Is Your Law Firm AML Compliant?  Take This 7-Step Self-Assessment

Money Laundering is a serious risk that can jeopardise your firm's reputation, finances and legal standing. 


In recent years, regulatory bodies have heightened their focus on anti-money laundering (AML) compliance within the legal sector. 


Law firms are often targeted by money launderers due their involvement in property transactions, managing client funds, and providing corporate services.


If your firm is not fully compliant with AML regulations , you could face hefty fines, reputational damage or potential criminal charges. 


Use this 7 step process for a basic overview of your AML preparedness, to help identify potential areas for improvement. This is a self-guided review, not an audit.

Step 1: Do you have an appointed Money Laundering Reporting Officer


One of the first things regulators will look for is whether your firm has designated a Money Laundering Reporting Officer (MLRO). This person is responsible for overseeing your Anti-Money Laundering (AML) Policies, Controls and Procedures, ensuring compliance and reporting suspicious activity. 


Check Your Compliance

  • Have you formally appointed an Money Laundering Reporting Officer and have you documented their responsibilities?
  • Have you notified your Regulator of any changes within the specified time period?

Risk Alert:
If you answered, 'no' your firm may not be meeting it's basic Anti-Money Laundering governance obligations.

Step 2: Do you perform effective Know Your Client (KYC) an Client Due Diligence (CDD) Before taking on a client


Check Your Compliance

  • Have your risk assessed your clients and their matter?
  • Have you documented your review process?
  • Do you have a documented Client Matter Risk Assessment?
  • Do you identify and verify both natural and legal clients?
  • Do you have a written policy as to how to identify and verify your clients?
  • How do you ascertain the legitimacy of their documents?
  • Are your screening clients against global sanctions lists [OFAC, UN, UK (OFSI, OTSI lists)]
  • How do you check if your client is a PEP?
  • Do you check for Ultimate Beneficiary Owners (UBO's), persons in control or have influence?
  • Do you undertake third party and counterparty checks?
  • Do you undertake Adverse Media Checks?
  • Have you identified your client's needs and purpose?
  • Have you tested your systems?
  • Do you conduct Enhanced Due Diligence and Ongoing Enhanced Due Diligence for high-risk clients (e.g. PEPs, connections to FATF countries, or countries mentioned in a corruption index such as Transparency International and Know Yor Country)?
  • Do you document and record your reasoning?

Risk Alert: 
Weak KYC and CDD procedures can expose your firm to regulatory penalties and financial risks


Step 3: Are you verifying Source of Funds ad Source of Wealth?


Check your compliance

  • Do you have Policies, Controls and Procedures (PCPs) that sets out when you conduct Source of Funds (SOF) and Source of Wealth (SOW) inquiries?
  • Do you have Policies, Controls and Procedures (PCPs) that set out how to ascertain the legitimacy of your prospective and existing client's documents?
  • Do you keep a written record of your inquiries, documentation and your reasoning?
  • Do you request supporting documents for large or complex transactions?
  • Are you investigating cash transactions, cryptocurrency payments, or funds from high-risk jurisdictions?


Risk Alert:

If you firm isn't verifying SOF/SOW effectively, you could be unknowingly facilitating Money Laundering


Step 4:  How do you Recognise and Report Suspicious Activity?


Check your compliance:

  • Are your staff trained to spot Money Laundering Red Flags (i.e. reluctant clients, complex ownership structures, or unusually large transactions, reluctance to meet in person,  instructing your firm which is outside the local area for the client etc.)?
  • Do you have an internal reporting process?
  • Have you trained all staff to understand what constitutes suspicious activity, and how to escalate it?
  • Have you trained staff on tipping off?
  • Does the Money Laundering Reporting Officer (MLRO) document their reasoning?
  • Do you have a written external reporting process?
  • Are SARs filed promptly and records of the SARs kept securely?


Risk Alert:

Failure to report a suspicious activity may be a criminal offence

Step 5: Are your Anti-Money Laundering Policies, Controls and Procedures up to date?


Check your compliance:

  • Do you have a Firm Wide Risk Assessment (FWRA) and Policies, Controls and Procedures (PCPs)?
  • Does your Firm Wide Risk Assessment (FWRA) align with the Money Laundering Regulations 2017 (MLR 17), the National Risk Assessment, the Government Guidance, the Sectoral Guidance and warning notices?
  • Do you review your Firm-Wide Risk Assessment (FWRA) at least annually, and after any major changes in your business, the law, and regulatory guidance?
  • Do you review your Policies, Controls and Procedures (PCPs) at least annually, and after any major changes in your business, the law, and regulatory guidance?
  • Does your risk assessment consider risks related to clients, delivery, services, jurisdictions, and transactions?
  • Have you addressed Proliferation Financing and Sanctions?

Risk Alert: 
An outdated Firm-Wide Risk Assessment (FWRA) and Policies, Controls and Procedures (PCPs), could leave your firm vulnerable to non-compliance penalties. 


Step 6:  Do your Staff Receive Regular AML Training?


Check your compliance

  • Do all staff including new hires, receive suitable Anti-Money Laundering training before handling client matters?
  • How frequently do you update their training?
  • What training does the Money Laundering Reporting Officer (MLRO) receive?
  • How do you all staff understanding?
  • Do you maintain training logs as proof of compliance?
  • Do you have a policy if your staff refuse to engage with the training?


Risk Alert: 

Lack of training can lead to gaps in your Compliance System, exposing your firm to financial crime and regulatory scrutiny

Step 7: Are you Keeping Anti-Money Laundering Records for the Required Period?


Check your compliance:

  • Are your clients records securely stored, yet easily retrievable and accessible when required and to relevant staff members?
  • Have you a data retention policy and disposal policy, in relation to repeat clients and single matter clients?

Risk Alert: 
A lack of accessibility of compliance information to relevant staff could lead to missed potential red flags, which could leave your firm exposed.
  • How do you feel about your responses?
  • After completing our 7-step AML compliance self-evaluation, how confident are you feeling
  • Are you comfortable with your responses? 
  • Do you see a need for further review
  • Perhaps an internal or mock audit would provide a more in-depth assessment. 
  • If you're considering additional support? 
  • Let's discuss how we can help
  • Contact us today for a consultation.