In 2015, 11.5 million documents referred to as the Panama Papers were leaked from a Panamanian law firm and revealed widespread global tax evasion involving notable individuals (including FIFA soccer officials and the Icelandic Prime Minister). The scandal brought global scrutiny to money laundering and the role law firms play in assisting such actions. Since then, regulators in the U.S., UK and E.U. have vowed to close up loopholes and enforce stricter anti-money laundering rules on intermediaries including banks and law firms to mitigate the issue. With mainstream media reports about money laundering intensifying, global law firms must take anti-money laundering (AML) compliance not as a suggestion, but as a necessity.
By creating an internal AML compliance program, law firms will be better prepared for a stricter set of industry-specific standards. And given that many firms are not currently prioritizing AML, law firms that do can use their programs as a differentiator to win more corporate client work. Earlier this year, I contributed an article to Law360 highlighting best practices and steps law firms should take during the business intake process to ensure AML compliance and client due diligence (CDD). Here are a few of the key takeaways from that article.
Steps for Mitigating AML and CDD Risks
The first step to satisfying AML and client due-diligence requirements is to create an internal compliance program for your law firm. This program should start by obtaining clearly identifiable information about the potential client and identifying any potential risks.
How the firm obtains clearly identified information depends on whether the prospective client is an individual or legal entity. If the client is an individual, the clearance process starts by acquiring basic information, such as past and present employment background, place and date of birth, and past and current residential address. From there, firms should secure any public court filings on the client as well as tax filings and contact details of their certified public accountant. If the prospect is a company, trust, partnership or other legal entity, there is a different set of information that intake departments must obtain. This information includes:
- the identity of the beneficial owner
- the identity and title of the contact person
- the business’ address and phone numbers
- the billing address (if separate)
- the tax ID number
- the names of officers and directors
If the company is using an agent or other intermediary, it is important to also obtain that person’s name, address and phone number.
From there, the intake team should identify any potential risks the client brings. Focus on two risk types: the potential risk posed by the client and the potential risk posed by the nature of the service to be provided. Red flags for client risk include:
- difficulty identifying the true beneficial ownership of the client entity
- the involvement of financial intermediaries
- the client running a cash-intensive business
Meanwhile, service-based risks are typically around issues like whether the matter involves the buying and selling of real estate, the management of client money, or the management of securities accounts. After obtaining relevant background information about a potential client, the intake team should review a third-party tool that combines multiple country-based watch lists like LexisNexis’s Bridger Insight or Thomson Reuters World-Check. For U.S. clients, firms can search on the Specially Designated Nationals and Blocked Persons (SDN) list, which is maintained by the U.S. Treasury Department through the Office of Foreign Assets Controls (OFAC). The list provides the names of individuals and organizations who are considered to pose a security risk.
Once a firm establishes a formal process for compliance, it must determine who is responsible for performing this function. In general, larger, global law firms require dedicated staff members to manage and enforce the steps to clear a client from an AML / CDD perspective. With a stricter set of industry-specific standards likely to come, firms need to adopt a more serious approach to AML and CDD. Firms that proactively implement an AML compliance program can use it as a key differentiator when marketing their services to prospective clients.