Client Matter Risk Assessments - Guidance May 2025
The Law Society of Scotland have updated their Guidance for Client Matter Risk Assessments
An Overview
Between April and May 2025, the Law Society of Scotland released two dedicated guides on Client Matter Risk Assessments — one focused on the client (whether natural or non-natural persons) and the other on individual matters. Accompanying templates were also provided.
As with all templates, they should be viewed as a starting point rather than a complete solution; one size rarely fits all. The guidance itself is well-structured, making direct reference to the Money Laundering Regulations and LSAG guidance. Even if the Law Society of Scotland is not your regulator, their materials offer valuable insights that can broaden your understanding and strengthen your approach to AML compliance.
What LSS has provided?
1. Client Matter Risk Assessment Guidance for Natural Persons
2. Template
3. Client Matter Risk Assessment Guidance for Non-Natural Persons
4. Template
Client Level Risk Assessment – Risk Factors (Natural Persons)
Takeaways
| Section | Key takeaway | Reference |
| Client Level Risk Assessment | ||
| Client Information | Close or long standing client: These do not negate AML obligations; their risk profile and due diligence requirements must still be assessed. | Section 6.2 of the LSAG guidance |
Holistic due diligence: means going beyond undertaking identification and verification (ID&V) of your client obtaining other information on your client such as:
| ||
Politically Exposed Persons (PEPs):
| Regulation 35 Sections 6.19.3 to 6.19.3.4 of the LSAG guidance | |
| High-Risk Sectors: Elevated Risks in certain sectors - Certain sectors (e.g., high cash turnover operations, charities with multiple funding sources) present elevated money laundering or terrorist financing risks. | Regulation 33(6)(b)(vii) Section 5.6.1.3 of the LSAG guidance | |
Elevated Risk considerations:
| Section 5.6.1.4 LSAG guidance | |
| Client Location | High Risk Third Countries: HRTC Definition (post-January 22, 2024) FATF Black and Grey Lists FATF Plenaries: February, June and October | Regulation 33(3)(a) |
| Sanction Jurisdictions: | ||
Other high risk jurisdictions: Beyond FATF lists, consider resources like: - Transparency International's corruption perception index | Regulation 33(3) Sections 5.6.2.1, 5.6.2.3 & 6.19.1 of the LSAG guidance | |
| Client Interactions | Identification & Verification (ID&V): - In-person ID&V with suitable documents on premises offers stronger assurance. - Video conferencing tools can be used, and the definition of "face-to-face" must be documented. - Process should be documented in your PCPs | Sections 6.14.5 and 6.14.6 of the LSAG guidance See also the Law Society website - guidance on Non-face to face identification |
| Non face-to-face Interaction: -Requires consideration of additional risks and potentially Electronic ID&V (EID&V). - What is the reason - is it a risk factor - document it in your CMRA and the mitigation applied - EID&V may be a useful tool | Sections 6.14.5 and 6.14.6 of the LSAG guidance | |
| Acting or planning to act through an intermediary: - Why - Does this make sense - Verify authorization - Verify the identity of the intermediary, agent or representative on the basis of documents and information from a reliable source which is independent of both the representative and the client e.g., via a copy of their passport or driving license. | Regulation 28(10) Sections 6.14.9 and 6.6 of the LSAG guidance | |
| Sanctions, PEPs and Adverse Screening | Sanctions The sanctions regime is absolute, and is strict liability - Firms should ensure that they do not undertake business with sanctions targets even in less risky areas PEP R35(1) requires practices to have appropriate risk management systems and procedures to determine whether a client or beneficial owner is a PEP Adverse media screening
| Regulation 35(1) Sections 5.10, 6.19.3 and 7.11 of the LSAG guidance |
| Matter Level Risk Assessments | What is in scope of the Money Laundering Regulations | Regulation 12(1) and (2) |
| Proliferation Financing | If your firm is in-scope you will have to consider proliferation financing Amendments to the MLRs were brought in: Regulation 16A - defines Proliferation Financing Regulation 18A - Risk Assessment Regulation 19A - Policies Controls and Procedures For example, conveyancing with additional high-risk factors – e.g., geographical risks / use of TCSP), abnormal or unusual use of trust or company services e.g., nominee shareholders or use of a company or trust with no logical rationale etc. | Regulation 16A - Defines PF Regulation 18A - States the requirement for a PF FWRA Regulation 19A - States the requirement for PF PCPs See FATF Guidance - Guidance on Proliferation Financing Risk Assessment and Mitigation (fatf-gafi.org). |
