of the 4MLD transposition process. Therefore it was not possible, as it has been with some of the more static provisions of the regulations, to canvass the views of participants as to the general SDD provisions of the MLR 2017.

Going forward, it is the author’s view that particularly risk-averse law firms, who may be unwilling to tie themselves to a determination of SDD which may prove to be misjudged in hindsight, may simply opt to conduct standard CDD on a greater proportion of clients.

5.4.1 The definition of PEPs and identifying PEPs

Many law firms use third party service providers in order to identify PEPs.¹¹⁹ Many of those providers in turn apply a more expansive interpretation of the concept of a PEP to their searches. This expansion was identified as a source of ‘intense annoyance’ to one MLRO, and a feature which leads to ‘significant over-compliance’ according to the Law Society, resulting in ‘high levels of false-positive identification of clients as PEPs’.¹²⁰ The effect of this, as several participants noted is that ‘our service providers sometimes seem to use a wider definition’ with the result that they are:

operating with a completely different set of PEP definitions … I mean they go to any sort of link to any level of government – they’ll put a PEP label on there, so there are aspects of that that are becoming quite tricky to deal with.¹²¹

In contrast, several participants reported that their firms were actively electing to expand upon the strict definition of a PEP in the MLR 2007. Hence some firms were already applying EDD to domestic PEPs on the basis that they were operating an international practice. One compliance participant expanded on this approach as follows: ‘the reason we’ve always done that is because when we take a client in any given country, we want them to be transferable to another country.’¹²²

Others still were choosing to operate their firms using a wider PEP definition as a matter of course, as illustrated by the participant who noted:

we tend to widen that out a bit to incorporate oligarchs and people that have a very large footprint in the countries in which they operate.¹²³

A wider approach was also adopted on a case-by-case basis according to the MLRO who concluded:

if we feel that there is something that goes beyond, has a wrong smell about it, but isn’t strictly within the PEPs definition, then we’ll take the cautious, cautious approach.¹²⁴

5.4.2 Should EDD apply automatically to PEPs?

It may be recalled from earlier in the chapter that EDD applied automatically to PEPs under Regulation 14 MLR 2007 on a risk-sensitive basis. Regulation 33 MLR 2017 carries forward this automatic application of EDD to PEPs, the extent of which thereafter will be determined according to risk.¹²⁵ A number of participants felt that EDD should apply to all PEPs automatically due to the nature of the ill it is designed to address, and on the basis that it is difficult for any law firm to effectively distinguish between PEPs. This issue was highlighted by the MLRO who noted:

it is very difficult to find a line which enables you to draw a distinction between one PEP and another, but I think politically exposed persons because they have power to influence money and government and do an awful lot of damage … I think you just look at the lot.¹²⁶

This aspect of PEP identification was expanded on by the MLRO, who in respect of the difficulties surrounding drawing distinctions between PEPs stated:

trying to sort out good PEPs from bad PEPs would be difficult but you know a good PEP and a bad PEP broadly, I mean it’s much easier in the European context, but in the Chinese context, the fact that so-and-so is political commissar … for the region’s industry wing and he’s on the board of this company we want to act for – what does that mean? Very difficult for me to gauge.¹²⁷

Others felt that automatic EDD in relation to PEPs was one aspect of a more generalised sense of professional good practice. On this basis, automatic EDD was deemed to be, ‘rightly rigorous’, ‘a good standard for us all to be setting’ and appropriate.¹²⁸ As one transactional partner added:

it’s inherent in the definition that there is higher-risk so it’s, you’ve already passed a risk threshold of sorts.¹²⁹

A larger number of participants, however, felt that EDD should only apply to PEPs using a risk-based approach. This view was typified by the MLRO who recounted:

I get a lot of PEPs escalated to me who are technically PEPs within the meaning, and frankly there is absolutely no reason for the escalation to me.¹³⁰

A couple of participants went on to highlight the fact that the automatic application of EDD actually served to detract from other areas of risk for the profession. This was articulated best by the compliance participant who said:

it’s a huge source of frustration, I think in many ways the PEPs thing disguises the importance and risks of other elements of money laundering because people think ‘Ah, good news, it’s not a PEP therefore I probably don’t need to push on source of wealth’.¹³¹

5.4.3 What counts as EDD?

Several participants expressed concern over the lack of any real clarity as to what EDD measures to apply once a PEP had been identified in any event, or as one MLRO said, ‘what the exact requirements are around the extent of the enhanced due diligence.’¹³² This is because MLR 2007 were not overly prescriptive with regard to EDD measures applicable to PEPs – other than mandating senior management approval, the regulations required ‘adequate measures’ to establish source of wealth/funds, and ‘enhanced’ ongoing monitoring.¹³³

As one highly experienced MLRO added:

Heaven alone knows how you’re supposed to do enhanced due diligence – it’s a phrase that’s used, but quite what it means in practice is a bit difficult to understand.¹³⁴

