Kayleigh Smale
Get AML audit ready: Hints and tips to avoid common pitfalls
Part 3 - Client Due Diligence
Welcome to part 3 of “Get AML Audit Ready.” In this article, we will discuss the common pitfalls to watch out for when conducting Client Due Diligence (CDD).
Conducting CDD is a requirement of the Money Laundering Regulations (MLR) to help prevent money laundering. It’s a combination of identification, verification and understanding the purpose and nature of the business relationship you have with the client (including SoF where applicable), both at the beginning of the matter and ongoing.
It’s more than just identifying and verifying clients—it’s about truly understanding who they are, what they need from you, and then assessing whether it all makes sense.
CDD ensures your firm stays compliant and safe while showing clients that the firm is serious about preventing criminals from laundering money through your services.
So, let’s explore the common AML pitfalls to be aware of when carrying out CDD.
Using Electronic Verification in your CDD Process? Don’t forget to review the results!
If you are using an electronic verification provider to conduct identification document authentication, address, PEP, Sanctions and adverse media checks, make sure you document the review of these results.
Remember, if it’s not written down it didn’t happen and this is what your regulator will think if you do not have written confirmation that you have reviewed the document and you are happy with the results.
If you have a high risk matter remember you must apply Enhanced Due Diligence (EDD)
In part 2 of “Get Audit Ready” one of the common pitfalls I discussed was not having a policy to specify the steps staff should take to carry out EDD. So it is unsurprising that not applying EDD in high-risk matters would also emerge as a frequent issue.
If there isn’t a written process in place, staff will struggle to know what steps they need to take when dealing with a high risk client and/or matter.
Providing detailed guidelines for these steps is essential to ensure staff can effectively apply EDD.
Give yourself credit for the work you are doing - document your Source of Funds checks!
This was always a massive bugbear of mine. When reviewing files I would find evidence of source of funds on the file, however there would be nothing to show that the evidence had been reviewed and/or that an assessment of risk had been made.
Now I am confident that most lawyers would not gather all this evidence and not review it. I know I have said this already but “if it’s not written down, it didn’t happen!”.
Give yourself credit for the work you are doing, ensure that you thoroughly document your review process and assessment of risk.
Are you confident that staff understand and react to money laundering red flags?
As part of the Regulation 21 audit process under the Money Laundering Regulations (MLR), I would interview staff to test their understanding of the firm’s AML processes and what money laundering red flags they would look out for in their departments. This process is a great way to check if staff feel confident that they would be able to spot a suspicious transaction and possible attempted money laundering.
It’s important for staff to spot and react to money laundering red flags. By spotting these warning signs, they help the firm stay compliant with the law, protect its reputation and most importantly, ensure the firm doesn't get involved in transactions that could launder money for bad actors.
Take a look at the Legal Sector Affinity Group guidance for a non exhaustive list of red flags here.
Don’t forget ongoing monitoring
On-going monitoring can be a bit tricky at times as there are different types of on-going monitoring when it comes to AML. It comes back to “if it’s not written down, it didn’t happen” so unfortunately whilst on-going monitoring might be taking place, unless it is documented, there will not be any evidence to show this.
So what types of AML ongoing monitoring should take place in a law firm?
- Ongoing monitoring of a matter
When it comes to ongoing monitoring of a matter the person handling the matter is best positioned to carry out this task. As they work closely with the client and are deeply involved with the matter, they are most likely to notice anything fishy.
- Ongoing monitoring of identity documents
It's important to check if the documents are still valid—meaning they’re up-to-date and haven't been lost or stolen.This task is relatively straightforward and can be handled by almost anyone in the firm
Some firms use their PMS/CMS to get notifications when a document is about to expire.
Technology can lend a hand here as well. Most ID&V technology providers (including Legl) will alert you if a document has been reported lost or stolen. A quick re-scan of the identification document can provide this information without needing to contact the client.
It becomes a bit more complex with corporate clients. Without checking, you won't know if there have been changes such as new directors or shareholders. Fortunately, Legl has an on-going monitoring platform which will notify you of any updates to corporate names, addresses, directorships, and much more.
- Ongoing monitoring of Politically Exposed Person (PEPs), sanctions & adverse media
Using technology to keep an eye on clients who are considered low-risk or “clean”, throughout the entire relationship with the client, helps ensure that if their status changes—such as becoming a PEP or being sanctioned—you’re alerted right away. This proactive approach allows you to address potential issues before they become significant problems.
It’s also important to use technology to continuously monitor any existing high risk clients (such as PEP clients) so that you will be notified immediately if they engage in activities that could alter the risk profile of your business relationship. Technology, such as Legl, can streamline this process by automating alerts and providing real-time updates, which is crucial for maintaining compliance and safeguarding the firm against any potential money laundering.