| Is the matter within your expertise? Is the matter within your risk appetite? - When considering risk appetite, you should take into account the normal locations, clients, services and sectors in which your practice operates, and the risk level your practice is willing to tolerate as well as governance and decision-making processes | ||
| Source of Funds | CDD and Financial Position: Fundamental to CDD is understanding the client's financial position to assess if legal services and funds alight with their background. More stringent in EDD situations Origin of Funds: Relates to funds used for the specific transaction, including their originating/underlying source and how they were accumulated. Verify funds are not proceeds of crime Non-regulated Lender Funds: Not enough to know funds are from a UK bank account or you have sight of bank statements, you need to ascertain the true origin Non-UK Funds: Consider the heightened risks if funds originate outside the UK Geographic Risk: Particular care for funds from Sanctioned, HRTC, or other high-risk jurisdiction Red Flags for Source of Funds: Regular/round-amount cash payments, frequent/round-amount transfers, lack of normal current account patterns, unexplained third-party credits, high gambling activity, means-tested benefit credits alongside salary. Crypto-derived Funds: See The Law Society of Scotland's specific guidance | Sections 5.6.2.1, 5.6.2.3, 6.17 to 6.17.2, and 6.19.1 of the LSAG guidance |
| Third Party Source of Funds | Non-Regulated Lender Funds: third party source of funds - scrutiny is required You will need to assess whether there are any high risk factors Examples provided: - Regular or round-amount cash payments / deposits funding the account - Frequent / round amount transfers in to or out of the account - A lack of what could be described as “normal” current account patterns – wages in / bill payments, living expenses out - Third party credits that cannot be explained | Section 6.17.2.1 of the LSAG guidance |
| Source of Wealth | - The origin of a client’s entire body of wealth. - It describes the economic, business and/or commercial activities that generated, or significantly contributed to, the client’s overall net worth/entire body of wealth. - Whether the client has a clear and documented legitimate business generating income. - Have you seen public information snapshots to verify this? | Sections 6.17.3 and 6.18 of the LSAG guidance |
| Reliance | Reliance has a specific definition and relates to the process, in certain circumstances, where you rely on another person to conduct CDD for you, subject to their agreement. Please note that accepting certified documentation from a suitable person does not constitute Reliance. | Regulation 39 - has defined Reliance Section 6.23 of the LSAG guidance |
| Risk Appetite Consideration | It is recommended that the FWRA documents what is the firm's risk appetite Should the client or matter be outside of the firm's risk appetite, you may wish to consider seeking senior management/MLRO approval. This approval should be documented with reasoning | |
| Escalation and Senior Management Approval | - PEP or high risk factors - mandatory - Having and escalation procedure following the completion of CMRA (most firm would have this - size and nature) |
Client Level Risk Assessment – Risk Factors (Non-Natural Persons)
Takeaways
| Section | Key takeaway | Reference | |
| General - Risk Assessments | Sections 5.9 to 5.16 of LSAG Guidance (LSAG) | ||
| In assessing the level of risk consider: - the purpose of an account, transaction, or business relationship - the level of assets to be deposited by a customer or the size of the transactions undertaken by the customer. - the regularity and duration of the business relationship. Personal and long-standing clients do not negate your MLR obligations Consider elevated risks re: sectors or jurisdiction - some examples: - domestic and international public work contracts and construction, including post-conflict reconstruction. - businesses utilising new or unproven technology, that might make them vulnerable to - being used for money laundering - high value goods businesses - archaeological, historical, cultural, and religious significance or rare - scientific value (this may be of particularly high risk in jurisdictions with exposure to terrorism or terrorist financing activities) - aspects of the nuclear industry with vulnerability to proliferation risk - mining (including precious metals, diamonds or other gemstones and trading of these o materials) - arms manufacturing/supply and the defence industry - tobacco products - gambling - crypto-asset wallet providers and exchanges - unregulated charities (particularly those operating in higher risk jurisdictions) - money transfer businesses. - ivory and other items and materials related Potential Reputational Damage of undertaking work in such areas as guns/arms, illegal wildlife trade, sanctioned individuals, palm oil. | Regulation 33(6) Sections 5.6.1.3 and 6.2 of the LSAG | |
