Client privilege, compliance and the rule of law: Swedish lawyers and money laundering prevention
Can, and will, lawyers police their clients? This article aims to shed light on the private front-line workers of the Financial Action Task Force on money laundering (FATF). The analysis is based on a study of how Swedish lawyers perceive and handle obligations to police clients within FATF style risk-based anti-money laundering/counter terrorism (AML/CTF) regulation. We find that the lawyers were reluctant to taking on the responsibility for AML/CTF, and that their front-line work was directed towards being compliant enough. Relatedly, we identify several practices of separation that serve to mediate between the conflicting aims and interests in the everyday of this form of private policing. Another finding is that the lawyers by and large position themselves as knowledgeable actors, and view risks of AML/CTF as knowable. Nevertheless, lawyers experienced a principle clash between being ‘not banks’, and being front-line workers for FATF. In particular, the lawyers perceived their role as front-line workers to be more complex due to their professional norms and ethics on client privilege, and what they saw as the proper role of lawyers, being in conflict with the obligation to report clients and their transactions. In concluding, we suggest that paying more attention to the everyday experience of front-line workers when devising regulatory tools may be a way to promote engagement in ‘true’ crime prevention on their part.
KeywordsAnti-money laundering FATF Front-line workers Lawyers Private policing The risk-based approach
The regulatory activity to do with surveillance of transnational financial flows deemed potentially suspect in relation to money laundering, has intensified , underscoring an increasing intertwining of regulation and policing . Since its inception in 1989, the Financial Actions Task Force against Money Laundering (FATF) has contributed to this development1. In the late 1980’s drug money laundering of money was considered the major threat to financial institutions . In 2001 FATF issued 40 recommendations that explicitly included the prevention of the financing of terrorism, contributing to securitization of the regulatory field , and promoting the establishment of a ‘risk-security nexus’ (, p. 538). In addition to the extended scope of regulatory ambitions of the FATF, audiences targeted have widened. Initially, FATF was focused on the functioning of banks and other financial institutions. Though these remain main target groups, pressure has increased on ‘designated non-financial businesses and professions (DNFBPs)’  to engage in anti-money laundering and counter terrorism financing (AML/CTF)2. As Tsingou  observes: ‘while most of the public AML discourse refers to countries and criminals, the actors to be found at the forefront of AML activities are, in practice, mostly private.’
In relation to private actors, FATF evokes the idea of a public-private partnership to crime prevention [8, 9, 10]. Put briefly, regulated industries are encouraged to pro-actively prevent crime rather than passively comply with the rules. The FATF recommendations can be considered soft law, but come with a sharp edge. The content of the recommendations is mirrored in hard regulation such as the 3rd and 4th EU Directives [11, 12], and in the next step in national legislation . As Nance  delineates, the FATF can be viewed as a de-facto multilevel regulator relying on national law enforcement to sanction non-compliance, and enrolling a wide range of business actors as agents in its aims to prevent crime and terrorism. In the context of AML/CTF, business actors are attractive as they have access to knowledge about their clients and their affairs that is not available to the regulator or law enforcement. By enrolling private actors, FATF-style regulation attempts to draw on this knowledge, including privileged, to prevent crime.
Relying on business actors as proactive front-line workers in the fight against crime raises several concerns. Business actors are businesses. They do not necessarily follow the intent of the law, but can rather be expected to use regulation to promote their business interests . Several types of business actors do in fact ‘have incentives not to disclose or report crimes and offences’ (, p. 515, emphasis in original). Taking such dis-incentives into consideration, ‘defendable compliance’ , rather than pro-active policing, seems a likely outcome. Research on banks indicate that such compliance is indeed present in the context of AML/CTF [17, 18, 19]. It thus appears that: ‘… there will continue to be a less than virtuous shifting of responsibility between the regulator and the regulated, with the latter merely doing sufficient to proverbially “cover their backs”.’ (, p. 70).
Another concern, is that all business actors are not law abiding. Privileged knowledge may thus be used for sinister purposes. As has been highlighted in research on DNFBPs like accountants and auditors (e.g. [21, 22]), and lawyers (e.g. [23, 24]), some of the actors relied upon to prevent crime may themselves be primary offenders, or may allow themselves to be used by criminals. By way of illustration, Lankhorst and Nelen  discuss how the culpable involvement of lawyers may include their authorizing payments from third party accounts, or their carrying out illicit financial transactions on behalf of criminals. At the same time, it is this very vulnerability that contributes to making professional services providers like lawyers ‘well positioned’  to police and report suspicious clients and suspicious transactions.
This article analyses how one type of private actors, lawyers in law firms, understand and apply AML/CTF risk identification and risk management. In so doing, we aim to shed more light on the private front-line actors of FATF. The role of lawyers as purported front-line workers of FATF, has so far gathered little scholarly interest. Yet, placing lawyers in this role is pertinent as it can be argued that the role of lawyers is more complex than that of e.g. banks. To be sure, as Zacharias  underscores, lawyers are indeed gatekeepers. Yet, obligations of investigating and ultimately reporting clients put that societal role to the test. Client confidence, and privileged information, is at the very core of the services provided by lawyers. From the perspective of the profession, this could be a source of concern and resistance. The strong reactions, and legal actions, of provincial law societies to AML-legislation in Canada illustrates this point . The argument by the European Bar Association  that lawyers, as guardians of the rule of law3, ought to be exempt from the requirement to provide information about clients to competent authorities further illustrates the conflicts of interest and roles. Taken together, these principle concerns could be seen as a disincentive for lawyers to participate in pro-active crime prevention in relation to money laundering and terrorism financing. In summary, we would therefore expect the use of lawyers as front-line actors for FATF to be complex and we therefore probe how they understand and take on that role.
