AML Spotlight: Training

For our anti-money laundering (AML) blog series spotlighting key topics, our AML Risk Manager Emma Cairns looks at the requirements and benefits of AML / counter terrorist financing (CTF) training.

Training is crucial for maintaining an effective AML compliance program and ensuring that all partners and staff are equipped to prevent, detect and report money laundering activities.

An essential prerequisite of an effective AML/CTF framework is the development of an effective culture. Embedding the right culture within your practice is the best way to protect business from the AML/CTF-related vulnerabilities it may encounter - and good quality training plays a pivotal role in this.

One of the most important controls in the prevention and detection of AML/CTF is to have partners and staff who are alert to the risks of money laundering, terrorist financing and proliferation financing and well trained in the identification of unusual activities or transactions that may prove to be suspicious.

It is equally as important that they are aware of what to do and the requirements upon them, if they do encounter such circumstances.

Providing adequate partner and staff training is therefore a key factor in defending your practice from becoming inadvertently involved in money laundering or terrorist financing.

R.24 of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs) states a relevant person must take appropriate measures to ensure that its relevant employees and any agents that it uses for the purposes of its business whose work involves compliance with the requirements of the regulations or the identification, mitigation, prevention or detection of the risk of money laundering, terrorist financing or proliferation financing in relation to the relevant person’s business should have appropriate AML/CTF training.

This means that all staff, be it partners, fee-earners or support staff, undertaking work or assisting with work that is in scope of the MLRs must be appropriately trained in AML/CTF. Temporary and contract staff carrying out these functions should also be included in this training. 

Training should be tailored to specific roles and responsibilities of relevant partners and staff. Training will also have maximum impact if it is set to or centred around the specific circumstances or business of your practice.

For example:

• Those working on higher-risk matters, such as conveyancing, should have more in-depth training on how to spot conveyancing ‘red flags’, more so than those providing Trust or Company Service Provider services.
• Those collecting client ID should have more in-depth understanding on spotting false, stolen or tampered with ID.
• Those responsible for conducting and using electronic verification systems must be adequately trained to ensure the validity and accuracy of client data input.
• Those responsible for evaluating and making decisions on sanctions, Politically Exposed Persons (PEPs) or adverse media screening outputs must be adequately trained with regards to what those outputs mean.
• Specific training should be given to employees undertaking an active role in discounting or escalating potential screening matches.

For effective AML/CTF training, relevant partners and staff must be: 

• Made aware of the risks of money laundering, terrorist financing and proliferation financing, the relevant legislation, and their obligations under that legislation.
• Trained in the practice unit’s procedures and in how to recognise and deal with potential money laundering, terrorist financing or proliferation financing transactions or activity.
• Trained in AML/CTF ‘red flags’, risk assessment and an explanation of the risks identified in your Practice Wide Risk Assessment.
• Well informed of the practices’ AML/CTF policies, controls, and procedures, including Client Due Diligence and Enhanced Due Diligence as applied in your practice.
• Able to identify suspicious activity, know the processes for internal reporting and, where necessary, for making a Suspicious Activity Report.
• Knowledgeable of record keeping and data protection requirements.
• Trained on the effective use of any AML-related systems (including discounting/interpretation of results of screening).

Legal Sector Affinity Group (LSAG) guidance s.8.2.1 states:

“While there is no explicit requirement in the Regulations for MLROs or MLCOs to receive training beyond that which should be widespread in a practice (as per R24), a practice should consider whether it is appropriate for MLROs/MLCOs to complete extra training or relevant professional AML-related qualifications in order to competently carry out their duties.

"Particularly with regards MLROs, particular attention should be paid to the technical requirements of making disclosures to the NCA [National Crime Agency] including any and all guidance they issue on submissions. The MLCO and MLRO should both monitor publicly available information on best practice such as thematic reviews by their supervisors and reports relating to enforcement actions.”

