Client due diligence is not a novel concept. Referred to as “CDD,” most lawyers undertake CDD to confirm clients’ ability to pay fees charged by their lawyers and to determine the absence of ethical conflicts of interest. But should lawyers undertake or, more precisely, must lawyers be required to undertake a risk-based analysis to determine whether their clients present a risk of money laundering or terrorist financing?
This is not an academic question. On May 23, 2013, the ABA Standing Committee on Ethics and Professional Responsibility (“ABA Ethics Committee”) issued a formal opinion discussing a lawyer’s ethical obligations to fight money laundering and terrorist financing, including the interaction of the Model Rules of Professional Conduct (“Model Rules”) and the ABA’s Voluntary Good Practices Guidance to Detect and Combat Money Laundering and Terrorist Financing (“Good Practices Guidance”). This article will discuss the domestic and international backstory that gave rise to the opinion, analyze the opinion, and suggest how practitioners can heed the important advice given in the opinion.
FATF and the Forty Recommendations
Nearly a quarter century ago, in 1989, the major industrialized nations of the world formed an international body to develop and promote national and international policies to combat money laundering and, later, terrorist financing. Known as the Financial Action Task Force (FATF), FATF is a global standard-setting organization for anti-money laundering (AML) and counter-terrorist financing (known as “CFT” and not “CTF”) policies. Member countries, including the United States, strive to comply with FATF’s “Forty Recommendations,” which represent a comprehensive action plan to combat money laundering and terrorist financing. FATF initially adopted the Forty Recommendations in 1990, and they have undergone several revisions since their original adoption. Most recently, in 2012, the Forty Recommendations underwent a significant overhaul. See FATF, International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation—The FATF Recommendations, www.fatf-gafi.org/media/fatf/documents/ recommendations/pdfs/FATF_ Recommendations.pdf.
Part D of the current version of the Forty Recommendations, which focuses on preventive measures, is of significant interest to the legal profession. Recommendation 10 deals with customer due diligence (or CDD in the context of a client, not customer, relationship), Recommendation 20 deals with the reporting of suspicious transactions (the so-called “suspicious transaction reporting” (STR) requirement), and Recommendation 21 addresses the no-tipping-off (NTO) concept. Under the STR requirement, if a financial institution “suspects or has reasonable grounds to suspect that funds are the proceeds of a criminal activity, or are related to terrorist financing,” the financial institution must report its suspicions to a “financial intelligence unit,” which is most typically a governmental law enforcement entity. The NTO concept prohibits the financial institution from disclosing to its customer (or client) that it has filed an STR against the customer (or client).
Recommendations 22 and 23 deal with “designated non-financial businesses and professions” (DNFBPs), which include lawyers, accountants, and trust and company service providers. These provisions obligate FATF member states to impose many of the CDD and record-keeping requirements that apply to financial institutions to DNFBPs. In essence, DNFBPs, including lawyers, are treated on the same plane as financial institutions.
Part E of the Forty Recommendations is also of particular interest to the legal profession because it addresses transparency and beneficial ownership of legal persons and arrangements. Beneficial ownership issues, particularly in the context of formation of legal entities, have been the focus of intense interest at the FATF and on the U.S. federal legislative level for more than a decade.
The Gatekeeper Initiative
The ongoing effort by governments to fight money laundering and terrorist financing is not a solitary campaign. Recognizing that certain professions serve as “gatekeepers” to the international financial system by providing services that facilitate financial transactions, the G8 Finance Ministers adopted a communiqué at a meeting in Moscow in 1999 that sought to enlist these professionals in the global fight against money laundering and terrorist financing. Known as the Moscow Communiqué, this policy statement asked countries to consider various means to address money laundering through the efforts of professional gatekeepers of the international financial system, including lawyers, accountants, company formation agents, and others. This effort is known as the “Gatekeeper Initiative.” Lawyers, in their capacity as DNFBPs, are viewed as important gatekeepers to the world’s financial system.
The Risk-Based Approach
Financial institutions are required to employ a risk-based approach (RBA) to determine whether a customer presents a risk of money laundering or terrorist financing. See FATF Recommendation 10 and Interpretive Notes. The RBA is grounded in the premise that the limited resources (both governmental and private sector) available to combat money laundering and terrorist financing should be used and allocated in the most efficient manner possible so that the sources of the greatest risks receive the most attention. The RBA is intended to ensure that measures to prevent or mitigate money laundering and terrorist financing are commensurate with the risks identified, thereby facilitating an efficient allocation of this limited pool of resources. By contrast, a “rules-based” approach ignores risk and mechanically applies the governing standards in an across-the-board, box-ticking manner.
