You are here:
  1. Home
  2. News
  3. Blog
  4. Getting your risk assessment in order

Getting your risk assessment in order

12 November 2019

Pearl Moses, Law Society head of Risk and Compliance, shares how to make sure you’re prepared with your risk assessment.


Thousands of firms are to be contacted by the Solicitors Regulation Authority within the coming months asking what measures they have in place to combat money laundering. The SRA has issued a revised warning notice to the profession and announced widespread checks on 7,000 firms that fall under the scope of money laundering regulations, following fears that many are doing little or nothing to met their obligations.

Earlier in 2019 the SRA published its latest Anti-Money Laundering Thematic Review, focusing on firms offering trust and company services. While many firms were fully compliant with their Anti-Money Laundering (AML) obligations, the SRA had substantial concerns about a significant minority and referred 26 firms into its disciplinary processes as an outcome of the review.

Firm-wide risk assessments, which have been a regulatory requirement since 2017 are a particular focus of the SRA. The thematic review found that 135 of the 400 risk assessments submitted were dated after the SRA request to see them went out.  Firms need  to have a risk assessment (RA) in place and be ready to provide it upon request.

What should I be doing?

The SRA has certain expectations that regulated professionals have the requisite knowledge of the AML framework. If you haven't done so already you should:

  • Ensure you have a written high-quality AML risk assessment (RA) that addresses the risks particular to your firm.
  • Document your risk factors and ensure they consider risks relating to your customers, countries or geographic areas of operation, products and services, transactions and delivery channels.
  • Demonstrate and document that your risk assessments are conducted and kept up to date.
  • Create policies and procedures that stem from your RA and are tailored to your firm's individual risk profile.
  • Detail and update your processes regularly to reflect any changes you make to your risk assessment.
  • Use the contents and results of the review as a guide to what the SRA might expect from you during a thematic review or regulatory visit.

Undertake a high-quality risk assessment

During the review, four out of 59 firms did not have any firm-wide risk assessment. 24 firms had inadequate RAs as set out in reg 18 of the 2017 Regulations. It's crucial that you have an effective and functioning RA that is written down and kept up-to-date. This can be achieved in a variety of formats (ie, in paragraphs, a tabular format, a matrix with risk ratings etc). The key is be thorough and to detail all the risks 'particular' to your firm.

The Law Society's  AML Toolkit(2nd edition) has some useful templates as a starting point. Do note that the SRA found that too many firms appeared to take a copy and paste approach, so do ensure you address the specific issues faced by your firm.

It may be helpful to start from scratch with both your RA and, following on from that, your policies and procedures, so that your mitigation steps match up with the risks to your business.

Document your risks

The 2017 AML Regulations outline what you need to consider in your RA including: 

1     Clients - ask yourself who you act for.  Are they:

  • politically exposed persons (PEPs)
  • financial institutions/ individuals/ companies
  • from riskier sectors such as gambling
  • evasive or seeking anonymity.

2    Geographical areas of operation - consider whether you work with or in countries that:

  • don't have equivalent AML standards to the UK, ie FATF
  • have significant levels of corruption
  • are subject to sanctions
  • are on the EU high risk list or are tax havens. 

3    Products and services - do you offer services in areas deemed 'high risk' due to holding client money such as:

  • conveyancing
  • trust and company services
  • cryptocurrencies.

4    Transactions - consider the characteristics of the transaction such as:

  • What is the source of funds?
  • Is the transaction unusual, particularly complex or outside your normal area of work?
  • What is the payment type?
  • Is the size and value of the transaction relevant to your firm? 

5     Delivery services - does your firm:

  • use agents or intermediaries
  • take payments to and from third parties or issue refunds
  • provide online services
  • meet clients in person as part of your verification process?

Mitigating risk

None of the factors above mean money laundering is necessarily taking place but any higher risk factors need to be acknowledged in your RA and recorded. Your risk assessment should list the steps you take to mitigate the money laundering risk in the work your firm engages in. You should reference your policies, controls and procedures (PCPs), and state clearly what you do when you identify a high-risk client or matter.

Note also that your policies, controls and procedures should be:

  • proportionate to the size and nature of the business
  • properly understood and implemented by your staff
  • monitored to remain effective in addressing the level of risk you have identified.

For your PCPs to be effective there should be a culture of compliance including:

  • an understanding from everyone in the firm that AML training is a regulatory requirement for all staff and that failure to undertake training may result in disciplinary sanction
  • firm-wide procedures for accepting payments, monitoring accounts, making SARs, record-keeping etc
  • an empowered accounts department and a COFA who will push back if they're suspicious.

