Why AML Failures Could Undermine More Than Just Your Compliance
The legal press commenting on concerns previously voiced on LinkedIn
Is accreditation leading to a false sense of security?
These quality marks aren’t just badges — they represent a firm’s investment of time, effort, and resources. Achieving and maintaining accreditations like CQS or Lexcel requires meeting defined standards and undergoing periodic reassessment.
CQS reaccreditation takes place every 12months and Lexcel has a 3 years reassessment cycle.
For lenders, clients, and insurers, they signal a level of professionalism and compliance assurance.
However, recent LinkedIn commentary — echoed by the legal press — has highlighted that some firms fined for AML failings often also hold these accreditations.
If AML compliance is embedded within the quality mark’s framework, the tone seems to be - how were such AML failings missed?
Where remediation is required, will that be enough?
Or will ongoing scrutiny challenge the credibility of these marks and the robustness of the reassessment processes that failed to flag serious weaknesses?
🔍 So, What's Missing?
AML compliance isn’t just about having a policy — it’s about how well it’s applied on the ground.
Key areas are repeatedly overlooked, including:
Firm Wide Risk Assessments - They lack of FWRA, or compliant FWRA's
Client Matter Risk Assessments – Often generic, duplicated, or missing entirely. Without risk assessing each matter, firms can’t apply proportionate controls.
Have high risk clients - been escalated and approved?
Source of Funds & Source of Wealth – These are of fundamental importance in high risk matters such as conveyancing. Are bank statements languishing in the back of the file, with no documented evidence that anyone has looked at them or considered them?
Ongoing Monitoring – Is it happening? Can you prove it? Regulators will ask.
Even the best-written policies and templates are worthless if your team doesn’t understand them or apply them consistently.
Are two fee earners interpreting and documenting risk in the same way? Are they escalating concerns when needed? Human error plays a part, but so does lack of training and inconsistent supervision.
Some argue tech could do better — and tools certainly help — but even AI won’t replace the need for judgment.
That’s why regular file reviews and implementation checks are so vital: they show whether your procedures are actually working.
⚠️ Accreditation Isn't Immunity
The latest fines show clearly: accreditation is not a regulatory shield.
Firms may believe that being CQS or Lexcel accredited is proof of their AML health — but that’s dangerously misleading if the day-to-day reality doesn’t match.
Without regular implementation reviews, file checks, and staff interviews, accreditations may give firms a false sense of security — all while critical gaps go unaddressed.
It’s time to ask:
Are your risk assessments consistent and updated?
Are you documenting and evidencing your checks?
Have your policies been reviewed recently?
Final thoughts
Independent insight isn’t a luxury — it’s a vital step.
Mock audits, implementation reviews, and file checks can help flag issues before they become regulatory disasters.
It is important to understand your clients, knowing where their money comes from, and treating every matter on its own risk merits.
Because it’s not just your AML health at stake — it’s your accreditations, your panel memberships, and potentially your ability to practice in those areas.