Our analysis is based on an interview study with lawyers in Sweden. Sweden constitutes something of an extreme case in the European context. There is no professional monopoly4 for Swedish lawyers, making the incentive for state regulation smaller than in countries like the UK or Denmark . Moreover, there is a strong tradition of self-regulation of the profession via the Swedish Bar Association. This tradition and relative autonomy vis-a-vis the state is further reflected in the role of the Swedish Bar in AML/CTF governance. In Sweden, it is the Bar that is the designated body monitoring AML/CTF compliance among lawyers. In e.g. the UK, the role of the Bar associations is comparatively weaker .
We pose three main questions in relation to how Swedish lawyers understand and apply FATF-style regulation: First, to what extent do lawyers take on the responsibility for preventing crimes of money laundering and terrorism financing? Second, considering that lawyers – like other regulated private actors – are in fact not the police, how do lawyers know how to assess and manage risks of money laundering and terrorism financing? Our third concern is how lawyers act on identified risks of the crimes concerned.
The article is structured as follows. In the next section, we outline a risk-based approach to AML. This includes a framing of the crimes as risk, and has implications for the allocation of responsibility, as well as views on knowledge, and possibilities for action. Then follows a section on methodology where we describe our interview study with Swedish lawyers. We then discuss the case of lawyers with a view to the position of the Swedish Bar Association, before outlining our findings on the three main research questions. In the final part of the article we discuss our results and conclusions. The overall conclusion is that the lawyers in our case work to protect the business interest of good client relationships, and to uphold professional norms and ethics, while being compliant enough. To that end, they make use of several practices of separation. Moreover, a ‘true’ pro-active crime prevention appears secondary in their use of the risk-based approach, as illustrated by the low incidence of reporting.
Delineating the risk-based approach
Regulation on AML/CTF mixes the ‘repressive approach’ of criminal law with the ‘preventative approach’ of banking law . In terms of prevention, the FATF take on AML further emphasises the uses and merits of the ‘risk based approach’, as underscored in the first of the 40 FATF Recommendations , as well as in subsequent EU Directives [11, 12]. The identification and management of risk as a preventative strategy in AML/CTF can be viewed in light of the growing trend for risk-based regulation across various fields of society (e.g. [35, 36]). This trend reflects a change in how risk is being viewed in Late Modernity, away from ‘the opportunity for gain and more possibility of loss’ (, p. 141). In contemporary society, risk management has become established as a tool for managing all kinds of problems and harms . Risks to be managed range from individual health issues  to threats to national security . FATF’s risk-based approach to AML/CTF is an example of the latter. In the following, we will not attempt to go into all the details of the FATF-recommendations and associated directives and national legislation. Rather, we aim to highlight some generic features of the risk-based approach to AML/CTF, and the partly overlapping implications for the private actors that are to put them into practice. This will then serve to guide our empirical analyses.
Risk-based regulation offers to respect these subjects, to make use of their experience and knowledge, to take their judgments seriously, as useful contributions to rule development and application. Citizens and companies, subjects of the law, are treated like resourceful actors, rather than ignorant children who have to be taught a lesson (, p. 959)
A risk-based approach makes it up to the private actors to decide what is risky and not, and what is reportable. ‘When objects of concern are described in terms of risk, they are placed in a web of expectations about management and actor responsibility’ (, p. 6). It is the actor who decides on the risk assessment and risk management that will end up being held responsible – and blamed . In this way, outsourcing of critical tasks to private actors can be understood as a means to blur boundaries of accountability across sectors, and for the state to avoid blame . A similar argument has been made in relation to AML/CTF, where the risk-based approach is seen as a means to shift responsibility and blame to the private actors . Yet, private actors may not be willing to take on that responsibility. Tulloch and Lupton’s  discuss how ‘… risk knowledges are constantly contested and are subject to disputes and debates over their nature, their control and whom is to blame for their creation’. As outlined in the introduction, private actors have other interests and obligations to safe-guard that may conflict with responsibilities for crime prevention.
A second feature of the risk-based approach is that it presumes that risks are knowable. What was not known before can now be knowable as a risk: ‘Knightian uncertainties become risks when they enter into management systems’ (, p. 5). In principle, then, a risk-based approach implies that private actors have knowledge concerning even those illicit activities that the regulator does not know about – and are knowledgeable even without the special knowledge and skills of law enforcement. Practice is another matter. In practice, risks of money laundering and terrorism financing appear less readily knowable. Banks are well versed in the risk management of their core business endeavours. Nevertheless, previous studies discuss how bank managers complain about not having access to all the relevant knowledge to be able to make fully risk-based decisions on AML/CTF issues . Studies further show how banks resort to further outsourcing of the risk-management tasks to specialised providers when knowledge is lacking [17, 19]. Hence, contrary to the standard template of risk as knowable, these findings rather point to a ‘variance in ways of seeing, believing, managing and discovering’ (, p. 72) risk, and to a lack of knowledge of the crimes to be prevented.
