Skip to main content
Man and a woman analyzing data

AML (Anti-Money Laundering) Audit Services for Law Firms


PDA Legal's team of SRA & AML compliance specialists conduct expert, independent anti-money laundering audits for law firms & solicitors.

The Importance of Independent AML Audits


To comply with Regulation 21 of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017” (MLR 2017), the Solicitors Regulation Authority (SRA) requires firms to implement robust systems to prevent money laundering. However, staying on top of evolving requirements can be both time consuming and challenging. Non-compliance risks severe penalties, from financial fines to reputational damage, and can disrupt your firm’s operations.

Our experienced AML auditors help UK law firms understand the complex money laundering regulations, assess your firm’s current AML policies, controls and procedures (PCPs), and support you in achieving compliance.

Common Failings Identified During AML Audits For Law Firms


Firms are managing ever-tightening controls on sanctions and proliferation financing, and all this against the backdrop of the ongoing programme of SRA thematic reviews.

Ensuring you have a clear view and understanding of your organisation's compliance with the latest AML requirements has never been more important.

SRA thematic reviews have highlighted not just gaps in rudimentary controls, such as conducting ID checks, but also other critical elements, including:

  • Arrow Icon

    Ineffective conduct of audits and reviews (or no reviews/audits at all!)

  • Arrow Icon

    Absence of or incomplete matter-level AML risk assessments

  • Arrow Icon

    Lacklustre internal reporting structures and content

  • Arrow Icon

    Inadequate knowledge for making Suspicious Activity Reports (SARs)

  • Arrow Icon

    Gaps in training, knowledge or updates

  • Arrow Icon

    Out of date controls or procedures

  • Arrow Icon

    Over-reliance on EID/V (Electronic ID / Verification) in isolation

  • Arrow Icon

    Insufficient reviewing of the efficacy/appropriateness of EID/V

The Challenge with “Independent” In-House Audits


Under Regulation 21 legislation it is theoretically possible for solicitors or law firms to conduct their own “independent” anti-money laundering audits. However, there are a few challenges.

Independence

MLROs and MLCOs cannot conduct a valid Independent AML Audits (IAAs). Nor can Compliance Managers, AML managers and others, if they are effectively ‘marking their own homework’.

Seniority

If conducted internally, it should only be by someone of senior management level. This ensures that they will have unhindered access to all information that they require to conduct the audit.

Expertise

The regulations require that adequate resources be applied and the auditor should be able to demonstrate experience and expertise in conducting IAAs and to understand the process of audit trailing.

Timing

If asked by the SRA, firms need to be prepared to defend their decisions as to the frequency of their IAA. On average, independent AML Audits take place every 12-24 months.

Duration

Including reporting, IAAs take 3 to 4 days on average. If an IAA is conducted internally by a senior manager who is also a fee earner, that represents a lot of lost fee income.

Preparation

Preparation for an IAA is not necessary; in fact, it could be dangerous. Too much preparation could give rise to a false impression as to the true state of the firm’s controls.

Audit coverage

IAAs are not concerned with the firm’s AML policy, alone. Dozens of associated policies, controls and documents should be reviewed, matters perused and trailed, and people interviewed.

Gravitas of the report

For an IAA to be valid, it cannot be ignored or put to one side. Also, Lexcel/CQS/ISO accreditation does not guarantee AML compliance; to the contrary, it can give rise to a false sense of security. PDA’s IAA reports are typically 20-30 pages long; for accredited firms as well as those that are not.

The good news is that our independent AML audit service provides a convenient solution, enabling you and your team to focus on revenue-generating work.

What Our Independent AML Audits Review


As our AML compliance audits are performed by experienced experts, we review your firm’s operation and AML framework in the same way as an official SRA inspection; but with the significant advantage that our findings, coupled with our subsequent support if required, provide you with the ability to address any issues prior to a formal SRA inspection. In addition, as experts in the ‘real world’ application of AML regulations, we can provide professional advice, consultancy, training and more.

Our AML Auditing Process

Much of our approach to Independent AML Audit scheduling and content is informed by our many discussions with firms that have been through the SRA’s thematic review process. Typically, our AML audits take place in two stages, both of which are conducted on a transparent, scheduled, fixed fee basis which provides you with peace of mind that you know how much you need to budget for and what to expect from us at each step.
Three businesswomen in an office meeting

Step1: Initial Consultation

We conduct an initial consultation with you, where we discuss the make-up of your firm and start to identify the level of risk to which it is exposed. During that conversation, we can pinpoint the aspects to be covered in the audit, the people and documents involved and even commence the planning for the visit to your offices in due course.
Two businesswomen looking at a laptop

Step 2: Desktop Review & Gap Analysis Report

Our clients have told us time and again that our audit reports are the most detailed, but easy to digest, that they have ever received.

We start by reviewing your documented controls and records that support AML controls and provide you with a written Gap Analysis Report.

