Money laundering and anti-money laundering regulations - Rep...

Learning Outcomes

This article outlines the SARs reporting regime under UK anti-money laundering law, including:

• Relationship between POCA 2002 and the Money Laundering Regulations 2017 (as amended) in imposing duties to identify, assess, and report suspicion of money laundering within legal practice
• Thresholds for “knowledge or suspicion” (and “reasonable grounds” in the regulated sector) triggering internal reporting and external SARs, and distinctions between primary money laundering offences (ss 327–329 POCA) and regulated-sector “failure to disclose” offences (s 330 for employees, s 331 for MLROs)
• Step-by-step SARs process: internal disclosure to the MLRO (nominated officer), quality of information to be provided, MLRO evaluation, and external reporting to the NCA (UKFIU)
• The Defence Against Money Laundering (DAML) regime, including the seven working-day notice period, the 31-day moratorium, possible extensions, and implications for transaction timing
• Legal professional privilege and “privileged circumstances” versus general confidentiality; the crime/fraud exception; and avoidance of tipping off or prejudicing an investigation
• Risk-based approach, including SDD, mandatory EDD (e.g. PEPs, high-risk third countries, complex/unusual transactions), and ongoing monitoring
• Firm-level AML governance duties (appointment and roles of MLCO and MLRO; screening, training, independent audit; record-keeping) and management of client communications during SARs without tipping off
• Practical scenarios (e.g. property transactions, company formations, third‑party funding, crypto-to-fiat flows) and associated red flags, escalation pathways, and DAML requirements

SQE1 Syllabus

For SQE1, you are required to understand reporting obligations under the Suspicious Activity Reports (SARs) regime within UK anti-money laundering law, with a focus on the following syllabus points:

• The Proceeds of Crime Act 2002 (POCA): primary offences (ss 327–329), failure to disclose (s 330, s 331), tipping off (s 333A), and the DAML (consent) defence.
• Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (as amended): risk-based approach, CDD (including SDD and EDD), ongoing monitoring, internal controls, and record‑keeping.
• Recognising suspicious activity and red flags in legal practice, including high-risk products, services, jurisdictions, and client behaviours.
• Internal and external reporting: roles of staff and MLRO, content and quality of SARs, use of DAML, and the statutory timeframes for consent and moratorium.
• Confidentiality, legal professional privilege, and the offences of tipping off and prejudicing an investigation; how to communicate without committing an offence.
• Firm governance: MLCO and MLRO responsibilities, screening, training, independent audit; interaction with wider SRA supervisory expectations.
• Practical application in typical legal instructions (conveyancing, company/trust formation, tax, client account use) and interaction with financial sanctions.

Test Your Knowledge

Attempt these questions before reading this article. If you find some difficult or cannot remember the answers, remember to look more closely at that area during your revision.

1. Under POCA 2002, what triggers the obligation to make a Suspicious Activity Report (SAR)?
2. Who is responsible for submitting a SAR to the National Crime Agency (NCA) in a law firm?
3. What is the offence of 'tipping off' and when might it arise in the context of AML reporting?
4. How does legal professional privilege affect the duty to report suspicious activity?

Introduction

Money laundering is the process of disguising the origins of criminal property to make it appear legitimate. The UK has strict anti-money laundering (AML) laws requiring legal professionals to report knowledge or suspicion of money laundering. The Suspicious Activity Reports (SARs) regime is central to this obligation. Solicitors must understand when and how to report, the role of the Money Laundering Reporting Officer (MLRO), and how to balance reporting duties with client confidentiality.

Key Term: Proceeds of Crime Act 2002 (POCA)
POCA is the primary statute criminalising money laundering and setting out reporting obligations for the regulated sector, including solicitors.

Key Term: Money Laundering Regulations 2017
These regulations require firms to implement risk-based AML controls, including client due diligence and internal reporting procedures.

Key Term: Criminal Property
Any property that constitutes or represents a person’s benefit from criminal conduct, and the alleged offender knows or suspects that it represents such a benefit. It includes money, assets, and rights and can be tangible or intangible.

Key Term: Suspicion
A state of mind more than a fanciful possibility that the relevant facts exist. In the regulated sector, “reasonable grounds” to suspect may suffice for the failure-to-disclose offence.

The Legal Framework: POCA and the Money Laundering Regulations

The main AML legislation in England and Wales is the Proceeds of Crime Act 2002 (POCA), supported by the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (as amended). POCA creates two sets of obligations:

• Primary money laundering offences (apply to anyone): concealing, disguising, converting, transferring, or removing criminal property (s 327); entering into arrangements that enable acquisition, retention, use, or control of criminal property (s 328); and acquiring, using, or possessing criminal property (s 329).
• Regulated sector offences: failure to disclose knowledge or suspicion (or reasonable grounds for suspicion) to the MLRO (s 330 for staff) and failure by the MLRO to make an external disclosure (s 331). There are tipping off offences (s 333A) which prohibit informing a suspect that a SAR has been made or that an investigation is contemplated or underway.

