Risk assessments: anti-money laundering
Regulation 18 of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) requires law firms to carry out a written risk assessment to identify and assess the risk of money laundering that they face.
Carrying out a risk assessment will help you to:
- develop policies, procedures and controls to reduce the risk of money laundering
- apply a risk-based approach to detecting and preventing money laundering
- understand the level of risk associated with certain business relationships and transactions
- make appropriate risk-based decisions about clients and retainers
It’s important that you keep your risk assessment under review as the Solicitors Regulation Authority (SRA) may ask to see your assessment – especially if something goes wrong with compliance at your firm.
More detailed information can be found in chapter 2 of the anti-money laundering (AML) guidance for the legal sector.
Practice-wide risk assessment
There are no set rules that indicate your firm is at high risk of exposure to money laundering activity.
The conclusions of your practice-wide risk assessment are a matter of judgement and should reflect the nature of your work and clients.
However, your practice-wide risk assessment should:
- clearly state what you do when you identify a high-risk client or matter
- reference your firm’s policies, controls and procedures
- consider the UK's National Risk Assessment (NRA) and the SRA’s 2018/19 risk outlook
- list the steps your firm has taken to reduce the money laundering risk it faces
The MLR 2017 outlines what you should consider in your risk assessment, including:
- the clients you act for
- whether you work in or with countries that, for example, have significant levels of corruption or are subject to sanctions
- whether you offer services in practice areas deemed ‘high risk’ due to holding client money
- the characteristics of transactions, including the source of funds and whether a transaction is outside your firm’s normal area of work
- your firm's delivery services, including the use of agents and intermediaries or online services
See section 2.3 of the AML guidance for the legal sector for a full list of factors your risk assessment should consider.
It’s important that your risk assessment is written down and kept up to date.
Your risk assessment can be formatted in multiple ways, including in paragraphs, as a table or a matrix with risk ratings.
Make sure that when you complete your risk assessment you:
- keep a record of the sources you use
- review it regularly, reflecting changes in your circumstances or to the SRA's risk assessment. You should keep a note of when you carry out these reviews
High-risk regulated activities
In your risk assessment, you should assess what proportion of your work is made up of regulated activities, especially those identified as 'high risk' by the NRA.
The NRA specifies the following services as most likely to be abused by money launderers:
- trust and company formation
- client account services
To reduce risks when working in these areas, you must:
- comply with the latest AML guidance for the legal sector
- pay attention to warning signs of money laundering
You should document what measures are in place to mitigate these risks, and adjust your policies, controls and procedures accordingly.
If you’re involved with clients or matters based in ‘high-risk’ jurisdictions, your risk assessment should reflect this.
At a minimum, you’ll need to consider how you deal with clients and matters that involve those listed on the EU list of high-risk third countries.
You may also wish to keep up to date with:
- Financial Action Task Force (FATF) list – high-risk countries with deficiencies in their AML/counter-terrorist financing regimes
- EU tax havens list – tax governance shortcomings
Client and matter risk assessment
As well as a practice-wide risk assessment you need to undertake a risk assessment at client and matter level. This will inform the way you conduct your customer due diligence and ongoing monitoring.
Your processes for carrying out the client and matter level risk assessment should be set out in your practice-wide risk assessment.
See section 2.5 of the AML guidance for the legal sector.
Protect yourself and your firm from money laundering
- risk assessment and client due diligence (1 hour)
- AML and suspicious activity (30 minutes)
- money laundering offences (30 minutes)
Call our AML helpline for support on issues such as due diligence, source of funds, sanctions and the high-risk jurisdictions list
Join the Risk and Compliance Service to stay up to date with your regulatory obligations.