AML Audits for UK Law Firms & Solicitors
Independent law firm anti-money laundering (AML) audits completed by SRA & AML compliance specialists with years of experience. All of our law firm AML audits are performed by former practising solicitors, many of whom are themselves former SRA staff. Our law firm AML audits have been carefully designed to satisfy solicitor duties to establish an ‘independent audit function’ under Regulation 21 of the Money Laundering Regulations and to adhere to the expectations for such audits now detailed in the latest Legal Sector Affinity Group (‘LSAG’) guidance. Our specialist AML audit consultants will replicate the checks which the regulator applies in its own SRA AML law firm audits in order to give the law firm and its solicitors peace of mind should the SRA’s rolling programme of visits reach them.
Is your law firm’s work subject to the Money Laundering Regulations? Do you offer corporate, tax, employment, private client or property law advice?
If so, then the chances are that the SRA expects your law firm to have an ‘independent audit function’ in place for anti-money laundering purposes. Law firms which do not have any, or any adequate, AML audit function in place could find themselves being investigated by the regulator for a breach of the Money Laundering Regulations. The SRA has previously found fault with the approach to audits with over half of the law firms it visited.
What happens in an independent AML audit for a law firm?
Law firm AML audit consultation & scoping
All of our independent AML law firm audits begin with an initial chat about what the law firm is looking to achieve with one of our specialist AML consultants. Clients have a lot of questions at this stage and we’re happy to answer them without charge. We’ll explore the size of the law firm, the type of work you are undertaking, your client profiles and how your files are best accessed. We will then develop an outline of how many days it will take to complete the work and email you with an outline of the proposed work and a fixed fee quote. All independent AML audits for law firms should include file reviews and it’s important to consider what sample size will satisfy the SRA. While the SRA themselves only select a handful of files to review in their own anti-money laundering inspections, we have seen feedback in respect of some larger firms that the SRA expect the audits to cover a larger sample size. We will guide you on this.
Audit of law firm AML Policies, Controls & Procedures (PCPs)
The next part of a law firm AML audit is to review the firm’s Policies, Controls & Procedures (sometimes shortened to ‘PCPs’). Typically these documents consist of:
- the law firm’s ‘firm-wide’ risk assessment – it is mandatory under Regulation 18 of the Money Laundering Regulations for each law firm to have a risk assessment which considers the risks posed by the nature of its business. This must not be confused with the AML client and matter risk assessments law firm’s use when opening new files;
- the law firm’s internal anti-money laundering procedures for its solicitors and staff (which are sometimes made up of a handful of different documents on customer due diligence and more); and
- the law firm’s template onboarding client & matter risk assessment / forms.
We also routinely ask the law firm client for AML training records including for the MLRO (Money Laundering Reporting Officer) / MLCO (Money Laundering Compliance Officer) as well as details of how many suspicious activity reports have been made.
We can typically complete this part of the law firm AML audit offsite and in advance of the subsequent stages of the audit (set out below). We complete a red / amber / green checklist to ensure that each of the key points required under the Money Laundering Regulations and SRA guidance have been covered. It is a fast-changing area so it’s not unusual to find things at this stage which require updating. This is normal. It’s when there’s nothing to check that we tend to get worried!
Law firm AML file audits / file reviews
As part of the preparation for the law firm AML audit we will enter into a non-disclosure agreement with you and ask for a list of recently opened matters which are subject to the Money Laundering Regulations. The next phase of the law firm AML independent audit involves selecting a random sample of files (up to the number agreed with you prior to the audit) and arranging access to them. Ordinarily, we access files remotely but we are also able to come onsite to review matters if you prefer. File reviews are probably the most telling and important part of a law firm anti-money laundering independent audit. We have found in some firms that there are very compelling anti-money laundering procedures on paper but in practice the procedures are not always followed. Record keeping is of fundamental importance. The SRA’s own anti-money laundering audting teams typically take the view that if it’s not on the file then it didn’t happen. We’re more constructive but would encourage firms not to specifically prepare their files in advance of the audit in order to get the best possible snapshot of what the SRA will find should your turn come for an inspection. All of our file reviews are completed according to a red / amber / green rating system with comments on areas where we feel attention might be required.
Law firm AML staff interviews
Historically SRA AML investigations have tended to include some form of interviews with the law firm’s staff and we therefore include this as part of our law firm anti-money laundering independent audits. We conduct very friendly and informal discussions with relevant staff about how they approach ID checks, checking beneficial owners, source of funds etc. This helps us to gauge levels of staff awareness and possible training needs. We stress to everyone we interview that we do not report back on a named basis (unless they suddenly confess to “borrowing” from the client account!). We’re simply looking to benchmark levels of understanding and confidence in the business on anti-money laundering best practices. It can also be very helpful to hear feedback from the team on any areas which they have concerns about or would appreciate more support on. Some firms ask us to meet with members of the team to explore specific concerns which they might have with the current approach and we are content to include this in our work.
