Independent AML Audits

Anti-Money Laundering (AML) Visits from the SRA and Desk Based Reviews (DBRs)

The purpose of a desk-based review (DBR) or visit to the firm is to assess the firm’s compliance with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (‘MLR 2017’). The SRA also refer to guidance from the Legal Sector Affinity Group (LSAG).

Regulation 19 Policies, Controls and Procedures (PCPs)

Regulation 19 of the MLRs 2017 requires that that firms establish and maintain a written policy of identifying, managing and mitigating the risk identified in their Firm-Wide Risk Assessment (FWRA), sometimes referred to as Practice-Wide Risk Assessment (PWRA).

The responsibility of the firm is to provide policies proportionate to the size and nature of the practice, documented and approved by senior management.

Regulation 21 Independent AML Audits

SRA-regulated law firms are required to have in place and documented compliant policies & procedures – but also to be able to satisfy themselves and the SRA that they are being operated by staff.

Regulation 21 requires the relevant person to:

21.—(1) Where appropriate with regard to the size and nature of its business, a relevant person must—

(a)appoint one individual who is a member of the board of directors (or if there is no board, of its equivalent management body) or of its senior management as the officer responsible for the relevant person’s compliance with these Regulations;

(b)carry out screening of relevant employees appointed by the relevant person, both before the appointment is made and during the course of the appointment;

(c)establish an independent audit function with the responsibility—

(i)to examine and evaluate the adequacy and effectiveness of the policies, controls and procedures adopted by the relevant person to comply with the requirements of these Regulations;

(ii)to make recommendations in relation to those policies, controls and procedures; and

(iii)to monitor the relevant person’s compliance with those recommendations.

What we will do

1.    An Interview with the MLCO & MLRO (who may be the same person)

2.    A Review of AML Policies, Procedures and Controls

3.    Review a number of sample files (if required)

4.    Interview some staff members (if their files were reviewed)

5.    Report in writing on our findings with Recommendations

6.    Follow Up Remote Review to ensure the recommendations have been implemented

All work is carried out remotely unless by separate arrangement.