The proportionate nature of the RBA means that higher risk areas should be subject to enhanced risk-based procedures, such as enhanced CDD and enhanced transaction monitoring. By contrast, simplified, modified, or reduced risk management procedures may apply in lower risk areas. An effective RBA involves identifying and categorizing money laundering and terrorist financing risks and establishing reasonable controls based on the risks identified.
FATF’s Lawyer Guidance and
ABA’s Good Practices Guidance
FATF has been active in developing risk-based guidance for financial institutions and DNFBPs, including legal professionals. In June 2007, FATF adopted risk-based guidance for financial institutions. In October 2008, after intensive negotiations between the worldwide legal profession and FATF, FATF adopted the “RBA for Legal Professionals” (“Lawyer Guidance”) at its plenary in Rio de Janeiro. Guidance for each of the other DNFBP sectors was published separately in 2008. The Lawyer Guidance is a complex document that addresses different audiences (for example, private sector and public authorities), undertakes to identify the AML and CFT issues specific to the legal profession, and outlines the risk factors that lawyers need to consider in developing a risk-based system.
Development of Good Practices Guidance
The Lawyer Guidance, self-styled as “high level guidance,” is of little usefulness to U.S. lawyers. The risk factors lack elaboration, the Lawyer Guidance itself is laced with often impenetrable jargon, and no practical insights are offered into the application of the risk factors to real life CDD scenarios. In light of these shortcomings, and taking a cue from the Lawyer Guidance suggesting that the legal profession develop good practices guidance, the American Bar Association’s Task Force on Gatekeeper Regulation and the Profession (“Gatekeeper Task Force”) and representatives from other ABA sections and specialty bar associations collaborated to develop a document known as the Good Practices Guidance, www.americanbar.org/content/dam/aba/publishing/criminal_justice_section_newsletter/crimjust_taskforce_gtfgoodpractices guidance.authcheckdam.pdf.
Dated April 23, 2010, the Good Practices Guidance is designed to implement the Lawyer Guidance by providing practical and understandable guidance to the legal profession for the development of an RBA to CDD. The goal of the Good Practices Guidance is to assist members of the legal profession in the United States to design and implement an effective RBA consistent with the broad contours of the Lawyer Guidance. The ABA House of Delegates, the policy-making body of the ABA, endorsed the Good Practices Guidance as official ABA policy at the 2010 Annual Meeting in San Francisco.
The ABA Ethics Committee Opinion
On May 23, 2013, nearly three years after the ABA’s adoption of the Good Practices Guidance, the ABA Ethics Committee issued its first formal opinion on issues arising out of the Gatekeeper Initiative. See ABA Formal Opinion 463, www.americanbar.org/content/dam/aba/administrative/ professional_responsibility/formal_opinion_463.authcheckdam.pdf (the “Opinion”). The Opinion is important both for what it says, and for what it does not say. In essence, the Opinion harmonizes the Good Practices Guidance and the Model Rules by concluding that the Good Practices Guidance is consistent with ethical principles, including loyalty and confidentiality. The Opinion states that lawyers should adopt client intake and monitoring procedures, such as risk-based control measures, that are designed to ensure that lawyers do not unwittingly engage in providing legal services that facilitate money laundering or terrorist financing. By implementing these procedures, lawyers can thus avoid aiding money laundering and terrorist financing activities in a manner consistent with the Model Rules.
The Model Rules contain thin gruel for those searching for detailed guidance on the ethical dimensions for client intake and ongoing monitoring procedures. The Model Rules do not discuss whether a lawyer should evaluate a client—potential or actual—specifically for the risk of money laundering or terrorist financing. Despite the absence of a Model Rule on point but relying on a 1981 informal opinion by the ABA Ethics Committee, the ABA Ethics Committee states that “[i]t would be prudent for lawyers to undertake [CDD] in appropriate circumstances to avoid facilitating illegal activity or being drawn unwittingly into a criminal activity.”
The Opinion makes clear that the Model Rules do not mandate that a lawyer perform a gatekeeper role in deterring his clients from engaging in wrongdoing. In that regard, the Opinion notes that a mandatory STR obligation (which, in the United States, is referred to as a “suspicious activity report”) would run afoul of Model Rules 1.6 (Confidentiality of Information) and 1.18 (Duties to Prospective Clients) and that the NTO rule would violate a lawyer’s ethical obligations under Model Rule 1.4(a)(5) (Communication). Indeed, as the Opinion notes, the Model Rules do not permit a lawyer to engage in the reporting (that is, STR) that a gatekeeper role could entail. For over a decade, the ABA House of Delegates has opposed any law or regulation, such as a mandatory STR obligation, that would compel lawyers to disclose confidential information to government officials or otherwise compromise the lawyer-client relationship or the independence of the bar. ABA House of Delegates Resolution 104 (Feb. 2003).
