Danger in the Laundry: AML for Lawyers #2

7/28/2019 Danger in the Laundry: AML for Lawyers #2

1/4

40 L I J D E C E M B E R 2 0 0 8

M O N EY L A U N D ER I N G

These obligations will apply to practices

which provide designated services. Desig-

nated services have yet to be finalised, but

will most likely reflect the Financial ActionTask Force (FATF) Recommendation 12 3

for lawyers when they prepare for or carry

out transactions for clients concerning the

following activities:

buying and selling of real estate;

managing of client money, securities or

other assets;

management of bank, savings or securities

accounts;

organisation of contributions for the

creation, operation or management of

companies; and

creation, operation or management of legalpersons or arrangements, and buying and

selling of business entities.

ILLUSTRATION JIM TSINGANOS

M

easures are available to miti-gate the money laundering

and terrorist financing (ML/

TF) risks to legal practices (allstructures) and practitioners.1

As all practitioners face ML/TF risks,

not just those who will be regulated by theAnti-Mon ey L aund erin g & Counter-Terro ris m

Financ ing Act2006 (Cth) (AML Act) and theAnti-Mon ey L aund erin g & Counter-Terro ris m

Fin anci ng Rule s 2007 (Cth) (Rul es), thesemeasures should be universally considered.Practices regulated by theAML Act (regu-lated practices) will be obliged to implement

these measures.2 The majority of the meas-ures should be identifiable in a competently

run practice.If the current systems in a practice are

used and built on, it may be that the mitiga-tion of ML/TF risks, and complying withthe AML A ct, will be less problematic than

envisaged. As Tranche Two has yet to befinalised, there may be changes to the obli-

gations under theAML Act.The major obligationsunder theAML ActAt the outset it is important to outline the

major obligations which may apply to reg u-lated practices, namely, to: identify and know your client and to collect

and verify identification information; undertake ongoing client due diligence

throughout the retainer; report suspicious matters to the Australian

Transaction Reports and Analysis Centre

(AUSTRAC); retain records for defined periods; and adopt an anti-money laundering/

counter-terrorism financing (AML/CTF)program.

BARRICADEYOUR FIRM


2/4

41L I J D E C E M B E R 2 0 0 8


The risk-based approachThe AML/CTF framework under theAML

Actis a risk-based approach, ensuring that

measures to prevent or mitigate [ML/TF]

are commensurate to the risks identified,

allow[ing] resources to be allocated in themost efficient way [and] that the greatest

risks receive the highest attention. 4 This

will allow a regulated practice to leverage

off existing risk management systems and

to design its AML/CTF program to its own

unique risk profile. However, the internal

systems and controls, once designed, should

be prescriptive, allowing for ease of use by

the fee-earners and staff.

The risk-based approach will requi re a

regulated practice to identify, manage and

mitigate the risk reasonably faced with

providing designated legal services to clients

that might (inadvertently or otherwise)

involve or facilitate money laundering or

financing of terrorism: ss84 and 85.

AML/CTF programA regulated practice will be required to have,

and to comply with, an AML/CTF program:

ss81 and 82. An AML/CTF program has two

parts: Part A general; and Part B client

identification: s84. A non-regulated practice

could consider using these as a basis for an

AML/CTF program.

Part A relates to the identification, manage-

ment and mitigation of the ML/TF risks thatthe regulated practice may reasonably face,

including (Ch 8): ensuring systems are in place to assess the

ML/TF risk of designated legal services

provided; screening staff prior to employment and

ongoing screening; training staff in ML/TF risks, internal

systems and processes, and the conse-

quences of non-compliance; and ongoing client due diligence, including the

monitoring of client matters.

Part B relates to client identification proce-

dures and includes (Ch 4): establishing methods for identifying

clients (and their agents), to enable the

regulated practice to be reasonably

LEGAL PRACTITIONERS NEED TO BE PRO-ACTIVE IN

UNDERSTANDING AND REDUCING MONEY LAUNDERING

AND TERRORIST FINANCING RISKS. BY PADDY OLIVER

satisfied that a client is who they claim to

be;5 and collecting and verifying minimum know

your customer (KYC) information.

ML/TF risk assessmentsTo identify the ML/TF risks, an ML/TF risk

assessment (RA) must be undertaken. The

RA will provide the basis for the AML/CTF

program. A robust ML/TF risk assessment

process, and ongoing ML/TF risk manage-

ment, can be built into a practice-wide risk

management system.