The temptation, therefore, as highlighted by several participants, is to simply request further identification documents almost as a ‘go to’ EDD measure, a response that one deputy MLRO deemed to be, ‘of no utility whatsoever, let alone limited utility.’¹³⁵ The issue is one of establishing the underlying bona fides of a transaction, not, ‘oh well I need to see a copy of your utility bill now because you’re high risk.’¹³⁶

The EDD provisions applicable to PEPs in MLR 2017 both include and build upon the scaffold set out in MLR 2007, but are still flexible with regard to its application. Greater guidance is provided, for example, when assessing the depth of EDD applicable to a PEP. Hence a law firm: (i) must take into account information provided by its supervisor, and (ii) may take into account Treasury approved sectoral guidance.¹³⁷ Thereafter, broad examples of what may constitute EDD are provided which, depending on the case, may apply – such as seeking additional sources to verify information provided on a retainer or taking further measures to understand the financial situation of the client.¹³⁸ This flexibility, whilst not offering absolute certainty, reflects a law firm’s scope to calibrate differing degrees of EDD according to level of risk. Notwithstanding the concerns raised by some participants above, FATF reports a ‘strong understanding’ of EDD requirements relating to PEPs across the private sector.¹³⁹

5.4.4 Including domestic PEPs in the PEP definition

Both prior to and during the consultation process for 4MLD, a number of proposals were considered with regard to PEPs, one of which was the inclusion of domestic PEPs within the PEP definition. This was previously strongly opposed by the Law Society on the basis that, ‘we do not believe there is sufficient evidence of unmitigated risk in this area’ to merit the inclusion of domestic PEPs.¹⁴⁰ There are inevitable cost implications of such inclusion, which was the focus of one deputy MLRO who observed:

obviously as soon as you broaden the class of person that you have to investigate, the administrative burden becomes greater.¹⁴¹

Cost implications aside, many participants reported that their firms were already applying EDD measures to domestic PEPs: this on the basis explored in preceding paragraphs, that their firms operated an international practice. As a result, the proposed inclusion of domestic PEPs within the PEP regime was of little concern or consequence to such participant firms.

5.4.5 Producing a list of PEPs

Historically, the Law Society has argued for governments to produce lists of PEPs arguing that:

We consider it ethically questionable to threaten private citizens with civil liability and criminal sanctions for failing to do what governments will not or cannot do.¹⁴²

On receiving further calls for such a list, the Treasury Select Committee in its Economic Crime Report 2019 recommended that the UK government produce a centralised PEP database.¹⁴³ However, only one participant expressed a desire for such a list, articulating a practical desire to minimise costs for the profession as a whole. In other words, with the availability of PEP lists at a national level, ‘the amount of money that’s being spent on some of these electronic systems might change’ in relation to law firms.¹⁴⁴ A survey of 125 firms by the Law Society revealed annual PEP screening costs of up to £20,000 by 32% of respondents.¹⁴⁵ Elsewhere larger firms have reported much higher costs, spending ‘hundreds of thousands’ of pounds on commercial licence fees.¹⁴⁶ It should be noted that commercial service providers in relation to PEPs are unregulated in terms of the fees they can charge, and the firms they service are legally obliged to comply with the UK’s AML regime with regard to PEPs, so market forces alone are unlikely to push down on such costs. However, this recommendation has been rejected by the government, countering that such a list would militate against a risk-based approach by focusing on ‘a PEP’s origins, rather than level of risk’, and lack sufficient dynamism.¹⁴⁷

5.4.6 Concluding comments on PEPs

The MLR 2017 include domestic PEPs within their scope, in contrast to the focus on foreign PEPs seen in the MLR 2007. This new feature was of little concern or consequence to participants, however, reflecting the fact that many international participant firms have included domestic PEPs in their PEP searches as a matter of course, even before the MLR 2017 came into force. What has changed, however, is that a more developed risk-based approach to EDD and PEPs has been implemented.¹⁴⁸ Law firms must ‘form their own view of the risks associated with individual PEPs on a case by case basis’.¹⁴⁹ Thus, under MLR 2017, law firms must now have in place ‘appropriate risk management systems and procedures’ enabling them to ‘manage the enhanced risks’ of having PEPs as clients.¹⁵⁰ Yet EDD still applies automatically to all PEPs (which some participants objected to) and across the sector as a whole there are costs implications attributable to the inclusion of domestic PEPs within the regime.

Law firms will still be required, as before, to ‘take adequate measures to establish the source of wealth and source of funds’ with regard to PEPs.¹⁵¹ It is these two features of the regime that will now be considered.

5.5.1 Establishing source of funds is challenging

However, many other participants reported that establishing the source of funds on a transaction could be challenging, particularly with regard to overseas jurisdictions, and difficult to check. Clients could also be sensitive to requests for such information.

