SRA response

Transposition of the Fifth Money Laundering Directive

Introduction

The Solicitors Regulation Authority ("SRA") is the regulator of solicitors and law firms in England and Wales, protecting consumers and supporting the rule of law and the administration of justice. We do this by overseeing all education and training requirements necessary to practise as a solicitor, licensing individuals and firms to practise, setting the standards of the profession and regulating and enforcing compliance against these standards.

The Law Society of England and Wales is the named supervisor for relevant persons who are regulated by it under Schedule 1 of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 ('the 2017 Regulations'). The Legal Services Act 2007 imposes a requirement on the Law Society to delegate regulation, including anti-money laundering (AML) supervision to the SRA.

We welcome the opportunity to respond to the Treasury consultation on the transposition of the 5th Money Laundering Directive ("5MLD"). We have commented below on the issues raised in the consultation that most directly concern us or those that we regulate. However, these comments are contingent on seeing the detail of the draft regulations in due course.

Our response

Expanding the definition of 'tax advisor'

Question 1: What additional activities should be caught within this amendment?

Question 2: In your view, what will be the impact of expanding the definition of tax advisor? Please justify your answer and specify, where possible, the costs and benefits of this change.

Further detail of the proposed regulation will be needed in order to fully comment on the impact of extending the definition. It is important that the regulations reflect the qualification in 5MLD that the related, material aid, assistance or advice on tax matters must be the principal business or professional activity of the person in order to bring them within the scope of this definition.

Letting agents

Question 4: What other types of lettings activity exist? What activities do you think should be included or excluded in the definition of letting agency activity? Please explain your reasons and provide evidence where possible.

We agree in principle, subject to the wording, with the suggestion that the definition should exclude legal professionals when conducting legal activity on behalf of a client provided they are not also instructed in relation to other letting agency work by that client. A legal professional is not acting as a letting agent when, for example, they are solely advising on a lease or drafting terms for the client.

Electronic Identification ('ID')

Question 44: Is there a need for additional clarification in the regulations as to what constitutes "secure" electronic identification processes, or can additional details be set out in guidance?

Question 45: Do you agree that standards on an electronic identification process set out in Treasury-approved guidance would constitute implicit recognition, approval or acceptance by a national competent authority?

Question 46: Is this change likely to encourage firms to make more use of electronic means of identification? If so, is this likely to lead to savings for financial institutions when compared to traditional customer onboarding? Are there any additional measures government could introduce to further encourage the use of electronic means of identification?

Anecdotally we have found that firms are reluctant to rely on electronic ID because of uncertainty about what would be secure or acceptable. We therefore agree that additional clarification in the regulations could be helpful and this could be supplemented by guidance.

If the change is to encourage firms to feel safe in making more use of electronic means of identification, it is important that any terms of recognition by the national competent authority should be clear. Ideally this would be through an explicit recognition system. However, if recognition is to be "implicit" by compliance with standards set by the competent authority then these standards should be clear enough for an obliged entity to easily tell whether or not a particular electronic ID provider meets them. If obliged entities must carry out a detailed subjective assessment of an electronic provider against the standards themselves then is not likely to have the effect of encouraging the use of electronic ID.

Beneficial Ownership requirements: Checking registers

Question 53: Do respondents agree with the envisaged approach for obliged entities checking registers, as set out in this chapter (for companies) and chapter 9 (for trusts)?

We agree that the amendment should follow 5MLD in only requiring proof of registration or an excerpt from the register before establishing a business relationship. We also agree that the regulations should not have retrospective effect and only apply when a new business relationship is established. If this terminology is used the meaning of new business relationship in this context will need to be clear.

Enhanced due diligence

Question 56: Are there any key issues that the government should consider when defining what constitutes a business relationship or transaction involving a high-risk third country?

Question 57: Are there any other views that the government should consider when transposing these Enhanced Due Diligence measures to ensure that they are proportionate and effective in combatting money laundering and terrorist financing?

