Get AML audit ready: Hints and tips to avoid common pitfalls
Part 4 - Client and Matter AML Risk Assessments

Welcome to part 4 of “Get AML Audit Ready.” In this article, we will discuss the common pitfalls to watch out for when conducting Client and Matter Risk Assessments.

Under the Money Laundering Regulations (MLR) lawyers must assess the  risks of money laundering that a client and their specific matter might pose.

A client AML risk assessment must always be conducted at the beginning of a client relationship.  In addition, when it comes to a specific matter, an AML risk assessment must be conducted as soon as possible to look at the unique risks the matter presents. These risks might be different from the risks already identified for the client.

Conducting effective client and matter risk assessments is crucial for preventing money laundering as it guides you to the appropriate level of client due diligence (CDD) and ongoing monitoring required.

Let's look at some common pitfalls to watch out for when conducting client and matter AML risk assessments.
‍

Client and matter AML risks go hand in hand.

When opening any new matters, it's essential to consider both client risk and matter risk. These two aspects are closely connected. You might have a medium risk transactional matter, however if your client is a non-domestic Politically Exposed Person (PEP), the risk level of this work increases significantly.

Because your client is a PEP, you will need to conduct Enhanced Due Diligence (EDD). If you fail to assess the risks associated with both the client and the matter, you might overlook the fact that your client is a PEP.  As a result, you may not mark the matter as high risk and  perform the necessary EDD, leading to a breach of the MLR.
‍

Do your risk assessments assist in determining when EDD  is required?

EDD has been something of a big topic in this series. In parts 2 and 3 of “Get Audit Ready” I discussed issues surrounding EDD, i.e.:

• not having a policy to specify the steps staff should take to carry out EDD, which in turn leads to EDD not always being applied when dealing with a high risk client and/or matter; and
• not providing guidance to lawyers on how to determine if a client and/or matter requires EDD, and if so, what steps to take to comply with that policy.

Make sure your client and matter AML risk assessments guide staff so that they can make an informed decision as to whether the matter requires EDD, and the associated process if so.
‍

Do you have a scoring system to assist with assessing AML risk?

Be cautious if you decide to use a scoring system for risk assessments. It’s important that lawyers are trained on, and understand the scoring system. Lawyers should also understand that the overall score is suggestive rather than conclusive, so a lower rating could be overridden if necessary.

There will be circumstances where a client or matter should be automatically classified as high risk, such clients who are PEPs or established in High Risk Third Countries, regardless of the score. Therefore it’s important that the scoring system can be adjusted to take this into account.
‍

Don’t use a template with standard wording.

Avoid relying on generic templates without adjusting them to fit your firm's specific needs. It is ok to use the template as a starting point, but make sure to modify it to suit your firm. The final version should be detailed, tailored to your specific work types and should be in line with your firm-wide risk assessment. And remember -  keep it updated!
‍

Document your rationale.

I’ve said this before, but I’ll say it again, give yourself credit for the work you are doing, ensure that you thoroughly document your review process and assessment of risk.
‍

Your client and matter AML risk assessments are living breathing documents.

Your client and matter AML risk assessments shouldn't be treated as one-time forms completed only at the beginning of the matter. These are living documents that need to be regularly updated and revised to reflect new information, changes in circumstances, or an evolving understanding of the client or matter. These documents should not be static but actively maintained to remain relevant and accurate over time.

Consider triggers on when you might need to review/update your risk assessment, such as when you complete your CDD checks, or before the transaction takes place. When you receive additional evidence, ask yourself: does the matter still make sense? Does this new information change the potential risk profile of the client or matter? If so, does this alter the level of due diligence required? Are there any new red flags indicating a suspicion of money laundering?

Using a client and matter AML risk assessment effectively will help you spot suspicious activity and ensure the firm doesn't get involved in transactions that could launder money for bad actors.

‍