4 ways to meet AML requirements without the pain

“Really?” He said. “You need to do this again? Just use the pack I gave you last year, it’s all in there.” With that, one of our most valuable clients stood up and left. 

This is madness. I’ve known this man and his business interests for years, he’s been with us since he did his first property development project. And yet, here I am, having to go through the motions of completing CDD on him and all his trusts and business entities every single time we transact. This is infuriating. And such a waste of my time. 

The pain is real

We work with the biggest and smallest of law firms around the globe and this sentiment is the same everywhere. AML pain usually falls into two camps; cost and clarity. The good news is, there are ways to make AML more bearable and easier to on-charge. 

We’ve collated some of our best local advice and combined it with global expertise to help you have a less painful compliance journey.

Costly CDD 

Pain 1: Non-billable hours

This point almost always stems from the fact that most CDD is manual. And the longer it takes, the less billable hours are available. Over the years technology has sprung up to address point issues; EIV, transaction monitoring, document storage. Some of these technologies even integrate with popular Practice Management Software such as Intapp, LEAP or Action Step.

But they don’t get to the root of the problem. Someone (usually a junior) still has to: 

• Chase ID documents
• Find, read and understand company summaries
• Create entity structures
• Chase for more documents
• Identify Ultimate Beneficial Owners (UBOs)
• Query source of wealth or source of funds
• Run PEP and sanction checks
• Chase for even more documents

Only then can the information be analysed and a risk based assessment be completed. We created a calculator for our law firm customers to understand how much CDD is really costing their firms. The numbers aren’t pretty.

This is just the pain for onboarding. Reporting entities must also:

• Provide annual reports (again, finding and collating manual documents for batch reports)
• Prepare files for audit and engage in a lengthy audit process
• File suspicious activity/transaction reports
• Review rector, practice and matter risk assessments
• Conduct firm wide training for frontline staff, compliance teams and the board
• Update policies, procedures and controls and keep on top of the latest in AML regulations and trends.

Painkiller 1  

Here’s what other law firms are doing to minimise non-billable hours:

• Use point technologies to address your greatest pain – EIV, document storage, transaction monitoring etc.
• Create an in-house database of high frequency client information (documents, structures etc) which can be updated only as needed. 
• Split the effort across job roles;
  • juniors or admin staff do the manual chasing and single entity analysis, 
  • mid-level lawyers define and analyse the most complex entities
  • Partners sign-off based on the internal risk appetite
• Partner with an AML solution like First AML who can help you with the admin-heavy part of the AML process, while you keep the risk assessments in-house.

Pain 2: No on-charge ability / unknown costs

This pain is most keenly felt with new clients, when the length of time taken to complete CDD is unknown because their entity structure isn’t clearly defined. Here at First AML the most complex entity in our ecosystem is 54 levels deep and spans 35 countries. Let that sink in.  

The other common complaint is when software vendors charge variable rates. How can you on-charge if you don’t know what the rate will be until after the service is delivered?

Painkiller 2

Here’s what other law firms are doing to address unknown costs:

• Conduct Ongoing CDD (OCDD) only as often as required, it’s a common misconception that proof of identity needs to be updated annually. It doesn’t. It only needs to be completed every three years or when it is triggered depending on your risk based approach.
• Negotiate a fixed fee for each EIV check, lock in volume pricing if possible
• Apportion the cost of software (EIV platform fees, document storage fees, PEP, adverse media and sanction check fees, transaction monitoring fees; the list is long) across the average client base and on-charge at a fixed price
• Utilise Google to conduct initial PEP and adverse media checks. If something unusual comes up, engage your software supplier then (if they’ll allow ad-hoc checks)
• Increase hourly rates by the average percent of time spent on KYC. A lot of small charges add up over time.
• Automate as much as possible via forms and timed emails
• Partner with an AML solution provider, such as First AML, who can help with the admin-heavy part of the AML process, while you keep the risk assessments in-house. 

Cloudy KYC 

Pain 3: Poor guidance

Every law firm is different; different specialities, different client types, different risk attitudes. It’s because of this, that the Department of Internal Affairs (DIA) seems to give opaque guidance. It also doesn’t help that as the regulation has evolved the number of nuances, exemptions and guidelines has proliferated.

A quick count on the Information for Lawyers and Conveyancers page of the DIA site showed 36 guidelines, factsheets and notes. Far too many for the average law firm to read, understand and retain. Let alone when a junior or office admin is expected to do all the legwork and understand the guidance in order to collect and analyse correctly.

It was because of this that we created a Compliance Guide that steps you through requirements and best practice in a clear and concise way. But there are a number of other things you can do to remove the pain.  

Painkiller 3 

Here’s what other law firms are doing to address unclear guidance: 

• Conduct spot checks with registered AML auditors to ensure you’re on track
• Quarterly quality assurance checks internally to review files
• Adopt best practice standard operating procedures, not create your own
• Assign a dedicated compliance officer
• Review their risk assessment and compliance programme regularly
• Get actively involved in  law society events on risk and compliance in order to share best practices
• Attend relevant conferences to learn useful knowledge and understanding of the AML space
• Provide training for your employees. Ensure it has real life examples and impacts such as how lawyers have inadvertently laundered money for overseas entities, and how they get involved in creating complex structures. You could also touch on the higher risk parts of AML.
• And as we mentioned, use our Compliance Guide

Pain 4: Irrelevant templates

Much like pain 3, pain 4 is born from generalised information being given to unique firms and situations. The key with the templates is that they are there only as a guide. They need to be tailored to each firm’s specific risk appetite, clientele and jurisdiction. 

However, it takes someone with deep AML knowledge within the firm to amend these to be relevant, leading back to pain 3.

Painkiller 4

Here’s what other law firms are doing to address irrelevant templates:

• Adopt best practices standard operating procedures
• Assign a dedicated compliance officer
• Review templates regularly
• Provide AML training for your employees.