| Client Level Risk Assessment | |||
| Client Information | Body Corporate Identification: - Identify and verify name- Company / registration number - Registered office address, - Principal Place of Business - Beneficial Owners - Determine and verify: - the law to which the company is subject Beneficial Owner: An individual who ultimately owns or controls the client. Regulation n 5(1) defines the beneficial owner of a body corporate, other than a listed company, meaning: any individual who: - exercises ultimate control over the management of the body corporate Beneficial Owner Definition (Trust) MLR regulation 6(1) definition: - settlor - trustee - beneficiaries - where the individuals (or some of the individuals) benefiting from the trust have not been determined, the class of persons in whose main interest the trust is set up, or operates - any individual who has control over the trust Verification of Beneficial Owners: Must identify and take reasonable measures to verify identities, looking through complex structures to natural persons Understanding Ownership and Control Structure: For legal persons, trusts, etc., identify the customer and understand their ownership and control structure. Companies House Reliance: The register of people with significant control or confirmation statement cannot be solely relied upon for beneficial owner identification/verification. If not satisfied, business should not be undertaken or must cease Complex Corporate Structures: Identified as a risk factor. Discrepancy Reporting: Discrepancies between beneficial ownership information and information gathered during MLR duties must be reported to Companies House. | For other entities Regulation 5(1), 6(1) Sections 6.14.11 to 6.14.20 of the LSAG Part 1 of Schedule 1A to the Companies Act 2006 Section1162 of the Companies Act 2006 + Part 7 | |
| Client Location | High Risk Jurisdiction - Transparency International's corruption perception index - The Basel AML Index - CIA World Factbook - International Narcotics Control Strategy Reports - FATF Jurisdictional Information - The Know Your Country High Risk Third Countries Regulation 33(3)(a) - since 22 January 2024 - Treasury Notice | Regulation33(3) Regulation 33(3)(a) Sections 5.6.2.1, 5.6.2.3 & 6.19.1 of the LSAG | |
| Client Interaction | Client Identification and verification - is often undertaken in person, on the premises of your practice using suitable identification documents. - can use software products that enable video conferencing to assist with the identification and verification process. - Your firms definition of face-to-face should be documented in your AML policies, controls and procedures Non face-to-face: - Why - Whether this represents an additional risk which should be considered within your risk assessment and the extent of the due diligence measures you apply. - Electronic ID&V may be a particularly useful tool in these circumstances. | sections 6.14.5, 6.14.6 and 6.6 of the LSAG guidance | |
| Intermediary | Acting or planning to act through an intermediary: - Why - Does this make sense - Verify authorisation - Verify the identity of the intermediary, agent or representative on the basis of documents and information from a reliable source which is independent of both the representative and the client e.g., via a copy of their passport or driving license. | Regulation 28(10) Sections 6.14.9 and 6.6 of the LSAG guidance | |
| PEP, Sanctions and Adverse Media | Sanctions The sanctions regime is absolute, and is strict liability - Firms should ensure that they do not undertake business with sanctions targets even in less risky areas PEP Regulation 35(1) requires practices to have appropriate risk management systems and procedures to determine whether a client or beneficial owner is a PEP Adverse media screening
| Regulation 35(1) Sections 5.10, 6.19.3 and 7.11 of the LSAG guidance | |
| Matter Level Risk Assessment - Risk Factors | - Matter risk assessments should focus on the specific risk factors that a matter presents, beyond the client risks already identified. - Is the transaction / matter is within your area of expertise - Is the transaction/ matter within your practice’s risk appetite. - Risk appetite is defined as the level of risk a practice is willing to accept. For some practices this may mean that higher risk transactions fall outside of ‘the normal’ risk appetite – e.g., commercial conveyancing involving cash intensive business when the majority of the work undertaken at your practice is residential conveyancing. - When considering risk appetite you should take into account the normal locations, clients, services and sectors in which your practice operates, and the risk level your practice is willing to tolerate as well as governance and decision-making processes | LSAG section 5.11 of the LSAG guidance | |