The difficulties around establishing such information were apparent, on the basis that source of funds information is ‘completely self-certified’ as a starting point (note also the requirement in MLR 2007 and MLR 2017 with regard to PEPs is to take ‘adequate measures’ to establish the source of funds).¹⁶¹ The SRA notes that, although firms relied more on client declarations with regard to source of funds, most firms they visited as part of their 2018 thematic review used more than one avenue to establish this.¹⁶²

The challenge was pinpointed by the compliance participant who stated:

ultimately that information’s got to come from your client, and you can do online searches in terms of looking into somebody’s background, but as a law firm we don’t have access to the financial records.¹⁶³

This vulnerability was also touched upon by the compliance participant who reflected, ‘we’re largely dependent on assurances that we get from intermediaries who are not always entirely reliable.’¹⁶⁴ This is a vulnerability that will not be addressed until global financial transparency is enhanced. As one deputy MLRO said:

Until you introduce the transparency, having professional advisers simply ask an individual, you know, where they got their source of wealth and funds from is of no utility whatsoever.¹⁶⁵

Requesting source of funds information is also seen by some clients as ‘a very sensitive question’ such that ‘clients don’t like doing it sometimes.’¹⁶⁶ As for the lawyers themselves, ‘it’s a difficult question to ask and lawyers feel very uncomfortable asking.’¹⁶⁷ For one participant, this client relationship aspect was so prominent that they said in relation to source of funds information, ‘the main issue actually is a practical one, is you know, how do you … ask about that without causing offence, it’s really tricky.’¹⁶⁸ Prominent importance is not paramount importance, however, and several firms reported cases where they had declined to act, stating in one case that, ‘we do actually turn work away on a reasonably regular basis because we can’t get comfort on the source of funds.’¹⁶⁹

5.5.2 Guidance on source of funds

Several participants commented on the lack of explicit guidance for the legal profession on the source of funds, such as the compliance participant who stated, ‘the information is very, very sparse on what you actually get’.¹⁷⁰ This was echoed by the MLRO who noted in relation to source of funds requirements, ‘it’s quite apparent that the Law Society does not have a precise answer’ as to exactly what is required.¹⁷¹ This prompted one participant to state that the:

source of funds point is still one of the biggest challenges for the profession. Level of awareness – what do you mean? How far do I have to go?¹⁷²

This prompted many participants to express a desire for more guidance in this area as to, ‘what exactly is meant, what would be the evidence that would be acceptable in a range of situations.’¹⁷³ It is submitted, however, that exhaustive guidance would not be possible or appropriate. First, there are multitudinous deal permutations that could arise which militate against the provision of regimented guidance. As one compliance participant reflected:

I don’t think it’s possible [to provide more explicit guidance] … just because there are so many different circumstances and so many different types of transactions.¹⁷⁴

Second, a significant element in relation to source of funds requires a judgment call on the part of the law firm, which could not be managed by way of an explicit list. It is this judgment call with regard to source of funds that will now be explored.

5.5.3 Source of funds information is a judgment call

Many participants acknowledged that law firms must make a judgment call themselves on source of funds information. As one compliance participant put it:

You could probably give more guidance, but a lot of it is down to individual judgment.¹⁷⁵

This stance was echoed by the participant who expanded as follows:

It’s a real judgment call because you’re just looking at business history effectively, you know, where have they made their money, where‘s it come from, what‘s happening?¹⁷⁶

Participants’ comments on source of wealth tended to follow a similar pattern to those related to source of funds, and it this aspect of the regime that will now be considered, prior to an overarching consideration of those issues affecting both source of funds and source of wealth for the profession.

5.6.1 Source of wealth information is challenging to obtain

A number of participants reported difficulties in obtaining source of wealth information from their clients. Several observed that obtaining information on ‘source of wealth can be a bit trickier’ or ‘a little bit more difficult’ than obtaining source of funds information.¹⁷⁸ The increased level of difficulty can be crystallised by the MLRO who commented as follows:

happy that these funds are coming from the sale of that asset, fine, but how on earth is he, this individual, who is not anywhere on, there’s no public record of him, almost no high profile – how come this individual seems to be the point person for all these assets worldwide?

Source of funds may be easier to establish, therefore, since it may track through directly from the sale of an asset or company. The same, potentially ‘deeply offensive’, general and cultural sensitivity around asking a client for source of wealth information was also duplicated as it was for source of funds such that, ‘asking for source of wealth is still quite sensitive, especially in some jurisdictions.’¹⁷⁹ This sensitivity was once more drawn out by the compliance participant who recounted:

you have regimes you know, like in the Middle East where it’s just incredibly difficult to get information and of course culturally they’re very different, so they’re not going to, you know, give you the information, and all of those things make life incredibly difficult.¹⁸⁰

As with source of funds information, law firms are therefore reliant on a mixture of self-certification from their clients, other documentary evidence or publicly available information.¹⁸¹ This vulnerability was raised as an issue by the MLRO who noted:

in a sense it’s a sort of fatuous question [on source of wealth] because you know if you’ve got some, some rich individual … and you need to know the source of his wealth, you can ask him and he’s either going to be offended and he won’t tell you, or he’ll lie.¹⁸²

The reality of this position means that law firms will need to make what is effectively a judgment call on their clients’ source of wealth, an aspect which is drawn out in subsequent paragraphs.

