Follow the money

Ciara McQuillan sets out the anti-money-laundering/terrorist-financing obligations on solicitors and provides step-by-step guidance in applying them to the client file

In recent years, anti-money-laundering and terrorist-financing (AML/ CTF) has become a pivotal security concern, and solicitors play a crucial role in this battle. 

However, the profession is also vulnerable to being exploited by those individuals and entities looking to launder money, or to finance terrorism. 

The Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (as amended) is the primary legislative framework for combating money-laundering and terrorist-financing in Ireland.

This legislation rendered solicitors “designated persons” and defined certain legal services as AML regulated. It placed an obligation on solicitors to detect and prevent money-laundering and terrorist-financing in respect of those services.

This legislation has been amended on numerous occasions, to incorporate EU directives aimed at harmonising anti-money-laundering practices across the EU. 

To address evolving risk, the Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Act 2021 expanded many existing obligations.

The combined effect of the legislation requires solicitors to carry out client due diligence, monitor transactions, consider the risk of money-laundering or terrorist-financing, maintain records, and report any suspicious activity as a ‘suspicious transaction report’ (STR) to the relevant authorities.

Client risk assessment 

Conducting a thorough client risk assessment (CRA) is the first step in an effective AML process. The ideal time to begin to carry out a CRA is after a client makes an appointment with your firm, but before a consultation.

In a CRA, a wide variety of factors should be considered, including the client’s industry, their geographic location, their background, and whether they operate in high-risk industries or cash-intensive businesses.

The nature of the transaction should also be considered. Is the request for the legal service consistent with the client’s profile? Does the legal service involve large cash transactions, cross-border payments, or complex financial arrangements? These factors generally carry a higher risk.

During the CRA, enquiries should be made and documented regarding the client’s source of funds and source of wealth. It is also an opportunity to consider how funds may enter your client account.

An early discussion with a client regarding the client’s source of funds and wealth presents the opportunity to consider the legitimacy of the funds.

This can help prevent a solicitor being unwittingly used to launder funds or route moneys that could later be used to finance terrorism.

Later in the transaction, you will want to review your CRA to check that the funds you received into your client account are consistent with the client’s earlier instruction.

Detailing how a client plans to finance the proposed transaction assists in identifying the correct level of client due diligence.

The CRA should be reviewed and updated throughout the transaction. Throughout the process, any unusual actions or irregularities should be noted, taking consideration of the earlier risk assessment.

Essentially, the CRA is a living instrument: it evolves and grows with the transaction, and its lifespan should only end with the conclusion of the client’s file. 

Based on all factors considered in the CRA, you will assign a risk level to your clients. Attributing the correct level of risk will help to assign the correct level of client due diligence (CDD) that should be noted on the file.

The risk level may affect the level of CDD. If unsure of the correct level of risk, it is good practice to apply a higher standard. A risk level can be lowered if, on foot of further information, a specific risk has been addressed. 

A crucial part of compliance with AML legislation is documentation, and it is vital to retain your risk assessment, with your documented thought process, on your file.

Client due diligence 

Following that first step, the identity of the client must be verified. If the client is an individual, a copy of their passport or driver’s licence and a proof of address must be retained on file.

In the case of a corporate entity, it will be necessary to identify the correct corporate structure and identify who the beneficial owners behind the corporate entity are.

There is an obligation to apply due diligence to the individuals who exercise effective control of the corporate entity, and these persons must be identified before the business relationship commences.

During your initial CRA, an evaluation of the client and the transaction will have determined the level of CDD required. There are three levels of CDD that may apply: simplified, standard, and enhanced.

Simplified due diligence applies in low-risk situations, where the likelihood of money-laundering or terrorist-financing is minimal. Examples include public bodies in well-regulated sectors or government bodies. 

The client identity is still verified and retained on file, but less frequent monitoring is required. Importantly, the CRA must demonstrate adequate analysis of the lower risk. 

Standard due diligence applies to the vast majority of clients in general. These clients will be individuals or business entities that do not present any elevated risk. 

Client-identity verification follows the same procedure, but the beneficial ownership of a corporate entity must be registered before the start of a business relationship.

Transactions should be monitored for any activity not consistent with the client or transaction profile and, if any significant changes occur, consideration should be given to applying a higher standard of CDD. 

Enhanced due diligence is applied when dealing with high-risk clients or situations where there is an increased risk of money-laundering or terrorist-financing. Factors that may pose an increased risk include clients who are ‘politically exposed persons’, clients from high-risk countries, or transactions involving unusually large sums.

Enhanced due diligence presents a greater risk to the solicitor and is more challenging from a compliance perspective. More detailed and extensive information gathering is required, particularly in relation to the source of funds and wealth.

Client-identity verification follows the same process as the lower levels, but transaction monitoring must be more frequent. The solicitor must also be very alert to potential suspicious activity, and client identity checks must be periodically repeated.

Source of funds and wealth

CDD is much broader than simply verifying a client’s identity. As designated persons, solicitors are required to make reasonable enquiries of their clients to verify the source of funds used to finance the transaction.

