firm wide risk assessments legl

Why Firm-wide Risk Assessments Should be the Cornerstone of Your AML Strategy  

Legl
Legl

All law firms that carry out work within the scope of the Money Laundering, Terrorist Financing, and Transfer of Funds Regulations 2017 (MLRs) are required to have a written firm-wide risk assessment (FWRA) in place. This document (also known as a practice-wide risk assessment (PWRA)) is separate to assessments of risk for individual clients or matters. 

The FWRA must identify and assess the risks of money laundering and terrorist financing that may affect firms. The contents of the risk assessment are key to determining how the firm will apply a risk-based approach to its compliance with the MLRs as reflected in its policies and procedures. 

LSAG guidance states, “The PWRA is the central reference point for how a practice protects itself from money laundering and terrorist financing. The better the quality of the PWRA , the easier it will be for the practice to take a risk-based approach to protecting their business, which allows for greater efficiency and efficacy. The PWRA  must be comprehensive, tailored to the practice, accurate and kept up to date.”

We spoke with Kate Burt, Legl’s Head of Risk & Compliance, about why firm-wide risk assessments are an integral part of your law firm’s AML strategy. 

When would a law firm need to show their firm-wide risk assessment to the SRA or other regulators?

There are a number of different scenarios where you may be required to present your FWRA. 

  • As part of proactive visits or a rolling programme
  • Following a report or complaint received
  • As part of regulators’ standard thematic review

For more information about what to expect during an SRA visit, view the on-demand webinar and SRA website in relation to firm inspections

Some of the most common areas missed from FWRAs as confirmed in the SRA’s AML annual report 2021-22 are as follows:

  • Areas identified in the SRA’s own sector risk assessment 
  • Transaction type
  • Delivery channels

The FWRA must set out mitigating measures to offset the identified risks. One way to achieve this is to leverage legal tech. 

Firms that use Legl are able to actively mitigate risk identified in their FWRA and evidence their workings with full audit trails should they ever be called upon to demonstrate this. 

Through Legl’s MLRO dashboard, firms are able to have oversight of CDD activity to help manage their AML risks. 

Best practice to creating a firm-wide risk assessment: 

Section R18(4) of the LSAG guidance states that you must record all steps taken to review the firm-wide risk assessment – “These steps may include interviews with appropriate individuals across the practice, and reviews of recent client/matter risk assessments in order to assess whether these have an impact on the overall risks to the practice.”

Kate advises, with this in mind, when creating your practice’s firm-wide risk assessment, do your groundwork and ensure audit trails for all your workings. If the person completing this document is inexperienced or under-resourced, it’s best to seek support from a specialist. 

The use of templates for creating a firm-wide risk assessment

Kate supports using a template as a starting point to provide a framework and an indication of how information can be presented. Kate offers caution with a template approach, as your practice’s FWRA must be bespoke and include firm-relevant mitigating controls. As emphasised in LSAG guidance 5.12, “You must make sure that the use of a template does not lead to a tick-box approach to risk assessments.”

How often does a firm-wide risk assessment need updating? 

“The PWRA is a living document and should be kept under continual review. A practice should undertake periodic reviews (at least every one to two years) to help maintain the accuracy of the PWRA and review emerging risks. It is also important to ensure that the PWRA reflects changes in the practice.” [LSAG 5.5]

In addition to routine reviews, your FWRA may need updating in response to changes within the practice or legislation. Kate provides an example – where a firm working with residential conveyancing moves into the area of international commercial property, the firm would require amendments to their FWRA and mitigating controls. Other changes include (but are not limited to) new teams, firm mergers, and new partners with different risk profiles. 

How to ensure appropriate risk mitigation

Acting for individual clients without meeting them is a significant risk factor for a law firm. Mitigate this risk using a more robust approach to IDV and KYC through the Legl platform. 

Legl gives firms a platform and tools to implement firm-wide risk and compliance processes, tailored to each department’s needs whilst delivering to key standards in bank-grade digital CDD and AML. 

Legl’s International Company Reports enable your firm to build a picture of your international business clients. This solution aids effective management of risk around client due diligence. With International Company Reports, you can access and view key company financials, people, credit information, and group structures in one comprehensive report. 

The use of Legl in your toolkit can help to bring the risk profile of your firm down.

Legl’s role in firm-wide risk assessments

  • Aids firms in applying consistent processes across the practice
    Automate risk monitoring with PEPs, Sanctions and Watchlist screening across hundreds of sources. Get notified of any changes and secure full visibility over checks throughout the business relationship.
  • Provides immediate updates about changes to clients’ PEPs/Sanctions status
    Create consistent processes across the firm through repeatable workflows for different risk-profiles and practice areas – with all client data in a single place.
  • MLRO oversight for firm-wide visibility
    The MLRO dashboard enables management and compliance teams to easily access all the audit history and CDD reports for every client across the firm, including all the clients’ high level information, ID documentation, and the results of all the different checks conducted.
  • Supplies comprehensive audit trails across all firms’ clients
    Legl’s thorough audit trails demonstrate to the compliance team who at the firm has carried out which steps in each process, and when. Receive quick links to the original CDD and review date information.

 

Learn more about how Legl can help your firm ensure compliance and mitigate risk.

Arrow-up