5.6.2 The judgment call on source of wealth

A number of participants were of the view that more detailed guidance on source of wealth ‘would be extremely useful’.¹⁸³ As one deputy MLRO expanded:

everyone likes lists, you know, to have a list of ‘this is what you would have to satisfy your provenance of funds point’, if you can prove these and you’re satisfied as to the bona fides of these points that would be exceptionally useful.¹⁸⁴

To date, however, no such explicit guidance has been forthcoming for the legal sector, a point noted by the compliance participant who stated, ‘we’ve been asking for years and nobody wants to commit.’¹⁸⁵ As with source of funds, however, this may be attributable to the fact that, as also acknowledged by a number of participants, such guidance is ‘never going to be able to cover every single situation’ and will even vary from ‘client to client’.¹⁸⁶

Consequently, decisions surrounding the credibility of source of wealth information were seen by a number of participants as a judgment call on the part of participant firms, or as one MLRO concluded, ‘I think at the end of the day it’s instinctual’¹⁸⁷ This view is best summarised by another participant who reflected:

you have to make a judgment call as to whether you think you have enough information, and you make sure you document.¹⁸⁸

Detailed guidance may not be forthcoming, therefore, in light of the factors highlighted above.

5.6.3 Issues surrounding source of funds and source of wealth

The discussion in this chapter in relation to the source of funds and source of wealth requirements under MLR 2007/2017 has so far centred around the purely practical difficulties participants encounter when trying to obtain pertinent information from their clients and other sources. However, there are a number of issues that overshadow these concerns, which are the focus of this section of the chapter. As the comments participants made relate both to source of funds and source of wealth considerations, they are dealt with together. The overarching issues pertaining to source of funds and source of wealth are as follows: (i) a lack of clear parameters around the obligation to obtain such information, (ii) historical criminality and source of wealth, and (iii) third party funding and the client account. Each of these aspects will now be explored in turn.

5.6.4 Concluding comments on source of funds/source of wealth

It is clear from participant responses that practical difficulties abound with regard to the interrelated issues of source of wealth and source of funds. The requisite information is often difficult to obtain and can be a delicate matter to raise, causing embarrassment to lawyers and their clients alike.

Those practical challenges are exacerbated by the lack of concrete parameters set out in MLR 2007/MLR 2017 or in sector-specific guidance from the Law Society/LSAG with regard to source of funds and source of wealth. Although some participants expressed a desire for more specific guidance, there was also an understanding that the multitudinous client scenarios that could arise, and the risk appetite of each firm essentially meant that decisions on source of funds/wealth were, ultimately, a judgment call on the part of each law firm. Therefore, legal practitioners must form their own view as to the information they obtain to satisfy their own enquiries. As the LSAG states, there ‘is no one size fits all answer to this question’.²⁰⁷

Nowhere is the lack of guidance felt more keenly amongst participants, however, than when considering suspected historical criminality, a feature raised in relation to retainers concerning Russian oligarchs, for example. The issue at stake is how to deal with wealth which originates from ‘questionable’ sources that an individual utilises many years, if not decades, later. Nor can law firms adopt a cavalier attitude with regard to the information they receive in respect of their clients with regard to source of funds/wealth given the potential for dealing with criminal property. Brand protection and reputational risk may also see law firms declining to act for clients with dubious credentials as to provenance of funds.

There is a lack of any absolute obligation in the MLR 2007/2017 to apply full CDD to third parties providing funding for a transaction, although law firms will need to understand where the funding is coming from (and LSAG advises such CDD in certain scenarios). In response, a number of participants reported that they actively chose to conduct CDD on third party funders, despite the absence of any strict technical requirement to do so, particularly when funds were flowing through the client account.