Presentation of independent law firm AML audit report
The final stage of the audit is to prepare a written report on the findings and recommendations following the AML law firm audit. Our reports specifically set out the experience of those conducting the audits and our methodology so as to make clear to the SRA, if ever required, that the report has been prepared in accordance LSAG guidance. We provide a red / amber / green report with commentary on your procedures and an in-depth written report on our findings plus details of our recommendations. We are conscious that the SRA may ask to see the independent AML audit report and that audits are intended to help the firm improve. Our reports therefore adopt a constructive tone and approach, while ensuring that the necessary feedback for improvement is provided. Our intention is to provide a roadmap for continuous improvement and not to simply list everything which we as Risk and Compliance Consultants would have done differently. If there are serious concerns that findings on an individual file could constitute an SRA disciplinary matter then we can prepare a separate letter of legal advice from one of our solicitors in order to provide more detail on the issues without that level of detail sitting within the report.
Generally speaking we arrange a meeting to discuss the findings and recommendations. We are happy to present findings and recommendations at Board level should this be required. The LSAG guidance suggests that the report should be reviewed by the Board or equivalent with reasons why any recommendations are not being followed, should that be the case. The guidance suggests that firms should keep records of how they have implemented the recommendations.
Our Law Firm AML Audit Consultants
All of our audits are performed by former practising solicitors with many years of law firm
and AML compliance experience.
Unlike a lot of compliance consultancies, our audits are ordinarily conducted by our own employees – we don’t outsource the work to third-party consultants.
Compliance Office Founder
Non-practising solicitor having qualified in 2010 | Former SRA GC Team Manager | Former contributor to SRA Handbook and ABS guidance | 15+ years SRA expertise | Contributor to LexisNexis & Practical Law
Consultancy Services Manager
Former SRA Disciplinary Case manager | Non-practising solicitor having qualified in 2006 | 10 years experience working for SRA, and with law firms providing outsourced compliance support
Senior Compliance In-House Consultant
Former managing partner | Non-practising solicitor having qualified in 1999 | 20 years plus experience
Can a law firm perform an “independent AML audit” internally?
The Money Laundering Regulations do theoretically permit law firms to develop internal independent audit functions i.e. for staff or partners in the firm to conduct the audit. However, given SRA expectations in this area it can be difficult to achieve. The LSAG guidance stresses that the audit should not be performed by the firm’s own compliance team or MLRO/MLCO or the team who did the original work.
The guidance also stresses that the individuals conducting the audit must have the requisite skills and knowledge in Anti-Money Laundering & Terrorist Financing to complete the task. Those two elements are crucial to satisfying the SRA. Given how complex this area has become, the expertise required in particular should not be underestimated. As a result, the only firms with sufficient size / specialist expertise to have anti-money laundering experts in the business available (or with time available to develop such depth of expertise) for the task tend to be larger organisations.
Therefore, while some very large firms could successfully satisfy the SRA that they can operate an independent AML audit function within their law firm, this is unlikely to be the case for most firms. That’s not say that someone in the business could not be trained up but it can be time consuming to build the level expertise needed to satisfy the SRA. As a result the majority of firms choose external specialists to help conduct the independent AML law firm audit to SRA standards.
Do all UK law firms need to have an independent AML audit?
No. The key question to ask is whether your firm conducts work which is subject to the Money Laundering Regulations. Regulation 12 of the Regulations sets out the test in full detail but in broad terms your firm is likely to be covered if you work in any of the following areas:
- Corporate transactions;
- Other entity or asset structuring work;
- Tax, including inheritance tax planning and potentially settlement agreements in employment law;
If you conduct work in these areas, the SRA is likely to expect you to have an independent AML audit function in place. While Regulation 21 of the Money Laundering Regulations only requires solicitor law firms to establish an independent audit function “[w]here appropriate with regard to the size and nature of its business” in practice the SRA appears to take the view that all firms conducting work subject to the Regulations should have an audit function in place. This is catching out a lot of firms out because this expectation had not all been clear historically. 1 in 5 law firms originally visited by the SRA in its rolling programme of inspections had no audit function in place. We can certainly see a compelling argument could be made in some firms that an audit is not strictly required. For example, in a boutique employment law firm that is only registering owing to the expanded definition of ‘tax advice’ the volume of work subject to the Regulations and the risks posed appear to be very low. However, that would be very much for the exception and many solicitor firms understandably wish to avoid getting into this debate with the regulator.
Our founder Andy Donovan answering frequently asked questions about AML audits for law firms
What do your law firm AML audit reports look like?