Third, the labelling of a threat or harm as a ‘risk’ calls for action in order to handle or reduce it . FATF’s use of a risk-based approach can thus be seen as an attempt to co-opt private actors into more pro-activity. An ambiguous threat may be difficult to deal with, but established risk management routines and procedures can be applied to a risk. At the same time, an investment in existing or new systems and databases does not ensure proactive crime prevention among the private actors. Rather, previous research indicates that the aim tends to be that of ‘defendable compliance’  as reported by Favarel-Garrigues et al. [17, 19], and Canhoto and Backhouse . This leads us back to the issue of the extent to which private actors really are willing to take on an extended responsibility for crime prevention. In practice, there exist opposing demands and interests that private actors need to handle . Hence, pro-active crime prevention may not win out. For instance, Canhoto  discusses how employees on the ground face demands to be vigilant in AML/CTF, whilst simultaneously having to cater to demands to be sales orientated. Relatedly, AML/CTF efforts may also result in banks getting rid of clients that are not very lucrative in the first place [17, 19].
In the remainder of this article, we will go more in-depth into how the risk-based approach was perceived and acted upon by Swedish lawyers. Before so doing, we will present how and why we have designed and conducted our study.
The rather few studies of how private actors deal with the risk-based approach have focused on banks, where the research by Favarel-Garrigues and colleagues (e.g. [17, 9, 19]) on French Banks constitutes the most comprehensive work to date. By studying lawyers, we expand the empirical basis of the analysis of how private actors serve as front-line actors within FATF-style regulation. The article is based on a qualitative case study that aims to explore how lawyers in Swedish law firms deal with the risk-based approach to AML/CTF in extant regulation. Similar to the heuristic trait of process-tracing [49, 50], we have conducted semi-structured interviews on explorative and descriptive questions on AML/CTF practices and procedures.
A first exploratory interview was held with a senior official at the Swedish Bar Association, to help contextualise our understanding of the role of the Bar as a supervising body, and to get further insights into the position of the Bar on issues of the content of the regulation, and compliance. Next, we turned to interviews with practitioners. We chose to interview informants at two large firms, and at two medium sized firms. In the large firms, we have interviewed two to three partners, as well as designated AML officers and professionals. In the medium sized firms, we have asked to talk to persons involved in managing AML/CTF, including partners and associate lawyers. A reason for this design was that previous studies of banks indicate that engaging in the proposed partnership against crime is costly [10, 18]. We therefore expected large, and resourceful law firms to put more time and effort into their AML/CTF work, for instance by utilizing compliance databases5. This, in turn, could affect what knowledge was used for money laundering vetting purposes, in that standardised knowledge adapted to FATF-style regulation would be more likely to come more to the fore in decision–making and processing of ‘risk’.
A total of 15 key interlocutors in law firms were interviewed. We are aware that the small number puts limitations on generalisability, but our aim was to get more detailed insight into a context that has been largely ignored and thus to privilege getting access to the ‘behind the scenes’ of AML practices among private actors. All but one interview was recorded. One informant declined to be recorded, but agreed to our taking extensive notes. Interviews commenced with general questions on the respondent’s position, role(s), and responsibilities within the firm. We then turned to our main theme on how respondents, and the firm, worked with AML/CTF and the risk-based approach. Here we asked questions around how AML/CTF was conducted in practice, by whom, how the work proceeded (and if in any particular ‘steps’), what support was available, etc. We further probed respondents for possible problems encountered, and how these were (or were not) resolved. We also asked respondents about their views on their own role, and that of lawyers, in AML/CTF6.
The interview data were analysed in two main iterations. First, we sought to capture the AML/CTF process at the law firms, in order to achieve a level of understanding for the what, when and how AML/CTF risks were identified and managed, and the extent to which lawyers complied (or not). In the next round, we read, and listened, to the interviews with the explicit aim to capture sections pertaining to the questions of responsibility, types of knowledge, and actionability, including views on reporting7. These findings are presented below.
The case of lawyers
Providing authorities with the competence to access information on an identity from, amongst others, lawyers would clearly interfere with its principle of legal professional privilege and professional secrecy and should therefore be firmly rejected (CCBE, June 2011, Para. 7).
A free and independent legal profession operating in accordance with sound rules developed by the Advocates themselves is an important part of a society governed by the rule of law and a prerequisite for the protection of individual freedoms and rights. Consequently, an Advocate holds a position of significant responsibility in our society. (, Code of Professional Conduct, para. 1, emphasis in English original).
It’s not that lawyers aren’t knowledgeable about the law, can’t be bothered or such. It’s because of a lot of things, among other things that this is in conflict with rules on confidentiality and so on that have been in place since 1948. And then a new special law that obviously has not considered the rules that exist for lawyers. (Swedish Bar, 1)
Irrespective of these espoused views, the Bar is the designated Supervisory Authority for issues of AML/CTF for lawyers in Sweden. The monitoring of lawyers is thus outside the official remit of the Swedish Financial Services Authority, the agency that supervises9 banks and financial services providers, and acts as coordinator for the supervision of other regulated industries in Sweden. The profession supervises itself, and issues guidance. It can further be noted that, in a report on ‘pro-active supervision’, the Swedish Bar uses the phrase ‘A question of quality and trust, as well as independence and self-regulation’ (, our translation) as the subtitle, emphasizing the primacy of self-regulation, and of professional norms and ethics. This position of the Bar in relation to AML/CTF is further emphasised in the content of its guidance. Here, it is proposed that, in order to handle clashes of roles and regulations, and ambiguities within AML/CTF regulation, it is: ‘…normally the lawyer responsible for the client or case that decides which information is possibly to be disclosed.’ (, p. 21)
However, in the view of FATF, lawyers should rather be treated more like other DNFBPs (and DNFBPs more like banks) in relation to AML/CTF . Sweden received some criticism specifically to do with lawyers in the 2006 Mutual Evaluation . The, at that time existing, permission for Swedish lawyers to ‘tip-off’ clients after 24 h in the case of reporting raised concerns: ‘This could hamper investigations heavily and should be amended’ (, p. 10). The most recent Mutual Evaluation was carried out when the duty for lawyers to report suspicions of money laundering and terrorism financing had been implemented in Swedish law, but before the Money Laundering Act , implementing the 3rd EU Directive , was implemented. In extant legislation, tipping-off is no longer allowed.