The Opinion underscores the fundamental point in the Model Rules that a lawyer cannot knowingly counsel or assist a client to commit a crime or fraud. Model Rule 1.2(d). To comply with this obligation, the ABA Ethics Committee states that the “essential prerequisites” for accepting a new matter or continuing a representation are an “appropriate assessment of the client and the client’s objectives, and the means for obtaining those objectives.” The Opinion suggests that in certain circumstances a lawyer can avoid the risk of the lawyer engaging in unlawful conduct by checking the client’s identity internally within the firm against the Specially Designated Nationals (SDN) List, which is a public list maintained by the U.S. Treasury Department’s Office of Foreign Assets Control of those individuals or entities with whom it is illegal to do business (including providing certain types of legal services). The Good Practices Guidance specifically suggests that lawyers check the SDN List as part of their standard CDD and client intake protocol. Good Practices, supra, at 7.
The Opinion essentially observes that a lawyer cannot, consistent with the Model Rules, engage in willful blindness in performing legal services in suspect situations. Based on the lawyer’s ethical obligation to act competently under Model Rule 1.1, a lawyer may have a duty, based on the then-available facts, to inquire whether the legal services to be performed will abet fraudulent or criminal conduct. For example, if a prospective client domiciled in Nevada seeks a Minnesota-based lawyer to assist in the acquisition of real property located in New Hampshire with an entity created under Idaho law by using funds that are claimed to have been derived from gambling successes at a New Jersey casino, the lawyer may have an obligation to inquire into these facts to ensure that the lawyer’s services are not being used to facilitate criminal activity. Application of the RBA contained in the Good Practices Guidance should provide meaningful assistance to the lawyer in evaluating whether to accept this engagement.
The Opinion discusses the point that “[t]he level of appropriate CDD varies depending on the risk profile of the client, the country or geographic area of origin, or the legal services involved.” Opinion, supra, at 3 (footnote omitted). The Good Practices Guidance elaborates on these risk factors by identifying the three major risk categories for legal engagements: country/geographic risk, client risk, and service risk. Good Practices, supra, at 15–28. Lawyers need to determine their exposure to each of these risk categories. The relative weight to be given to each risk category in assessing the overall risk of money laundering and terrorist financing will vary from one lawyer or firm to another because of the size, sophistication, location, and nature and scope of services offered by the lawyer or the firm. Based on their individual practices and judgments, lawyers will need to assess independently the weight to be given to each risk factor. These risk factors are subject to variables that may increase or decrease the perceived risk posed by a particular client or type of work.
Once a lawyer performs CDD based on the factors identified within the three major risk categories described above, the lawyer needs to take into account a number of risk variables. These risk variables may either require the lawyer to perform enhanced due diligence or lead the lawyer to conclude that standard CDD can be reduced. The risk variables include the nature of the client relationship and the client’s need for the lawyer to provide certain legal services, the level of regulation or other oversight or governance regime to which a client is subject, the reputation and publicly available information about a client, the regularity and duration of the relationship, and the proportionality between the magnitude or volume and longevity of the client’s business and its use of the lawyer for its legal requirements, including the nature of the professional services sought. Id. at 28–30.
Applying an RBA at the client intake stage is important, but equally important is monitoring the client relationship by reference to the RBA. Model Rule 1.16(b)(2) permits a lawyer to withdraw from representing a client if “the client persists in a course of action involving the lawyer’s services that the lawyer reasonably believes is criminal or fraudulent[.]” The lawyer does not need hard evidence that the client is engaged in criminal or fraudulent activities, but if “the lawyer has reason to believe that the client is engaging, or plans to engage, in such improper activities,” the lawyer has a right to terminate the client relationship. Opinion, supra, at 3.
Finally, the Opinion states that lawyers should be “conversant with the risk-based measures and controls for clients and legal matters with an identified risk profile and use them for guidance as they develop their own client intake and ongoing client monitoring processes.” Opinion, supra, at 4. The Opinion recognizes that the Good Practices Guidance is relevant to CDD and that lawyers need to understand it so that they can discharge their ethical obligations. To that end, lawyers should implement risk-based measures for their client intake and ongoing client monitoring processes, and Appendix A of the Good Practices Guidance is an excellent starting point for developing these protocols.
The Opinion is a welcome addition to the imperative that lawyers need to understand and embrace the RBA in their client intake processes and, thereafter, the ongoing monitoring of clients to ensure that the legal services are not being used to facilitate criminal conduct. The Good Practices Guidance is consistent with the Model Rules and a lawyer’s ethical obligations. Lawyers should thus heed the suggestions in the Opinion by voluntarily implementing these risk-based processes before federal legislation mandates CDD—a prospect that should send shivers throughout the legal profession.