All of our AML law firm consultants apply a consistent and comprehensive set of checks during a law firm AML audit. We assess both the level of compliance and how pressing the issue is on red / amber / green (‘RAG’) basis. These RAG reports are available to our clients in addition to the report and recommendations in order that they can see very clearly where any areas for improvement have been identified. We add constructive comments in the margin of the RAG reports where we will frequently suggest solutions to the client. Often this will be with reference to wording or processes which can easily be adopted from our own template documentation. Our template firm-wide risk assessments, law firm firm anti-money laundering procedures and client / matter risk assessment and onboarding forms are all available to our clients at the conclusion of the law firm AML audit together with up to 3 months of staff access to our anti-money laundering for law firms e-learning course. While many of our clients do subsequently ask for help in remedying any gaps found, we’re also keen to ensure that clients know exactly what to do to move forward on their own should they wish to do so – together with a few tools to help them on their way.
Below you can download a sample of our Law Firm AML Audit checklists which focus upon firm-wide risk assessments (mandatory under the Regulations). Please bear in mind that this is only a small sample of the tests which need to be applied to complete a law firm AML audit.
Law firm AML Audit FAQs
Can the SRA inspect a law firm's AML audit report?
The LSAG guidance indicates that the SRA expects to be able to view law firm independent AML reports and check how the audit was performed. We have seen examples of the SRA routinely requesting sight of the reports as part of its rolling programme of AML visits. The SRA would likely expect to see the report therefore upon request and our reports are prepared with this in mind. If there are more concerning matters upon which it would not be appropriate to report back in detail within the report but upon which advice may be required then we are able to provide a separate letter of legal advice on these points as solicitors. While broadly speaking our work is conducted by non-practising solicitors, we may expressly agree to provide more detailed advise upon certain points as solicitors and we carry appropriate professional indemnity insurance up to £2 million for this purpose. It will be important that the report is not misleading and provides an accurate overview of any issues and recommendations. However if advice is required on individual points of detail these can be expanded upon confidentially. The Compliance Office Ltd is not a firm of solicitors.
Can you help put things right after the AML audit?
Absolutely! While we may need to be mindful of how much we become involved in matters if you wish for us to conduct future independent audits, we include as part of the audit quite specific suggested changes to policies and procedures. We also provide you with template documentation for you to refer to. If there’s a lot to be done and you would prefer that we just take over the follow up drafting and training then just let us know and we’d be delighted to help.
How do you access the law firm's files for the review?
For most law firms we find that we can conduct the AML Audit remotely and that this actually suits the firm the best. Once we have a signed non-disclosure agreement in place we will liaise with IT as needed to obtain access to a limited number of randomly selected files. We will often go through an example file with a paralegal or support staff member at the beginning of the AML Audit to ensure that we can find what we need.
Still paper based? Don’t worry – we’re normally able to do it the more traditional way too! This would involve agreeing a date or dates for us to come onsite. We will typically borrow one of the law firm client’s meeting rooms and then complete the file review part of AML Audit there.
What are your fees for performing a law firm AML audit?
Prices vary depending upon the size of firm. Typically our fees range from £3,000.00 plus VAT to £5,000.00 plus VAT depending upon the size of the firm. For very large firms requiring a large number of file reviews however prices would likely exceed these brackets. We would be happy to discuss with you how best to approach the question of file audit sample size and will generally speaking always be able to offer a fixed fee before proceeding.
What insurance do you have in place?
We have professional indemnity insurance in place for risk and compliance consultancy up to £2 million. We do not ordinarily offer legal advice but on occasion may be able expressly agree that one of our solicitors offers such advice for you and again we insured for such work up to £2 million. We are not an SRA regulated law firm however. Further details about our solicitor services can be provided where needed.
Does a law firm AML audit only cover departments which do work subject to the Regulations?
As detailed above, not all law firms and not all departments within a law firm, will necessarily be subject to the Money Laundering Regulations. This means that not all teams within a law firm are subject to the requirement to have an independent AML audit.
However, where some parts of a law firm’s work require an AML audit and others do not, it is important not to simply ignore those less risky areas for anti-money laundering purposes. There are a couple of reasons for this:
- use of the client account – while the anti-money laundering risks posed by most litigation or general legal advice work is such that it is not necessary to comply with the minutiae of the Money Laundering Regulations, most departments in a law firm could easily get caught out by their use of a client account. There are strict rules against simply ‘holding’ money for clients and many firms have got into serious regulatory difficulty with the SRA for allowing their client account to be used as a banking facility i.e. without a sufficienctly close link to the underlying legal transaction;
- ‘passporting’ risk – one thing which we have seen the SRA consistently question is the risk of more relaxed checks in one part of the law firm exposing the firm to a client escaping the more thorough client due diligence if they later instruct the firm again on a riskier transaction.
For these reasons, while we do typically focus our law firm AML audit upon reviewing files and procedures from the parts of the law firm which are subject to the Money Laundering Regulations, in larger firms we will also sample a small number of files from the less risky areas of the business. This enables us to understand how the firm complies with the wider obligation under Rule 8.1 of the Solicitors Code of Conduct to identify for whom the law firm acts in all work as well how ‘passporting’ risks are managed in practice.
Get a quote for an independent law firm AML audit
Call 01789 868444