Global efforts to tackle money laundering have just been given a mixed assessment. In April 2022, a report from the Financial Action Task Force (FATF) pointed out that although progress has been made in terms of countries’ compliance with anti-money laundering (AML) rules, many still face significant challenges in taking effective action to mitigate the risks.¹ With criminals constantly finding new ways to launder dirty money, the threat is ever-present and ever-changing, so regulatory requirements must evolve rapidly too. Keeping up can be challenging. As potential gatekeepers to money laundering (due to the varied nature of the services they provide), law firms and other professional services firms are often at the sharp end of meeting fast-moving expectations around AML and client due diligence (CDD). However, the reality is that many struggle to do so. This article looks at why gatekeepers struggle with CDD and how technology is becoming an increasingly important weapon in their arsenal to improve processes and ensure compliance.

Europe has instituted some of the strictest rules in the world. In the UK, for example, if a law firm is found to be involved in money laundering, not only are the lawyers concerned in financial trouble, but they could also be accused of a criminal offence. The UK’s Solicitors Regulation Authority (SRA) enforces a lengthy list of AML obligations on lawyers, including challenging requirements to identify the source of funds and to identify the ultimate beneficial owner (UBO). However, the rules themselves are open to interpretation, and other regulators may take different views on what is required. In the EU, too, where the EU’s AML Directive has come a long way since its inception more than 30 years ago, rules are not necessarily applied uniformly, with some countries still implementing the Fourth AML Directive and others the Fifth. All of which makes it harder for those with international footprints to comply and in many cases, making it necessary to adopt a “highest common denominator” approach.

Closing the Compliance Gaps

However, there are several common areas where gaps in compliance can occur. For instance, not all firms have dedicated, centralised compliance teams tasked with carrying out or coordinating the necessary checks. Sometimes, AML activities are delegated to staff who do not have thorough knowledge of the requirements or what best practice looks like, so checks are not conducted properly. Failing to verify whether documents and other information are coming from a reliable source is a major pitfall. Of course, it is vital that robust due diligence—including risk assessment—is completed before a new client or piece of work is taken on, but that is still too often not the case. The consequences of getting it wrong—from heavy fines to serious reputational damage and criminal sanctions—certainly bear thinking about.

With this in mind, many firms see significant benefit in using smart technologies to beef up their systems and automate risk assessment processes to ensure that risk ratings are always up to date and that compliance activities are as effective and efficient as they can be. These technologies will need to be mapped onto their specific policies, which in turn match the relevant legal requirements and best practice guidelines. They also will need to be plugged into the firms’ internal systems and, as appropriate, into selected third-party systems, such as relevant, trusted external data sources, to facilitate verifiable information sharing and to deliver real-time insights.

Tech tools should be purpose-built for law firm or other professional service firm use. They should be designed to manage the process of onboarding new work, to ensure that all the necessary compliance management processes, such as conflict checking and the generation of client care letters are handled properly at the outset. One of the most important functions of any risk and compliance solution is then to set up monitoring rules that are aligned with the firm’s risk appetite, so that once the initial onboarding checks have been completed, they automatically keep track of any important developments on an ongoing basis. Even with long-standing clients, much can change in a short space of time. For example, they may be taken over by a new owner or start operating in new geographies where exposure to risk may be greater. It is vital that these changes are captured automatically throughout the client, matter or project life cycle; expecting people to keep abreast of changes is both unrealistic and unproductive.

Sophisticated Yet Simple Tools Required

Such solutions necessarily need to be highly sophisticated behind the scenes, but that does not have to mean they are complicated to use. For example, it is important that tools can be configured to meet the firm’s unique requirements and to fit with its organisational structure. However, configuration should be easy to do, with no code required. Solutions should allow users to create and change certain elements with ease to suit their needs, whilst still preserving the IT team’s ability to set and enforce necessary ground rules. Another consideration is whether tools would enable complex procedures to be templated to avoid the need to “reinvent the wheel” each time a process needs to be replicated. Solutions should facilitate collaboration so that compliance systems can be used across the firm—and even extended to clients to access, if required—to maximise connectivity, encourage information sharing, streamline processes and ultimately improve the client experience. They also should provide clear and consistent data visualisation, via reporting tools and dashboards, to give transparency over statuses in real time and create that all-important audit trail.

Data is a critical consideration here. Smart systems must store data in a way that ensures that it is clean, correct, well-protected and verifiable. By housing documents and information in one centralised place, guarded by workflow access permissions, firms can eliminate the risk of having multiple copies of sensitive information, such as photocopies of passports, circulating or accessible to all. This helps meet data protection and privacy obligations, avoids inefficient or inaccurate double data entry and ensures that old versions of documents or out-of-date data cannot be used accidently. Another aspect to all of this is that, handled correctly, data collated during the onboarding process could then be leveraged for wider business purposes. For example, the data could enhance insight about the firm’s experience or expertise in a particular field, thereby turning a threat into a commercial opportunity.

With money laundering now worth billions (if not trillions of dollars) and with the risks being complicated and exacerbated by the emergence of digital currencies and heightened geopolitical tensions, the stakes have never been higher. Leveraging technology is fast becoming a necessity to minimise scope for human error, create consistency in approach and keep up to date with best practice, leaving lawyers and professional services advisers free to focus on the important work in hand, as well as keeping regulators and clients happy in the process.

Daragh McLaughlin, practice group leader for risk and compliance, Intapp, daragh.mclaughlin@intapp.com

Cindy Mundow, sales engineer, Intapp, cindy.mundow@intapp.com

1. “Report on the State of Effectiveness and Compliance with the FATF Standards,” Financial Action Task Force, April 2022, https://www.fatf-gafi.org/publications/fatfgeneral/documents/effectiveness-compliance-standards.html
2. “Money Laundering,” United Nations Office on Drugs and Crime, https://www.unodc.org/unodc/en/money-laundering/overview.html