We provide this service to assist SRA regulated law firms meet their obligations - not only to have in place and documented compliant policies & procedures - but also to be able to satisfy themselves and the SRA that they are being operated by staff.
Regulation 21 of The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 requires the relevant person to:
1(c) establish an independent audit function with the responsibility:
(i) to examine and evaluate the adequacy and effectiveness of the policies, controls and procedures adopted by the relevant person to comply with the requirements of these Regulations;
(ii) to make recommendations in relation to those policies, controls, and procedures; and
(iii) to monitor the relevant person's compliance with those recommendations.
You may carry out the Independent AML Audit internally, but it should not be carried out by the MLRO or the MLCO or anyone else responsible for maintaining the AML function within the firm. You may have the review done externally but should use someone with sufficient expertise as it remains your responsibility to the SRA to ensure this is done effectively. Quite a bit to organise! May firms choose to instruct an independent consultancy to carry out the Audit. We have done this for many firms. We also assist firms through AML audits carried out by the SRA - so we are well aware of what the SRA are expecting to see.
We recognise that for many smaller firms this will be a headache and you will not have someone with sufficient expertise who can do this who is not involved in the AML function in the firm. Larger firms may wish to have the rigour or external audit.
What we will do1. An Interview with the MLCO & MLRO (who may be the same person) 2. A Review of AML Policies, Procedures and Controls 3. Review a number of sample files (if required) 4. Interview some staff members (if their files were reviewed) 5. Report in writing on our findings with Recommendations 6. Follow Up Remote Review to ensure the recommendations have been implemented All work is carried out remotely unless by separate arrangement. |
If you go for a similar Sanctions Regime Independent Compliance Audit at the same time we offer a discounted combined price of £2,000 + VAT (which would mean a discount of £1,000 + VAT on the combined price)
(This is on the assumption of 1 office & up to 50 staff. If there are more offices you wish to have included, the charge will be £250 + VAT per additional office. There will be an additional charge of £250 + VAT for each 25 staff over 50 in number, but this will not duplicate to the office charge.)
Contact Us: Ingemar: 07887 524507 or [email protected]
We can also help with other aspects of your compliance, for example
(Sanctions Regime compliance - see separate services for this on our website.)
Just ask - we can also bespoke around your needs.
What we expect |
|
We consider that Regulation 21 should be interpreted as follows: • Size: Only at the very smallest practices will a Regulation 21 audit not be appropriate to the firm’s size. All other practices who carry out regulated work must establish an audit function. • Nature: We expect most firms to carry out an internal audit. If firms consider they do not need to carry out an audit, they will need to justify this based on their size and nature. We consider that the following are some indicators that a firm is of a nature that requires an audit: o Having more than one office. o Having fee earners who focus on an area of regulated work e.g. conveyancers. o The partners being responsible for others’ compliance with the regulations. • Independent: This does not necessarily mean engaging a specialist agency or consultancy, though that is an option. Firms should make sure that, as a minimum, those with responsibility for maintaining their AML framework are not those auditing it. As well as an external entity, this could for example be: o a senior member of the firm who does not carry out regulated work o an MLRO from another firm o an office manager with no regulatory or fee-earning role o a reciprocal arrangement between small firms to review each other’s compliance • Adequacy: The audit must check whether the firm’s policies, controls and procedures are: o up to date with the law, regulations and regulatory guidance o suitable for the work the firm carries out o appropriate to the firm’s size and nature. • Effectiveness: The audit should consider whether the firm’s policies, controls and procedures are being followed and are serving their intended purpose. This is difficult to evidence without a review of files. • Make and monitor recommendations: The auditor must be of sufficient seniority to police this and make sure that any recommended measures are put in place. If an external provider is used, the recommendations should become the responsibility of a suitably senior and independent person within the firm. • Regularity: The regulations do not specify a time period for audit. We would suggest an audit: o of policies, controls, and procedures when the regulations change o following revision of the firm’s policies, controls and procedures o following any other major change at the firm (for example a merger with another firm) o at a regular interval determined by the size and nature of the firm, for some an annual basis may be appropriate • In many cases, we found that the file reviews we undertook did not reflect the firm’s policies and procedures. Time and effort spent drafting and implementing policies might prove to be wasted if fee earners are unaware of them or ignore them. We suggest that a compliant audit, including file reviews, is likely to be the best way to make sure that policies are being followed. • Where firms engage an external agency to conduct an audit, it is for them to ensure that it meets the requirements of Regulation 21. The responsibility to produce a compliant audit remains with the firm and cannot be transferred.
|