The RA is the identification and analysis

of the ML/TF risks before those risks can be

mitigated and managed. An RA should not

be too onerous to undertake, especially as a

practice should undertake similar exercises

with regard to risk management in general.Also, guidance is available to assist practi-

tioners in understanding and undertaking

an RA.6 RAs on client instructions are a task

that most practitioners execute. Any ML/TF

RA should encompass the whole practice, not

just the regulated practice areas.

The factors to be considered in an RA

include business and regulatory risks such

as (Ch 8): the ML/TF risk profile of the firms clients; the ML/TF risk of the ty pe of designated

legal services provided to clients; the methods by which those designated

legal services are delivered (face-to-face

or non face-to-face etc.); the ML/TF risk profiles of the foreign

jurisdictions with which it deals; and risks resulting from the provision of desig-

nated services through permanent offices

in foreign countries.

Business risksClient risk factorsClients with the following ML/TF risk indi-

cators may pose a higher risk to a practice: cash businesses with the potential to

co-mingle legitimate and illegitimate

funds;

complicated business structures which

make it difficult to ascertain the real or

beneficial owners; complex, unusual or uneconomic transac-

tions; and no underlying legal service.

These client ML/TF risks are closely

aligned to the risks overall faced by a prac-

tice. If a practice keeps potential high risk

clients from becoming clients, it reduces the

overall risk profile of the practice and the

ML/TF risk.

Legal services risk factorsCertain areas of legal practice are more

susceptible to use by money launderers or

terrorist financiers. These areas relate to

financial, property and business-type trans-

actions and include:

property transactions; complex financial transactions; complex company or trust arrangements

which obscure beneficial ownership; and cash transactions.

The more complex and opaque a trans-

action, the more difficult it is for law

enforcement agencies to understand the

underlying transaction and to trace the

source of the underlying funds.

Geographic risk factorsA practice must consider the ML/TF risks

emanating from jurisdictions in which it

does business. Jurisdictions with a higherML/TF risk can be ascertained from govern-

ment agencies.7

There are also ML/TF risks from local and

national geographic areas. These a re prob-

ably more significant to practitioners. For

example, does an a rea where the practices

clients reside have a high crime rate or a

high rate of mortgage fraud? Within these

locations there is the potential that clients

may possess, and attempt to use, money or

property that is the proceeds of crime.8

Delivery channel risk factors

There are ML/TF risks in delivering desig-nated legal services to non face-to-face clients,

agents, and via online delivery methods.


3/4

42 L I J D E C E M B E R 2 0 0 8


UNDER THE RISKBASED SYSTEM, IT WILL BE FOR THE PRACTICE

TO JUSTIFY THE REASONABLENESS OF ITS DECISIONS, SYSTEMSAND PROCESSES TO AUSTRAC OR, POTENTIALLY, A COURT.

Regulatory risksA regulated practice faces regulatory risk

by breaching the civil penalty provisions of

theAML Act. These include: failure to report

a suspicious matter (s41); failure to keep

records (Pt 10); and failure to identify a client

(Pt 2). Regulatory risk is mitigated by putting

systems and controls in place to ensure thatthese obligations are not breached and by

auditing those systems.

Result of the RAThe outcome of the RA will be informa-

tion which will allow the practice to rank

the ML/TF risks as high, medium or low.

The ranking is the product of the chance

of the risk happening (likelihood) and the

impact if the risk happened (consequence).

After ranking, an informed decision can be

made as to the risk mitigation strategy and

controls. One mitigation strategy for high

risks may be to stop providing a service or

servicing a segment of clients. Alternatively,

high risk se rvices and/or clients may have

extra controls placed on them. The practice

may accept all the low and medium ML/TF

risks, but place extra controls around the

medium risks.

Ongoing RAsAfter the initial RA it is important to under-

take regular ongoing reviews of the RA.

There is an obligation, and best practice for

those non-regulated practices, to assess the

ML/TF risk posed by: all new designated legal services (e.g. new

practice areas); all new methods of delivery of designated

legal services; and all new technologies used for the provision

of designated legal services: Ch 8.

Key controls preventionKnow your client and clientacceptance proceduresClient acceptance and due diligence is an

integral part of the process of forming a

contract of retainer, and a key element of

a practices risk management strategy.

