Anti-money laundering

AML compliance for small firms – part three: customer due diligence and warning signs

This three-part series looks at the Money Laundering Regulations 2017 (MLR 2017) from the perspective of small firms and provides tips for effective compliance.

This part looks at what conducting customer due diligence (CDD) entails and lists the more common warning signs that might indicate suspicious activity by a client.

More detailed information can be found in the AML guidance for the legal sector.

Customer due diligence
Ongoing monitoring and refreshing CDD
Money laundering warning signs

Customer due diligence

Your process for carrying out CDD needs to be informed by your risk assessment of the client and the matter.

Unlike many larger firms, you may not have the resources to:

  • employ a centralised compliance team
  • use an electronic verification or business intake software
  • operate a database to record CDD information

Where this is the case, you can meet the requirements set out in the MLR 2017 by creating a CDD form. This form should be completed for each new client and matter according to whether it’s categorised as:

  • low risk – simplified due diligence measures can be applied taking account of the risk factors in regulation 37 of the MLR 2017, for example, when the client is a bank, publicly listed company or public body
  • standard risk – for example when the client is a private company or an individual
  • high risk – usually enhanced due diligence (EDD) measures will need to be applied. There’s an obligation to apply EDD in certain circumstances, for example when the client is in a high-risk third country, is a politically exposed person (PEP) or the transaction is complex or unusually large and has no apparent economic or legal purpose. Other high-risk factors can be found in regulation 33 of the MLR 2017. The changes introduced by the 5th Anti-Money Laundering Directive expand both the requirement to conduct EDD and the factors to be considered. The Legal Sector Affinity Group interim guidance sets out the major changes. 

Your form should:

  • include a risk assessment for the client and for the matter
  • record the reasons for your risk assessment
  • list what identity information and documentation you’ll require from the client and relevant parties. Record details of beneficial owners (BO) and verification of BO if appropriate, for example, if the client/matter are high risk
  • record source of funds and supporting documentation – this includes documentation relating to third party payers if appropriate
  • where necessary, obtain confirmation that the individual is authorised to instruct you on behalf of the client in accordance with Regulation 28 of the MLR 2017. Taking a risk-based approach, it should not be necessary to verify the individual’s identity unless they claim to act on behalf of the client, such as an individual from outside the client organisation, an agent or an intermediary
  • consider whether the level of ongoing monitoring should be standard or high
  • record the client’s PEP status
  • record the sanctions check

PEP status

When recording the client’s PEP status:

  • consider the likelihood that the client is a PEP, and the level of risk associated with the matter
  • check both the client’s and beneficial owner’s status and confirm whether the client is a family member or known associate of a PEP

You can do a PEP check by accessing publicly available information online. Some electronic verification providers also offer a pay as you go charging system.

If your client is a PEP, as well as applying EDD, you should conduct and record a source of wealth check and get your Money Laundering Reporting Officer’s (MLRO) approval before continuing to engage the client.

Find out more about PEPs

Sanctions check

You should check the client against HM Treasury and the Office of Financial Sanctions Implementation’s consolidated list.

You should check the Office Foreign Assets Control’s consolidated list and specially designated nationals and blocked persons list if:

  • a US citizen is involved in the transaction, for example as the lawyer or the client
  • the transaction involves payment in US Dollars
  • the transaction is based in the US

All documents about your client and matter risk assessment can be kept with your standard form and stored in a central paper folder or electronic folder. A spreadsheet can help ensure that files are reviewed on a regular basis and be used to record:

  • an overview of new and ongoing clients and matters
  • a client risk rating and the reason for the risk rating
  • CDD clearance status

Ongoing monitoring and refreshing CDD

Ongoing monitoring means scrutinising transactions to check they remain consistent with what is known about the client.

For smaller firms, ongoing monitoring will usually be done by the fee earner. You may consider implementing a system of file reviews or using a matter spreadsheet to track high-risk matters and send reminders to fee earners, so they remember to undertake ongoing monitoring.

You must also refresh your CDD information when the client’s circumstances change. For example, when:

  • an individual changes their name
  • there’s a change in the beneficial ownership of a client
  • the client instructs you in relation to a transaction that is not consistent with your knowledge about them

It’s also good practice to refresh your CDD information if there has been a long gap in instructions. You may find it convenient to check the CDD information each time you open a matter for the client and either note that no refresh is necessary or update the CDD information.

Under changes introduced by the 5th Money Laundering Directive, you must refresh due diligence for an existing client where you are under any legal duty to contact a client in the course of a calendar year for the purpose of reviewing any information which: 

• is relevant to the risk assessment for that customer and 

• relates to the beneficial ownership of the customer 

Money laundering warning signs

Whether you’re a fee earner or a MLRO, recognising signs of potential money laundering sign is an ongoing challenge.

An individual warning sign may not be enough to form a suspicion of money laundering, but it will be a basis for asking more questions.

We’ve listed some of the most common warning signs. This information is not intended to be exhaustive.

For further information on warning signs, see the AML guidance for the legal sector.

Clients and instructions

You will want to ask further questions if:

  • there's no obvious reason for the client instructing you and/or the transaction falls outside your usual practice
  • there's a sudden change of instructions without a reasonable explanation
  • the transactions or private funding of the value is not consistent with the client’s profile or financial position
  • the client exhibits secretive behaviour, a reluctance to meet you or a lack of interest in the transaction
  • the client is reluctant or refuses to provide adequate identification, or relies on another professional
  • the transaction is unusually complex or does not make commercial sense
  • intermediaries claim to act on behalf of the client or group
  • the client has criminal convictions/activities/associations or an existing Confiscation or Restraint Orders
  • the client has an unusuallly high level of knowledge about money laundering processes


You will want to ask further questions if:

  • money is transferred to your client account before it’s required
  • transactions are aborted with no clear reason and return of monies
  • there's a request that you act as a bank or escrow agent or pay bills unrelated to the matter
  • cash sums are paid in or there are requests to pay out
  • there's a request that funds are paid in by, or are paid out to a third party
  • the funds are from an unexpected source, non-institutional lender and/or there are discrepancies in names or amounts
  • there's a request that funds are paid out at intervals
  • the funds are coming from multiple accounts
  • the offer to pay large sums, and/or refund is requested
  • the funds are said to be the benefits of an offshore tax avoidance scheme


You will want to ask further questions if:

  • there have been back-to-back property transactions, less than six months apart
  • the deposit or part of purchase price is being paid direct to seller
  • the deposit is paid as a 'gift' by the seller, so distorting the value
  • there have been sales and purchases between associates or related companies
  • there are unusual differences in valuations
  • there's been unexpected early repayment of a mortgage
  • the transaction includes unusual language, for example “grand master collateral commitment”
  • there's a strong interest in completing quickly or taking shortcuts without good reason
  • there are bearer shares
  • the transaction involves diamonds, precious stones, gold, oil, carbon credits, hotel rooms, forestry, antique documents, luxury goods or paintings
  • there's mention of bogus law firms – check our Find a Solicitor website if in doubt


AML compliance for small firms – part one: conducting a risk assessment

AML compliance for small firms – part two: policies, controls and procedures

The Legal Sector Affinity Group’s Anti-money laundering guidance

Practice Advice Service and AML Helpline

Anti-money laundering resources

Money laundering warning signs

Anti-money laundering toolkit, 2nd edition

Maximise your Law Society membership with My LS