Using Reliance effectively
Under the SRA’s regulation 39 (R39), solicitors are allowed to rely on customer due diligence (CDD) undertaken by someone else. In practical terms this regulation allows solicitors to make use of the checks carried out by those in other regulated persons such as accountants.
However, there are some considerations which should keep in mind so as to protect you and your firm for regulatory breeches and litigation.
What does Regulation 39 say?
‘You may rely on another person (another regulated individual) who is subject to the MLR (money laundering regulations) or equivalent to carry out CDD (client due diligence), but you remain liable for any failings.’
What this means is that in order to rely on the CDD / know your client (KYC) work carried out by others, solicitors need to be able to satisfy themselves that:
- it has actually been carried out to before commencing work and,
- that it has been done to a sufficient level of detail as required for the matter on which they are advising.
Should there be any failings in the checks carried out, the solicitor who has relied on the work carried out by other party remains liable for any failures, errors or omissions.
In order to ensure that reliance is done appropriately, a requirement exists that ‘to rely on a third party, you must enter into a written agreement with the third party under which they agree to provide copies of any identification and verification data on the customer or its beneficial owner within two working days, and to keep records in accordance with MLRs (money laundering regulations).’
It is not sufficient to assume that CCD has been completed or to take a third party’s word that it has done it. A formal agreement to facilitate the sharing of client information must be in place, which has been approved by the underlying client and the solicitor must review the information provided independently in order to be satisfied that it meets the requirements they have.
What can go wrong?
In theory the need to have explicit approval to rely on the checks carried out by a third party ahead of doing work should be sufficient to protect against commencing work without the relevant approval(s). But this is only part of the picture; it is a fact of life that things at any time and these events can lead to a regulatory breech. These situations can include:
- Unclear communication, resulting in commencing work on the matter before approval and evidence of CDD is received.
- Approval to rely has been received, but the evidence of the CDD has not be reviewed.
- CDD checks performed by the third party aren’t sufficient for the matter in question.
- The underlying client has made false disclosures or concealed information which was not picked up by the checks performed by the third party.
- Agreement to reliance is reached and client data shared but without the underlying client’s knowledge or approval
- Verification of beneficial owner is not completed within 2 working days.
How to protect you and your firm against these issues?
As highlighted above things there are a multitude of things which can go wrong as part of the CDD process and depending on the root cause of the breech the impact of it will vary. Clearly the golden rule of ‘do not assume that the checks have been completed or to the depth needed for you to act’ needs to be applied and proportionality is going to play its part.
It is vital to understand which artifacts have been included in the CDD carried out by the third party and what the findings were. This must be more than just a cursory glance at the artefacts shared, but the need to be comfortable that the information being presented meets the standards of your firm and are of relevant to the matter on which you are advising.
Where gap(s) exist between third party’s standards for KYC and your firm, these will need to be closed in a timely manner before work can commence. Though clearly if it isn’t possible for these gaps to be closed in a timely manner, appropriate steps will need to be taken to manage the situation and to mitigate against any potential breeches and losses.
To be clear the above does not mean a complete re-do of the client checks already performed but it does mean ensuring that all the checks needed for the matter being undertaken have been completed to the right level of detail and in a timely manner. Ideally internal policies the firm have in place for reliance would be the same as those for clients directly onboarded the firm.
How to do we help our clients from these issues occurring in the first place?
Very simply at Green Robin Solutions we work with our clients to ensure that they have the right policies and procedures in place to enable them to rely effectively on the CDD checks being carried out by a third party. This work tends to go beyond just having a policy which everyone in the firm is trained on but also ensuring the right checks and balances are in place.
Our approach involves establishing the current risk exposure and working in a communicative and collaborative way to close these risks in a timely manner whilst ensuring the right attitude to these changes are embedded within the organisation.
Full guidelines are available on the SRA website: [https://www.sra.org.uk/solicitors/guidance/money-laundering-terrorist-financing-transfer-funds-information-payer-regulations-2017/]
Green Robin Solutions works with small to medium businesses helping them to navigate a rapidly changing world. Green Robin Solutions has particular expertise in helping professional services to achieve “Operational Excellence” and an accredited Lexcel consultancy practice.
We offer a no obligation 30-minute consultation to discuss resilience, continuity and disaster planning, and more widely how problem processes within your business can be dealt with.