Mishcon de Reya fined $316K for AML failings

According to the SRA’s agreement with Mishcon, reached Dec. 20, the firm “carried out work for two individual clients and corporate vehicles connected with the same two individual clients. This work related to a non-SRA regulatory investigation, asset planning for one of the individuals, and the initial stages of the proposed acquisition of two separate entities (and the onward sale of one of them).”

Between September 2015 and April 2017, according to the SRA, Mishcon:

• Seemingly lost a hard copy file of its customer due diligence (CDD) records on the two individual clients;
• Did not obtain a full set of CDD documents relating to one corporate vehicle involved in one of the proposed acquisitions;
• Did not adequately apply enhanced CDD and ongoing monitoring for both proposed acquisitions despite the involved companies being located in high-risk jurisdictions; and
• Did not send a bill of costs, or other written notification of costs incurred, to the relevant entities before two invoices were raised and paid out of monies held in client accounts.

An external investigation commissioned by Mishcon into these matters identified “the former partner at the firm responsible for the relationship with the … clients … had not received mandatory training as required by anti-money laundering regulations,” according to the SRA.

The regulator said it accepted Mishcon’s statement that such training “would usually be provided but was not, owing to a personnel absence. However, there was no contingency plan at the firm for AML training to be implemented if such a personnel absence occurred.”

“To have a high-profile law firm like Mishcon de Reya receiving one of the largest fines the SRA has issued should act as a wake-up call for the legal sector,” said Martin Cheek, managing director of SmartSearch, an online AML services provider.

Property transaction matters

Separately, between September 2017 and October 2018, Mishcon acted in relation to three related property transactions. For each transaction, the firm’s client was a separate special purpose vehicle with the same ultimate beneficial owner, the SRA explained.

While Mishcon secured CDD relating to the ultimate beneficial owner, it admitted it did not secure full CDD for each special purpose vehicle before each relevant transaction took place, the SRA stated. “The firm also did not retain copies of some of the CDD information obtained in relation to the ultimate beneficial owner and in relation to another individual who instructed the firm on a fourth related matter.”

Mishcon further admitted it did not have in place a firmwide risk assessment at the time the SRA requested to see a copy of it in September 2018. An external service provider later prepared that risk assessment, which the firm provided to the SRA in May 2019.

The SRA said Mishcon cooperated with the investigation and “has shown genuine insight into its management of risk and actions during the relevant periods, including by commissioning an external investigation.” The SRA further noted Mishcon, among other measures, “amended its policies and procedures, including introducing and investing in new, more sophisticated IT systems which involve increasingly centralized record-keeping and are, in part, specifically designed to prevent future breaches of the type addressed by this agreement.”

The SRA’s action against Mishcon highlights the difficulties firms face when conducting AML compliance manually, said Cheek, who noted the benefits of utilizing an electronic verification system when managing client information.