Anti-money laundering: Get the basics right

What are we trying to do

We want to help solicitors and law firms stop criminals using our profession to launder money by reinforcing the basics of anti-money laundering compliance.

Who needs to know

Law firms conducting activities that fall within scope, or potentially within scope, of anti-money laundering regulations.

What's going on

We are looking to help firms understand:

  • whether they are in scope of anti-money laundering (AML) regulations
  • the process, procedures and approaches in-scope firms are required to have in place
  • what support and guidance materials are available to both help them comply and make their individual approaches as effective as possible


The Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 (MLR 2017) place a number of obligations upon all firms in scope of the regulations. This includes the obligation to have in place:

  • a firm-wide AML risk assessment
  • client and matter-level risk assessments
  • an effective approach to carrying out customer due diligence
  • AML policies, controls and procedures

Under the Proceeds of Crime Act 2002 (POCA) and the Terrorism Act 2000 (TACT), firms also have a duty to report potentially suspicious AML activity to the National Crime Agency.

You can read more about wider AML and sanctions compliance requirements, our work in these areas and access a wide range of support and information on our dedicated AML web pages.

AML: The basics

Am I in scope?

If you provide legal services to clients or third parties, especially any services that involve the buying or selling of assets, conducting financial transactions, tax work, handling trusts or managing client bank accounts, you are likely to be in scope of the regulations.

Read more about anti-money laundering regulations and who they apply to.

Firm-wide risk assessments

A firm-wide risk assessment is a written document which is designed to help you identify the money laundering risks your firm is, or could be, exposed to, and consider how any risks could be mitigated. It should be reviewed regularly and will inform your AML policies, controls and procedures and approach to conducting client and matter-level risk assessments.

Read our firm-wide risk assessment guidance

Watch our webinar to hear practical tips on creating and updating your firm-wide risk assessment.

Client/matter risk assessments

Client risk assessments must always be carried out at the beginning of a client relationship. Based on the individual client, your firm wide risk assessment should establish a consistent approach to how often these need to be reviewed, what they feature and when individual matter level assessments should also be conducted.

Watch our practical guide webinar to completing client/matter risk assessments

Use our free template as a starting point to drawing up your own approach

Read our 2023 Warning Notice and thematic report regarding non-compliance and common issues.

Customer due diligence

Read our customer due diligence Q&A

Policies, controls and procedures

Based on your firm-wide risk assessment, you must establish and maintain policies, controls and procedures to mitigate and manage the money laundering risks you have identified. These must be proportionate to the size and nature of your business and be approved by an officer or employee, with sufficient authority, and with enough knowledge of the firm's risk of exposure to money laundering and, or terrorist financing.

Read our guidance on policies, controls and procedures

Suspicious Activity Reporting

Suspicious Activity Reports (SARs) alert law enforcement to potential instances of money laundering or terrorist financing.

Your money laundering reporting officer (MRLO) has a duty to alert the National Crime Agency (NCA) where they suspect they have encountered proceeds of crime. To help with this, the NCA has issued new guidance on the best way to submit a report.

Our work to support AML compliance

We expect all firms to comply with their AML responsibilities at all times.

We have published information on our approach to working with firms to make sure they comply with their AML obligations.

When we find firms are not upholding their AML obligations we will, in the first instance, engage with them to remedy any failures. Repeated or sustained breaches of our rules could lead to disciplinary action in line with our enforcement strategy.

We have produced a separate guide on our enforcement approach to AML.