The Swedish Bar Association has issued a legally binding AML/CFT guidance. The term “legally binding guidance” may confuse; however, the authorities indicate that the Code of Judicial Procedure (Chapter 8, Section 4, paragraph 1) and the Charter of the Bar Association (Section 34) ensure that guidance issued by the Bar Association is legally binding. (, p. 29)
The guidance describes and interprets the AML Act and serves both as an introduction to the legislation and as an aid in relation to certain practical and administrative matters. The guidance also adopts certain views on a number of difficulties which arise from an interpretation of the legislation. (, p. 29, our emphasis)
The contents of these ‘certain views’ are not further discussed, though. Considering the position taken by the Swedish Bar elsewhere, however, it seems plausible to assume that these views may relate to questions on professional norms and ethics.
Swedish lawyers and money laundering prevention
In this section, we first discuss to what extent the lawyers in our study took on responsibility for preventing crimes of money laundering and terrorism financing. Next, we elaborate on whether and how lawyers knew, or came to know, what clients, cases, and/or transactions constitute (high) ‘risks’ of these crimes. Finally, we turn to the question of action, and whether lawyers were inclined to report suspicions of money laundering or not.
Being responsibilised – to a degree
You were afraid that: ‘Oh, this client isn’t going to like us if we start asking questions about this and that, and taking in – what if they go to somebody else?’ We cheated a little. The important thing was to get the case. (Partner 1, Large Firm A)
There is greater awareness of these rules on the market. … It might not get to the top of their list of priorities. But it’s not: ‘Now since you’re asking were considering engaging somebody else. You’re being such a hassle!’ We don’t have that type of client. (Partner 1, Large Firm A)
So if it’s a serious client, they probably already have a money laundering kit. (Head of Risk Management, Large Firm B)
Though comparatively easier to accommodate over time, the principle opposition of business interest on the one hand, and the responsibility to prevent crime by adhering to regulatory requirements on the other, remained. One example provided of this clash of interests was related to the fact that timely services was of essence for clients, while the regulation prohibited a client being taken on without being fully AML/CTF vetted first. Due to vetting procedures being quite time consuming in some cases, cases could be delayed. Such delays, in turn, did not accord with the level of service clients expected from their lawyer. To mediate between the needs of clients, and that of the regulator, in such cases it did therefore happen that lawyers began advising on a case without the AML/CTF-vetting being concluded, it was acknowledged. In this way, the needs of the client for speedy service was taken care of. In parallel, compliance with the regulation was seen to by not starting the billing process until all necessary documentation for the client in question was in place: Clients were not true clients if they had not been entered in systems for billing, it was argued. And the regulation concerned true clients.
Professional norms and ethics
And as a lawyer you’re, it clashes with the idea of how lawyers are supposed to work and what issues you can trust bringing to a lawyer (Managing Partner, Medium Firm B)
But one may be wrong – and if we report on our own client we have broken our ethical rules (Head of Risk Management, Large Firm B)
You can’t even inform the client - you are supposed to report them. And then you’re supposed to just disappear. That’s an extreme opposite to what you think the proper role of a lawyer really should be (Partner, Medium Firm B).
I think that clients are aware that we need to bring in documentation to fulfil the regulation around money laundering. But I don’t think clients in general are aware that we can end up in a situation where we have to report them to the police. (Partner 1, Large Firm A)
Law firms, not banks
I see before me the banks as the main addressee for this regulation. And then one has added other addresses in steps. And have adapted the law to a certain extent, but not very much. We sometimes feel that it doesn’t really fit our situation, terminology and those kinds of issues, and that’s what we are grappling with. (Managing Partner, Medium Firm A)
What’s relevant for [this firm] is that we have comparatively few, and comparatively well-established, clients. And that probably means that the issue of money laundering isn’t actualised every day. It’s more like once you’ve made money laundering on one of these clients, it works, you know. (Partner 2, Large Firm B)
Next, we turn to how lawyers knew, or came to know, about risks of AML/CTF. As we will see, they drew on several types of knowledge for that purpose.
Getting to know the risks
In all the firms, the legislation on AML/CTF from 2009 had driven investments in education and new procedures and routines. All our interviewees had participated in, or had themselves been conducting, educational programs on AML/CTF. Tools of e-learning, where lawyers and other staff worked through a programme with interactive components, were common. Here the co-operation between a set of large firms and the Bar Association was mentioned as important for guidance on how to conduct in-house training and how to interpret the law.
I’m in a quite comfortable position. I tell my assistant to take it to the client registry: ‘What do we need? Is this a client that is in some kind of risk zone, or? Can you ask them to check?’ And then somebody does it for me. (Partner 1, Large firm A)
The specialised databases allowed for a quick screening of clients with much smaller effort than manual searches on Google, for example, that were also used. However, the licenses to use these databases were expensive and access was restricted to a limited number of lawyers’ assistants and specialists that worked on compliance. Due to the costs of such systems, they were not considered a viable option for the medium sized firms. In these, the control process was more manual and more time consuming for staff.