A broad definition of transactions "involving" third party countries has the potential to risk introducing barriers to trade and access to legal services by introducing unduly onerous administrative procedures of obtaining enhanced due diligence when unnecessary on the basis of risk. We suggest that any definition of "involving" should be narrow enough to rule out mere tangential links and those that pose no real risks in relation to the particular transaction. We would also support the proposal to narrow the definition so as to be clear that UK citizens who are also nationals of countries identified as high-risk third countries should not be subject to enhanced due diligence purely as a result of having such a connection.

At paragraph 6.11 of the consultation, there is a requirement for the UK Government and supervisory authorities to take certain mitigating measures in relation to high risk third countries including:

  • refusing the establishment of obliged entities from the country concerned, or otherwise accounting for the fact that the country does not have an adequate AML/CTF regime
  • prohibiting obliged entities from establishing branches or representative offices in the country, or otherwise accounting for the fact that the obliged entity is establishing itself in a country that does not have adequate AML/CTF regimes
  • requiring increased supervisory examination or increased external audit requirements or branches and subsidiaries of obliged entities located in the country.

In terms of our approach to overseas entities, we only authorise entities that have a practising address in the United Kingdom. In doing so we individually approve Page 5 of 9 all owners and managers, both in respect of the delivery of legal services and, if the body is an obliged entity, under regulation 26 of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. We can refuse to authorise a business – or revoke its authorisation – on public interest grounds. Therefore, it is possible to reach such a decision as a result of a firms branches or subsidiaries in high risk third countries. However, there would have to be a clear basis for this.

We authorise and supervise many international law firms that have branches or close business associations located in countries worldwide. We have specific rules, the SRA Overseas Rules which provide a regulatory framework for authorised persons with responsibility for or control over bodies or branch offices overseas in order to take account of the regulatory risk they pose in England and Wales. We also require an authorised body in England and Wales to identify, monitor and manage risks arising from its overseas practices and connected practices to ensure they do not undermine its financial viability, or its ability to fulfil its regulatory obligations, or public confidence in SRA regulation and the legal profession of England and Wales in general.

Decisions as to whether these or any other measures would be appropriate for any particular high-risk country should be taken by the UK Government which will have access to the relevant information to make such decisions. It would be helpful if the regulations made it clear that it is for the UK Government to set out the appropriate measures to be adopted, bearing in mind the powers available to supervisors in this respect. We would be happy to discuss this issue in more detail

Politically exposed persons

Question 59: Do you agree that the UK functions identified in the FCA's existing guidance on PEPs, and restated above, are the UK functions that should be treated as prominent public functions?

We agree that the functions identified are appropriate and consider that the clarification on this issue will be helpful. Regulation 35(1)(b) of the 2017 regulations requires enhanced due diligence to be applied to a family member or a known close associate of a PEP. Further guidance to clarify the meaning of "known close associate" would be beneficial as this has caused difficulties in practice.

Mechanism to report discrepancies in beneficial ownership information

Question 61: Do you have any views on the proposal to require obliged entities to directly inform Companies House of any discrepancies between the beneficial ownership information they hold, and information held on the public register at Companies House?

A blanket obligation requiring obliged entities to report any discrepancies they become aware of between the beneficial information that they hold and information on the public register at Companies House may be onerous. Such discrepancies can exist for a number of reasons and are often temporary. Further, making a notification in such circumstances to Companies House could cause problems where this or other information creates the need for a SAR. Creating a separate reporting regime from SARs will cause confusion, could create "tipping off" when Companies House contacts the client company to verify the information and could risk prejudicing an investigation. We therefore suggest that compliance with 5MLD will be best achieved Page 6 of 9 by carefully aligning the duty with the SARs regime in a way that takes into account these risks. It is also important that any duty on obliged entities includes an exception for legally privileged information so that information covered by legal professional privilege is not required to be disclosed.

Question 62: Do you have any views on the proposal to require competent authorities to directly inform Companies House of any discrepancies between the beneficial ownership information they hold, and information held on the public register at Companies House?

It is not clear from the consultation whether for the purposes of this proposal a regulator of a profession, such as the SRA, would be a competent authority. Although we consider it likely that we would not, we have replied below in case we are wrong in that assumption and this provision would therefore apply to us.