5.7.1 Reliance on third parties

The vast majority of participants who expressed a view on reliance either refused to rely on third parties at all, or only very occasionally. One of the main reasons for this stance was that those law firms seeking to rely on third parties still retained criminal liability for any CDD failings, a position best illustrated by the MLRO who stated:

If we tried to rely on someone else we’d still have the responsibility and the obligation to make sure that information is correct, so why bother to rely on someone.²¹⁵

Several participants expressed an unwillingness to rely on other entities whose CDD standards may not match those of the law firm seeking reliance. Put simply, ‘you don’t know how thorough the other firm has been.’²¹⁶ This potential gradation in the quality of CDD was a drawback expanded on further by the deputy MLRO who commented:

it’s a bit like sub-prime you know, you need to make sure that the fundamentals are right before you get this chain of reliance, and what you end up with is this long chain that’s based on shifting sands.²¹⁷

There was also a perception that each law firm should conduct due diligence according to its own risk parameters, as articulated by the compliance participant who said:

we just feel we need to understand and identify our own risk and therefore do the due diligence on that basis, and we feel we cannot sort of farm that out to somebody else.²¹⁸

Such principled objections to the use of reliance provisions were supplemented by entirely practical ones: participants reported that many entities do not permit law firms to rely on them in any event. It is this aspect of practice that will be considered next.

5.7.2 Reliance on law firms by third parties

That law firms may be unwilling to be relied upon by third parties was borne out by participants’ responses. The majority of participants who expressed a view on reliance said that they would never consent to being relied upon. This position reflects concerns over potential ‘tortious liability’ for any CDD failings.²¹⁹ This issue is best summarised by the transactional partner who commented:

it’s one thing to get your own due diligence wrong – it’s another thing then to say ‘right, you can rely on ours’ and then they suffer some sort of detriment and, you know, come back and say ‘right, you were negligent and you’re liable’, so why expose yourself to that when you can simply say ‘well I’m sorry, you’ll have to do your own.’²²⁰

A number of participants said that they might occasionally consent to being relied upon in restricted circumstances, a typical scenario referred to being where foreign lawyers had been instructed on behalf of a common client. The Law Society notes that reliance provisions may also be utilised in very particular circumstances where a firm elects to passport clients within the same firm across jurisdictions.²²¹ Whilst participants were largely unwilling to provide formal reliance certificates for the reasons explored in the paragraphs above, a number did confirm that, with the consent of their clients, they were happy to provide copies of their CDD documentation to third parties.

5.7.3 Concluding comments on reliance

Revised reliance provisions under Regulation 39 MLR 2017 expand the categories of entities that may be relied upon to include, inter alia, any entity subject to the MLR 2017.²²² However, Regulation 39 does not address the fundamental issues that participants experience in relation to the reliance provisions, and which the government itself acknowledged in its consultation response on 4MLD: that ‘the risks of relying on a third party are generally greater than the benefits.’²²³ The issue is one of retained criminal liability for those relying on third parties, and potential tortious liability for those being relied upon. Whilst this remains the position, as it does under Regulation 39(1) MLR 2017, reliance will remain a little used tool for the legal profession.

It should be no surprise whatsoever that ‘poor use’ is made of reliance provisions unless and until the regulations move to a position where reliance can occur without retained liability. It is in this context that the Law Society advocates that there should be no liability where there has been reasonable reliance upon other regulated entities, nor any civil liability attaching to those being relied upon.²²⁴

It is the author’s view that each law firm should determine its own risk parameters and appetite, and therefore reliance should not be used routinely in any event but restricted to those exceptional circumstances referred to in the preceding paragraphs.

5.9.1 Delivery of AML training

Prior to examining participants’ views on their AML training, the mechanics of delivering such training will be summarised in brief. The majority of participants were trained in AML using either online training programmes in isolation, or a blend of online and face-to-face training.²³⁴ In terms of frequency, many participants reported that trainees and new staff received AML training on induction, which was then refreshed either annually or every two years. A number of participants also received supplementary AML information by way of email alerts or via departmental meetings.²³⁵ These findings reflect those in the SRA Anti Money Laundering Report subsequently published in 2016 which concluded that ‘most firms had provided appropriate and relevant training to staff.’²³⁶ A broadly positive account was also presented by the SRA in its 2018 review.²³⁷

Many participants recognised the importance of AML training, education and awareness, with a number of participants expressing a desire for more tailored training using examples which would resonate with large commercial law firms. It is these perspectives on training that will now be explored.

5.9.2 The importance of AML training, education, and awareness

Many participants acknowledged the value and importance of AML training on the basis that with ‘good quality training you raise awareness.’²³⁸ That poor levels of AML awareness posed a money laundering risk to the law firm itself was drawn out by the compliance participant who commented:

We as a business have spent a lot of time recently communicating and trying to raise and improve awareness because I think that’s the reality of where a lot of our exposure is.²³⁹

An appreciation of the value of AML training and awareness was not limited to compliance participants, and a number of transactional participants emphasised its importance. Participants voiced an appreciation that, in the words of one transactional partner, ‘criminals become increasingly sophisticated so therefore our training and procedures have to match those.’²⁴⁰ Few participants referred to AML training as a ‘tick-box’ exercise.²⁴¹ The NRA 2015 highlights the importance of AML education for negligent legal professionals, noting that ‘regulatory intervention or education may be a more appropriate response [than criminal sanctions] in order to increase awareness and reduce money laundering … risk’.²⁴² Campaigns to raise awareness targeted at the legal sector were also implemented in 2014–15 by the Home Office, working in conjunction with supervisory authorities, law firms and law enforcement agencies.²⁴³ In the responses to the government’s Call for Information on the SARs Regime, training was ‘seen as vital.’²⁴⁴ The Economic Crime Report 2019 also championed the need for enhanced AML education more broadly.²⁴⁵

With a general sense of the importance of AML training established from many participant responses, a more granular level of consideration of the content of AML training was then invited.

