Regulatory trends and high-profile investigations suggest that law firms should conduct enhanced due diligence background checks on all potential clients as part of standard risk management and compliance protocols.
The U.S. House of Representatives recently passed anti-money laundering legislation that would require law firms (in addition to accountancies, payment service providers, and trust companies) to report suspicious transactions by clients, as banks already must do.
Despite industry push back and arguments by some that the affirmative reporting obligations would negatively impact attorney-client privilege and confidentiality and inappropriately regulate services provided to clients, the legislation appears headed for passage by the U.S. Senate.
The call for scrutiny of perceived loopholes in the Bank Secrecy Act that allow bad actors to launder ill-gotten gains were prompted in part by the Pandora Papers investigation, which identified that certain U.S. and other law firms facilitated tax avoidance through shell companies and trusts by multinational and wealthy individual clients.
Even if the legislation does not become law this time around, the call for scrutiny and potential reputational, regulatory, and other risk for law firms (and others) is not likely to abate. A real-time example is FinCEN’s final rule issued September 29, 2022, that will require most corporations, limited liability companies, and other entities created in or registered to do business in the United States to report information about their beneficial owners — the persons who ultimately own or control the company, to FinCEN.
If they are not already doing so, law firms should conduct enhanced due diligence background checks on all potential clients (and periodic refreshed diligence on existing clients) as part of standard risk management and compliance protocols. Such due diligence should not just include anti-money laundering and sanctions compliance checks, but be broader to mitigate the potential reputational, regulatory, and other risk presented by a contemplated client and assess in advance any likely ramifications should the client relationship become public. Conducting reasonable and robust due diligence on potential clients also bolsters a law firm’s position with any after-the-fact scrutiny from regulators. Depending on the contemplated client’s profile, enhanced due diligence can include both open-source public records research in pertinent jurisdictions as well as human source intelligence gathering on relevant topics.
Indeed, “conducting enhanced due diligence, mandated by legislation or not, is simply good business and legal practice for a law firm. Clients today want to be assured that their law firm is practicing law with the utmost integrity and the highest standards of due diligence to know all of their clients, as well as meeting the challenging legal and regulatory environment in which they and their clients must operate,” notes Eric Young, Guidepost Senior Managing Director and a former Chief Compliance Officer for several large, global financial institutions.
Such enhanced due diligence is standard for public and private U.S. companies on third party intermediaries and the like across the globe. At the moment, it appears the practice is less common among U.S. law firms, although the risks are just as great.