Anti-Money Laundering Visits 2019-2020

25 November 2020

Executive summary


We are a supervisory authority under The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 ("the regulations"). We have a role in checking firms are complying with the regulations and ensuring they have effective AML policies controls and procedures in place.

To help fulfil this, in 2019 we began an ongoing programme of firm reviews.

Our approach

We looked at the firms' approaches to preventing money laundering in 10 key areas. In each area we have outlined what the regulations say, our expectations, what we found, good practice and areas for improvement.

From September 2019 to October 2020, we visited 74 firms to review their AML policies and procedures and to see how these were being applied on a sample of the firm's files. We are grateful to the firms we visited for their time and insight into their work to prevent money laundering, particularly when the Covid-19 pandemic has disrupted work across the sector.

Key Findings

Overall, we found that the areas needing the most work from firms were:

  • Audit, where some firms misunderstood the requirement for an independent audit and failed to test the effectiveness of their AML regime. More than half (38, 51%) required follow up action in this area. Of those, 14 firms (19%) had never conducted an audit.
  • Screening, where firms were generally compliant with the requirement to screen employees on appointment, but 21% were failing to conduct ongoing checks.
  • Matter risk assessments, which on 29% of files had not been carried out. This meant that the firms may have been unaware of high-risk matters passing through their hands.
  • Source of funds, which had not been checked adequately or at all in 21% of matters. Failing to check a client's source of funds is likely to mean a failure to properly understand the risks involved in the transaction.

Further action

  • Forty-seven (64%) required some form of engagement. This included requesting firms update their AML policies and reviewing revised versions to ensuring compliance. We also requested in some cases that firms agree a compliance plan to rectify any shortcomings, such as requiring a review of live files to ascertain the extent of a lack of customer due diligence. We then considered the results and provided recommendations to ensure compliance.
  • Nine firms were referred to the AML Investigations Team for further investigation into whether there have been serious breaches of our rules, and any appropriate sanction.


The firms we saw were, for the most part, united in their determination to keep the proceeds of crime out of their client accounts, and we were able to assist many of them in meeting their obligations.

We saw a mixture of good and poor practices, but generally it was clear that in most practices there was a will to prevent money laundering and to comply with the regulations.

Audit was a particular matter of interest. While firms generally had an understanding that they needed to keep their policies, controls and procedures updated, a number of firms failed to monitor their effectiveness.

When reviewing firms' files, we found that in a large number there were differences between policies, procedures and what the money laundering compliance officer (MLCO) said should have happened, and what actually happened on the ground. This was often because the fee earners were not following procedures, something that could have been identified and rectified sooner if a compliant audit had been carried out.

Where we referred firms for further investigation, this was because what we saw suggested a systemic lack of compliance such as:

  • at least 50% of the files reviewed showed serious issues, such as a lack of due diligence or matter risk assessments were not present
  • a lack of an effective compliance framework, or indeed a lack of any AML policies, controls, and procedures at all
  • an MLCO who did not appear to understand their obligations and was failing to carry out their role properly
  • serious breaches by senior members of the firm, for example, one head of department who had failed to carry out sufficient AML checks on a politically exposed client from a sanctioned jurisdiction

This document should act as a guide to other firms on how they should approach the areas we now understand firms are unsure about.