Anti-money laundering

Risk assessments: anti-money laundering

Regulation 18 of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) requires law firms to carry out a written risk assessment to identify and assess the risk of money laundering that they face.

Carrying out a risk assessment will help you to:

  • develop policies, procedures and controls to reduce the risk of money laundering
  • apply a risk-based approach to detecting and preventing money laundering
  • understand the level of risk associated with certain business relationships and transactions
  • make appropriate risk-based decisions about clients and retainers

It’s important that you keep your risk assessment under review as the Solicitors Regulation Authority (SRA) may ask to see your assessment – especially if something goes wrong with compliance at your firm.

More detailed information can be found in chapter 2 of the anti-money laundering (AML) guidance for the legal sector.

Practice-wide risk assessment

There are no set rules that indicate your firm is at high risk of exposure to money laundering activity.

The conclusions of your practice-wide risk assessment are a matter of judgement and should reflect the nature of your work and clients.

However, your practice-wide risk assessment should:

  • clearly state what you do when you identify a high-risk client or matter
  • reference your firm’s policies, controls and procedures
  • consider the UK's National Risk Assessment (NRA) and the SRA’s 2018/19 risk outlook
  • list the steps your firm has taken to reduce the money laundering risk it faces

The MLR 2017 outlines what you should consider in your risk assessment, including:

  • the clients you act for
  • whether you work in or with countries that, for example, have significant levels of corruption or are subject to sanctions
  • whether you offer services in practice areas deemed ‘high risk’ due to holding client money
  • the characteristics of transactions, including the source of funds and whether a transaction is outside your firm’s normal area of work
  • your firm's delivery services, including the use of agents and intermediaries or online services

See section 2.3 of the AML guidance for the legal sector for a full list of factors your risk assessment should consider.

It’s important that your risk assessment is written down and kept up to date.

Your risk assessment can be formatted in multiple ways, including in paragraphs, as a table or a matrix with risk ratings.

Make sure that when you complete your risk assessment you:

  • keep a record of the sources you use
  • review it regularly, reflecting changes in your circumstances or to the SRA's risk assessment. You should keep a note of when you carry out these reviews

High-risk regulated activities

In your risk assessment, you should assess what proportion of your work is made up of regulated activities, especially those identified as 'high risk' by the NRA.

The NRA specifies the following services as most likely to be abused by money launderers:

  • trust and company formation
  • conveyancing
  • client account services

To reduce risks when working in these areas, you must:

You should document what measures are in place to mitigate these risks, and adjust your policies, controls and procedures accordingly.

Find out more about money laundering warning signs

High-risk jurisdictions

If you’re involved with clients or matters based in ‘high-risk’ jurisdictions, your risk assessment should reflect this.

At a minimum, you’ll need to consider how you deal with clients and matters that involve those listed on the EU list of high-risk third countries.

You may also wish to keep up to date with:

Client and matter risk assessment

As well as a practice-wide risk assessment you need to undertake a risk assessment at client and matter level. This will inform the way you conduct your customer due diligence and ongoing monitoring.

Your processes for carrying out the client and matter level risk assessment should be set out in your practice-wide risk assessment.

See section 2.5 of the AML guidance for the legal sector.

Protect yourself and your firm from money laundering
Complete our online AML courses, led by a leading expert in risk management. Modules include:

Call our AML helpline for support on issues such as due diligence, source of funds, sanctions and the high-risk jurisdictions list

Join the Risk and Compliance Service to stay up to date with your regulatory obligations.

Gain practical know-how with the Anti-money Laundering Toolkit (3rd edition)

Find out how to assess and address risk in your practice

Learn how to improve the quality of your risk assessment

Maximise your Law Society membership with My LS