5.9.3 Improvements to training – bespoke training and relevant examples

Participants were asked to consider improvements to their AML training. Whilst a number of participants felt no improvements were required, many participants focused on the need for more bespoke AML training, utilising examples of money laundering that were drawn from real life and relevant to the type of law firm in question.

A number of participants emphasised the need for bespoke AML training, tailored both to the law firm itself and to specific practice areas. The position was outlined by a compliance participant as follows:

you can do the sort of online training … but there’s a limit to how much that really sinks in on a sort of, you know, well how does it affect me?²⁴⁶

A more targeted approach was also advocated by the compliance participant who was implementing a move away from a general, ‘sheep dip’ form of AML training in their firm to one providing ‘bespoke training for different groups.’²⁴⁷ To that end, a small number of participants were actively developing their own training tools as opposed to using third party providers.

A number of participants were of the view that face-to-face training was more effective than online delivery, such as the MLRO who stated ‘you can’t beat face-to-face training for half a day.’²⁴⁸ As one compliance participant commented:

we try to do more sort of face-to-face training because it is a pretty dry subject, so it’s much easier if you can see the whites of people’s eyes.²⁴⁹

Similarly, a preference for face-to-face training was also expressed by a number of transactional partners, one of whom reflected, ‘actually being forced to sit through somebody giving you an update is more likely to sink in’.²⁵⁰ Notwithstanding this stated preference for face-to face training, many participants took a pragmatic view, acknowledging that ‘cost, time and resourcing’ effectively curtailed its use in practice.²⁵¹ One partner also reported a further practical challenge surrounding face-to-face training, namely that, ‘conventional face-to-face training means that a lot of people cancel, they’ve got client work on and so forth’.²⁵²

Training scenarios should be ‘relevant to their day-to-day life’ or in other words ‘more aligned to one’s own practice’.²⁵³ Such examples, expressed by one MLRO as ‘somebody telling you stories about home’ were perceived to be a more effective means of raising awareness amongst the profession than generic, untailored AML training.²⁵⁴ The utility of relevant, real-world money laundering examples in AML training is best illustrated by the senior compliance participant who concluded that ‘the best training is effectively giving them war stories’.²⁵⁵

5.9.4 Concluding comments on AML training

AML training was valued highly by many participants, and a desire for bespoke training, preferably face to face, using relevant examples, was vocalised frequently. The issue with AML training to date has been the limited availability of money laundering case studies and examples relevant to large commercial law firms. Hence there are very few pertinent ‘war stories’ to tell, rather a collection of what could be considered as distant tales from far shores. There have been repeated calls from the profession for better information sharing between law enforcement agencies and the regulated sector, and it is improvements to this aspect of the regime that will better support the legal sector in practice. Improved information flows would provide relevant examples which could be utilised in raising awareness and in AML training. Such training may have the effect of refining the judgment of both MLROs and those reporting to them, thus also enhancing the operation of the SARs regime overall. The SARs regime is a topic that will be discussed in detail in Chapter 6.

5.10.1 Clients attempting to use the client account as a banking facility

In England and Wales, use of the client account is governed in part by the Solicitors Accounts Rules, the most relevant feature of which in the context of this book is Rule 14.5, which prohibits the provision of banking facilities through the client account. Client account activity must relate to an underlying transaction.²⁶² The essence of Rule 14.5 will be retained in Rule 3.3 of the revised Accounts Rules due to be implemented in November 2019.²⁶³

Abuse of this rule has prompted targeted Warning Notices from the SRA in addition to a number of High Court actions.²⁶⁴ As the judge in one such case commented:

allowing a client account to be used as a banking facility, unrelated to any underlying transaction which the solicitor is carrying out, carries with it the obvious risk that the account may be used unscrupulously by the client for money laundering.²⁶⁵

Many participants were extremely alert to the money laundering risks posed by the operation of their firm’s client account. The emphasis by firms on client account risk is best illustrated by the participant who commented in respect of their firm, ‘it’s something we’ve really put our arms around’.²⁶⁶ A small majority of participants reported that clients had attempted to use the client account as a banking facility. Participants stated categorically that any such requests were swiftly dismissed by their firms, a position typified by the participant who stated bluntly in relation to such requested client account usage, ‘we do not allow that’.²⁶⁷ This stance was emphasised by the MLRO who confirmed, ‘we’re pretty adamant you know you can’t use us as a bank account’.²⁶⁸ This point was expanded on by another MLRO who said:

we’ve just been you know saying ‘no – we can’t’ so that everyone’s very clear that now it’s one area that’s absolutely adamant.²⁶⁹

