Is Your Law Firm AML Compliant? Take This 7-Step Test

Money laundering is a serious risk that can jeopardise your law firm’s reputation, finances, and legal standing. As a legal professional, you are uniquely positioned to spot financial crime—but only if you have the right systems and controls in place to spot the red flags.

In recent years, regulatory bodies have heightened their focus on anti-money laundering (AML) compliance within the legal sector. Law firms are often targeted by money launderers due to their involvement in property transactions, managing client funds, and providing corporate services.

If your firm is not fully compliant with AML regulations, you could face hefty fines, reputational damage, or potentially criminal charges.

To help you assess your AML preparedness, we’ve put together this Basic 7-step checklist to spotlight some areas of concern.

Step 1: Have You Appointed a Money Laundering Reporting Officer (MLRO)?

One of the first things regulators will look for is whether your firm has designated a Money Laundering Reporting Officer (MLRO). This person is responsible for overseeing your AML policies, ensuring compliance, and reporting suspicious activity.

Action:

• Ensure you have an MLRO in place, and that they are adequately trained and empowered to act
• If applicable, appoint a Deputy MLRO to ensure business continuity
• Have you complied with the reporting requirements

Step 2: Do You Conduct Regular Risk Assessments?

A firm-wide risk assessment (FWRA) is essential to understanding the specific money laundering risks your firm faces. Not all clients or transactions are created equal, so assessing your firm's exposure to risk should be an ongoing process.

Action:

• Review your firm-wide risk assessment at least annually and after any major changes in your business, the law and regulatory guidance
• Review your policies, controls and procedures at least annually and after any major changes in your business, the law and regulatory guidance
• Ensure you assess risks related to clients, delivery, services, jurisdictions, and transactions.
• Have you documented the review process

Step 3: Is Your Client Due Diligence (CDD) Process Robust?

Know Your Customer (KYC) procedures are crucial to identifying and verifying your clients. AML regulations require firms to carry out client due diligence (CDD) on clients before establishing a business relationship, especially when dealing with high-risk clients.

Action:

• Identify and verify who your client is
• Have you considered nature and purpose
• Implement client due diligence (CDD) for all clients.
• Ensure you verify the identities of all clients using original documents and or reliable electronic systems.
• Undertake Sanctions screening
• Conduct Enhanced Due Diligence (EDD) for high-risk clients, such as politically exposed persons (PEPs) or clients from high-risk jurisdictions.
• Are you checking UBO's, third parties and counterparties
• Have you obtained Source of Funds (SOF) and Source of Wealth (SOW) checks
• Have you considered the information
• Have you made a written record of your reasoning
• Have you sought approval where necessary from the MLRO

Step 5: Are You Reporting Suspicious Activity Promptly?

Law firms are legally obligated to report suspicious activity. If your firm suspects a client is involved in money laundering, you must file a Suspicious Activity Report (SAR) with the relevant authorities.

Action:

• Have you trained staff on the Proceeds of Crime Act (POCA) Offences
• Establish a clear procedure for submitting SARs to the National Crime Agency (NCA) when necessary.
• Train all staff to understand what constitutes suspicious activity, and how to escalate it.
• Have you trained staff on tipping off

Step 6: Is Your AML Training Program Up-to-Date?

To maintain effective compliance, every member of your team must understand the firm’s AML policies and procedures. Regular training helps ensure that your team can identify potential risks and mitigate them in line with regulatory expectations.

Action:

• Provide regular AML training to all fee earners, support staff and others as required
• Is your training appropriate to the level of staff
• Have you trained on the offences, Red Flags, procedures and escalation
• Use real-world case studies to help your team understand the practical application of AML rules in day-to-day legal work
• Have you documented the training

Step 7: Are You Keeping Proper Records for Compliance?

Record-keeping is a critical component of AML compliance. Regulators require that you retain all relevant documents and records relating to client identification, transaction history, and suspicious activity reports (not an exhaustive list).

Action:

• Ensure that you retain KYC information and CDD records, source of funds (SOF), source of wealth (SOW) documentation and information and transaction details and reasoning are retained for at least five years (or for longer depending on your PCPs) after the end of the client relationship.
• Conduct regular internal audits to ensure that your records are complete, accurate, and compliant with AML regulation.

Conclusion: Is Your Firm Ready for an AML Audit?

Money laundering is a growing concern, and law firms must take proactive steps to safeguard against it. If you’ve gone through this test and found areas where your firm is lacking, it’s time to take action.

An external AML audit can help identify gaps in your compliance programme and offer guidance on improving your controls.

Don't wait for a regulatory inspection to uncover your weaknesses—take control today.

Next Steps:

Contact us for a Free 15 minute chat about your compliance programme.

Disclaimer: This post is for general information. It is not to be regarded as a complete test or authoritative, and it is not to be regarded as legal or regulatory advice.

‍

Illustration of an Internal Audit Process

Internal AML Audit

FATF

SRA Guidelines

‍

‍