In the large firms, the aim was to control all new clients. Here, the AML specialists saw themselves as simultaneously enabling a more efficient process whilst keeping an eye on things, being ‘both a bit controlling, but also supportive’ (Risk Manager, Large Firm A). In one of the large firms, a designated ‘control and support’ group with special competence on AML/CTF and access to the main databases was tasked with vetting all new clients. This meant that AML/CTF was integrated in the process of selecting new clients and projects. In the other large firm, a similar centralised approach to AML/CTF was under way.
And I have my experience as a lawyer, I know when the heat is on or when it smells. But the details of the regulation – that is the knowledge of somebody else (Partner 1, Large Firm A)
[We] have a lot of clients that are businesses that are exempt from minimal requirements. But that isn’t to say that you can just take your hands from everything. There are still other applicable parts of the law. And there is still the risk that some conditions may arise that may cause suspicion. … And there it may be difficult to know what it’s about. It’s more of a gut feeling. (Associate Lawyer, Medium Firm A)
The interviews thus showed that the lawyers drew on different sources of information and types of knowledge when assessing and managing possible AML/CTF risks. This, in turn, had implications for actionability.
Actionable risks and reporting
We now turn to the question of how actionable the risk-based approach was in practice, and to what extent lawyers embraced their duty to reported suspicious clients. A first main observation was that the framing of the crimes as ‘risk’ did appear to serve as a call for action. The firms did engage in risk management of their clients and their transactions, as discussed above, and treated them as risk objects.
The process of identifying (high) risk and the ‘suspicious’ rather than normal clients and transactions was in part quite straightforward. There were standard checks, such as those incorporated in the systems of World-Check and Orbis, that either raised a degree of alarm or not. These, in turn, were modelled after the requirements in the regulation. If transactions were to do with countries listed on FATF’s High-Risk and Non–Cooperative Jurisdictions12, directly or indirectly, this was a source of concern and would set off an alert. Similarly, clients that were predefined as likely to be high risk in the regulation, required more attention. If a client or somebody involved in a deal was categorised as a ‘PEP’, a Politically Exposed Person, further controls were made. So-called ‘ad-hoc’ clients were also treated with more caution than established clients, or clients referred by known parties. Particular caution was taken if such new prospective clients were foreign, our informants stated. Taken together, it was evident that lawyers made use of the risk-based approach as a way to frame and act in relation to crime prevention.
And it can be pretty difficult to judge, I think … They tend to call the cases some strange name and then you can’t quite tell what it is. (Lawyer’s assistant, Large Firm B).
I would say that that’s almost the most common question – from other lawyers in the firm. Whether this is such a type of client and such a transaction, or not a transaction, so to speak. And: ‘Is the money laundering law at all applicable to this case?’ (Associate Lawyer, Medium Firm A).
Processes are a pretty large business for us. Civil cases in court, that is. And that is not a transaction. And then we interpret it like the law is not applicable. But let’s say that two parties come to you and are processing from a third country, a country far away from Sweden, who have chosen in their arbitration contract to have arbitration proceedings in Sweden. And it’s not that uncommon to have neutral arbitration in Stockholm. And then they want us as solicitors, or arbitrators, and then that process ends with an agreement and you write a settlement contract. And one company is to pay 100 million SEK to the other company. And then you may ask yourself: ‘Did that just turn into a transaction? Is it the case that this process has been made under the pretext to really get into a legitimate context?’ I’m not saying we have seen this. But as a lawyer you speculate all the time around the hypothetical boundaries of the law and it feels pretty easy to circumvent it. (Managing Partner, Medium Firm A)
Real estate is one of the risk areas. That you have understood. Then it’s like this that we are kind of privileged in a large firm like this one. We work a lot with the large funds and such, and there it probably has been filtered. I don’t know who has put money in the funds, but when you work with the fund of a large bank and similar you feel a certain, a greater sense of calm than if a private individual comes in and says:’ I want to buy this!’ (Partner 2, Large Firm A)
We have learned that the really sophisticated money launderers they don’t have a problem coming with their own foreign law firms, reputable law firms that come to another country to help them with a transaction. And then, suddenly they have a really nice law firm. It gives them a kind of legitimacy in relation to us, or the bank. (Managing Partner, Medium firm A).
I mean it’s not unusual or strange, even if it’s been discussed a bit politically and in the media, to be offshore and so on. And part of it is that the ultimate ownership is not visible. And then the control question is: ‘Who owns this?’ and ‘Can you confirm that it in that case is below 25%’. So from our perspective the law affects our questions pretty much. Then there is another aspect on this, it’s supposed to feel right to represent the client as well, of course. So if you pick up on something strange somewhere you react on that, and begin to ask questions, and dig into it and try to get an answer to it (Partner 2, Large Firm A).
Indeed, it has happened that somebody has claimed to be the CEO - and it’s not correct (Head of Risk Management, Large Firm B)
… if they [The Swedish Bar] were to come here … and want to check whether we have complied with this law, then we can’t say every time, and with every client, that: ‘Well, we made an overall assessment and we didn’t need any papers’. That probably wouldn’t fall on fertile ground. (Head of Risk Management, Large Firm A).