POCA also provides a defence against money laundering (DAML) where a person makes an authorised disclosure and obtains appropriate consent before proceeding with a prohibited act. The Regulations require a risk-based approach, customer due diligence (CDD), ongoing monitoring, training, and record‑keeping.

Key Term: Suspicious Activity
Any transaction or behaviour that gives rise to knowledge or suspicion that money or property may be the proceeds of crime.

Recognising Suspicious Activity

A solicitor must be alert to transactions or conduct that may indicate money laundering. Indicators include:

• Unusual payment methods (e.g. large or rapid “split” payments, crypto-to-fiat conversions, use of cash or unconnected third‑party payers).
• Complex or opaque ownership structures with unclear beneficial ownership or control.
• Reluctance to provide identification or source of funds/wealth, or providing inconsistent or forged documents.
• Transactions lacking commercial rationale, undervalue transfers, repeated “flips” of property or assets, or excessive urgency without explanation.
• Clients based in, or funds routed through, high-risk third countries or secrecy jurisdictions; use of multiple newly created companies or trusts for a single deal.
• Requests to use client account as a banking facility (e.g. pass‑through funds without a legitimate legal service).

Key Term: Money Laundering Reporting Officer (MLRO)
The person in a firm responsible for receiving internal reports of suspicious activity and making external SARs to the NCA.

The SARs Reporting Process

When a solicitor knows or suspects that a person is engaged in money laundering, they must report this as soon as practicable.

Internal Reporting

All staff must report suspicions to the firm’s MLRO (nominated officer). The report should include the who, what, when, where, and why (the grounds for suspicion), attaching relevant documentation (e.g. CDD, transactional documents, communications). Staff should not discuss the matter with anyone else unless authorised by the MLRO, and must not alert the client.

The MLRO evaluates whether the information gives rise to knowledge or suspicion (or reasonable grounds) and whether a POCA disclosure should be made. Even where the MLRO concludes no SAR is needed, the MLRO should record the decision and reasons (including the information considered).

External Reporting

If the MLRO decides that the suspicion is reasonable, they must submit a SAR to the NCA via the secure online portal (UKFIU SAR Online) or other authorised channel. Good‑quality SARs state:

• Full details of the subject(s), associates, beneficial owners and connected accounts/entities.
• The nature of the business relationship and the suspicious activity, including dates, amounts, counterparties, and assets.
• Reasons for suspicion (concise narrative explaining the red flags), plus any imminent actions (e.g. planned completions).
• Any request for DAML consent where the firm wishes to proceed with an otherwise prohibited act.

Clarity and specificity materially improve law enforcement value. Firms may use the UKFIU’s recommended glossary codes where relevant to assist triage.

Key Term: Suspicious Activity Report (SAR)
A formal report submitted to the NCA when there is knowledge or suspicion (or reasonable grounds for suspicion in the regulated sector) of money laundering.

Defence Against Money Laundering (DAML)

If a solicitor seeks to proceed with a transaction that may involve criminal property, they must request a DAML as part of the SAR. The statutory timescales are:

• Notice period: the NCA has seven working days from the working day after receipt of the SAR to refuse consent. If consent is given during this period, the firm can proceed.
• Moratorium period: if consent is refused within the notice period, a 31‑calendar‑day moratorium commences from the day of refusal. During the moratorium, the firm must not proceed with the prohibited act unless subsequently notified of consent. The moratorium can be extended by court order, potentially up to an overall maximum period (extensions must be justified and are not automatic).

If the NCA neither refuses nor grants consent within the notice period, consent is deemed given at the end of the seven working days. A DAML, if granted, is specific to the prohibited act described; material changes may require a fresh DAML.

Key Term: Defence Against Money Laundering (DAML)
A statutory defence obtained by making an authorised disclosure and receiving NCA consent (or deemed consent) before doing an act that would otherwise be a POCA primary offence.

Continuity, client contact, and records

Pending DAML or MLRO decisions, firms must avoid tipping off. Internally, the matter should be restricted to those on a need-to-know basis. Externally, where a client queries a delay, practitioners should use neutral explanations (e.g. “internal compliance checks are ongoing”) without implying that a SAR has been made or that law enforcement is involved. Firms should retain records of internal reports, MLRO decisions, external SARs, and DAML correspondence in line with statutory retention periods and firm policy.

Worked Example 1.4
A conveyancing completion is scheduled for Friday. On Wednesday, you discover the buyer’s deposit originated from a third‑party company in a high‑risk jurisdiction. The client provides scant information. You report to your MLRO, who submits a SAR with a DAML request on Thursday afternoon. Can you complete on Friday if you have not received a response? Answer: No. You must await consent or the expiry of the seven working-day notice period. Completing before consent or deemed consent would risk committing a primary money laundering offence unless another defence applies.

