Questions and answers

This section provides answers to a number of common questions we are asked about preventing money laundering and compliance with The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 ('the regulations'). If you cannot find an answer to your specific question, you could call our Professional Ethics team, or consider seeking independent legal advice.

Scope of the regulations

Open all

No. Whether or not you fall within scope of the regulations is not dependent on holding client’s money. There are many ways to meet the definitions of an independent legal professional, trust or company service provider (regulation 12 paragraphs (1) and (2) respectively) or tax adviser (regulation 11(d) as amended) without holding client money.

The regulations do not differentiate between solicitors practising on their own (eg as freelancers) or in firms. So if a solicitor practising on their own works in scope of the regulations, then they need to do so in full compliance with the regulations and follow our guidance. This is true regardless of whether the work is reserved under the Legal Services Act (2007) or not. Freelancers need to tell us the work they do via the freelancer form in MySRA, and we can then supervise them for the purposes of the money laundering regulations.

Assuming that the entity providing the in-scope services is totally separate to you, and that this entity has its own contractual relationship with the client independent of your firm, then you are likely not in scope.

The definition in the regulations is extremely broad, and includes 'tax advice, material aid and assistance.' This effectively means that you do not need to be providing tax advice to be a tax adviser – it is enough to provide help, whether that be advice or some other service. This definition has not been tested in court, but we interpret there to be a relatively low level at which something qualifies for inclusion.

We consider however that in and of itself providing someone with a calculation of stamp duty and land tax liability from a single residential transaction, or paying it on a client’s behalf is not likely to be in scope. If a solicitor is dealing with anything other than a simple calculation based on price, they need to give thought as to whether in so doing they fall within the definition of a tax adviser.

We cannot provide a case-by-case guide to what is and is not in scope, but firms may refer to our guidance for more information. Firms may wish to seek independent legal advice if they want further assurance.

It depends on the nature of the relationship between your client and the tax adviser. If you have made a referral, and the tax adviser and client now have a contractual relationship between them, it is likely you are not in scope, assuming you are not providing any other help (ie advice, assistance or material aid) with their tax affairs. If the client only has a contractual relationship with you, and you are passing tax advice to them (but not necessarily creating the advice), then both you and the tax adviser are likely to be

We can only supervise firms for AML purposes that are eligible for authorisation under the SRA Authorisation of Firms Rules.

Solicitors can work in unregulated entities using their title of 'solicitor'. For the purposes of the money laundering regulations, as the entity is not an SRA-regulated firm, we will not be the money laundering supervisor for the purposes of the money laundering regulations and it will be necessary for them to approach one of the other supervisors set out in Schedule 1 of the regulations.

Interacting with your supervisor

Open all

The best way of making sure your AML details are up to date is by submitting an updated FA10b form in MySRA with all your current details. Firms can check their existing details by contacting our Authorisation team.

Not always. It is worth noting that roles set out in our glossary (eg 'manager') differ from the roles as defined in the regulations. Our glossary definition of 'manager' is only relevant for requirements under our Standards and Regulations and not the AML regime. The AML requirements are a separate regime based on separate legislation and need to be considered and satisfied in their own right.

Yes. It is possible to be drawn into scope via multiple routes (eg as a tax adviser and an independent legal professional). You need to tell us about all the ways that you are in scope of the regulations and ensure your FA10b form (found in MySRA) is updated accordingly.

Beneficial owners are those that might benefit from their ownership of an entity or asset (eg a company.)

For firms we authorise in scope of the regulations, beneficial owners must be approved by us.

You will need to identify and undertake reasonable measures to verify the identity of your customers. For a company or partnership, you only need to identify a beneficial owner where they own 25 per cent or more of the entity (as per regulation 5). For trusts, the requirements are detailed in regulation 6. See 6.15 of LSAG for more information.

During our visits we speak to the firm's money laundering compliance officer (MLCO) and money laundering reporting officer (MLRO). We also need to speak to two fee earners who undertake work in scope of the regulations and conduct reviews of some of their client files.  We will also review the following:

  • your firm-wide risk assessment
  • your firm’s AML policies, controls and procedures
  • your firm’s template client AML risk assessment
  • copies of any audits on your firm’s policies and procedures
  • AML related training records

During the course of our interviews, we also gather data on the number of suspicious activity reports (SARs) submitted by the firm and you should have the information relating to this to hand ahead of our review. Please do not send copies of suspicious activity reports, whether internal (made by staff to the MLRO) or external (made by the MLRO to the National Crime Agency).