Attempts to use the client account as a banking facility were framed by a number of participants as being requested by the client purely on the basis of administrative ease or commercial efficacy. Illustrative examples where such requests are made (and which depend on the parameters of the underlying retainer) include where a transaction is effected by way of a Special Purpose Vehicle (SPV) and, prior to that SPV having its own bank account, attempts are made to use the client account to hold monies on behalf of investors. Alternatively, the client account may be suggested as a vehicle to hold funds in connection with a crowdfunding project, or it may simply be quicker to use a UK based client account rather than transmitting funds across multiple jurisdictions. In other words, according to one participant:

it’s not intentionally trying to circumvent anything by the client, they’re just trying to do, find [the] easiest route of doing something.²⁷⁰

This framing was more directly expressed by the MLRO who recounted:

the client hasn’t thought, ‘ha ha I’m going to use [name of firm redacted] as a bank’, but we have had occasion when effectively the effect of what is being proposed is to use us as a bank and we’ve had to decline to do it.²⁷¹

Several participants noted that a particular dynamic could arise in relation to client account services, such that its use could be perceived by both client and practitioner as forming part of a more general client care package. This dynamic was highlighted by several participants who referred to the provision of client account services, albeit blocked by the firm, as a potential ‘add-on’ to the client retainer.²⁷² Several participants also highlighted challenges surrounding establishing whether there was, in fact, an underlying transaction as envisaged by the ‘grey and fuzzy’ Rule 14.5.²⁷³ This challenge is best summarised by the participant who said:

there are some that it’s a very tenuous link with a particular matter or transaction that we are working on for a client, and it’s not so clear-cut, and we’ve … really been cautious about that sometimes, extremely cautious and we’ve said no.²⁷⁴

Participants were acutely alive to the money laundering risk presented by the client account, as was emphasised by the MLRO who observed:

people who want to launder money will see that as the absolutely crystal clear way once it’s in of laundering that money.²⁷⁵

5.10.2 Solicitors no longer holding client accounts

One potential response to the money laundering vulnerability of the client account is to stop law firms operating client accounts altogether. Certainly, misuse of the client account in a much broader sense than simply money laundering has received significant attention in recent years, culminating in the Legal Services Board (LSB) deeming such misuse to be ‘one of the biggest regulatory risks in the legal sector’.²⁷⁶ This, in turn, has prompted consideration of possible alternatives to PCAs, either by migrating to third party escrow providers, or by using a blend of client account and escrow facilities.²⁷⁷ Surprisingly grand claims are made by the LSB in support of such alternatives. For example, the LSB states that the potential cost savings from the reduction of risk in this area may be passed onto clients and therefore result in an increase in access to justice.²⁷⁸ In addition, the LSB states, clients would no longer be vulnerable in terms of the ‘rogue minority’ of lawyers ‘dipping into’ client account funds, and would benefit from increased choice and transparency in terms of payment mechanisms.²⁷⁹ For their part, law firms would benefit from a decrease in regulatory requirements by electing not to operate a client account, together with reduced practising certificate fees and solicitors’ compensation fund contributions.²⁸⁰ However, it is in the context of money laundering that participants were asked to consider whether no longer operating a client account would have any impact on the money laundering risk to their firms.

5.10.3 Pooled client accounts no longer qualifying for SDD

One further issue that arises in relation to the client account is whether or not simplified due diligence can be applied to the pooled client account.²⁹⁵ One of the contentious areas of discussion surrounding the transposition of 4MLD was whether PCAs held by regulated law firms would no longer automatically qualify for simplified due diligence. The removal of SDD would see banks having to conduct customer due diligence not only on the law firm itself, but also in respect of every single client whose funds were held in the account, a position which would shift daily, nor would it provide any contextual information to the banks in terms of assessing any money laundering risks. This would also require financial institutions to conduct CDD checks in relation to funds in PCAs connected to matters outside the scope of MLR 2017 altogether, such as settlement funds in litigation for example. It is for these reasons that the Law Society state that the ‘retention of SDD measures on PCAs is crucial to maintain proportionality’.²⁹⁶

This particular issue received sustained attention throughout the 4MLD transposition process, and the position shifted multiple times through the consultation process. Removing simplified due diligence for PCAs was vehemently opposed by the Law Society as ‘unworkable’ on the basis that it would ‘complicate the CDD process while increasing costs with no benefit to the fight against money laundering.’²⁹⁷ This rationale may be explored further as follows:

It is the transaction on which the legal professional is advising which will determine whether or not there is a risk of money laundering in respect of the funds being paid into the pooled account.²⁹⁸