KYC and client identification proceduresare obligations in an AML/CTF program

and key controls: AML Ac tPt 2; Rules Ch 4.

help from inside organisations to assist and

facilitate ML/TF. EDD ensures that a regu-lated practice will: determine whether and how to screen

any prospective staff member who, if

employed, may be in a position to facilitate

an ML/TF offence;

determine whether and how to re-screena staff member whose role changes and

thereafter may be in a position to facilitatean ML/TF offence; and

manage any staff member who fails tocomply with the AML/CTF program:

(Ch 8.3).

All staff members, including accountsstaff, fee-earners, solicitors and partners,

should be considered for EDD as there are

ML/TF risks at all levels.

Staff education and awarenessOne of the most important and effectivecontrols against ML/TF risk is the education

and awareness of staff: Ch 8.2 . Staff includespartners, solicitors, other fee-earners andsupport staff. They all need to know and

understand, to differing degrees, what

ML/TF is, the ML/TF risk to the practice,the AML regulatory regime and the AML/

CTF program. Accounts staff are of partic-ular importance as t hey are the gateway to

the practices banking. Launderers have

been known to try to deal directly withaccounts staff in an attempt to circumvent

practitioners.

Key controls detectionTransaction monitoringA transaction monitoring program (TMP)

is a requirement for Part A: Ch 15. A TMPin the context of a legal practice means

ensuring that partners and fee-earnersmonitor matters/transaction when desig-

nated legal services are being provided, to

identify, having regard to ML/TF risk, anytransaction that appears to be suspcious

within the terms of s41. A TMP does not

necessarily require an IT monitoring system;this is especially so in a legal practice where

practitioners are knowledgeable about their

clients and their legal affairs. Once a poten-

tially suspicious matter is identified, theappropriate internal reporting and investi-gation procedures must be carried out.

The concepts are complementary. Client

acceptance procedures include: identifying the client, who is providing

the instructions, and the extent of those

instructions; assessing client risk, including ML/TF

risk; politically exposed persons (PEP)

risk;9prohibited persons subject to sanc-tions risk; conflicts of interest; client

financial risk; location does the client come from a

jurisdiction or area with a higher ML/TF

risk?; work type does the practice carry out the

type of work required?; the ability and capacity of the practice to

do the work to the required standard in the

timeframe available; the client accepting standard, and AML-

related, terms and conditions; and the overall terms of the retainer.

Ongoing client due diligenceOngoing client due diligence (OCDD) is the

obligation to monitor clients with a view

to identifying, mitigating and managing

any ML/TF risk reasonably faced when

providing designated legal services: s36.

OCDD obligations are: systems to determine whether the collection

of further KYC information is necessary; a transaction monitoring program; and enhanced client due diligence (ECDD): Ch 15

ECDDECDD involves extra procedures that a prac-

tice would adopt when a client or matter

meets certain defined risk criteria. In thecontext of legal practice it may be that ECDD

will al ready be standard practice around

retainer management. If a practice has

robust client and matter acceptance proce-

dures, they will most likely cover the ECDD

requirement. ECDD may arise in situations

where the client is new, is a non face-to-face

client or a PEP. ECDD must be applied when

a regulated practice: determines that there is a higher ML/TF

risk; or a suspicion has arisen under s41: Ch 15

Employee due diligenceEmployee due diligence (EDD) is important,as there have been instances of launderers or

terrorist financiers seeking and/or gaining


4/4

43L I J D E C E M B E R 2 0 0 8


system, it will be for the practice to justifythe reasonableness of its decisions, systems

and processes to AUSTRAC or, potentially,

a court.It is important to keep records of RA

decisions throughout a matter, including

matter opening and periodic assessments.A contemporaneous note is best practice.

AuditingThere is an obligation to independently

audit, internally or externally, the AML/

CTF program: Ch 8.6. A good risk manage-ment system will provide for auditing and

review of the system. Practices should carryout an annual risk audit which includes the

AML/CTF program. A practices ML/TF

risk profile will change over time, just as its

overall risk profile changes. Partners need toknow and understand the risks to allow for

strategic risk decisions to be made. The auditfindings should be included in the annual

AML report to the partners.

AML-related checks can be incorporatedin general file auditing. Is the client accept-

ance and file opening procedure beingcircumvented? Do fee-earners and staff know

and understand the overall file opening

procedure and the importance of the AMLchecks? Is the ML/TF risk being considered

through the life span of the matter or client

relationship?

AMLCOThe AMLCO will be a vital role, both stra-tegic and operational, and therefore should

be a partner with seniority who knows

and understands the risk profile of thepractice: Ch 8.5. The AMLCO has many

responsibilities, the most important beingdecision making around reporting, both

internally and externally; audit and review

of the AML program; and staff training.11A good AMLCO could save a practice from

criminal prosecution or regulatory action,

save its reputation and ensure its continuedsurvival.