If we identify serious failures to comply with the regulations, we may consider a referral to our investigation team to look into this further.

This would be a breach of the regulations. You should report this to the SRA in line with 3.1 and 3.9 of our Code of Conduct for Firms. We will investigate further to assess the severity of the issue in line with our enforcement strategy and our AML topic guide. Whether we will take regulatory action will depend on several factors including the actual risk the firm could have been used for money laundering (including the nature of the services provided) and what action the firm took when they realised there was a breach.

If there is an ongoing chance you may provide services in scope of the regulations, you will need to become approved to do so and make sure you are compliant with the regulations.

Level of risk

Open all

Yes, although it is a little more complicated than that.

To explain why this is, we need to consider inherent risk and mitigated risk. Inherent risk is the risk posed by the matter, due to its features eg it involves a high-risk service like conveyancing. Inherent risk will be the same from firm to firm.

You can address inherent risks by using controls (eg regular file reviews, ensuring those acting on a file have relevant experience), and these controls can mitigate the effect of these inherent risks, albeit likely not eliminate the risk altogether. Once you have mitigated a risk with the controls you apply, you are left with the residual risk. Depending on the different controls applied by two different firms, the residual risk could be different across them for the same matter.  

For example Firm A and Firm B might both be approached by the same client for the same matter – let's say high-value conveyancing. Firm A mainly deals with other services and does not have a good understanding of conveyancing work. Firm B mainly undertakes high-value conveyancing matters and has developed a suite of controls they can apply to address the risk. 

The inherent risk won't change and will be the same for Firm A and B.

The residual risk might be lower for Firm B depending on the mitigations applied. See 5.7 of the LSAG guidance for more information.

These two tools help firms to fulfil their duty under regulation 28(12)(a)(ii) to tailor due diligence to the specific risks identified in each particular case. Client risk assessments record risks relating to the client like their location, their main business activities, how they are beneficially owned and controlled, and adverse media screening checks. Matter risk assessments account for risks specific to the matter, such as cash transactions, the nature of the service (eg conveyancing) and the rationale for it happening, including who is benefitting from the transaction. For more information on these and how to use them see 5.9 to 5.12 in the LSAG guidance.

In order to understand how to consider the risk present, you will need to understand why your client is involved in the matter and whether it is consistent with their business and what you know of them.

If a low-risk client engages you on a high-risk matter, it could be a sign the client is no longer low-risk. You should revisit your client risk assessment that concluded they were low risk in this case. It might be that with the new information and the new service they have asked of you, you need to re-evaluate and update the client risk assessment.

This is also the case where you encounter something that does not align with your firm-wide risk assessment. These risk assessments should be living documents, and if the risks change, so should the risk assessments.

Customer Due Diligence (CDD)

Open all

You might need to undertake due diligence on the other party in a transaction. This could be because this is required by the regulations due to either the client or counter-party to the transaction being established in a high-risk third country (regulation 33(1)(b)) or as a part of developing your understanding of a matter or transaction.

If so, you will need to decide what level of checks are appropriate based on the risks identified in the matter risk assessment.

A useful starting point might be the counter-party’s representative who should be able to provide more details on their client - and you may be able to rely on their due diligence under regulation 39 depending on their jurisdiction and what regulation they are subject to.

Open-source web searches are a cheap, easy and non-invasive way to help you gain a better understanding of the counter-party but might not give you all the information you need on their own.

Yes. While passports are very useful as they have key identifying information, they are not the only document you might use for this. The LSAG guidance provides a list of documents you might find helpful when verifying the identity of a client (6.14.5) eg a passport or residence permit. While documentation that provides greater assurance should be preferred, it is important to ensure that fulfilling this requirement should not create a barrier to access legal services where documents are unavailable for legitimate reasons. Section 6.14.7 of the LSAG addresses where a client cannot provide standard identification documents for legitimate reasons such as being a refugee or asylum seeker.

