We conduct independent AML reviews for legal practices

AML has never been so high on the radar for legal practices.

Whereas, some areas of law are exposed to a much greater degree of risk than others, having appropriate, effective and monitored controls for AML and the avoidance of financial crime is relevant to all legal practice areas.


SRA thematic reviews have highlighted not just gaps in rudimentary controls, such as conducting ID checks, but also other critical elements, including

  • Ineffective conduct of audits and reviews (or no reviews/audits at all!)
  • Lacklustre internal reporting structures and content
  • Inadequate knowledge for making SARs
  • Gaps in training, knowledge or updates
  • Out of date controls or procedures


In many circumstances, practices are expected to conduct independent audits of AML controls. Such reviews do not necessarily have to be conducted by an outside organisation, but lots of practices encounter challenges when trying to conduct the audits for themselves, including: 

1. The audit cannot be conducted by someone who is part of the team or control being reviewed.

2. The regulations require adequate resource to be applied and for seniority/authority on the part of the person conducting or overseeing the audit.

3. The buck stops with the Board, but most senior team members (Partners, Directors or otherwise) already have a portfolio of other responsibilities to manage.


4. The same senior team members are more often than not fee earners, too. Conducting an audit takes them away from earning fees.

5. Practice leaders or officers are not always 100% confident that their controls are up to speed in the first place (so that they don't have a reliable baseline to work from).

6. MLCOs and MLROs are sometimes unsure as to what should be included in audits or how to benchmark them.

Here's what we we do...

In most cases, the reviews take place in two stages, both of which are conducted on a fixed fee basis.

1. Desktop review & Gap Analysis report

We review your documented controls and records that support AML controls and provide you with a written Gap Analysis Report

It's not nearly good or thorough enough to simply review an AML policy alone. So, we review a host of supporting documents and records as well, including;

The Firm-wide AML Risk Assessment, the policy for staff training on AML, staff training records, supervision procedures, file review procedures, reporting and monitoring procedures, MLRO reports, matter file forms for recording outcomes of AML checks and reviews of EID/V service providers.



2. Onsite visit and audit

We follow the desktop review with a visit to your offices to examine the controls in action. We add our findings to the Gap Analysis Report to provide you with a written narrative as to where your practice stands with its AML controls and next steps to resolve the gaps.

The list of aspects that we examine is long and thorough, and includes;

  • Conducting file reviews to examine the conduct of AML controls in the ‘real world’
  • Viewing the operation of the case management system controls for AML,
  • Perusing the AML forms on matter files, and,
  • Examination of the training records and training programme that supports AML controls
  • Examination of the risk register
  • Examination of the register of breaches, near misses and the regular reviews of risk data
  • Reviewing historical file review findings/trends
  • Meeting with fee earners and support staff to understand their perspective and to test their application and experience of controls
  • Meeting with supervisors, Heads of Department, the MLRO and others in responsible roles.

Please get in touch with us to find out more.