AML and the SRA: Time to root out the bad apples?
The SRA's new draft business plan says it will regularly visit 'high risk' firms, and a random sample of others, to check their AML compliance. Is this a sensible approach, and what are the potential problems?
'Getting away with it'
Few would argue with the proposition that there are solicitors, and others who work at solicitors' firms, out there who are 'getting away with' breaching money laundering laws. That will necessarily encompass a broad range of 'bad actors', from people who are knowingly laundering property for their clients or failing to report them, to otherwise legitimate firms that choose not to invest in the time and resource to develop a robust AML programme and the expertise, internal or bought-in, to deal with it.
As well as breaking the law, all of these 'bad actors' are also harming the profession to some extent - the dishonest by tarnishing our reputation, the corner-cutters by disrespecting a supposedly level playing field. So it must be right that the SRA's draft business plan (on which it has invited comments) commits it to stepping up the fight against these people, by regular visits to 'high risk' firms, and spot checks on a sample of the rest. It might also help calm those critics of the profession, notably within the NCA, who accuse it en masse of not submitting enough SARs. What possible problem could we have with that?
WHAT DOES 'HIGH RISK' MEAN?
Actually, we should have at least three. The first of course is that phrase 'high risk', which begs the question of how this is defined. Those firms involved in high-end London property transactions for tax haven-incorporated clients should consider themselves targeted, but if the SRA has a list of such firms, it's unclear how it has been drawn up. Insofar as it relies on firms' own written risk assessments (now a legal requirement), that simply incentivises bad actors to start misleading the system, and/or themselves, on the first line. Firms that assess their own business as 'high risk' are now positively inviting the SRA to come and visit.
Proportionality of action
The second potential problem is about proportionality of action.
The SRA has a frightening range of options available to it to deal with bad behaviour, including criminal prosecution – in theory at least – for each and every breach of the regulations, however small. Faced with that prospect, many people and firms will accept the prospect of lesser sanctions, including fines and public findings, even in circumstances where they might not be objectively justified. The management time and costs of defending a case can also weigh heavily in the SRA's favour: while your commitment to protecting your reputation is cutting into your bottom line, the SRA's incentives are, properly of course, to spend whatever it deems appropriate to protect the reputation of the profession and the public interest.
The strategy of singling out firms for a fine-toothcomb review of their compliance, either because they are 'high risk' or thanks to their name being unluckily picked from the SRA's random-sampling hat, therefore inevitably raises the prospect of arbitrary enforcement. In a perfect system, the SRA would be able to select the objectively 'worst' cases – the dishonest, and the wilfully non-compliant – for the harshest treatment. But the risk from the visits system is that it creates a smorgasbord of low-hanging fruit, enabling the SRA to increase its number of resolved cases each year, while leaving the unvisited worst actors unaffected. That may of course create a visible deterrence to encourage the rest of us to raise our game, but it remains arguably unfair to those targeted.
The importance of independence
The third potential problem is about independence.
While the SRA of course remains separate from the state, in this context it is overseen by OPBAS, whose critical overview of professional regulators in general must surely have influenced this latest announcement. There must be a risk that its thinking in this area will not just be about which laws, if any, have been broken, to what extent and with what motivation, but also about the perceptions of the NCA and others within and allied to government – which nowadays includes the banks that make policy alongside them – about what is important and worthy of attention. That is not necessarily the right result.
Enforcing the sixth directive?
All that said, of course, none of these problems should prevent a tougher approach to the bad actors in the system, provided it is principled and rigorous, and bears all of the potential problems in mind. On the point about rigour, it is surely unfortunate that the draft plan appears to commit the SRA to enforcing the EU's sixth AML directive, from which the UK has in fact exercised its opt-out; it is unclear if this is simply an error, or if the SRA has something else in mind (and if the latter, what that could possibly be).
The bottom line
The bottom line, given all of the above, is that the consultation exercise is welcome, and that those of us affected should take the opportunity to respond to it, by the deadline of 26 August 2020. Undeniably, meanwhile, those solicitors and firms that don't yet have a robust enough AML programme, not only but especially those that could be considered 'high risk', should take the hint: while you may not consider yourself one of the 'bad apples' properly in the SRA's sights, and whatever the outcome of the consultation, the likelihood of your systems coming under its close scrutiny has undoubtedly just increased.