What law firms need to know about the SRA’s new guidance on client risk assessment

_{Nick Morgan, Head of Legal Professionals Sales • November 28 2023}

The Solicitors Regulation Authority (SRA) recently revealed that nearly 30% of law firms audited for their adherence to AML rules in the last year were non-compliant. 

In its Anti-Money Laundering annual report 2022-23, it stated that the main requirements of the 2017 money laundering regulations have been in place for six years and there’s no excuse for firms to be no longer getting the fundamentals right.

This was echoed at the Law Society’s Anti-Money Laundering and Financial Crime Conference 2023, where the SRA noted that law firms are aware of risks but not doing enough to assess them.

As a result, the SRA has issued updated guidance and released a client and matter risk assessment template to help firms accurately identify risk levels and move away from a tick-box approach. Most importantly, it’ll reduce discrepancies between client/matter risk assessments and firm-wide risk considerations. 

In this blog, we’ll break down the SRA’s updated guidance for due diligence and explore how automation and AI can enhance the process by streamlining tasks, reducing workload, and transforming due diligence from routine compliance to a valuable activity.

What is non-compliance?

In the report, the SRA identified three main factors leading to compliance breaches in Anti-Money Laundering (AML) risk assessments and procedures.

• Many firms fail to implement robust AML measures, often due to insufficient attention from senior management.
• Fee earners often receive inadequate training or supervision, contributing to these breaches.
• Firms sometimes have processes that fail to adequately check activities, such as fund receipts or transaction progression, which should ideally be halted until customer due diligence is complete.

Last year, the SRA took enforcement action against 47 firms and individuals, including £137,402 in fines (either levied by the SRA or the Solicitors Disciplinary Tribunal). It submitted 24 suspicious activity reports (SARs) to the National Crime Agency relating to assets totalling more than £75m. 

It highlighted several damaging incidents of non-compliance. 

One case involved failures in following the firm’s prescribed controls and procedures (PCPs), not establishing an appropriate level of risk, and neglecting necessary information on the source of funds and wealth.

Another firm faced multiple violations, including the absence of a firm-wide risk assessment, incorrect declarations made to the SRA regarding this assessment, no independent audit, failure to provide staff with AML training, neglecting client and matter risk assessments, and omitting source of funds and wealth checks.

In a third case, a solicitor was suspended for inadequately performing Customer Due Diligence (CDD), neglecting Enhanced Due Diligence (EDD) where necessary, and being found manifestly incompetent in these processes.

The SRA’s updated guidelines and how AI can help

Reassessing existing clients

A common misconception in client management is assuming that long-term clients pose lower risks. However, familiarity does not equate to safety. Regardless of the duration or nature of a client relationship, compliance requirements persist. Neglecting due diligence for long-standing clients not only undermines regulatory compliance but also exposes your firm to unforeseen risks.

Manual due diligence

Regularly reassessing existing clients for risk requires continuous monitoring and re-evaluation can be labour-intensive and prone to human oversight.

Automated due diligence

Automation through AI can consistently track changes in client profiles, legal standings, and activities, alerting firms to potential risks in real time with greater accuracy.

Onboarding new clients

When onboarding new clients, pay close attention to their motivations for choosing your firm. 

Ask: Does this new client fall within the typical range of clients we serve? More importantly, does their profile align with our firm’s risk appetite? This introspection is key to maintaining a healthy client portfolio. It’s not just about who your clients are, but whether they align with the strategic direction and risk tolerance of the business.

Manual due diligence

Evaluating new clients’ motivations and alignment with a firm’s risk appetite involves subjective judgment and can vary greatly between assessors, leading to inconsistencies.

Automated due diligence: 

Automation through AI provides a comprehensive understanding of the client’s risk profile, enabling firms to make informed decisions based on a more nuanced and detailed assessment of the client’s individual circumstances.

Media screening

Adverse media screening is an important part of due diligence, which involves meticulously evaluating media sources for negative press about clients. It goes beyond skimming headlines to assess source reliability, information relevance, and allegation gravity.

Manual due diligence

Manually searching for and assessing media coverage is time-consuming and often incomplete due to the vast amount of available information. Firms must balance the need for comprehensive media scrutiny with practical constraints in their due diligence processes.

Automated due diligence

Automation through AI can scan and analyse millions of news and media pages to efficiently identify relevant negative coverage, and eliminate the need to sacrifice a thorough approach. 

Geographical considerations

Identifying the residency of clients’ is not enough; awareness of the jurisdictions where laws will apply is crucial. An in-depth review of varying jurisdictions’ laws and practices is required. Each jurisdiction has its unique set of regulations and compliance requirements, making this a resource-intensive task.

Manual due diligence

Understanding the legal and regulatory implications of a client’s location involves extensive research into various jurisdictions — a task that’s both complex and resource-intensive.

Automated due diligence

Automation through AI can rapidly aggregate and analyse jurisdiction-specific legal information, ensuring up-to-date compliance with international laws and regulations.

Scrutinising legal entities and trusts

For entities like trusts and companies, part of due diligence is identifying and understanding their ownership and control structures. This is crucial for grasping the true nature of the entity and any potential risks linked to its ownership and control. It demands close analysis of documents like company records and trust deeds which requires a keen eye for detail.

Manual due diligence

Accessing and interpreting complex legal documents, such as trust deeds and company records, is a detail-oriented and laborious process.

Automated due diligence

Automation through AI can efficiently process and analyse complex documents, extracting and organising key information such as ownership structures and beneficial owners.

Firms must adapt to stay ahead

The SRA’s recent report shows compliance is non-negotiable, and firms must adapt to stay ahead. With nearly 30% of audited firms found non-compliant, it’s evident that traditional methods need revamping. 

The updated guidance on client risk assessment is a valuable playbook for law firms, but sticking with manual due diligence will make it almost impossible to be as compliant as you need to be.

AI and automation transforms due diligence from a burdensome task into a strategic asset. By embracing innovation, law firms can redefine their approach to risk assessment and client management.

With Xapien, firms can stay compliant

Xapien provides comprehensive insights on individuals or organisations, automating due diligence from initial search to summarising information into a final report. 

It scours millions of registries and web pages across the indexed internet, extracting and contextualising data. Gathering information from various sources, including licensed datasets and official registries, Xapien processes diverse formats, using LLMs to produce human-like written summaries. 

Every piece of information is traceable down to the sentence or phrase level, showing the exact source. This traceability ensures that the reports are fully attributable.

Interested in learning more about how Xapien can enhance compliance at your law firm? Fill in the form below to speak with our team.