Suspicious matter reportingSuspicious matter reporting (SMR) (s41) is

the most controversial obligation under the

AML Actas it impinges on the duty of clientconfidentiality. The only defence to the SMR

obligation will be claiming legal professional

privilege, not client confidentiality: s242. If

a regulated practice forms a suspicion on

reasonable grounds, a subjective and objec-

tive standard,10 it must report to AUSTRAC

within 24 hours for TF suspicions and three

days for all others: s41(2). Practices will need

to train all relevant staff to be aware of what

is potentially suspicious. Robust systems

are required to get the internal reports to the

Anti-Money Laundering Compliance Officer(AMLCO) for investigation as the reporting

times externally are short. The AMLCO will

need to investigate and record the findings,

whether or not the suspicion was reported.

Fraud surveillanceAlthough not anAML Actobligation, it would

be considered best practice to adopt fraud

surveillance systems, especially to identify

mortgage and power of attorney fraud.

Other obligationsand controlsRecord-keeping requirements

Records of designated services, transactionsand KYC procedures must be kept for seven

years: Pt 10. In the case of KYC records,

this is seven years from the end of the client

relationship: s113(2). Currently, files must

be kept for a minimum of seven years, and

many practices keep files for considerably

longer, so some of these requi rements may

be met with relative ease. Care must be taken

when the client relationship is ongoing.

Records must be kept of the adoption

and retention of the AML/CTF program:

s116. This encompasses the initial RA itself

and ongoing RAs. Under the risk-based

ConclusionA robust AML/CTF program based on a

thorough ML/TF risk assessment and linked

to the current risk management system will

provide an effective method to mitigate the

ML/TF risks reasonably faced by a prac-

tice. It may also help improve overall risk

management.

PADDY OLIVER is a lawyer, management consultantand director of legal risk with SSAMM Management

Consulting. He has worked extensively in the areasof risk management, compliance and anti-money

laundering for both legal and financial services organi-sations in Australia and the UK.

Parts and sections in this article refer to theAnti-Money

Laundering & Counter-Terrorism Financing Act 2006

(Cth) and chapters refer to theAnti-Money Laundering

& Counter-Terrorism Financing Rules 2007 (Cth).

1. This article is a sequel to the authors article Danger

in the laundry: risks for all under money laundering laws

(2008) 82(11) LIJ 62. All opinions expressed are those of

the author and are based on materials publicly available.

2. Practitioners are currently regulated by the Financial

Transactions Reports Act1998 (Cth) (FTRA), requiring

reporting of cash payments over $10,000, and will

continue to be so regulated until theAML Ac tsuper-

sedes the FTRA in relation to practitioners.

3. FATF, Forty Recommendations on Money Laundering,

2003, http://fatf-gafi.org/pdf/40Recs-2003_en.pdf.

4. FATF, Guidance on the Risk Based Approach to AML,

June 2007, para 1.7.

5.It is arguable that practitioners should ac tually know

who the client is before forming a retainer.

6. AUSTRAC Guidance Note, R isk Man age ment and

AML/CTF Programs; AS4360:2004, Risk Management.

7.Department of Foreign Affairs & Trade; US State

Department.

8.Criminal Code Act1995 (Cth), Div 400.

9. PEPs are foreign high-ranking government or military

officials, their family members and close associates.

Names of PEPs and prohibited persons are available

from government and commercial watch lists.

10. AUSTRAC, Public Legal Interpretation No 6 of 2008:

Suspect transactions and suspicious matters, para 56.

11. AUSTRAC Guidance Note, AML /CT F Co mpli ance

Officers, 08/02.

The Holmes ListBARRISTERS OF THE VICTORIAN BAR

Licensed by the Victorian Bar since 1992

Ground Floor,555 Lonsdale Street, MelbournePh 03 9225 6444Fax 03 9225 6464DX 88 MelbourneEmail [email protected] 0417 362 010

LPaul HolmesBarristers Clerk

List

www.holmeslist.com.au

The Holmes List welcomes the following Readers:

ANDREW BARBAYANNISAMY BRENNAN

PaulHolmes_4H_1208.indd 1 3/11/2008 10:19:05 AM

Danger in the Laundry: AML for Lawyers #2

Documents

Transcript of Danger in the Laundry: AML for Lawyers #2