Kate Burt, Legl’s Head of Risk and Compliance, recently hosted a webinar which delved into explaining the new LSAG guidance for law firms on complying with their AML/CTF obligations.

In What the Latest Changes to LSAG Guidance Mean For Your Firm, we explored some of the key changes that the LSAG guidance brings and set out some actionable steps that law firms can take to adhere to compliance.

Table of Contents

  • Introduction
  • Verification of the identities of beneficial owners
  • Redirection from EU high risk third country lists
  • Clarification on Legal Professional Privilege
  • Clarification on what is not “an arrangement” for the purposes of the Proceeds of Crime Act (POCA)
  • What now for AML officers?


The Legal Sector Affinity Group’s Anti-Money-Laundering Guidance for the Legal sector is considered to be the definitive guide to AML for the industry.

This guidance is designed to help legal professionals and firms comply with the UK’s key AML regulations as set out in the Money Laundering Regulations 2017, Proceeds of Crime Act and 2002 and the Terrorism Act 2022, and the latest version has now been approved by HM Treasury in July 2022.

The significance of HM Treasury’s approval of the LSAG guidance is that it now has full standing within the MLR 2017. This includes the MLR’s regulation 86(2)(b)(ii) which now includes the LSAG guidance as one of the guidance documents that a court would consider when determining whether a lawyer or firm had committed a criminal offence in not following the regulation.

In a similar way, the LSAG guidance is also relevant where the imposition of civil penalties are being considered under regulation 76. We’ve compiled a summary of the key points in the July 2022 update to the LSAG guidelines,  and cover off some of the things law firms might want to consider in the context of these new rules and their approval by HM Treasury.

Verification of the identities of beneficial owners

One of the most notable changes is the new emphasis on conducting verification of beneficial owners’ identities when working with business clients. The guidance’s starting point is to apply the same standard of verification and client due diligence on the beneficial owner as to individual clients.

R28 of the AML Regulations provides that where the customer is a legal person, trust, company, foundation, or similar legal arrangement, the relevant person must identify the customer and take reasonable measures to understand the ownership and control structure of that legal person, trust, company, foundation, or similar legal arrangement.

The LSAG guidance now provides more guidance around lower risk matters and what might constitute ‘reasonable measures’. There is now emphasis on the need to evidence any decision not to apply the same standard of verification to a beneficial owner that you would to an individual client.

Referring to the role of technology in supporting firms to maintain compliance, the LSAG guidance notes that tools such as Electronic ID & Verification (EID&V) can be useful in protecting your practice and adhering to the relevant AML regulations. In Section 6.14.11, the guidance notes in particular that EID&V may be of significant help with verifying identities in larger companies where the beneficial owner may be difficult to contact directly.

How this might affect your firm
Firms must document their own overarching understanding of beneficial owners’ background, circumstances, and nature of any transaction. In addition to this, firms must take steps to “verify the beneficial owner’s identity, not simply that the identity in question is a beneficial owner.” Recording this information as a part of a client or matter risk assessment (or similar) is important to demonstrate compliance with the guidance.

Redirection from EU high risk third country lists

The guidance now links out to the UK high risk country list rather than the EU list at section and 6.19.1. The updated guidance requires your firm to apply EDD measures in any transaction or business relationship, including an occasional transaction with a person established in a high-risk third country.

The guidance states that “not all countries where there may be a higher risk of money laundering are ‘high- risk third countries’ for these purposes. Other jurisdictions may equally pose higher ML risks – these should be assessed as part of client and matter risk assessments, and additional, enhanced due diligence measures should be applied accordingly.”

For clarification, being “established in” a country means:

  • being incorporated in or having a principal place of business in that country, or for a financial institution having its main regulator in that country; or
  • being resident in that country but not necessarily simply having been born in that country.