Further help

  • Explore our AML resources including all the key legislation, Practice Notes and top tips

Tags: anti-money laundering

About the author

Pearl Moses is Head of Risk & Compliance at the Law Society

Follow Risk and Compliance on Twitter

  • Share this page:

Abigail Bright | Adam Johnson | Adele Edwin-Lamerton | Ahmed Aydeed | Alan East | Alex Barr | Alex Heshmaty | Alexa Lemzy | Alexandra Cardenas | Amanda Adeola | Amanda Carpenter | Amanda Jardine Viner | Amy Bell | Amy Heading | an anonymous sole practitioner | Andrew Kidd | Andrew McWhir | Andy Harris | Anna Drozd | Annaliese Fiehn | Anne Morris | Anne Waldron | anonymous female solicitor | Asif Afridi and Roseanne Russell | Bansi Desai | Barbara Whitehorne | Barry Wilkinson | Becky Baker | Ben Hollom | Bhavisha Mistry | Bob Nightingale | Bridget Garrood | Caroline Marlow | Caroline Roddis | Caroline Sorbier | Carolyn Pepper | Catherine Dixon | Chris Claxton-Shirley | Christina Blacklaws | Ciaran Fenton | Coral Hill | CV Library | Daniel Matchett | Daphne Perry | David Gilroy | David Yeoward | Douglas McPherson | Duncan Wood | Elijah Granet | Elizabeth Rimmer | Eloise Skinner | Emily Miller | Emily Powell | Emma Maule | Floyd Porter | Gary Richards | Gary Rycroft | Graham Murphy | Greg Treverton-Jones | Gustavo Bussmann | Hayley Stewart | Hilda-Georgina Kwafo-Akoto | Ignasi Guardans | James Castro Edwards | Jane Cassell | Jayne Willetts | Jeremy Miles | Jerry Garvey | Jessie Barwick | Joe Egan | Jonathan Andrews | Jonathan Fisher | Jonathan Smithers | Jonathon Bray | Julian Hall | Julie Ashdown | Julie Nicholds | June Venters | Justin Rourke | Karen Jackson | Kate Adam | Katherine Cousins | Kaweh Beheshtizadeh | Kayleigh Leonie | Keiley Ann Broadhead | Kerrie Fuller | Kevin Hood | Kevin Poulter | Larry Cattle | Laura Bee | Laura Devine | Laura Uberoi | Law Gazette Jobs | Leah Glover and Julie Ashdown | Leanne Yendell | Lee Moore | LHS Solicitors | Linden Thomas | Lucy Parker | Maria Shahid | Marjorie Creek | Mark Carver | Mark Leiser | Markus Coleman | Martin Barnes | Mary Doyle | Matt O'Brien | Matt Oliver | Matthew Still | Max Rossiter | Melinda Giles | Melissa Hardee | Michael Henson-Webb | Neil Ford | Nick Denys | Nick O'Neill | Nick Podd | Nigel West | Nikki Alderson | Oz Alashe | Paris Theodorou | Patrick Wolfe | Paul Bennett | Paul Rogerson | Paul Wilson | Pearl Moses | Penny Owston | Peter Wright | Philippa Southwell | Preetha Gopalan | Prof Sylvie Delacroix | Rachel Brushfield | Rafie Faruq | Ranjit Uppal | Ravi Naik | Rebecca Atkinson | Remy Mohamed | Richard Collier | Richard Coulthard | Richard Heinrich | Richard Mabey | Richard Messingham | Richard Miller | Richard Roberts | Rita Gupta | Rob Cope | Robert Bourns | Robert Forman | Robin Charrot | Rosa Coleman | Rosy Rourke | Sachin Nair | Saida Bello | Sally Azarmi | Sally Woolston | Sam De Silva | Sara Chandler | Sarah Austin | Sarah Crowe | Sarah Henchoz | Sarah Smith | Shereen Semnani | Shirin Marker | Siddique Patel | Simon Day | Sofia Olhede | Sonia Aman | Sophia Adams Bhatti | Sophie O'Neill-Hanson | Steve Deutsch | Steve Thompson | Stuart Poole-Robb | Sue James | Susa | Susan Acland-Hood | Susan Kench | Suzanne Gallagher | The Law Society Digital and Brand team | Tom Chapman | Tom Ellen | Tony Roe | Tracey Calvert | Umar Kankiya | Vanessa Friend | Vicki Butler | Vidisha Joshi | William Li | William McSweeney | Zoë Paton-Crockett