The Risk-Based Approach and Customer Due Diligence

Firms must assess the risk of money laundering they face and apply proportionate controls. This includes governance (MLCO and MLRO appointments), risk assessments, policies, controls and procedures (PCPs), screening of relevant staff, independent audit (where appropriate), training, and the ability to respond to law enforcement enquiries.

Key Term: Risk-Based Approach
A method where AML measures are tailored to the level of risk posed by clients, transactions, and services.

Key Term: Customer Due Diligence (CDD)
The process of identifying the client and verifying identity using reliable, independent sources; understanding ownership/control (including beneficial owners); and the purpose and intended nature of the business relationship.

CDD must be performed:

• When establishing a business relationship.
• For occasional transactions over €15,000, or transfers of funds exceeding €1,000 where applicable.
• When suspicion arises (irrespective of any thresholds).
• If previous identification is inadequate or doubts arise about authenticity.

CDD typically includes identifying and verifying natural persons (photo ID, address verification), and for corporates, obtaining the registered details, governance documents, directors, and beneficial owners (25%+ ownership or control, or those with equivalent control), and verifying them on a risk-sensitive basis. Non-face-to-face onboarding and electronic identity solutions can be used where reliable and independent; additional steps may be necessary based on risk.

Key Term: Simplified Due Diligence (SDD)
A reduced level of CDD that may be applied where a lower risk of money laundering is identified (e.g. certain listed companies, UK public authorities), after documented risk assessment and subject to ongoing monitoring.

Key Term: Enhanced Due Diligence (EDD)
Additional measures applied where higher risk is identified (e.g. PEPs, high‑risk third countries, complex or unusually large transactions), such as obtaining senior management approval, establishing source of funds and source of wealth, and increased ongoing monitoring.

Enhanced due diligence (EDD) is required where:

• The client or counterparty is in a high‑risk third country (as designated).
• The client is a politically exposed person (PEP), a family member of a PEP, or a known close associate of a PEP.
• The client has provided false or stolen ID and the relationship continues.
• Transactions are complex or unusually large, or follow an unusual pattern, or have no obvious economic/legal purpose.
• Any other situation presents higher risk, including non‑face‑to‑face relationships without sufficient mitigations.

When dealing with PEPs, firms must obtain senior management approval to establish or continue the relationship, and take adequate measures to establish source of wealth and source of funds, and apply enhanced ongoing monitoring.

Key Term: Ongoing Monitoring
Scrutinising transactions and activity throughout the relationship to ensure they are consistent with the firm’s knowledge of the client, their business and risk profile; and keeping CDD information up to date.

Key Term: Beneficial Owner
Any individual who ultimately owns or controls the client (generally through ownership of more than 25% of shares or voting rights, or otherwise exercises control), or the person on whose behalf a transaction is conducted.

Key Term: MLCO
The Money Laundering Compliance Officer oversees the firm’s compliance with the Regulations (e.g. risk assessment, PCPs, training, audit). In smaller firms the MLCO and MLRO roles may be performed by the same individual if appropriate.

Record-keeping is critical: firms must retain evidence of CDD and sufficient records to reconstruct transactions for at least five years after the end of the relationship or completion of the occasional transaction.

Confidentiality, Legal Professional Privilege, and Tipping Off

Solicitors owe a duty of confidentiality to their clients, but this is overridden where disclosure is required or permitted by law (e.g. authorised disclosures under POCA).

Key Term: Legal Professional Privilege (LPP)
A protection that exempts certain communications between a lawyer and client from disclosure, notably for legal advice or litigation; it does not apply where communications are made with the intention of furthering a crime or fraud.

Key Term: Tipping Off
The offence of informing a client or third party that a SAR has been made or that an investigation is contemplated or underway, where this is likely to prejudice the investigation.

Privilege may excuse making a disclosure if the information was received in privileged circumstances. However, privilege does not cover communications intended to further a crime. If a SAR is made, the firm must not disclose this fact to the client or do anything likely to prejudice an investigation. Neutral explanations and case‑appropriate stalling mechanisms may be used. There is also a separate offence of prejudicing an investigation in certain circumstances; in practice, keep strictly to non‑disclosure of the SAR and any law enforcement engagement.

Worked Example 1.1

A solicitor is instructed to transfer funds for a client who is evasive about the source of the money. The solicitor suspects the funds may be criminal property and reports this to the MLRO. The MLRO submits a SAR to the NCA. The client later asks why the transaction is delayed. Can the solicitor explain the reason?

Answer:
No. Informing the client that a SAR has been made would likely constitute tipping off, which is a criminal offence under POCA.

