Anticorruption advocates and reformers have rightly been paying increased attention to the role of “gatekeepers”—bankers, attorneys, and other corporate service providers—in enabling kleptocrats or other bad actors to hide their assets and launder their wealth through the use of anonymous companies. An encouraging development on this front are the bills currently pending in the U.S. Congress that would require corporate formation agents to verify and file the identity of a registered company’s real (or “beneficial”) owners, and also would extend certain anti-money laundering (AML) rules, particularly those requiring the filing of suspicious activity reports (SARs) with the US Treasury, to these corporate formation agents.
Not everyone is thrilled. The organization legal profession, for example, is crying foul. American Bar Association (ABA) President Hilarie Bass wrote to Congress that the proposed expansion of SAR obligations to corporate formation agents, many of whom are attorneys or law firms, would compromise traditional duties of lawyer-client confidentiality and loyalty. As Matthew pointed out in a prior post, it’s not clear that this assertion is correct, as the proposed bills contain express exemptions for lawyers. But even putting that aside, it’s worth recognizing that applying SAR obligations to attorneys wouldn’t be unprecedented. Many European countries have had similar requirements in place since the early 2000s, when the European Commission issued directive 2001/97/EC, which required states to adopt legislation imposing obligations on non-financial professionals, including lawyers, to file suspicious transaction reports (STRs, essentially another term for SARs). As in the US right now, that aspect of the 2001 EC directive was extremely controversial. One EU Commission Staff Working Document went so far as to say it was “the most controversial element of the Directive” because it represented “a radical change to the principle of confidentiality that the legal profession has traditionally observed.” Some EU states and national bar associations launched an ultimately unsuccessful legal challenge to the requirement that attorneys file STRs, on the grounds that it violated the right of professional secrecy guaranteed by the Charter of Fundamental Rights of the European Union.
Yet in the end, the imposition of the STR obligations on lawyers does not seem to have radically altered the legal profession in Europe. Countries appear to have developed safeguards that preserve the essential aspects of attorney-client confidentiality, even while implementing the EC Directive. Consider, for example, how this all played out in the United Kingdom.
The UK implemented the 2001 EC Directive by passing the Proceeds of Organized Crimes Act (POCA) in 2002. POCA created criminal penalties for certain regulated sectors, most importantly lawyers, who fail to act upon their knowledge or suspicion that their client is engaged in money laundering. It requires lawyers who have those suspicions to file a SAR with the National Crime Agency [see section 330] and to avoid tipping off their client that such a filing has been made [see section 333]. In addition to creating criminal liability for certain regulated sectors, POCA also created a secondary “consent” regime whereby all UK persons, not just lawyers, were required to make disclosures if they were seeking to do anything with property that “benefited from criminal activity” – including corruption — as defined by the specific country where said property might have originated [see section 328]. (A few additional requirements have come into play since the original POCA legislation was passed. The 2007 Money Laundering Regulations, for example, require lawyers to perform customer due diligence and to identify the beneficial owners of corporations and trusts.)
But, like other European countries implementing the EC directive, the UK created some flexibility in the reporting obligation so as to protect certain areas of attorney-client confidentiality. For example, UK lawyers are not obligated to file STRs on the basis of information that would fall under one of the applicable litigation privileges (attorney-client privilege or advice privilege), and lawyers may also have a “reasonable excuse” for non-disclosure in cases where 1) a regulator or enforcement authority is already aware of misconduct and no additional informational is available to the lawyer; 2) information is already in the public domain; or 3) the suspected offence occurred outside of the UK and there is “no UK nexus to the suspected criminality.” (The most recent guidance from the Law Society is available here.)
Perhaps we can learn something about the kinds of objections the ABA is now raising in the US debate from the UK’s over 15 years of experience with POCA. Did POCA undermine the traditional duties that lawyers owe to their clients, as many feared, or were the safeguards adequate to protect those duties while at the same time helping to combat money laundering? Having spoken to lawyers at three law firms whose work closely intersects with POCA, there seems to be a general consensus that no, POCA did not undermine the traditional duties lawyers owe to their clients for three reasons:
- First, the areas of attorney-client confidentiality that POCA preserves are significant, and largely sufficient. According to one lawyer I spoke with who oversees risk management for her firm, “we’re very rarely in a situation where we can’t claim privilege.” While lawyers must frequently make disclosures under POCA’s second “consent” regime, as when a client buys something abroad that might have benefited from a prior criminal action in that country, that disclosure activity is one that lawyers do with their clients, not in secret without their knowledge.
- Second, there’s been a culture shift in how British lawyers conceive of their responsibility. Another lawyer I spoke with emphasized how, while everyone was initially up in arms about POCA, there is now more rhetoric that lawyers need to act with broader public interests in mind. As she phrased it, “the ‘greater good’ argument has taken over the principle argument.” While it might seem inconceivable that a profession’s culture could shift so significantly in a short period of time, the difference, she explained, was largely spurred by new laws around terrorist financing: the 2000 Terrorist Act, the 2016 Criminal Finances Bill, etc. While these laws are separate from POCA, they changed the conversation.
- Third, clients are generally instinctive about their lawyers’ ethical limits, regardless of how informed they are about POCA specifically. As one lawyer put it, if you “want to do dodgy thing” then you go to “dodgy lawyer.” You don’t need to know the requirements of POCA, or even that it exists, to sense there is generally a “trigger point.”
Nonetheless, the fact that POCA is not seen to be catastrophic is not to say that POCA does not still cause some headaches, both for clients and for lawyers. For example, while section 330 adopts an objective negligence standard, there’s some ambiguity regarding exactly when negligence attaches. The law says that you must file a SAR if you “know or suspect” someone has engaged in money laundering or if you have “reasonable grounds” for suspicion. But do “reasonable grounds” refer to those suspicions you have after having been made aware of something – whether by reading a document or having a conversation – or do they refer to those suspicions that you could have had if you had made yourself aware, e.g. by reading a file you didn’t read choose to read. For one lawyer I talked to, the law seemed to create this latter, broader standard, which he found highly problematic. Linguistic challenges aside, another lawyer suggested that it can be practically challenging to file an SAR without “tipping off” your client that you’ve done so, something POCA explicitly forbids. After all, “what would you think if your lawyer just stopped responding to your messages?” Yet this is what many lawyers must do while they wait to get a green light from the National Crime Agency to continue serving a particular client.
Yet despite these shortcomings, it seems that most UK lawyers have generally abandoned their in-principle objection to POCA’s imposition of reporting requirements on lawyers. And the UK is not alone: Across Europe, the legal objections to such requirements seem to have fallen away ever since the European Court of Justice concluded that the substantive basis for having secrecy (i.e. the ability to get independent legal advice) was not curtailed by the EC’s 2001 directive.
After years of inaction, it looks as if the U.S. Congress might finally be taking action to curtail money laundering by stopping the proliferation of anonymous companies. The ABA should not be afraid that imposing greater obligations on lawyers will change the profession. The American legal profession should instead look to the experience of other countries, with similar legal cultures and traditions, and ask: How might these obligations work? And what protections should they entail? The Law Society of England and Wales has since compiled resources to help lawyers comply with UK AML legislation and started a “Practice Advice Service,” which is essentially a hotline for lawyers with AML queries. There is no reason why the ABA could not do the same.