For that purpose, lawyers told of using the recommendations of the Financial Supervisory Authority (FSA) as a template for making compliance transparent and visible, in addition to the advice provided by the Swedish Bar.
n terms of deciding what was to be reported and not the lawyers considered the regulation quite broad in its scope. Yet, they had drawn the conclusion that the regulator did not want reports to the financial police on every possible small offence. The question to ask in their view was rather: ‘what’s the intent of the law’ (Head of Risk Management, Large Firm B). Moreover, though the law concerned money-laundering as well as terrorism financing, possible financing of terrorism was not on par with money laundering in terms of what risks lawyers were looking for: ‘It’s the money laundering that’s in focus’ (Head of Risk Management, Large Firm B).
It’s never happened. Now it’s more about getting to know the new client, of understanding their structure and what kind of people they are. And after, when we’ve done that, it’s rare for transactions to appear strange. Not the deals I’m engaged in (Partner 2, Large Firm B)
‘I have reported one case – but in that case we were probably not obliged to report’ (Head of Risk Management, Large firm B).
To sum up, the obligation to report was not taken lightly. Many reflected on how finding a transaction that fulfilled the requirements to report would not be easy to handle due to the clash with professional norms and ethics, as discussed above under the heading of responsibility.
Discussion and conclusions
The FATF and FATF-style regulation have received an increasing amount of scholarly interest, and this special issue adds to that research. In this article, the aim was to shed more light on the private front-line actors of FATF. These actors have received comparatively less attention in empirical work, yet are central to how FATF-style regulation plays out in practice. It is the private front-line actors that enact the risk based approach by surveying, controlling, and ultimately reporting suspicious clients and transactions. Moreover, as we discussed in the introduction, the role of front-line worker for FATF-style regulation may clash with other interests of the actors concerned. Notably, crime prevention may clash with business interests, private actors may in fact have a dis-incentive to report , and private actors may themselves be at risk of being primary offenders (e.g. [21, 22, 24]).
Specifically, we have analysed how lawyers in Sweden understand and take on their purported role in the prevention of money laundering and terrorism financing. Here, a starting point was that though lawyers have an established role of being gatekeepers , the obligations of the role of ‘front-line’ actor in FATF-style regulation likely puts that societal role to the test, not least by challenging client confidence, and privileged information. While acknowledging the limitations on generalizability inherent to a case study, we do propose that the findings from our in-depth interview study contributes to theory development on the role of lawyers as ‘front-line’ actors for FATF style risk-based regulation on AML/CTF. First, we asked how lawyers reacted to the ‘responsibilisation’ implied by the risk-based approach (compare Fig. 1). We find that lawyers were reluctant to taking on the responsibility for AML/CTF. Our results show that public interest and the obligation to police clients conflicted with business interest and the demand to service clients for the lawyers. These findings resonate with the results of previous studies on how banks strive to balance multiple and conflicting demands when applying AML/CTF regulation (e.g. [10, 11, 47]). However, this is not to say that lawyers saw themselves as similar to other private actors enrolled in FATF-style regulation. We also find that lawyers experienced a principle clash between being ‘not banks’, and being front-line workers for FATF. Their professional norms and ethics on client privilege, and what they saw as the proper role of lawyers, clashed with the responsibility to report in the regulation. This finding is in line with the critical reactions of e.g. CCBE , and provincial law societies in Canada , and serves to emphasise that the duty to report that comes with being a front-line actor of FATF is more of a dilemma for lawyers as compared to banks. Still, the observed clash between professional norms and ethics on client privilege and the proper role of lawyers on one hand, and reporting on the other did not play out in full in our study. Filing reports to the financial police is rare among lawyers in Sweden, and this general picture was reflected in our study. None of our informants told of having reported an existing client.
Our second question concerned whether and how lawyers perceived risk as knowable (compare Fig. 1.). Within a risk based approach, the presumption is that risks of AML/CTF are knowable, and the partnership approach promoted by FATF further emphasises that private actors already possess critical knowledge of clients that can be used to prevent crime. Irrespective of this, previous studies on banks and AML have underscored that banks are not so knowledgeable as the regulation purports, and that they may resort to outsourcing to handle regulatory demands for knowledge of risks of money laundering and terrorism financing (e.g. ). By contrast, we find that the lawyers by and large position themselves as knowledgeable actors, and that, in consequence, they view risks of money laundering as knowable. In assessing risks, the lawyers to a large extent drew on their own professional knowledge and experience as lawyers. They also made use of devises like databases and relied on specialised AML knowledge. This further meant that what clients or transactions were deemed a known ‘risk’ or ‘high risk’ were not fully predefined, by for instance regulatory alert categories like PEPs. Rather, among the front-line actors we study, risk was negotiated and adapted from case to case, and ‘gut’ to ‘gut’.
Our third question concerned to what extent risk was ‘actionable’ (again, compare Fig. 1.) Here, the answer from our study is multifaceted. First, we do find that risk can be seen as rather actionable in that activities or transactions that were identified as (high) risks, via lawyers’ knowledge and experience, or by AML-vetting systems, were given extra attention of particular kinds. This seeming actionability is not without its caveats though. Notably, the different ‘ways of seeing’  risk among lawyers affect both how risks becomes knowable and known, as discussed above, and how they are acted upon. Our study thus draws attention to the range of activities and interpretations that are involved in order for risks to be(come) actionable, and to the temporal fluidity of categories like ‘transaction’. These findings illustrate that for an issue to become stabilised as (high) risk, several iterations of assessment are utilised, making risk appear less actionable per se.
