AML/CFT and the legal profession – time to get ready
The Anti-Money Laundering and Countering Financing of Terrorism Act that was passed in 2009 was the result of years of work. Dating back to 2003 when government officials first started consulting on the topic, it was always contemplated that, whatever the regime, it would ultimately be extended to capture the legal profession. Yet despite some fourteen years’ lead-in, it seems to be taking many lawyers by surprise.
Undoubtedly, greater clarity is required in certain areas – for example, the timing of due diligence and the practical overlay of professional privilege and how this should be managed – and we are lucky that representative organisations such as ADLS continue to advocate for the profession on these issues. But irrespective of this ongoing dialogue, it seems imperative that members of the profession begin to take real steps to prepare for the regime because fundamentally the primary regulatory obligations were never going to be, and will not be, substantially amended. And most significantly, compliance with those obligations is time-consuming.
I say this with the voice of experience. Some months before the Act took effect in 2013, I became General Counsel and Head of Compliance for a business that was captured as a tranche one reporting entity. Pretty quickly it became apparent that by default I was also to hold the position of AML Compliance Officer and so began my immersion into New Zealand’s new AML/CFT regime. If I could have changed one thing it would have been time. Six to eight months was only enough because several members of the organisation worked day and night and because I focused almost singularly on this one facet of my role. It seems to me this is not tenable for most legal practices, where all staff need to be clocking a percentage of billable hours each day and there simply are not the resources to commit someone to full-time compliance work. So, my advice is – start looking at this now, start preparing now. It is not a matter of waiting for the final draft of the Bill in order to know what you will have to do. The key requirements are already known.
If you practice in the areas of conveyancing, company or business formation and management, fund or asset management or similar, you will likely be captured by the new extended definition of a reporting entity (see clause 5(1) of the Bill for precise definitions). Over the last year, there have been articles about what the law means for lawyers. They usually discuss the nature of money laundering (layering, placement and integration) and how lawyers may be used to facilitate the process, and note that lawyers covered by the Act will need to prepare a risk assessment, appoint an AML Compliance Officer and develop and implement a programme. But what does that mean practically? As a former AML Compliance Officer, I can tell you that it means time and planning. And the starting point is distilling your practice and its current operating practices. The sooner you start this process and draft your Risk Assessment, the better placed you will be to develop a sustainable, compliant programme.
Your Risk Assessment is precisely that, yours. It is not an out-of-the-box assessment that will be the same as the practice down the road. You need to have an assessment that analyses the nature, size and complexity of your practice, your client demographic, your services, the countries with which you do business, the payment channels you use and the institutions with which you deal. These are the details on which you build your risk profile – e.g. practices with a large percentage of offshore or trust clients would obviously have markedly different profiles from practices whose clients are predominately domestic residents. There are common, identifiable risk characteristics for legal practices, but it is up to each reporting entity to assess those using risk-based methodology (i.e. likelihood and consequence) in light of their own practice, to ensure that they put in place effective procedures to minimise risk.
Other practical areas I would encourage practitioners to start thinking about are:
- On-boarding and due diligence processes - If you have a practice where you usually meet your client early on, face-to-face verification may be preferred. However, if you are dealing with overseas clients, you will need to rely on certified documentation or electronic identification verification services. Only you will know what will work best for your practice, but you will need time to assess the options.
- Reporting to the Financial Intellignece Unit - “goAML Web” is the prescribed method reporting entities must use to submit reports, and current reporting entities will tell you that even now the system has its vagaries. There are numerous guidance documents available on the FIU website and they offer training, but again, it takes time to absorb, identify the system you want to use, set it up and train staff. Timing is key.
- AML Compliance Officer - The role carries accountability and the person must report to senior management. You need to think about the appointment.
- Your AML/CFT programme - What policies and procedures will you need? How will you monitor client activity (e.g. alerts or exception reporting may be an option)? How you will exit a client relationship if necessary?
- Governance, training and vetting of staff - How will you keep your Risk Assessment and Programme relevant and up to date, conduct ongoing client due diligence, maintain records, audit for compliance, vet and train staff?
The regime will impact significantly on a large number of practitioners and will require resources, especially time, for lawyers to put in place. The supervisors have to date been proactive in educating and supporting reporting entities to manage their obligations and no doubt will take the same approach with tranche two entities. However, the profession cannot afford to be complacent. There are significant penalties for failure to comply with any of the AML/ CFT requirements, with pecuniary penalties of up to $200,000 in the case of an individual and $2 million for bodies corporate. There are also a number of criminal offences for serious breaches such as failure to report where there were reasonable grounds to be suspect an activity was relevant to investigating or prosecuting a person for a money laundering offence, or knowingly making a false or misleading statement in a suspicious activity or prescribed transaction report. Lawyers could also be subject to additional disciplinary sanctions under the Lawyers and Conveyancers Act 2006.
My advice is not to wait until the Bill’s third reading. There are practical steps that can be taken now to minimise disruption, ensure efficient use of resources and reduce costs.
ADLS has an upcoming CPD event on this topic co-presented by Fiona Hall and barrister Gary Hughes on Wednesday 31 May 2017. Watch out for further details.
As LawNews went to press (on 13 March 2017), the Hon Amy Adams introduced the Bill to Parliament. Any changes to the Bill will be considered in an upcoming edition of LawNews, including the deferral of the commencement date for practitioners.