Internal Regulatory Compliance – Theoretical and practical part

Regulatory compliance, also known as ‘compliance,’ is essential for law firms, to the extent that we are subject to various regulations and standards in both the legal and business spheres. There are also other financial subjects required to comply, as well as certain individuals or legal entities in the exercise of their professional activity. In this regard, in the Principality of Andorra, the regulation governing it is the 14/2017 Law of June 22, on the prevention and combating of money laundering or securities and the financing of terrorism, and in particular it is provided in its second article, which is drafted as follows:

Article 2. Scope of application […]

1. Financially obliged subjects, who are the natural or legal persons that belong to the following categories: a) operational entities of the financial system; b) insurance companies authorized to operate in the life insurance sector; c) insurance brokers, natural or legal persons who, in exchange for remuneration, carry out life insurance mediation activity; d) postal order institutions; e) branches located in Andorra of the obliged subjects indicated in letters a) to d), regardless of where their central administration is located.

2. The following natural or legal persons, in the exercise of their professional activity: a) external accountants, tax advisors, and auditors; b) notaries, lawyers, and members of other independent legal professions, when they participate, acting in the name and on behalf of their client, in any financial or real estate operation, or assisting in the planning or execution of operations on behalf of their client relating to:
• the sale or other acts of disposition of real estate or entities;
• the management of funds, securities, or other assets of the client;
• the opening or management of bank accounts, savings accounts, or securities accounts;
• the organization of the contributions necessary for the creation, operation, or management of companies;
• the creation, operation, or management of trusts, companies, associations, foundations, or similar structures; c) economists, managers, and providers of services to companies, other legal entities, trust legal instruments, and other fiduciary structures; d) real estate agents who carry out activities related to the buying and selling of real estate; e) persons who trade in goods only to the extent that payments are made or received in cash for an amount equal to or greater than 10,000 euros, whether in a single transaction or in several transactions between which there appears to be some sort of connection; f) casinos, both physical and online; g) associations, foundations, and other non-profit entities under the terms established by the first additional provision of this Law.

3. Non-resident natural or legal persons who, through branches or by providing services, meet the conditions established by this Law to be considered as obliged subjects are subject to this Law.

Nevertheless, in the Principality we have the corresponding independent body responsible for promoting and coordinating measures for the detection, prevention, and combat against money laundering or securities, against the financing of terrorism, and against the proliferation of weapons of mass destruction, the UIFAND (Financial Intelligence Unit of Andorra).

Following are some compliance obligations that apply to law firms, as well as some recommended practices:

1. Confidentiality and Data Protection:

As lawyers, we handle confidential information from our clients, making it crucial to ensure confidentiality and to comply with the corresponding data protection regulations: Law 29/2021, of October 28, on the protection of personal data and the Application Regulation of Law 29/2021, of October 28, on the protection of personal data (Decree 367/2022, of September 14, 2022).

2. Prevention of Money Laundering and Terrorist Financing:

Implement policies and procedures for due diligence in the identification of clients and the detection of suspicious transactions, in accordance with national and international laws. According to Law 14/2017, the following specific measures are established:

• Preparation of an IRR (Internal Risk Study), a written document that considers all relevant risk factors and mitigation measures, which must be periodically updated and made available to both workers and the UIFAND (Article 5).
• Apply the corresponding due diligence measures (Article 8), whether simplified (Article 11) or enhanced (Articles 6.2 and 12), which basically are, among others:
  • Client identification
  • Identification of the Beneficial Owner.
  • Assessment and understanding of the nature of the business relationship.
  • Application of monitoring measures.
  • Compliance with obligations regarding Politically
  • Exposed Persons (PEPs).
  • Application of restrictive measures, if appropriate.
• To declare to the UIFAND, on one’s own initiative, any operation or planned operation concerning funds that are known or there are suspicions or reasonable grounds to suspect are the product of criminal activity or related to the financing of terrorism, and to respond promptly to requests for additional information directed by the UIFAND, and to provide UIFAND with all the information required in the exercise of its functions (Article 20).
• Preservation of documentation for 10 years (Article 37).

3. Professional Ethics:

Comply with the professional ethics codes applicable to legal practice. This may include avoiding conflicts of interest and acting with integrity.

4. Prevention of Conflicts of Interest:

Establish processes to identify and manage potential conflicts of interest between the firm’s lawyers and their clients.

5. Tax Compliance:

Comply with local tax obligations, filing tax returns accurately and on time.

6. Risk Management:

Develop and implement a comprehensive risk management program that includes the identification and assessment of legal, financial, and operational risks.

7. Continuous Training:

Provide ongoing training to firm employees on relevant laws and regulations, as well as internal compliance policies.

8. Information Security:

Ensure the security of information by implementing technical and organizational measures to protect the confidentiality, integrity, and availability of data.

9. Internal Procedures and Audits:

Conduct periodic internal audits to assess the effectiveness of compliance controls and to identify and correct potential deficiencies. In particular, Article 40.2 of Law 14/2017 provides for the obligation to designate an Internal Control Body (ICB) in charge of organizing and monitoring compliance with the norms for the prevention of money laundering or securities and terrorist financing and its notification to UIFAND.

Having considered some of the most relevant formal obligations in the field, we proceed to consider their implementation in our country. In this vein, five years ago, and one year after the entry into force of Law 14/2017, specifically on June 11, 2018, UIFAND published an informative note addressed to the sector of lawyers and other legal professionals, since certain obligations in the field of money laundering prevention were not being efficiently met, with examples such as: not identifying the client in depth due to the absence of a KYC document, not classifying clients based on risk, not developing an IRR correctly, not applying sufficient due diligence measures, not applying, reviewing, or updating internal policies, or not documenting in writing the analyses carried out in relation to suspicious operations. Similarly, UIFAND has issued other informative notes of the same nature addressed to the real estate sector, economists, accountants, tax advisors, auditors, administrative managers, and other corporate service providers.

We can thus conclude that it is essential for the obligated entities to adapt our compliance programs to the specific characteristics of the practice and jurisdiction. Moreover, these must be kept up to date at all times in light of changes in legislation and regulations that may affect our compliance obligation. In the case of a law firm like ours, compliance is especially important given the nature of our work involving a high degree of confidentiality and ethical responsibility. In summary, compliance is not only a legal obligation but also essential to maintain integrity, client trust, and avoid adverse legal consequences, so implementing an effective compliance program not only protects the company itself but also contributes to the overall health of the legal system and justice.