AML FOR LEGAL 2021

What are the UK AML requirements for law firms?

The UK’s Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 (MLR2017) transposed the requirements under the EU 4th AML Directive (4AMLD), which brought law firms into scope for the respective AML requirements as of 26 June 2017. In recent years, these requirements have been amended and guidance has been published to aid compliance with the evolving regulatory landscape.

The Solicitors Regulation Authority (SRA) have been very active in performing regulatory visits as well as reviews and thematic assessments to ensure the circa 7,000 law firms regulated by the SRA have adopted and maintained these AML requirements.

SRA reviews have demonstrated that many firms have not fully adopted or maintained all requirements, and may be missing key components of requirements, such as having appropriate policies and procedures in protect the firm from being used to facilitate money laundering (ML) or terrorist financing (TF) and having an independent audit of the AML programme and controls conducted.

Download

Topics

Board Matters Internal Audit and Corporate Governance Risk Management and Regulatory Compliance Business Performance Digital Transformation

Key Information

26 June 2017 - Date the UK MLR2017 main AML requirements went into force for law firms
74 firms visited in 2019-2020 by the SRA with twothirds requiring update and/or enhancement of current practices.
2019 - 2021 – Amendments to key AML regulation go into effect (Brexit, trusts, tax, etc.)
2021 – Updated guidance on AML for the legal sector issued

Key AML Requirements

1. Conducting a ML/TF risk assessment

Implementing systems, policies, controls and procedures to address ML/ TF risks and meet the requirements under the regulations

2. AML Training to Staff

Adopting appropriate internal controls (including appointment of senior management responsible for compliance, screening of employees and independent review of the AML programme and associated controls)

3. Data Protection (policies, procedures, and systems)

Comply with due diligence requirements (including simplified, customer and enhanced due diligence),

4. Record keeping (policies, procedures, and systems) DDD

Comply with Politically Exposed Persons (PEP) requirements

High Level AML Journey

1. Risk Assessment

Risk based approach
Risk factors to consider customers, geography, products/services, transaction and delivery channels

2. Policies and Procedures

Manage and mitigate ML/TF risks
Aligned to risk assessment results
Proportionate to size and nature of your business

3. Independent review of AML Programme

Review adequacy of policies, control and procedures
Monitor compliance and make recommendations

4. AML Programme as BAU

MLR 2017 compliant
Revisiting these three (3) key drivers of the AML programme to ensure ML/TF risk posed are accurately identified and mitigated on an ongoing basis

AML Programme Considerations and Lifecycle

Has your organisation completed a ML/TF risk assessment within the last year?
Has your organisation's AML control environment been subject to an independent review?
Are your staff aware of their AML responsibilities and do they understand the importance of AML compliance and the laws driving the requirements?
Would your staff be able to identify and scrutinise complex and unusually large and unusual patterns of transactions to understand when disclosures would be required?

Protiviti’s AML Solutions

Helping our clients embed and navigate through regulatory change is core to what we do. Protiviti’s AML expertise, pragmatic approach to risk-based AML programmes and experience with change and implementation allows us to understand and appreciate the AML journey your firm faces.

Our AML Solution Offerings

Subject Matter Expertise

Independent Review

Risk Assessment

AML Programme design and implementation

Staff Training

Policy and Procedures

Loan staff support

Change Management & Innovation

Search in Protiviti.com