Worked Example 1.2

A client refuses to provide identification documents for a property purchase. The solicitor cannot verify the client's identity and suspects money laundering. What should the solicitor do?

Answer:
The solicitor should not proceed with the transaction, must report the suspicion to the MLRO, and may need to terminate the client relationship if CDD cannot be completed.

Worked Example 1.3

A solicitor receives information from a client in the course of seeking legal advice about a past transaction. The client admits to tax evasion. Is the solicitor required to report this?

Answer:
If the information is received in privileged circumstances (for the purpose of legal advice, not to further a crime), legal professional privilege may apply and the solicitor may be excused from reporting.

Worked Example 1.4

An employee files an internal report to the MLRO. The MLRO concludes there is insufficient basis to file a SAR. The employee still believes the threshold is met. What should the employee do?

Answer:
The employee retains a personal duty under s 330 in the regulated sector. They should raise the concern again with the MLRO, providing any additional detail. If disagreement persists and the employee reasonably believes the MLRO’s decision is wrong, the employee can consider making their own external disclosure to the NCA. The firm should have a clear escalation policy for such cases.

Worked Example 1.5

You advised a client in contentious proceedings. During a meeting the client proposes to pay a third party cash “to make a problem go away” and asks you to route the cash via client account. You suspect bribery and money laundering. Does privilege protect you from reporting?

Answer:
No. Communications intended to further a crime are not privileged. You should not facilitate the payment, must refuse to use client account as a banking facility, and should report suspicious activity to your MLRO for potential SAR and DAML.

Practical Application: Common Scenarios

Solicitors must be vigilant for red flags, such as:

• Clients using offshore companies or trust structures without a clear business purpose, or with nominee shareholders/operators who cannot explain their role.
• Requests to route monies through client account without a genuine legitimate legal service, or to return funds to an unconnected third party.
• Unexplained wealth (e.g. high-value property purchase by a newly incorporated entity with no trading history), or funds said to be “from crypto gains” with no audit trail.
• Rapid sequential property transactions at increasing values, sales at undervalue, or frequent changes in beneficial ownership without economic purpose.
• Excessive secrecy or urgency, and a reluctance to provide source of funds/wealth evidence proportionate to risk.

If red flags arise:

• Pause the matter pending clarification; verify the client’s identity, beneficial owners, and sources of funds/wealth on a risk‑sensitive basis.
• Report internally to the MLRO if suspicion is formed; seek DAML where a prohibited act would otherwise occur.
• Record decisions and reasons; ensure ongoing monitoring and refresh due diligence as needed.

Exam Warning Failing to report suspicion of money laundering, or tipping off a client, are criminal offences under POCA. For SQE1, be able to identify when a report is required and the correct procedure, including DAML timescales.

Revision Tip Always document your decision-making process and keep records of internal reports and communications with the MLRO. This is essential for compliance and defence if challenged.

Key Point Checklist

This article has covered the following key knowledge points:

• POCA creates primary money laundering offences (ss 327–329) and regulated-sector reporting offences (s 330 for employees, s 331 for MLROs) and tipping off (s 333A).
• The reporting threshold is knowledge or suspicion; in the regulated sector, reasonable grounds to suspect may suffice to trigger the duty to disclose.
• Staff must report suspicions to the MLRO promptly; the MLRO evaluates and, where appropriate, files a SAR with the NCA (UKFIU).
• Where a transaction might otherwise constitute a prohibited act, the MLRO should request a DAML; understand the seven working-day notice period and the 31-day moratorium and the effect of consent (or deemed consent).
• Firms must adopt a risk-based approach, perform CDD (including beneficial ownership), apply SDD or EDD as appropriate, and conduct ongoing monitoring.
• Legal professional privilege may excuse reporting in limited circumstances, but does not apply to communications intended to further a crime; confidentiality yields to statutory disclosures under POCA.
• Tipping off is a criminal offence; client communications must be carefully managed to avoid revealing a SAR or an investigation.
• The MLCO oversees compliance; firms must maintain policies, training, screening, independent audit (where appropriate), and robust record‑keeping.
• Client account must not be used as a banking facility; do not proceed with suspicious transactions absent consent or deemed consent.
• Keep comprehensive records of internal disclosures, MLRO decisions, SARs, and DAML correspondence to evidence compliance.

Key Terms and Concepts

• Proceeds of Crime Act 2002 (POCA)
• Money Laundering Regulations 2017
• Criminal Property
• Suspicion
• Suspicious Activity
• Money Laundering Reporting Officer (MLRO)
• Suspicious Activity Report (SAR)
• Defence Against Money Laundering (DAML)
• Risk-Based Approach
• Customer Due Diligence (CDD)
• Simplified Due Diligence (SDD)
• Enhanced Due Diligence (EDD)
• Ongoing Monitoring
• Beneficial Owner
• MLCO
• Legal Professional Privilege (LPP)
• Tipping Off