We note that the 5MLD only requires that this duty be imposed on competent authorities "if appropriate and to the extent that this requirement does not interfere unnecessarily with their functions". It is important that any regulation has these caveats clearly built into any requirement to report. We may become aware of such information in a variety of ways. For example, as a result of information received during an application for authorisation of a corporate firm or approval of owners of such a firm, or as a result of an investigation. It is important that any duty to disclose should be qualified so as not to prejudice investigative or other functions and should not create a risk of "tipping off", as discussed above. Although we may well check the public register in such cases, the duty should relate only to discrepancies of which we become aware and not place any requirement on us to check the public register to verify the information that we hold. An ongoing requirement to check Companies House against information we hold and report any discrepancies would be unduly onerous. There should also be exceptions for temporary discrepancies; for example, because a form has been sent to Companies House, but the register has not yet been amended.

National register of bank account ownership

Question 82: Do you agree with, or have any comments upon, the envisaged minimum scope of application of the national register of bank account ownership

Question 84: Do you agree with, or have any comments upon, the envisaged scope of information to be included on the national register of bank account ownership, across different categories of account/product?

It is not clear how the requirements will apply to pooled bank accounts. It may be impracticable in such cases for details to be submitted of the ultimate beneficial owners of the funds; i.e. the clients. We assume that the intention is to limit the details required to those of the firm that holds the account, but we would be grateful for confirmation.

Question 86: Do you have any additional comments on the envisaged approach to establishing the national register of bank account ownership, including particularly on the likely costs of submitting information to the register, or of its benefits to law enforcement authorities

As set out above, the approach to pooled bank accounts needs to be clarified. However even in the case of an account where a law firm holds only its own money the obligation to provide the details of all of the beneficial owners is potentially very onerous as firms can have dozens and even hundreds of partners. It would be sensible for discussions to be held with banks as to how they deal with this situation when it comes to their own verification processes.

Requirement to publish an annual report

Question 88: Do you think it would still be useful for the Treasury to continue to publish its annual overarching report of the supervisory regime as required by regulation 51 (3)?

We consider that it would be useful for the Treasury to continue to publish its annual report as it would help us to continue to identify improvements and to compare our arrangements with those of other supervisory authorities.

We assume that for our purposes, publishing our annual data report as part of our wider annual report, rather than as a standalone document will be acceptable in terms of compliance with amended article 34(3) but it would be helpful if this were clarified.

Pooled client accounts

Question 91: Are there differences in the ML/TF risks posed by pooled client accounts held by different types of businesses?

The use of a pooled client accounts is routine within our regulated community. The SRA Accounts Rules require client money to be held separately from the firm's own money. This provides important protections for clients – including our ability to gather such money on behalf of clients in an intervention. The SRA Accounts Rules set out detailed requirements relating to holding client money. These include the obligation to keep detailed records of monies held for each client and the prohibition on using the client account to provide banking facilities to a client. We take any misuse of these accounts seriously. We have issued a warning notices against the use of client accounts as a "banking facility" for clients reinforced by case studies and have taken enforcement action against those who have breached this rule.

Therefore, the risks are mitigated within pooled client accounts held by businesses regulated by us. However, even within firms regulated by us not all pooled client accounts represent the same risk. Many firms never hold significant amounts of client money. Firms that hold larger amounts of client money are often those involved in the types of activity regarded as being high risk areas for ML/TF purposes such as property transactions. This is reflected and addressed by the 2017 Money Laundering Regulations: PCA SDD can be applied in relation to these activities as a result in accordance with MLR, regulation 37(5)-(8). We discuss this issue further below.

Question 92: What are the practical difficulties banks and their customers face in implementing the current framework for pooled client accounts? Which obligations pose the most difficulties?

The analysis in the consultation does not reflect that the work of many legal professionals is mixed – including both MLR regulated and non MLR regulated transactions. Of the circa 10,400 firms that we regulate, two -thirds carry out some MLR regulated activity and many of those will also carry out non MLR regulated activity such as litigation. This creates difficulties in practice, as firms need to either adopt two systems or apply MLR procedures to activities that they were not designed to cover. It means that from a bank's perspective, in deciding whether a pooled client account is eligible for PCA SDD it is not as straight forward as considering whether a customer is MLR regulated or not as, in the case of legal practitioners, some of the transactions leading to deposits in a pooled client account may be MLR regulated and some may not.

