In Industry Insights

It would be an understatement to say that law firms face increased scrutiny regarding their AML practices. The SRA is intensifying its efforts to combat AML deficiencies, making it crucial for law firms to have robust and compliant AML policies and procedures (PCPs).

The Importance of AML Policies

AML policies are designed to reduce the risk of money laundering, terrorist financing, and proliferation financing. Law firms, gatekeepers to the financial and legal system, must implement effective AML controls to ensure they are not used to facilitate criminal activities. The Money Laundering Regulations 2017 (MLR 2017) require firms to establish compliant PCPs to mitigate these risks.

Clear policies should reflect the practice’s firm-wide risk assessment (FWRA), the theory being that no two AML policies will look identical.

Having a well-crafted AML policy is also a defensive measure. It demonstrates that the firm understands its risks and the underlying law, and has carefully thought through the practical controls that need to be in place.

For employees, the policy should be easy to navigate and unambiguous. It is likely to be the first port of call when a query about financial crime arises.

AML Policy Checklist

Here is a checklist to guide law firms in developing and maintaining effective AML policies:

  1. Introduction
    • Clearly state the purpose of the AML policy.
    • Identify the underlying legislation and any statutory guidance (i.e. LSAG).
    • Define the scope of the policy and who it applies to: offices, employees, locums etc.
    • Ensure all staff are familiar with the policy, and the consequences of not following it.
  2. Responsibility for Compliance
    • Identify the firm’s Money Laundering Compliance Officer (MLCO) and a Money Laundering Reporting Officer (MLRO, aka the nominated officer).
    • Define the roles and responsibilities of the MLCO and MLRO and how to contact them.
    • Set out the situations where senior management approval is needed to take on a client or piece of work.
  3. Other Relevant Policies
    • To give a complete picture, you may need to refer to separate policies and procedures that indirectly relate to the AML policy, e.g.
      • the accounting procedures and controls in place to protect the integrity of the client account
      • general risk management policy
      • onboarding clients policy
      • cash policy
  4. Understanding Money Laundering and Related Risks
    • Provide a plain language explanation of money laundering, terrorist financing, and proliferation financing and why it is important that lawyers are involved in the fight against financial crime.
    • Include an overview of the relevant law, in particular the offences contained in the Proceeds of Crime Act 2002 and Terrorism Act 2000: the principal offences, failing to disclose, tipping off etc.
    • Provide examples of red flags and warning signs specific to your firm (the FWRA should assist with this).
  5. Reporting Suspicions
    • Establish procedures for submitting Suspicious Activity Reports (SARs) internally.
    • Describe the MLRO’s role in submitting external SARs to the National Crime Agency, and what is expected of the employee in assisting with the report and any further investigation.
    • Set out any potential limitations on reporting, such as legal professional privilege.
  6. Risk Assessment
    • Set out a clear policy and process for risk assessing clients and matters.
    • Identify any mandatory risk assessment documents and when, how and by whom they should be completed.
  7. Client Due Diligence (CDD)
    • Define CDD and its components: identifying clients, verifying their identity, and understanding the business relationship.
    • Give clear guidance on what CDD is expected to look like for particular clients and matters.
    • Specify situations where Enhanced Due Diligence (EDD) is required (such as such as PEPs and high-risk third countries) and what EDD involves.
    • Implement measures for verifying the source of funds and wealth.
    • Require ongoing monitoring of business relationships to detect unusual or suspicious transactions.
    • Set out the firm’s policy on relying on another firm’s CDD and vice versa.
    • Ensure CDD records are kept up-to-date and retained for the required time period.
    • Identify when a discrepancy report needs to be made to Companies House.
  8. Training and Awareness
    • Set out the firm’s commitment to regular training on AML, terrorist financing, and proliferation financing and how that is achieved.
  9. Employee Screening
    • Describe the firm’s approach to screening relevant employees, what that is likely to involve and when it takes place.
  10. Independent Audit and Policy Review
    • Explain how the firm complies with its “Regulation 21” duty to obtain an independent audit of its AML controls.
    • Put in place a schedule for reviewing the policy e.g. annually or when significant changes occur.
Recent Posts

Start typing and press Enter to search

Get your FREE COLP Insider email delivered fortnightly

We’ll never share your email address and you can opt out at any time, we promise


Jonathon Bray AJ Fox podcastlaw firm cyber security