We don’t simply review an AML policy. Like dropping a stone into a pond, your AML controls touch upon many others. And so, we review a host of supporting documents and records as well, including;

  • The Practice/Firm-Wide AML Risk Assessment
  • The policy for staff training on AML
  • Staff training records
  • Supervision procedures
  • File review procedures
  • Reporting and monitoring procedures
  • MLRO reports
  • Matter file forms for recording outcomes of AML checks
  • Reviews of EID/V service providers
A team meeting in an elegant office

Step 3: Interim Report and Discussion

We are unique in the sector by sending you an interim written report after the desktop portion of the audit, rather than making you wait until after the onsite visit!

And, we conduct a conversation with you to consider the findings so far.

This provides the opportunity to pinpoint any particular aspects of concern that the firm might like for us to drill into when we conduct the onsite portion of the audit.

Then, we prepare the visit plan to share with you in advance of the visit.

professional team meeting

Step 4: Onsite Visit and Audit

After the desktop review has been completed, we follow up with a visit to your offices to examine the controls in action.

The list of aspects that we examine is long and thorough, and includes;

  • Meeting with supervisors, Heads of Department, the MLRO and others in responsible roles
  • Conducting file reviews to examine the conduct of AML controls in the ‘real world’
  • Viewing the operation of the case management system controls for AML
  • Perusing the AML forms on matter files
  • Examination of the training records and training programme that supports AML controls
  • Examination of the risk register
  • Examination of the register of breaches, near misses and the regular reviews of risk data
  • Reviewing historical file review findings/trends
  • Meeting with fee earners and support staff to understand their perspective and to test their application and experience of controls

At the end of the visit, we meet with the MLRO and compliance managers to provide immediate feedback and to discuss any immediate concerns.

woman works on laptop

Step 5: Add Findings to GAR

We add our findings from onsite to the Gap Analysis Report to provide you with a written narrative as to where your practice stands with its AML controls and next steps to resolve the gaps.

We endeavour to provide as much value as possible by providing you with plain language feedback and explanations of concerns to be addressed. This means that our reports typically run to a sector-leading 30+ pages.

Front view of business people talking

Step 6: Review

After your having read the report, and if you wish, we conduct a final conversation with you to chat through any points raised in the report.

Pricing


We strive to provide you with unparalleled value through services that are bespoke to your practice.

Our pricing is competitive and transparent. And, it’s tailored according to the scope of the work that we do for you.

The professional fees for a thorough audit start from less than £4,000.00 plus VAT.

This includes all of the ‘Steps’ set out above, including interim reporting and the follow-up conversations. Wherever possible, we conduct work on a fixed fee basis.

Join our free Best Practice Group and save:

Members of our free-to-join Best Practice Group receive a substantial discount on all of our services.

Additional Auditing Services

In addition to AML audits, we can also provide auditing for other related areas such as:

Leaf Icon Learn More
Leaf Icon Learn More
Leaf Icon Learn More
Leaf Icon Learn More
Leaf Icon

Why Work With PDA Legal?

The PDA Legal Team:

  • Arrow Icon

    Has over 25 years experience in the legal sector.

  • Arrow Icon

    Has supported over 500 legal organisations.

  • Arrow Icon

    Has worked with The Law Society on Lexcel and has authored articles and spoken at national Law Society events on key compliance topics.

  • Arrow Icon

    Ensure that all discussions with us are conducted in the strictest of confidence.

  • Arrow Icon

    Operates, wherever possible, on a fixed price model and project scheduling.

  • Arrow Icon

    Offers a free, no obligation initial consultation.

What Our Clients Have to Say About PDA’s AML Support…


  • “We’ve had independent AML reports before, but PDA’s was by far the most detailed and helpful.”
  • “PDA’s AML audit report works like a checklist, so that we can see what we need to do, at-a-glance.”
  • “Thank you for the AML audit, PDA. We feel much better prepared for an SRA visit now!”
  • “PDA understands AML controls in the context of how real law firms actually work.”
  • “We now have a reliable structure for the screening of employees, thanks to guidance from PDA”
  • “AML felt like ‘smoke and mirrors’ until PDA simplified it for us.”
  • “PDA has been a second and third pair of hands to support our time-poor MLRO.”
  • “The Partners’ hesitance about an Independent AML Audit melted away when PDA hand-held us through every step.”
  • “We knew that something wasn’t quite right with our AML processes; thank you, PDA, for pinpointing the issues for us.”
  • “PDA conducted our Independent Audit so smoothly. We didn’t realise that it could be that painless!”
  • “PDA didn’t just conduct our AML audit; they stayed to help us update our AML controls, too.”
  • “PDA’s insight cut through the fog to help us select the appropriate EID/V system for our needs.”
  • “PDA conducting our Independent Audit saved us a lot of time (and we enjoyed the fresh perspective).”
  • “PDA’s Independent Audit report put the whole thing into logical context. Very pleased!”
  • “We’ll be welcoming PDA back to do next year’s Independent Audit too.”
  • “PDA isn’t the first consultancy that we’ve used to help us with AML… but it will be the last.”
    Get in touch for a free no obligation quote today
    • Law Society Lexcel Assessor. Legal Practice Quality Mark.
    • Cyber Essentials  logo
    • Information Commissioner's Office logo
    • ISO logo
    • Legal Aid Agency logo
    • Solicitors Regulation Authority