It is necessary to verify both the specific origin of the funds being used in the transaction and the legitimacy of these funds. In practical terms, it is necessary to check that the funds lodged to a client account stem from an account that belongs to the client, and not a third party.

This is also important in terms of the obligations for the Solicitors Accounts Regulations.

Regardless of the risk level of the transaction, the legitimacy of all the funds must be established. This is often the most challenging part of CDD in practice.

When considering the legitimacy of the funds, it is important to gather detailed information from a client. If a client presents with a large amount of cash, a solicitor must probe the source.

Documentation verifying the origin of funds or the source of a client’s wealth must be obtained. Bank statements over a period can demonstrate a client’s earnings and savings patterns.

Investment statements, loan agreements, or evidence of property sales can also be used as proofs to demonstrate sources of wealth. Whatever documentation your client presents, it must be analysed and considered in terms of the client’s general profile and the nature of the transaction at hand.

Any unusual activity – for example, large unexplained cash deposits, large international cash transfers, or transfers from high-risk jurisdictions – may require further explanation. In these circumstances, further documentation should be sought and an explanation obtained from the client.

In the event that the source of funds and wealth cannot be explained, it may be necessary to make an STR to the relevant authorities.

Monitor the transaction

The next step in the AML process is important: the continuous monitoring of the transaction, and reviewing a client’s activities to detect any unusual or suspicious activity. Any changes that occur should be considered in terms of the risk assessment. 

Continually monitoring the transaction greatly assists in preventing a client account from being used to launder illicit funds.

Document, document, document

This is perhaps the most overlooked step in the process. Many solicitors engage in the mental process of considering the transaction in terms of AML risk, but fail to document their thought processes sufficiently.

The CRA, CDD, and source of funds or wealth documentation must be retained on file and stored with the file after the close of the matter. To illustrate the application of these steps, refer to the panel below. Don’t hesitate to contact the AML Helpline at AML@lawsociety.ie for any further information.

Ciara McQuillan is financial regulation executive in the Law Society

FOCAL POINT: AN EXAMPLE

Ms Blue calls George’s Court Solicitors to make an appointment to assist in the purchase of a residential property. The receptionist makes an appointment and requests that she brings her ID and a recent household bill with her.

Ms Blue tells the receptionist she has paid a booking deposit for a new build in the area.

Step 1: Initial CRA

George’s Court Solicitors begins by assessing Ms Blue’s risk level. Ms Blue is buying residential property in the area she currently rents in, and resides locally. It initially appears to be a ‘low to medium’ risk. 

Consider all known factors: factors such as the client’s intentions (a residential property purchase), the property type, and the geography are reviewed to ensure no risks are present.

CRA: George’s Court Solicitors records the initial risk assessment and decides that standard CDD should apply, pending Ms Blue’s identification verification and source-of-funds check. 

Step 2: CDD – identification and verification

As part of standard CDD, Ms Blue is requested to provide her passport for identity verification and a recent utility bill as proof of address.

During her first visit, Ms Blue only brings her proof of address (utility bill). Her solicitor reminds her that she must bring her passport or driver’s licence for identity verification before proceeding with the legal matter.

Risk alert: the missing identity document raises a mild-risk alert. The transaction cannot proceed until Ms Blue has her identity verified in compliance with AML requirements.The solicitor informs Ms Blue that they cannot proceed until her identity is verified. 

Step 3: Source of funds 

Payment inquiry: Ms Blue states that she recently paid a booking deposit. The solicitor asks Ms Blue for more details about the funds used to pay the booking deposit. The solicitor also inquires whether she will be using personal savings, a mortgage, or funds from another source to fund the purchase.

Ms Blue is informed that she will need to provide evidence of the funds for the property purchase.

Source of funds/wealth verification: as soon as Ms Blue provides her identity documents, the solicitor will follow up by requesting documentation verifying the source of her funds and wealth.

Bank statements, showing regular savings and earnings, are ideally a good proof that the funds are from a legitimate source.

Step 4: Document everything

George’s Court Solicitors keeps detailed notes of each meeting with Ms Blue, noting the initial request for identity documentation, her partial furnishing of documents, and the reminder for identification documentation.

Risk assessment as a living document: the initial CRA is updated to reflect that Ms Blue has provided proof of address, but still needs fullidentity verification. This ensures that the file reflects a current and accurate risk assessment. 

Step 5: Monitor the risk assessment

George’s Court Solicitors will continue to monitor Ms Blue’s activities throughout the property transaction. Any unusual changes in behaviour, unexpected funds, or foreign transfers could prompt a review and possibly raise her risk level, which in turn could trigger enhanced due diligence.

Completion of CDD: once Ms Blue provides her passport, completes source-of-funds verification, and no suspicious activity arises, George’s Court Solicitors will proceed with the purchase, updating the risk assessment to ensure that it reflects all verified information.

Ms Blue advised her solicitor that she is obtaining a mortgage from Main Street Bank to assist paying for the property. George’s Court Solicitors look at all the information before them and conclude that no enhanced process applies.