No, but you might decide that there are some advantages in doing so. If you do full AML checks on all clients, you can easily transition to providing them services that are in scope without doing further checks. It also has the advantage that you gain a better understanding of new clients, and the wider risks they may pose to you eg reputational risk via media checks. Transitioning clients from non-AML services to AML services is known as passporting and can create significant risk where this does not trigger all relevant AML checks.


Whether work is in scope of the regulations or not, you will always need to satisfy the requirement in our Standards and Regulations to identify your client in as per 8.1 of the SRA Code of Conduct for Solicitors, RELs and RFLs.

The costs of customer due diligence (eg identification and verification or source of funds checks) can vary depending on the type of client and level of money-laundering risk they pose. You can pass the costs of customer due diligence on to your clients, however the cost will need to be clearly stated in the firm’s terms and conditions.

It is important that clients are informed of and understand the cost in advance as this will enable them to instruct an alternative firm if they are not agreeable to the cost.

Source of Funds

Open all

You need to go back as far as is needed to build a clear picture of how the client accumulated their money for the transaction. For some, it may be as little as six months (particularly if that shows a big event like a significant gift), for others it might require looking back several years. This is a case-by-case assessment and should reflect the level of risk you have identified in your client and/or matter risk assessment.

A source of funds check is to answer the question, “how did the client accumulate the funds for this transaction?” This will need to go beyond where or who the funds have come from and look at why they have the money they do (eg is it salary, or a gift?). Along with answering the question of who your client is, identifying the source of their funds is one of the most valuable checks you can do to protect your firm from the risk of money laundering and terrorist financing.

In terms of how you go about a check, you can use paper or digital copies of statements though both carry some vulnerability to fraud. Some services exist which allow prospective clients to share relevant information directly from their bank accounts, while preserving their privacy; which you may find helpful to use.

Source-of-funds checks are particularly useful where there is a higher risk that monies coming into your account might be the proceeds of crime (eg where there are allegations of fraud against the party sending you the funds.)

For more information on this, see 6.17 of the LSAG guidance.

If the client is a politically-exposed person, you must apply a source-of-funds check under regulation 35. If the client or counterparty are established in a high-risk third country, you will need to check source of funds also.

In addition regulation 28(11)(a) requires firms to undertake a source of funds check 'where necessary', though this is not defined in the regulations. We interpret this as requiring a risk-based approach. This means your firm, client and matter risk assessments need to be considered when deciding if it is necessary.

The requirement to do source of funds checks might apply even if no money is coming through your client account. You do not need to do these kinds of checks on monies sent to you as payment (providing they are an 'adequate consideration' as defined in the Proceeds of Crime Act 2002 ie are reasonable and not considerably more than the value of the work as per 16.4.2 of the LSAG guidance.)

For more information on source of funds, see 6.17 of the LSAG guidance.

Source of funds means checking where the specific money for a transaction has come from (eg salary, gift, investment profit).

Source of wealth is a more holistic assessment of how the client has generally accumulated the wealth they have. A source of wealth check must be undertaken when your client is a politically-exposed person or the close relative or associate of a politically-exposed person, or where the client or the counter-party to the transaction is based in a high-risk third country.

Technology for due diligence

Open all

There is an ever-growing list of technology providers and services you can use to help protect your firm – though there is no requirement for you to use any of them. Some things to consider when deciding whether or not to use a service are:

  • Do you understand what it does?
  • Do you understand all the options and how these may be used across the different levels of client/matter risk your firm encounters?
  • Does it have any certifications or accreditations with regards how it holds data?
  • Does it meet any standards (eg the Land Registry Safe Harbour Standard)?

It is important to remember what information your staff will need access to across the course of their work, particularly the undertaking of ongoing monitoring of clients and matters as per regulation 28(11). You should consider whether the technology you use is inappropriately restricting access to this information.

For more information on how to evaluate and use AML technology in your firm, see Section 7 of the LSAG guidance

It is important to understand that this kind of technology is a tool like any other. To decide on whether to use it or not is ultimately your decision and one you should take seriously.

