SRA announces new requirements for firms

Regulated firms will have to provide AML and sanctions data UK regulated firms, the Solicitors Regulation Authority (SRA) is about to contact you with a new requirement for more of your money laundering and sanctions data.

What information are they looking for? Regulated firms will be asked provide information on:

work they carry out within scope of the money laundering, terrorist financing and transfer of funds regulations 2017 (information on the payer).

any contact or involvement they have with the sanctions regime and any persons who are designated under it.

submission of suspicious activity reports to the National Crime Agency.

Firms not involved with one or more of these regimes are still required to submit a nil return.

Take note: The window for responses opens in early August and closes in mid September.

Why are they collecting this data?

The SRA is required by its regulator, the Office for Professional Body Anti-Money Laundering Supervision to take a risk-based approach to supervision. It states that to supervise the legal sector effectively, it needs to have accurate data to see the distribution of risk across the legal profession. This in turn informs its programme of inspections and its guidance.

The SRA further states that collecting this information enables it to determine where the risks lie and how it can better allocate resources. Most importantly, the SRA notes, data needs to be up to date and relevant so its approach can evolve and adapt.

Significantly, the SRA adds that if it decides to publish this data, it will make sure that no one can be identified from what it publishes or shares.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

CLOSE