What does my firm need to do?
Updated 21 September 2023
If your firm is intending to offer any of the services in scope, you need to get approval from us for the relevant people as defined in the regulations and tell us what services you are providing (eg TCSP work) first.
In order to comply with the regulations, you will also need to:
- Risk assess your firm, relevant clients and matters
- Identify and verify identities of your clients and any beneficial owners of your clients
- Identify sources of funds and wealth where relevant
- Train your staff to recognise red flags
- Appoint a money laundering reporting officer to alert the National Crime Agency where they suspect they have encountered the proceeds of crime
- Where relevant to the size and nature of the business undertake an independent audit, screen your staff, and appoint a money laundering compliance officer (MLCO) to supervise your compliance work
Compliance can often be a significant task, so we recommend that you determine how you will carry out the above before you provide services that are in scope of the AML regulations.
Firm-wide risk assessments
Your firm-wide risk assessment is the foundation stone for all of your anti-money laundering work. It helps identify where criminals might target you and also any strengths and weaknesses. This in turn helps you develop your processes and training programmes for staff.
Having a firm-wide risk assessment is a requirement under the Money Laundering Regulations. Failing to have one in place could lead to criminal action. It has often led to regulatory action if we find a firm has failed to put an assessment in place.
To help you, we have produced:
- guidance to help you understand your legal and regulatory obligations and how to comply with them
- a checklist to help firms prepare for a firm risk assessment (DOC 8 pages, 44KB)
- a template to use as a base for your own firm-wide risk assessment.
Client matter risk assessments
You must carry out a written client and matter risk assessment which should identify and assess the risks posed by an individual client and matter.
These risk assessments will help you to identify and understand the money laundering, terrorist financing risks. This in turn will help you decide whether you wish to accept the client, what level of customer due diligence (CDD) you will undertake and any additional steps you might wish to take to mitigate the risk posed. A risk assessment can also be a useful tool to understand your exposure to financial sanction risks.
Risk assessing clients and matters is a requirement under the Money Laundering Regulations.
To help you, we have produced a client matter risk assessment template for you to use as a starter for own assessments, as well as guidance notes on how to complete an assessment.
Role of the MLCO
We expect the MLCO to be our main point of contact with us on any AML matter, and to take a leading role in dealing with us. MLCOs should be a member of senior management means an officer or employee with sufficient knowledge of your practice's money laundering and terrorist financing risk exposure and sufficient authority to take decisions affecting that risk exposure. They should be aware of the breadth of their responsibilities under regulation 21, which includes, among other things:
- the compliance of the MLRO with their own obligations under the regulations and the Proceeds of Crime Act 2002 (POCA), if the two role-holders are different people
The MLCO is not required to have direct involvement in all of the firm’s relevant processes and procedures, but must retain oversight of them. The requirement to appoint an officer responsible for compliance with the regulations is additional to the requirement to appoint an MLRO. However, your practice's officer responsible for compliance with the regulations may also be your MLRO or, if applicable, your Compliance Officer for Legal Practice, provided they are of sufficient seniority.
We have produced a guide for new role holders.
Information on people within your firm
We need to hold information on those working in the profession that hold certain roles.
Definition of positions
This guidance is to assist firms when deciding who in their firm falls under the definitions of beneficial owner, manager and officer contained in The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR).
While we want to assist you in interpreting the Government regulations, you will of course need to satisfy yourself on the legal position. The obligation to identify who are your beneficial owners, officers and managers is on you as a firm. If having read this guidance you are still unsure, you should consider obtaining specialist advice on your position.Open all
While the MLR definition of 'beneficial owner' and our definition of owner differ, in practice we believe it is unlikely there will be any 'beneficial owners' not already approved by us, provided you have kept your records up to date. We have formulated some guidance to try and help your firm determine who these individuals are.
If you are a "body corporate" (ie company (not listed) or a limited liability partnership (LLP)):
A beneficial owner is:
any individual who exercises ultimate control over the management of the body corporate
This would mean an individual who, regardless of their position as director, shareholder or member is able to exercise control over the management of the body corporate in the sense of being able to control the composition and/or voting of the board of directors and the decisions they take.
any individual who ultimately owns or controls (in each case whether directly or indirectly), including through bearer share holdings or by other means, more than 25 percent of the voting rights in the body corporate
This means an individual who owns 25 percent or more of the voting rights in the body corporate. They could hold these rights directly, in their own name, or indirectly, for example, via a relative or a company.
an individual who controls the body corporate.
A person will control the body corporate if they qualify as a Person of Significant Control in accordance with the Companies Act 2006, or, if the person was an undertaking, the body corporate would be its subsidiary.
Guidance and examples on what constitutes exercising control:
If you are a partnership
Our glossary definition of partner is wide, as we authorise all partners regardless of the level of interest they hold in the firm (and regardless of whether they are in fact a partner). Our definition of partner includes those who are held out as a partner by the firm, including 'salary partners', and therefore employees of the business having the job title "partner", but who do not actually hold equity in the firm.
Therefore, in our view all beneficial owners in a partnership will already be authorised by us, by our definition of owner. You will just need to ensure all partners' details are correct and included in your AML application.
The definition of "officer" in the MLR regulations is wider than those individuals who are legal officers of the company, or a "manager" as per our glossary definition. You will therefore need to consider the definition applicable to the entity of your firm. We set out some guidance below, however we would stress that the question of who is an officer in your firm is dependent on the individual management structure of each firm.
We cannot provide a list of job titles that would meet the definition of "officer" under the regulations, as it is a question of fact as to whether an individual exercises control, or purports to exercise control. In our view, an individual would not be purporting to have control simply by their job title, there would still need to be some element of control.
For example, an office manager who makes decisions on behalf of the managing partner and the managing partner allows this to happen without supervision or review is likely to be a person purporting to act as a controller.
If you are a company (not listed) or LLP:
An officer includes director, secretary, chief executive, member of the committee of management, or a person purporting to act in such a capacity, or an individual who is a controller of the body, or a person purporting to act as a controller.
If you have any directors, a company secretary or a Chief Executive that are not already approved, they will need approval and to be included in your application. You must also have approval for those who sit on either the most senior decision-making committee in your business (such as a board, an executive committee or an executive board in each case where there is no higher committee or board to defer to or to seek approval from) or a committee that has been given the authority to make decisions on behalf of the board/senior decision-making committee.
An officer under this definition may consist of lawyer and non-lawyer employees such as HR and/or finance directors. In terms of who would have 'control' of the body, consider the persons of significant control guidance found above in relation to beneficial owners.
If you are a partnership:
Means a partner, and any manager, secretary or similar officer of the partnership, or a person purporting to act in such a capacity.
Given that we approve all partners in a partnership it is unlikely that there will be anyone in the MLR Regulation definition that has not been approved. However, you must consider the MLR definition above, and satisfy yourself as to whether anyone else in your firm is a manager, secretary or person purporting to act in such a capacity not already approved by us.
The MLR definition is wider in scope than any of the persons we already authorise. It also appears that it is intended to be wider that the MLR definition of "officer". Again, each firm will need to consider their own management structure against the below definition.
In relation to a firm, means a person who has control, authority or responsibility for managing the business of that firm, and includes a nominated officer.
This would include any person who has sufficient authority to take decisions and who exercises control over the management of the business. It includes your Money Laundering Reporting Officer (MLRO) and any others who have sufficient knowledge of your firm's money laundering and terrorist financing risk exposure and have the authority to take decisions around this.