Furthermore, we identify what we define as practices of separation. These practices serve as means for lawyers to mediate between the aims and interests of FATF-style regulation on one hand, and other, conflicting, aims and interests on the other. A first example of how these practices of separation play out is in relation to new cases, where ‘clients’ could be separated from ‘true clients’. Lawyers, on occasion, initiate services before the outcome of the sometimes lengthy AML-vetting and risk assessment process. This is done to protect business interest as ‘clients’ are not to be kept waiting. By separating ‘clients’ from the ‘true clients’ entered into billing systems when AML-vetting and assessment is satisfactorily completed, the conflict between providing speedy professional services and being a front-line worker for FATF can be resolved. A second example of practices of separation rests on lawyers being careful to point out that law firms are ‘not banks’. The categorization of law firms as ‘not banks’ allow lawyers to view AML-obligations as more malleable. The risk-based approach is tailored to fit banks and their business models, it was argued. It was not adapted to law firms and their particular circumstances and clients. In short, this practice of separation makes it seem reasonable for lawyers to, at times, adapt obligations as they see fit in order to accommodate their specific needs as ‘not banks’ while being compliant enough. Finally, the iterative process of risk assessment points to a third example of practices of separation. In line with extant research on regulatees aiming for making compliance defendable [16, 20], we find that the lawyers document compliance with an eye to possible future audit. In order to exhibit compliance, lawyers provide an auditable trail that shows that risks are and have been handled properly, and that risk are being defined in accordance with standard AML/CTF knowledge as present in the regulation. These practices, we suggest, have implications for actionability: By separating actual risk assessment, and the bases thereof, from risk assessment as portrayed and filed for purposes of future audit, the complexity of actual risk assessment is hidden. In effect, the actionability of the risk-based regulation for lawyers, as presented to external audiences, is exacerbated.
To conclude, we have shown how lawyers understand and take on FATF-style AML/CTF regulation in their role as front-line workers. The overall conclusion is that the lawyers in our case work to protect the business interest of good client relationships, and to uphold professional norms and ethics, while being compliant enough. In so doing, they make use of several practices of separation. A ‘true’ pro-active crime prevention appears secondary in their use of the risk-based approach, as illustrated by the low incidence of reporting. On the other hand, one needs to bear in mind that the small number of reports could be a consequence of the construction of the regulation; that risk-based regulation on AML/CTF simply is not an efficient means to the end of lawyers detecting the potentially rotten apples in their client stock. A remaining question is thus whether it would be possible for lawyers to better help prevent crime among their clients, and contribute to the quest for security in society, with recourse to other types of regulatory tools. To that end, further research could focus on the political willingness to give lawyers possibilities to combine activities of ‘true’ pro-active crime prevention with their strong professional norm of client confidentiality. So far, the FATF recommendations and EU directives do not appear to make enough of a distinction between the banking sector and the non-banking sector. Here, our case suggests that the reluctance among lawyers to become engaged in ‘true’ pro-active crime prevention, and not only in being compliant enough in order to avoid punishment and sanctions, is dependent on if and how the FATF can listen more closely to how the front-line workers perceive and handle the regulations on AML/CTF in practice.
The regulatory framework of FATF may also, as van Duyne et al.  propose, be seen as contributing to fear mongering rather than a balanced approach to the problems at hand.
We use AML/CTF and AML interchangeably in the following.
This position in relation to the issues at hand may also be viewed as a means to protect business interest, as Levi et al.  critically discuss.
Members of the Bar are not in a monopoly position concerning the provision of legal services in Sweden, nor is there a requirement to be represented by a lawyer or other specified counsel in court. However, only members of the Bar may use the Swedish professional title of advokat (lawyer). 
To get a feel for the design and content of compliance databases we acquired provisional access to two such products through one of the leading providers.
Though acknowledging that the question of to what extent lawyers themselves may be implicated in money laundering crimes is well worthy of investigation, we did not have the possibility to explicitly probe this sensitive issue in the present study.
Please refer to Engdahl and Larsson  for a discussion of how the duty to report crimes in the Swedish context primarily befalls the police, tax- and customs authorities, as well as some other specified actors, notably those engaged in social services provision. This makes the AML/CTF obligation for lawyers, and other regulated industries, to report suspicious client and their transactions, stand out.
The total number of reports from lawyers to the Swedish Financial Police during the five-year period 2011–2015 amounted to eighteen , making the average number of reports less than four per annum. By way of comparison, in the United Kingdom, the number of reports from ‘independent legal professionals’ during the one year period 2014/2015 amounted to 3827 .
Incidentally, the supervision strategy the Financial Supervisory Authority is itself defined as ‘risk-based’ .
Compare Middleton and Levi [58:130] on the import of ‘professional capital’ for a, reduced, likelihood of lawyer’s being investigated by the police when suspicions of wrongdoing arise. The existence of such capital, in turn, would make prestigious firms attractive as a front for criminals to hide behind, in line with the argument of this informant.
This research received financial support from the Ragnar Söderberg Foundation (Grant EF3/12/10), and from the Swedish Research Council (Grant HS 2014–648). The authors also wish to thank Mark Nance, and two anonymous reviewers for valuable insights and constructive comments.
