Anti-money laundering risk assessments

Regulation 18 of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) requires law firms to carry out a written risk assessment to identify and assess the risk of money laundering that they face.

Carrying out a risk assessment will help you to:

  • develop policies, procedures and controls to reduce the risk of money laundering
  • apply a risk-based approach to detecting and preventing money laundering
  • understand the level of risk associated with certain business relationships and transactions
  • make appropriate risk-based decisions about clients and retainers

It’s important that you keep your risk assessment under review as the Solicitors Regulation Authority (SRA) may ask to see your assessment – especially if something goes wrong with compliance at your firm.

More detailed information can be found in chapter 2 of the Legal Sector Affinity Group’s Anti-money laundering (AML) guidance for the legal sector.

Practice-wide risk assessment

There are no set rules that indicate your firm is at high risk of exposure to money laundering activity. The conclusions of your practice-wide risk assessment are a matter of judgement and should reflect the nature of your work and clients.

However, your practice-wide risk assessment should:

  • clearly state what you do when you identify a high-risk client or matter
  • reference your firm’s policies, controls and procedures
  • consider the UK's National Risk Assessment (NRA) and the SRA’s 2018/19 risk outlook
  • list the steps your firm has taken to reduce the money laundering risk it faces

The MLR 2017 outlines what you should consider in your risk assessment, including:

  • the clients you act for
  • whether you work in or with countries that, for example, have significant levels of corruption or are subject to sanctions
  • whether you offer services in practice areas deemed ‘high risk’ due to holding client money
  • the characteristics of transactions, including the source of funds and whether a transaction is outside your firm’s normal area of work
  • your firm's delivery services, including the use of agents and intermediaries or online services

See section 2.3 of the AML guidance for the legal sector for a full list of factors your risk assessment should consider.

It’s important that your risk assessment is written down and kept up to date. Your risk assessment can be formatted in multiple ways, including in paragraphs, as a table or a matrix with risk ratings.

Make sure that when you complete your risk assessment you:

  • keep a record of the sources you use
  • review it regularly, reflecting changes in your circumstances or to the SRA's risk assessment. You should keep a note of when you carry out these reviews

High-risk regulated activities

In your risk assessment, you should assess what proportion of your work is made up of regulated activities, especially those identified as 'high risk' by the NRA.

The NRA specifies the following services as most likely to be abused by money launderers:

  • trust and company formation
  • conveyancing
  • client account services

To reduce risks when working in these areas, you must:

You should document what measures are in place to mitigate these risks, and adjust your policies, controls and procedures accordingly.

Find out more about money laundering warning signs

High-risk jurisdictions

If you’re involved with clients or matters based in ‘high-risk’ jurisdictions, your risk assessment should reflect this. At a minimum you’ll need to consider how you deal with clients and matters that involve those listed on the EU list of high-risk third countries.

You may also wish to keep up to date with:

Client and matter risk assessment

As well as a practice-wide risk assessment you need to undertake a risk assessment at client and matter level. This will inform the way you conduct your customer due diligence and ongoing monitoring.

Your processes for carrying out the client and matter level risk assessment should be set out in your practice-wide risk assessment. See section 2.5 of the AML guidance for the legal sector.

Resources

Anti-money laundering guidance for the legal sector – the Treasury-approved official guidance

AML Toolkit (2nd edition) – includes some useful risk-assessment templates

Getting your risk assessment in order

AML compliance for small firms

Anti-money laundering helpline

Maximise your Law Society membership with My LS