Guidance on our firm inspections
3 April 2023
How it works
Our review usually occurs on site. If you are selected for an inspection we will contact you to offer a selection of dates for the review.
How do you decide which firms to inspect?
We take a risk-based approach to AML supervision.
We visit more firms rated as high risk, but we also visit low and medium-risk firms. Just because we are visiting does not necessarily mean we consider your firm to be high risk of being a target for money laundering.
To decide which firms we consider to be high risk we consider the relevant sections of the Office of Professional Body Anti- Money Laundering Supervision (OPBAS) source book.
We may also use information we hold on firms when deciding their level of risk. However, there is no one single factor that means we will consider a firm to be high risk.
How long will you be at my firm?
An onsite review can take up to five hours. Although we recognise this inconvenience, we would advise you to keep your diary as free as possible on the day of the visit.
Ahead of the review
Ahead of the review we will ask you to send us the following documents. You will need to provide these documents within 10 days.
- your firm's AML risk assessment, required under Regulation 18 of The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017)
- your firm's risk assessment in relation to proliferation financing, required under Regulation 18A of the MLR 2017, which may be a separate document or be included within your firm wide risk assessment
- your firm's AML policies and procedures under Regulations 19 to 21 MLR 2017
- your firm's client AML risk assessment template
- copies of any audits on your firm’s policies and procedures carried out under Regulation 21 MLR 2017, to include any recommendations or follow-up action arising from them
- AML-related training records required under Regulation 24(1)(b) MLR 2017
- A list of the fee earners who undertake work within scope of the MLR 2017. We will also need matter lists to enable us to select files to review.
- If your case management system or processes allow, a list of any open matters you have identified as high risk.
- We will also ask you to complete a short questionnaire describing the services your firm provides.
On the day of the inspection
On the day of the inspection, we will interview the Money Laundering Compliance Officer (MLCO) and Money Laundering Reporting Officer (MLRO). The interview will include a discussion around the firm’s controls and the documents you have sent to us.
We will also select two fee earners to be interviewed and review a sample of the firm's open and closed files together with the client ledgers.
On the day of our visit we will review a copy of any Suspicious Activity Reports (SARs) or defence against money laundering (DAML) SARs the firm has submitted to the National Crime Agency on site.
Please do not send us copies of any SARS or DAMLS, due to their confidential and classified nature. We will not retain or request copies from you.
What happens at the end of the inspection?
We have a range of tools we use to supervise firms and improve compliance. Below are the types of steps we might take at the end of our visit:
- We can issue guidance. This is where a firm is compliant with the standards required in the regulations. This includes cases where the firm needs to make minor changes, or we share best practice.
- We issue letters of engagement. This is for partially compliant firms, where there are some elements of a firm's controls that need improving, but there is some good practice and the firm is generally doing well at preventing money laundering. We will engage with firms to help them refine their processes and bring them into full compliance.
- We can implement a compliance plan. This is for partially complaint firms where we have more widespread concerns. We implement a compliance plan where there are a number of elements of a firm’s controls that need improving or where the level of non-compliance is of concern. A compliance plan sets out a series of actions that firms need to take, and by when, to bring them back into compliance with the regulations.
- Referral for investigation. This is for non-compliant firms. Examples include failure to carry out customer due diligence (CDD), no firm-wide risk assessment in place, out of date policies or a failure to train staff on the regulations. Where we find weak controls or a lack of controls, we refer the firm for investigation. This might result in a regulatory sanction. Where necessary, we will also set up a compliance plan to assist the firm in meeting its obligations.
Our annual report on our anti-money laundering work sets out our findings from our inspections and can be found on this website.