Question 93: If the framework for pooled client accounts was extended to non MLR regulated businesses, what CDD obligations should be undertaken by the bank?

As we have set out above, around a third of SRA regulated firms carry out no MLR regulated activity and many others will have a mixed caseload. Extending the framework of SDD for pooled client accounts to non-MLR regulated work would simplify what is currently a complex and impracticable position. Our new Codes of Conduct which come into effect in November 20191 contain a requirement for all solicitors and firms to identify their client. However, we do not seek to be prescriptive as to the method of identification. It is vital that any new framework introduced is proportionate. It is impracticable for banks to have to carry out SDD obligations directly on clients of legal professionals with pooled bank accounts and is therefore important that they be able to rely on the systems introduced by the obliged entity in compliance with their regulatory obligations. In the case of non-MLR regulated transactions, our view is that banks should be able to rely on suitable systems and controls of the type imposed on obliged entities by their supervisors. In our case, the fact that if the firm is regulated by us it will be subject to the requirement in the new Codes of Conduct set out above, the way in which client accounts are regulated through the SRA Accounts Rules and our overall framework of risk management should be sufficient for the bank to be entitled to apply PCA SDD.

OPBAS information-sharing powers

Question 96: Do you agree with our proposed changes to information-sharing powers of regulations 51,52?

We assume that any information sharing will be subject to appropriate duties to protect information and appropriate restrictions on onward transmission and use in order to protect confidentiality.

Requirement to cooperate with OPBAS

Question 97: Do you have any views on this proposed new requirement to cooperate?

We are committed to tackling money laundering and working closely with OPBAS. However, the proposed wording of the duty to disclose "anything relating to the professional body supervisor of which OPBAS would reasonably expect notice" is in our view too wide and imprecise to be imposed as a statutory duty. Such an obligation may be reasonable when it applies to a professional entity reporting to its supervisory body, as in the FCA example. In practice the parameters of this obligation will be clearer and limited to circumstances where there have been serious breaches of the supervisor's rules. However, when applied as suggested, such an open-ended statutory obligation may be impracticable. The duty needs to be specific to avoid confusion and the waste of time and resources involved in clarifying with OPBAS whether information does or does not fall into this category. It will also be necessary for any duty to disclose to include an exception for information that is protected by legal professional privilege.

Criminality checks

Question 103: Do the proposed requirements sufficiently mitigate the risk of criminals acting in regulated roles?

We will be one of the supervisors affected by this change. We note that this proposal does not appear to reflect any new requirement in 5MLD and it is unclear what difficulty the proposal is intended to address. Supervisors already have the powers to request the evidence they need to make decisions - for example solicitors are subject to a DBS check on qualification, together with an ongoing duty to report any subsequent criminal convictions. We would want to continue to be able to rely on this procedure rather than have to carry out an additional DBS check every time a solicitor takes on a new role. If the government decides to proceed with this proposal, we would like to be involved in discussions on the wording of the regulation so that we are able to maintain the checks and the other fitness tests (for example on qualification or registration) that we already have in place.

Article 1(38) of the Directive amending Article 58(2) of the 4th Money Laundering Directive

Although it is not mentioned in the consultation Article 58(2) of the 4th Money Laundering Directive as amended will require competent authorities to inform the law enforcement authorities in a timely manner when they identify breaches which are subject to criminal sanctions. Given that we have no criminal enforcement powers under the 2017 regulations, if we were treated as a competent authority for these purposes this would appear to require us to notify every identified breach of the 2017 regulations (as nearly all of them have criminal sanctions attached to them). We would welcome clarification from the Treasury as to whether Article 58(2) would be applied to self-regulatory bodies.

  1. 8.1 of the Code of Conduct for Solicitors and RELs and 7.1(c) of the Code of Conduct for Firms "You identify who you are acting for in relation to any matter.