There is a test in the regulations (see 6.14.3 of the LSAG guidance) for whether you can consider technology as a 'reliable source' of information. A key part of the test is whether it provides an appropriate level of assurance – something you will need to determine yourself.

Your decision about whether to use a given technology or service, should be based on a comprehensive understanding of what the system does and how it will help you to address the AML risks presented by the client. If you do decide to use a service you will need to ensure relevant staff are adequately trained to use it, including how to enter information correctly, and how to correctly interpret the results of checks.

It is worth noting that the responsibility for the decisions made by your firm regarding client matters remain with the firm, and as a result you should not seek to outsource decision-making itself; rather consider the results the technology returns in order to make decision.

It’s also important to note that whilst you can use digital verifiers as a source when making your own checks, you cannot rely on digital client due diligence providers in the meaning of reliance as defined in regulation 39 as they are not relevant persons for the purposes of the regulations. If you are relying on checks that have been done by another relevant person, you will need to have a fully compliant reliance agreement in place as per regulation 39.

Other requirements under the regulations

Open all

No. Just because money has come through a client account or UK bank account, does not mean you can assume it is not the proceeds of crime. A firm will always be responsible for its own AML checks and you cannot assume the work of others outside your firm address this risk.

Even where you have a regulation 39 compliant reliance agreement in place with another firm, the requirement to report suspicions to the NCA will still apply.

You must submit a SAR when you know, suspect or have reasonable grounds to suspect that you may have encountered the proceeds of crime or that someone is engaged in money laundering or dealing in criminal property. You do not have to be handling the proceeds of crime yourself or seeking a defence against an offence in order to be required to submit a SAR.

You will not be able to tell the subject of the SAR anything that might prejudice an investigation – there is a 'tipping off' offence in the Proceeds of Crime Act 2002 (s333A) that sets this out.

See Section 11, and 16.5 to 16.10 of the LSAG guidance for more information on SARs. 

Regulation 21 sets out the key features of an independent audit function including that it must:

  • Review your policies, controls and procedures (ie under regulation 19)
  • Make recommendations about how these can be improved and
  • Monitor compliance with the recommendations of the audit

'Independent' does not necessarily mean that this has to be carried out by an external party. A compliant independent audit may be carried out by an employee of your firm who is not involved in the creation or application of the policies, controls and procedures (PCPs).

The regulations state an independent audit is necessary where appropriate to the size and nature of the firm but does not define this.

LSAG 9.1 gives more detail as to what you should consider when deciding whether this applies to your firm.

We also believe the 'nature' of a firm needs to be judged against the risk they pose via:

  • the type of work the firm does
  • how much of their work (both as a percentage of the firm’s total turnover and in absolute volume) is in scope of the regulations and
  • the results of their regulation 18 firm wide risk assessment.

Even where an independent audit might not be 'necessary,' gaining feedback via an independent audit may still help your firm to review and improve your AML compliance.

If a firm wishes to make the case that this requirement does not apply to them, they should record their reasoning. Firms will have to continue to review their PCPs, record any changes made to them and record all steps taken to communicate changes to the PCPs to staff across the firm.

Firms might consider entering into reciprocal arrangements with other firms in order to undertake independent audits on each other, subject to suitable controls to protect client confidentiality being in place.

Firms should take a risk-based view on how often they undertake an independent audit, but it might be appropriate to do one annually depending on:

  • the results of the previous audit
  • changes to legislation, internal processes, services provided and firm risk
  • whether the firm has recently merged with other firms.

LSAG 9.3 addresses this in more detail.

'Screening' is one of the three controls listed in regulation 21 and requires you to check:

  • the skills, knowledge and expertise of the individual to carry out their functions effectively
  • the conduct and integrity of the individual.

For details of what might be appropriate in terms of procedures for screening, please see the table in section 9.4 of the LSAG guidance.

When considering who to screen, consider who in your firm can contribute to protecting your firm from money laundering. This will include any fee earners working on matters in scope, but might also extend to others, eg finance staff. You should assume you need to screen staff and only exclude staff where there is no clear way that they could contribute to protecting your firm (eg cleaning staff or catering) as per regulation 21(2)(b). The level and frequency of screening should be based on the risk posed by the role and the individual and the ability of the role to contribute to the prevention of money laundering.