This week’s Compliance for Law Firms session saw HiveRisk’s Gavin Ball and Kate Burt take the digital centre stage to tee-up the discussion area of SRA AML visits, specifically, how the approach seems to have changed since the warning shots fired at the COLP COFA Conference in October last year. The closed discussion forum comprised of experienced law firm compliance professionals, law firm owners, former regulatory investigation officers and suppliers to the sector.
The session opened with a recap of the October 23 Conference where the regulator’s CEO, Paul Philip’s opening address was taken as a stern reprimand, ushering in a ‘times-up’ approach to the profession’s approach to compliance with AML. This was borne out by enforcement figures from last year.
From the SRA’s report 2022/2023 it was shown that only 30% of firms assessed were fully compliant with the regulations, with common issues being inadequate risk assessments, policies and inadequate controls and procedures. Gavin Ball, himself a veteran of several SRA audits as a former MLRO and head of risk at a Top 200 law firm, provided his views on the process as it was compared to what we’re now seeing whilst supporting firms.
There was a general consensus in ‘the room’ that pre-October 2023 at least, that visits felt more collaborative. However, there does seem to have been a sea-change in the SRA’s approach, with ‘inflexible’ being the one recurring adjectives delegates used to describe their experience. With the SRA now appearing to take a more black and white approach with more straight referrals for investigation. Specifically, one delegate reported historic files from 2021 being assessed and found non-compliant relating to matter risk assessments, this then resulted in immediate referral for investigation, despite improvement in compliance in the last 12-24 months. There was some discussion around the perceived level of experience of the SRA’s assessors and whether this may be a reason for some inflexibility in approach it was also suggested by a number of delegates that assessors may be mandated under new guidance.
This experience was echoed by another firm in attendance, with the new approach being both heavy handed and being enforced somewhat inconsistently.
As a counter-balance, one delegate described their experience of a recent SRA visit as largely positive; focusing more on their independent audit (why certain people had been selected to undertake the audit), with a few suggestions for their internal file review policies – with collective sighs of relief as the SRA advised that they wouldn’t be conducting any staff interviews during this tranche of investigations.
As this was a closed session subject to Chatham House Rule, many of the valuable insights and detail cannot be reported publicly. For the full ‘Compliance for Law Firms experience’ – attendance at these sessions is a must! Get in touch with co-founders of the sessions Kate Burt from HiveRisk or Steve Brett from E3 Compliance Training.
If your firm would benefit from independent and expert input on your approach to AML, get in touch with Gavin Ball from HiveRisk.