“Increasing globalisation means the likelihood that the work you do will involve other jurisdictions and the international dimension may not always be obvious. You should bear this in mind when assessing geographic risks and whether a client or matter may involve a higher risk jurisdiction.”

How this might affect your firm
Firms should list all of the countries to which their practice is exposed to in your practice-wide risk assessment, and give a risk rating to each one. Being exposed to a country includes offering services, facilitating a matter involving or having clients established in that country.

Clarification on Legal Professional Privilege

In sections 13.4.2 and 13.4.3 of the 2022 LSAG Guidance, there are changes in terminology that specifically apply to situations where firms know or suspect a money laundering offence has occurred.  This includes removing references to ‘a principal offence’, and replacing them with stronger language around  ‘a criminal offence’, thus widening the scope beyond money laundering offences in and of themselves.

This change can be seen in the following examples from the guidance, “If you know the transaction that you are working on has the intention of furthering a criminal offence, you risk committing an offence yourself.” In these circumstances, communications relating to such a transaction are not privileged and should be disclosed.

However the guidance notes that, “If you merely suspect a transaction has the intention of furthering a criminal offence, the position is more complex.” In this scenario, if the suspicions are correct, then communications with the client are not privileged. But in order to arrive at the fraud or crime exemption, a consideration must be made about the nature of the suspicion: “A vague feeling of unease, or surmise or conjecture is insufficient.”

How this might affect your firm
This change in the guidance now covers more than simply money laundering offences. Firms must be aware that the new guidance covers transactional activities around all criminal offences. If there is any doubt about the position on legal professional privilege, there is a useful decision template in section 13.8.1 to record the decision-making process.

Clarification on what is not “an arrangement” for the purposes of the Proceeds of Crime Act (POCA)

This section relates to 328 of POCA: “A person commits an offence if they enter into an arrangement or become concerned in an arrangement which they know or suspect facilitates the acquisition, retention, use or control of criminal property by, or on behalf of another person.”

The approved guidance expands the existing explanation of what is not an arrangement. This includes more commentary around the case of Bowman v Fels, which held that section 328 of POCA does not apply to the ordinary conduct of litigation by legal professionals.

Section 16.4.2 gives examples of adequate consideration for criminal property that is acquired, used, or possessed. The updated guidance strives to provide illustrative examples of exemptions, such as “Providing goods or services as part of a legitimate arm’s length transaction (provided it does not help someone to commit a criminal offence) and is paid from a bank account which contains the proceeds of crime may now be exempt.

How this might affect your firm
Law firms should consider very carefully when money is received for costs that result from a criminal act.

What now for AML officers?

For firms that were already fully compliant with the 2021 draft LSAG guidelines, the good news is that only minor tweaks are required, but refresher training is always valuable, particularly to raise awareness of the significance of HMT approval.

If firms are not confident of full compliance with LSAG, the first step is to get familiar with the guidance to understand the expectations of the legal sector regulators and ultimately the court. Technology can help easily deliver a consistent standard of compliance firm-wide, but the ultimate responsibility lies with the firm.

A first step for many firms is asking themselves – are there relevant written policies, controls and procedures in place?

Good practice is for law firms to consider whether the following areas require a documented process during steps towards LSAG compliance. The list is non-exhaustive but provides a starting point for firms.

Identity & Verification (ID&V)

Is your firm using digital EID&V tools to improve the quality and efficiency of your CDD processes?


Does your firm have a documented screening process?Does your firm have a documented staff training process?


Does your firm have a process for handling unexpected or accidentally deposited funds?


What is your firm’s process for undertaking CDD on representatives and agents?What is your firm’s process if a client cannot produce relevant ID to pass CDD?

Authorities & Regulators

What processes does your firm have in place to deal with enquiries from authorities or regulators?What is your firm’s process for auditing compliance?

Beneficial Owners & Managers (BOOMs)

Does your firm have a statement of BOOMs?What is your firm’s process for notifying regulatory bodies?

You may also be interested in...