Why running identity checks does not make you AML compliant
In fact, identity verification checks (electronic or manual) are only a fraction of what you need to do.
Here, we outline the steps required to give you an overview of your remaining obligations, in accordance with AML regulations and the guidance set out in the Legal Sector Affinity Group (LSAG) guide.
AML leadership
You must appoint knowledgeable, authoritative people into the roles of money laundering compliance officer (MLCO) and money laundering reporting officer (MLRO) (section 4, LSAG).
They’ll oversee your AML framework and ensure compliance with regulations.
Steps to take
- Designate an MLCO to lead AML efforts
- Appoint an MLRO to manage internal suspicious activity reports (SARs)
- If you’re a sole practitioner, you fill both positions
Employee training
Every employee and agent of your business must have AML training on their legal obligations, recognising suspicious activities and your firm's policies, controls, and procedures (PCPs) (section 8, LSAG).
This must be an ongoing process, not a one-time activity.
Steps to take
- Conduct AML training for all staff, including specific senior management training
- Teach legal AML responsibilities and your firm’s specific PCPs
- Make AML training part of continuous employee education
Tailored AML PCPs
A one-size-fits-all approach is not sufficient. Your AML PCPs must be tailored to the specific risks and nature of your clients and consider the unique aspects of your business’ operations (section 4.8, LSAG).
Steps to take
- Devise AML PCPs specific to your business’ risk profile
- Give your team training based on these tailored AML PCPs
Business and client risk assessments
The guidance emphasises the importance of conducting thorough business and client risk assessments, to get an understanding of the specific AML risks that you face.
These assessments should be reviewed and updated regularly to reflect any changes (section 5, LSAG).
Steps to take
- Understand the AML risks associated with your whole business, service lines and departments and each client
- Periodically refresh all business and client risk assessments
- Adjust risk assessments for operational or client-base changes
Customer due diligence (CDD)
Current, accurate CDD information is paramount. This includes identity checks, understanding the nature of each client’s business and knowing the ultimate beneficial owner (UBO) (section 6, LSAG).
Steps to take
- Implement identity verification procedures
- Confirm UBO and screen against politically exposed person and sanctions lists
- Recognise that AML compliance is more than identity verification checks
Keeping detailed records
LSAG places a strong emphasis on meticulous record-keeping of all AML-related documents and decisions.
This practice serves as evidence of compliance for your supervisor or law enforcement (section 10, LSAG).
Steps to take
- Document all AML-related actions and decisions
- Keep detailed CDD records for the specified period
Suspicious activity reports (SARs)
Your business must empower employees to make SARs internally. The MLRO is responsible for evaluating these reports and deciding whether to file an external SAR (section 11, LSAG).
Steps to take
- Normalise reporting suspicious activities internally
- The MLRO assesses these reports, potentially making an external SAR
- Document the rationale when an external report isn’t made
Stay up to date
All your AML – from regular reviews of AML PCPs to up-to-date risk assessments – are required by LSAG, so you’re aligned with current laws and best practices (all sections, LSAG).
Steps to take
- Regularly review and update AML PCPs, training and risk assessments
- Document all updates to your AML
Find out more about AMLCC
The AMLCC platform is designed to provide your firm with all the necessary tools to allow it to stay up to date with AML and comply with the regulations.
Law Society members can claim 10% off the first year’s annual subscription. Learn more about AMLCC