When contemplating this issue, several participants focused on the practical challenges this position would create for the profession, deemed a ‘massive problem’ by one participant or ‘a headache nobody wants’ and pinpointed by another who said:

If we don’t maintain the exemption, then I think that there are very real challenges for the legal profession because what are we going to have to do? Hold each client’s money in a separate client account? Logistically it’s huge.²⁹⁹

Flowing from this debate, fears have been raised that banks may well de-risk by declining to operate PCAs if SDD is no longer applicable, a trend which has already been witnessed elsewhere in the banking sector, particularly in relation to the de-risking of accounts held by charities.³⁰⁰ Despite the extensive, albeit shifting, debates on SDD and PCAs during the 4MLD transposition process, hardly any participants thought that the banks would actually de-risk PCAs in practice. Many participants either had no view on de-risking or did not perceive it as a likely outcome. Some participants felt that banks would not de-risk on the basis that loss of client account business would also result in the bank’s loss of profit-making facilities made to law firms such as loans and overdraft facilities.³⁰¹

One participant positioned the debate over SDD in a political context, framing the issue in the same way that attempts to seek exclusions from POCA 2002 or removal of criminal sanctions from MLR 2007/2017 have been framed by a number of participants earlier in this book. Referring to the UK’s National Risk Assessment in 2015, the participant noted:

I think the problem that now comes is it is difficult for Treasury to be able to say ‘yes we should be able to apply simplified due diligence to pooled client accounts’ while at the same time indicating that law firms are the third highest risk.³⁰²

These shifting debates have culminated in the position set out in MLR 2017. Under Regulation 37(5) MLR 2017, PCAs no longer automatically qualify for SDD. Rather, SDD is only available by applying a risk-based approach, that is where the business relationship between the financial institution and the regulated sector law firm PCA holder presents a low money laundering risk – although precisely how this is evidenced to access SDD is the challenge this gives rise to.³⁰³ Non-regulated law firm PCAs are not expressly dealt with in the MLR 2017, but may still qualify for SDD under Regulation 37(1).³⁰⁴ Such a position was reached by the government on the basis that there was ‘no consensus’ as to whether PCAs were always low risk and that, ‘the risks were as high or low as the quality of the firm’.³⁰⁵

Therefore the issues raised above are of enduring relevance in that banks may conclude that the PCAs held by their law firm customers do not qualify for SDD. The effect of the application of standard CDD to PCAs (requiring CDD on the underlying clients of the law firm) is an additional burden for banks, law firms and their clients alike, amplified in respect of those PCAs held by non-regulated sector law firms – such firms may not routinely conduct their own CDD checks as they are unregulated for money laundering purposes. How this scenario unfolds, and whether bank de-risking, as observed in other areas such as the charity sector, then occurs in the legal sector remains to be seen.³⁰⁶

5.10.4 Concluding comments on the client account

Participants were acutely alive to the money laundering risk presented by the client account. A small majority of participants reported that clients had unsuccessfully attempted to use the client account as a banking facility, either on the basis of commercial efficacy or in the mistaken belief that client account services formed part of a wider client care package. Several participants reported challenges surrounding establishing whether there was an underlying transaction in some cases.

In the author’s view, the client account should be retained, a view echoed by the compliance participant who said, ‘I think to get rid of client accounts you’re using a sledgehammer to crack a nut.’³⁰⁷ Many participants felt that dispensing with the client account would do little in any event to decrease any liability attaching to legal professionals in respect of any ‘arrangement’ offence under s 328 POCA 2002: such liability will attach in any event due to the legal professional’s overarching involvement with any given transaction. With regard to transactional efficacy, third party escrow providers require dual authorisation from both the law firm and the client to enable access to funds on a transaction. In addition, many transactions are customarily completed using solicitors’ undertakings to transfer funds on completion.

At a wider societal level, the loss of the client account would see funds flowing exclusively through entities less able to assess whether money laundering was a feature of those transactions, namely banks and third party escrow providers. Arguably then, the loss of the client account could serve to increase the money laundering risk across other sectors. Neither banks nor third party escrow providers have the holistic oversight on transactions that law firms do and may be less able to identify potential laundering whilst acting as a mere conduit for funds.

What is crucial with regard to the operation of the client account is that sufficiently robust CDD measures are undertaken and the source of funds identified to curtail any instances of illicit funds reaching the account in any event. Both these topics were explored in detail earlier in this chapter.

With regard to simplified due diligence and the pooled client account, the position reached under Regulation 37 MLR 2017 is that banks must determine whether or not SDD can be applied to PCAs in respect of each law firm client – the challenge this gives rise to is in assessing the levels of risk in connection with regulated, unregulated or mixed firms’ PCAs. Whether this means that the de-risking phenomenon witnessed in the charity sector becomes a feature of the legal sector remains to be seen, although hardly any participants thought this was likely.