AML consequences and misconceptions

1. Lost productivity

Although time spent on AML compliance may be regarded – rightly or wrongly - as lost productivity, the impact of an unsatisfactory compliance review by a supervisory authority would have a far greater impact on chargeable time and a small firm’s ability to service its clients. The disruption tends to start before the visit, as the firm realises how ill-prepared it is; the visit itself will be likely to take longer than expected; and a lot of time will be needed following the visit to plan how the firm will remedy the shortcomings, implement those plans, and monitor their progression. The supervisory authority may also categorise the firm as higher risk among its supervised firms, resulting in increased scrutiny, including more frequent supervisory reviews.

2. Regulatory action and financial penalties

Where a firm fails to remedy its shortcomings following an AML compliance visit, a supervisory authority may take disciplinary action. This may happen following any visit at which the AML supervisor’s findings are considered so serious that the failures cannot be remedied in the near future.

But more usually, disciplinary action occurs where a firm has repeated failings or where a firm provides an undertaking to complete a task but fails to undertake that task. A common example of this is where the firm undertakes to perform CDD on all its clients over a period of time, but it transpires that the size of the task means that the firm fails to complete it within the agreed timeframe. Enforcement action must reflect the seriousness of the non-compliance, and the risk of money laundering or terrorist financing going undetected is a serious one. Therefore, non-compliance is likely to have serious financial consequences for a firm.

3. Damaging publicity

In addition to the direct financial impact of enforcement action by an AML supervisor, there may be an indirect impact in the form of loss of fee income. Good regulatory practice includes appropriate transparency, with disciplinary hearings taking place in public and any findings against the respondent being published. If negative publicity comes to the attention of clients, some may no longer wish to be associated with the firm.

4. Impact on clients’ experience

Some accountants fear that clients may dislike (or take offence to) the AML compliance aspect of being onboarded by the firm. It may be argued that the inconvenience to clients is minimal if the AML compliance procedures are undertaken efficiently and there is effective communication with the client.

A more important consideration is the potential impact on all clients if the firm’s AML policies and procedures were found, by its supervisory authority, to be unsatisfactory. In such a case, the firm would be required to remedy the situation in a timely manner and would be expected to report on its progress to the supervisory authority within strict deadlines. Inevitably, that would put a strain on resources and the firm’s ability to meet its clients’ needs and expectations.

5. Criminal conviction under the Proceeds of Crime Act (POCA)

POCA defines various money laundering offenses. It is conceivable that AML non-compliance could be regarded as so egregious that it is tantamount to complicity. A criminal conviction would be accompanied by an appropriate sentence, which may even be custodial.

A conviction in respect of money laundering or terrorist financing would almost certainly result in removal from a professional body and it is likely that HMRC would be unable to approve the person concerned as a principal of an accountancy practice. Thus, a breach of POCA would be likely to end a career in accountancy.

Common misconceptions of firms

When considering the costs of non-compliance, it may be useful to also consider some of the thought processes that result in the failure of firms to pay due regard to AML compliance. Here are some common misconceptions:

“We're too small to be a target for criminals”

In fact, the reverse is true. Smaller firms are likely to appear attractive to those wishing to disguise the proceeds of crime or terrorist financing. They may assume (not unreasonably) that a small firm, with stretched resources, might have weaker compliance procedures with fewer controls. Bear in mind also that criminals are unlikely to launder all the proceeds of a crime through one organisation. A relatively small amount laundered through an accountancy practice may be later combined with other amounts laundered elsewhere so as to avoid unwanted attention.

"Set it and forget it" 

Some firms believe that once they have established their AML policies and procedures, they can turn their full attention to meeting their clients’ needs. But AML compliance is ongoing. The practice evolves, regulations change, new risks emerge, and changes occur in clients and the information the firm gathers about them. Efficient AML compliance requires the firm to deliver effective training to its relevant employees and build ongoing monitoring into each client assignment.

"Electronic checks are enough" 

The use of technology can certainly reap rewards, but it cannot remove the need for vigilance and professional judgement. Electronic ID verification tools are highly valued by many firms. But the firm must be seen to be responsive to the assessed risk and so the client risk assessment must come first. Having gathered information about the client, and assessed the risk, the information on which the firm will rely needs to be verified.

Verification is likely to be of more than just the identification of individuals. It is useful if an electronic ID verification process includes checks to identify someone who may be a politically exposed person or on a sanctions list; otherwise such checks may need to be performed separately. But human judgement is usually needed to suggest that something requires further probing – returning to information gathering, and further verification, before determining the money laundering risk and how to mitigate it.

"All my clients are low risk" 

We would like to think that our clients are trustworthy; but unfortunately, that is not always the case. Accountants usually like to have a cordial relationship with each of their clients, but that can mask the fact that the client sees their accountant as an adviser first, rather than a friend. Each client brings different money laundering risks. These relate not only to the honesty and trustworthiness of the client, but also to their business activities, related parties, sources of funds, supply chains, etc.

"I know my clients personally" 

There is some merit in the claim that a firm has known all its clients for a long time – in some cases since before AML compliance became so important. On that basis, an accountant may be confident that they have, in effect, assessed all their clients as low risk, even though they have not documented that assessment. Unfortunately, such an approach is naïve. The firm’s knowledge of the client is, in fact, likely to be quite superficial. The firm knows what it needs to know to be able to serve the client, but questions relating to a money laundering risk assessment might never have been asked. In particular, the firm may know relatively little about a client’s source of wealth or the supply chain of a client’s business for example.

"I'll sort out the AML stuff later" 

It is a common misconception that a firm will have more time in the future to review it AML compliance policies and procedures that it does currently. In practice, time to do something important must be set aside, as time and resources rarely just present themselves. A common challenge we all face is to prioritise effectively, and it is particularly difficult when we are faced with a task that is important but not urgent (such as an AML compliance review) compared with a task that is urgent but perhaps less important (such as responding to demanding clients).

In addition, a firm that is willing to start working for a new client without completing the due diligence measures first will be in breach of MLR 2017. AML compliance is not optional. A firm that fails to complete its due diligence is not only non-compliant; it might also be working with a client involved (directly of by association) in financial crime.

"We can't work with PEPs or anyone associated with a PEP" 

Many firms believe that discovering someone is a politically exposed person (PEP) means that the firm cannot accept them or their organisation as a client. In fact, MLR 2017 does not prevent a firm from working with a PEP. However, it does require the firm to apply enhanced due diligence measures and ensure that approval has been obtained from senior management for establishing the business relationship. In addition, the due diligence must include adequate measures to establish the source of wealth and source of funds of the PEP and any associated business. The firm must also conduct enhanced ongoing monitoring of the business relationship involving the PEP.

‍