| Proliferation Financing | If your firm is in-scope you will have to consider proliferation financing Amendments to the MLRs were brought in: Regulation 16A - defines Proliferation Financing Regulation 18A - Risk Assessment Regulation 19A - Policies Controls and Procedures For example, conveyancing with additional high-risk factors – e.g., geographical risks / use of TCSP), abnormal or unusual use of trust or company services e.g., nominee shareholders or use of a company or trust with no logical rationale etc. | Regulation 16A - Defines PF Regulation 18A - States the requirement for a PF FWRA Regulation 19A - States the requirement for PF PCPs See FATF Guidance - Guidance on Proliferation Financing Risk Assessment and Mitigation (fatf-gafi.org). | |
| Source of Funds | CDD and Financial Position: Fundamental to CDD is understanding the client's financial position to assess if legal services and funds alight with their background. More stringent in EDD situations Origin of Funds: Relates to funds used for the specific transaction, including their originating/underlying source and how they were accumulated. Verify funds are not proceeds of crime Non-regulated Lender Funds: Not enough to know funds are from a UK bank account or you have sight of bank statements, you need to ascertain the true origin Non-UK Funds: Consider the heightened risks if funds originate outside the UK Geographic Risk: Particular care for funds from Sanctioned, HRTC, or other high-risk jurisdiction Red Flags for Source of Funds: Regular/round-amount cash payments, frequent/round-amount transfers, lack of normal current account patterns, unexplained third-party credits, high gambling activity, means-tested benefit credits alongside salary. Crypto-derived Funds: See The Law Society of Scotland's specific guidance | Sections 5.6.2.1, 5.6.2.3, 6.17 to 6.17.2 and 6.19.1 of the LSAG guidance | |
| Source of Wealth | - The origin of a client’s entire body of wealth. - It describes the economic, business and/or commercial activities that generated, or significantly contributed to, the client’s overall net worth/entire body of wealth. - Whether the client has a clear and documented legitimate business generating income. - Have you seen public information snapshots to verify this? | Section 6.17.3 and 6.18 of the LSAG guidance | |
| Reliance | Defined under Regulation 39 - where, in certain circumstances, you may rely on another person to conduct CDD for you, subject to their agreement. Please note that accepting certified documentation from a suitable person does not constitute Reliance. | Regulation 39 Section 6.23 of the LSAG guidance | |
| Risk Appetite | - It is recommended that the FWRA has details of the firm's risk appetite. -If a client or matter is outside the firms risk appetite approval of senior management/MLRO should be sought. -This approval should be documented. | ||
| Escalation and Approval | - PEP or high risk factors - mandatory - Having and escalation procedure following the completion of CMRA (most firm would have this - size and nature) |
Why is this Important?
A firm may have a comprehensive Firm-Wide Risk Assessment and carefully drafted Policies, Controls, and Procedures, but without consistently completed, accurate, and regularly updated Client Matter Risk Assessments — supported by clear documentation — the entire framework is vulnerable.
Regulators expect more than well-written policies; they require demonstrable evidence that risks have been assessed at client and matter level with precision and consistency. Gaps in this process frequently result in findings of non-compliance, regardless of how sophisticated the overarching AML framework appears on paper.
True compliance excellence lies in the detail: rigorous, documented risk assessments that stand up to regulatory scrutiny every time.
Tip
Insight without action achieves nothing.
Policies without practice achieve even less.
True compliance lives in what you implement — in the checks
For Firms Who Refuse to Cut Corners
Because Compliance Speaks for You
Policies alone don’t protect your reputation. Robust AML processes, documented risk assessments, and expert oversight do. At Alexander Christian, we go further — offering stand-alone file reviews, targeted remediation support, and comprehensive look-back reviews on client files to strengthen compliance where it matters most.
We partner with firms who value insight over shortcuts, and substance over box-ticking.
Invest in your firm’s compliance strength. Arrange a consultation with Alexander Christian and stay ahead of the curve.
Source
Disclaimer
This post is not legal or regulatory advice, nor is it intended to be.
If you require specific legal or regulatory advice you for your own individual circumstances contact an independent legal practitioner.