- 1.Amicelle, A. (2012). Trace my money if you can: European security management of financial flows. In K. S. Helgesson & U. Mörth (Eds.), Securitization, accountability and risk management: Transforming the public security domain. London: Routledge.Google Scholar
- 3.Winer, J. (2002). Globalization, terrorist finance, and global conflict. In M. Pieth (Ed.), Financing terrorism. Dordrecht: Kluwer Academic Publishers.Google Scholar
- 4.Jakobi, A. P. (2012). The FATF as the central promoter of the anti-money laundering regime. In K. S. Helgesson & U. Mörth (Eds.), Securitization, accountability and risk management: Transforming the public security domain. London: Routledge.Google Scholar
- 6.FATF. (2012). International standards on combating money laundering and the financing of terrorism & proliferation: the FATF Recommendations. OECD: FATF.Google Scholar
- 10.Helgesson, K. S. (2011). Public-private partners against crime: Governance, surveillance and the limits of corporate accountability. Surveillance and Society, 8(4), 471–484.Google Scholar
- 11.Directive 2005/60/EC of the European Parliament and of the Council of 26 October 2005 on the prevention of the use of the financial system for the purpose of money laundering and terrorism financing.Google Scholar
- 12.Directive 2015/849/EC on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC.Google Scholar
- 14.Nance, M. (2017). The regime that FATF built: an introduction to the Financial Action Task Force Crime, Law and Social Change. https://doi.org/10.1007/s10611-017-9747-6
- 19.Favarel-Garrigues, G., Godefroy, T., & Lascoumes, P. (2009). Les sentinelles de l’argent sale au quotidian: Les banques aux prises avec l’antiblanciment. Paris: La Decouverte.Google Scholar
- 23.Levi, M., Nelen, H., & Lankhorst, F. (2004). Lawyers as crime facilitators in Europe: An introduction and overview. Crime, Law and Social Change, 42(2), 117–121.Google Scholar
- 28.Zacharias, F. (2004). Lawyers as gatekeepers. San Diego Law Review, 41, 1387–1405.Google Scholar
- 29.Gallant, M. (2013). Lawyers and money laundering regulation: Testing the limits of secrecy in Canada. Paper presented at the 3 rd global conference on transparency research. Paris: HEC.Google Scholar
- 30.CCBE. (2011). The Council of Bars and Law Societies of Europe, Code of Conduct for European Lawyers, June 2011, Para 7.Google Scholar
- 31.Swedish Bar Association. (2009). En proaktiv tillsyn över advokater och advokatbyråer: en fråga om kvalitet och förtroende, liksom oberoende och självreglering. Stockholm: Swedish Bar Association.Google Scholar
- 34.Amoore, L., & de Goede, M. (2008). Risk and the war on terror. London: Routledge.Google Scholar
- 38.Lupton, D. (1995). The imperative of health: Public health and the regulated body. London: Sage.Google Scholar
- 39.Bracken, P., Bremmer, I., & Gordon, D. (Eds.). (2008). Managing strategic surprise: Lessons from risk management and risk assessment. New York: Cambridge University Press.Google Scholar
- 40.Unger, B., & van Waarden, F. (2009). How to dodge drowning in data? Rule- and risk-based anti-money laundering policies compared. Review of Law and Economics, 5(2), 953–985.Google Scholar
- 42.Hood, C. (2011). The blame game: Spin, bureaucracy, and self-preservation in government. Princeton: Princeton University Press.Google Scholar
- 44.Tulloch, J., & Lupton, D. (2003). Risk and everyday life. London: Sage.Google Scholar
- 46.Garland, D. (2003). The rise of risk. In R. V. Ericson & A. Doyle (Eds.), Risk and morality (pp. 48–86). Toronto: University of Toronto Press.Google Scholar
- 48.Bennett, A., & Checkel, J. T. (2015). Process tracing: From metaphor to analytical tool. Cambridge: Cambridge University Press.Google Scholar
- 49.George, A. L., & Bennett, A. (2004). Case studies and theory development in the social sciences. Cambridge: MIT Press.Google Scholar
- 50.Finansinspektionen. (2014). Promemoria: tillsynsstrategi (Dnr13–12064). Stockholm: The Financial Supervisory Authority.Google Scholar
- 51.Finanspolisen. (2015). Finanspolisens årsrapport. Stockholm: The Financial Police.Google Scholar
- 52.Swedish Bar Association. (2008). Code of professional conduct for members of the Swedish bar association. Stockholm: Swedish Bar Association.Google Scholar
- 53.Gardner, K. L. (2007). Fighting terrorism the FATF way. Global Governance, 13, 325–345.Google Scholar
- 54.Swedish Bar Association. (2015). Vägledning för advokater och advokatbyråer beträffande regleringen om åtgärder mot penningtvätt och terroristfinansieringen – Penningtvättslagstiftningen ur ett advokatperspektiv. Stockholm: Swedish Bar Association.Google Scholar
- 55.Money Laundering Act. (2009). Lag om åtgärder mot penningtvätt och finansiering av terrorism (SFS 2009:53).Google Scholar
- 56.FATF. (2006). Third mutual evaluation/detailed assessment report: Anti-money laundering and combating the financing of terrorism. Sweden: OECD: FATF.Google Scholar
- 57.FATF. (2010). Mutual evaluation fourth follow-up report: Anti-money laundering and combating the financing of terrorism. Sweden: OECD: FATF.Google Scholar
- 59.National Crime Agency. (2015). Suspicious activity reports (SARs) Annual Report 2015.Google Scholar
- 60.Middleton, D. J., & Levi, M. (2004). The role of solicitors in facilitating ‘organized crime’: Situational crime opportunities and their regulation. Crime, Law and Social Change, 42(2), 123–161.Google Scholar
Open Access This article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.