The world has evolved and we recognise that training is not always delivered face-to-face. You can utilise various methods, such as:

• In-house or external training seminars or webinars by persons suitably qualified and experienced in AML matters.
• AML-specific online training sessions.
• Review of training materials prepared by the practice.
• Review of the Society's AML-related website materials.
• Completion of recognised industry AML training qualification, including the our AML certification course. Find further details here.
• Signing up to and circulating credible/established AML/CTF newsletters and information.
• Review of relevant website materials and documents published by AML supervisory authorities, the Financial Action Task Force, law enforcement and government.
• Creating “quick guides” for partners and staff.
• Delivering tester training, placing partners and staff in real-life situations to test knowledge.
• Share best and poor practice examples that have been found through internal audit/quality assurance reviews.
• Watching our All Too Familiar CPD video.
• Creating a best practice SARs repository.
• Creating and sharing examples of AML/CTF risks/issues (and outcomes/learnings) that have arisen within the firm.
• Introducing a trainee seat in AML/compliance.
• Allocating and training up AML/CTF Risk Champions within the business, who can be an initial point of contact and advise on AML/CTF issues “on the ground”.
• Initiating MLRO “Drop In” sessions.
• Undertaking 'Lunch and Learn' sessions.
• Attending legal-sector related AML/CTF conferences and events.

It should be noted that a mix of different types and styles of training is the most effective.

• E-learning training modules may be convenient for larger groups within practices and may be useful in combination with other methods. However, this type of training may not be tailored to the practice and does not generally allow for direct interaction and discussion.
• Attendance at conferences and events may be helpful in keeping abreast of the AML landscape. However, its effectiveness is limited to what was discussed or highlighted at the event. Such attendance should be coupled with other forms of training.
• Training provided by individuals who do not have enough experience or are not qualified to do so.
• Standalone training provided to the whole practice once a year, with no additional time reinforcing or refreshing knowledge attained.

AML/CTF should be provided to new employees as soon as practicably possible, ideally as part of their induction process and before undertaking any regulated work.

Partner and staff training should be given at regular and appropriate intervals, both to update on new developments within the AML landscape and to refresh existing knowledge.

Often, more frequent and quick bite-size "chunks” of training may be more effective in communicating such updates – both as they may fit in with busy work schedules and ensure that key updates are circulated at pace and any necessary changes can be implemented  in the context of current clients/matters.

A risk-based approach should be taken to determine how often specific, role-based AML training should take place although, as per LSAG guidance, some form of high-level basic AML awareness or refresher training should be taken annually across all relevant employees.

For example:

• PEP definition change
• The introduction of new High Risk Third Countries
• Proliferation Finance requirements
• When a new Law Society of Scotland Sectoral Risk Assessment is published
• When the new SAR portal was established
• Following any findings relating to internal or external or supervisory audit.

It is also a requirement under r.24(1)(b) to keep a comprehensive written record of training documentation, attendance records, dates of training and results of any assessments carried out.

It is recommended that partner and staff training attendance and results should be a discussion topic at appraisals or performance reviews as a way of enhancing and promoting good “on the ground” AML culture within the practice.

Practices must bear in mind that where there is a change in an employee’s role that carries additional AML/CTF responsibilities or that entails exposure to money laundering vulnerabilities for different reasons, further, specific training would be required.

It is important to keep abreast of regulatory changes within the ever-evolving AML landscape to ensure that training materials are current and that partners and staff are trained using relevant legislation and guidance.

In addition to non-compliance with regulatory requirements and potential censure from your AML/CTF supervisor, by not providing adequate AML/CTF training, practices leave themselves exposed to financial crime that could result in financial losses, civil or criminal penalties and risk to their reputation.

LSAG guidance states: “Employees within the regulated sector who have no knowledge or suspicion of money laundering, even though there were reasonable grounds for suspicion, have a defence if they have not received training from their employers. It does not apply where actual knowledge or suspicion exists. Employers may be prosecuted for a breach of the Regulations if they fail to train staff. This defence is not available to MLROs/Nominated Officers.”

• Our AML toolkit
• Our AML FAQs
• Sectoral AML Risk Assessment
• "All Too Familiar" CPD video
• Guide to GDPR
• LSAG Guidance
• NCA UK Financial Intelligence Unit
• NCA SAR Portal