Learning Outcomes
This article explains the main obligations imposed by the Money Laundering Regulations on solicitors and law firms, covering firm-wide risk assessment and internal controls, client due diligence (CDD) and beneficial ownership verification, ongoing monitoring, reporting suspicious activity and the DAML consent process and timelines under POCA, and recordkeeping and staff training. It outlines when enhanced or simplified due diligence is required, the offence of tipping off and confidentiality rules, the roles of the nominated officer (MLRO) and Money Laundering Compliance Officer (MLCO), the definitions of “relevant person” and “occasional transaction,” and how the UK financial sanctions regime interacts with AML obligations.
SQE1 Syllabus
For SQE1, you are required to understand the legal and practical requirements of anti-money laundering compliance, with a focus on the following syllabus points:
- the purpose and scope of the Money Laundering Regulations and their application to legal services
- the obligations to conduct risk assessments and implement internal controls
- the requirements for standard, enhanced, and simplified client due diligence (CDD)
- ongoing monitoring of client relationships and transactions
- the duty to report suspicious activity and the procedures for making disclosures
- the offence of tipping off and the importance of confidentiality
- recordkeeping and staff training requirements under the Regulations
- how the Proceeds of Crime Act 2002 offences (including failure to disclose and tipping off) apply to solicitors in the regulated sector
- the consent (DAML) process and moratorium periods
- the UK financial sanctions regime and interactions with AML
Test Your Knowledge
Attempt these questions before reading this article. If you find some difficult or cannot remember the answers, remember to look more closely at that area during your revision.
- What is the main purpose of the Money Laundering Regulations for solicitors?
- When must a solicitor apply enhanced due diligence measures?
- What is a Suspicious Activity Report (SAR), and when must it be submitted?
- What is the offence of 'tipping off' in the context of anti-money laundering law?
Introduction
Money laundering is the process by which criminals disguise the origin of funds obtained from crime, making them appear legitimate. Solicitors and law firms are at risk of being used to facilitate money laundering, especially when handling client money or property transactions. The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (the "Money Laundering Regulations") impose strict obligations on legal professionals to prevent, detect, and report money laundering and terrorist financing.
Key Term: money laundering
Money laundering is the process of concealing the criminal origin of money or assets to make them appear legitimate.
The Legal Framework
The Money Laundering Regulations apply to "relevant persons," including independent legal professionals, when they participate in certain financial or property transactions (for example, buying and selling real property or business entities, managing client money or other assets, opening or managing bank accounts, and creating or managing trusts, companies, or similar structures). These rules are supported by the Proceeds of Crime Act 2002 (POCA), which defines money laundering offences and reporting duties, and by terrorist financing offences under the Terrorism Act 2000. Firms must also be mindful of the UK financial sanctions regime administered by the Office of Financial Sanctions Implementation (OFSI), which places obligations on firms that encounter designated persons or entities, including reporting and, where necessary, licensing arrangements to receive reasonable legal fees.
Key Term: criminal property
Criminal property is any property that represents a benefit from criminal conduct, directly or indirectly, and includes money, assets, or rights.
POCA offences particularly relevant to solicitors include:
- direct involvement offences: concealing, disguising, converting, transferring or removing criminal property (s.327); entering into arrangements that enable the acquisition, retention, use or control of criminal property (s.328); and acquiring, using or possessing criminal property (s.329)
- failure to disclose knowledge or suspicion in the regulated sector (s.330) and parallel duties for nominated officers (s.331)
- tipping off (s.333A) and prejudicing an investigation (s.342)
The Criminal Finances Act 2017 introduced a corporate offence of failure to prevent the criminal facilitation of tax evasion. Law firms must have reasonable prevention procedures in place; otherwise they face strict liability, unlimited fines, and confiscation.
Risk Assessment and Internal Controls
Firms must identify and assess the risk of being used for money laundering or terrorist financing. This involves a written, firm-wide risk assessment (Regulation 18), considering the nature of clients, services, transactions, delivery channels, and geographic factors (including high-risk third countries). The assessment must be reviewed regularly and updated as risks change.
Firms must establish and maintain written policies, controls, and procedures proportionate to their size and nature to manage and mitigate identified risks (Regulation 19). These typically include:
- risk assessment methodology, including triggers for escalation
- CDD, ongoing monitoring, and enhanced measures where higher risks exist
- identifying and scrutinising complex, unusually large, or otherwise suspicious transactions
- procedures for identifying and managing PEP relationships
- reliance and record-keeping policies
- information-sharing protocols within corporate groups
- staff screening and training
- independent audit to test effectiveness
Firms must appoint key roles and maintain internal controls (Regulation 21). In practice, solicitors should expect the following:
- a nominated officer (often called the Money Laundering Reporting Officer, or MLRO) to receive internal reports and make SARs to the National Crime Agency (NCA)
- a Money Laundering Compliance Officer (MLCO) if appropriate to the size and nature of the firm; in most firms, this role exists and may be combined with the MLRO role
- pre-employment and ongoing screening of relevant staff to assess skills, knowledge, conduct, and integrity
- an independent audit function to examine, evaluate, recommend, and monitor AML policies and procedures
- systems to respond fully and rapidly to law-enforcement enquiries about whether the firm maintains, or has maintained during the past five years, a business relationship with any person, and the nature of that relationship
Key Term: risk-based approach
A risk-based approach means tailoring anti-money laundering measures to the level and type of risk present in the firm’s activities.
Client Due Diligence (CDD)
Solicitors must carry out CDD before establishing a business relationship or carrying out certain transactions. CDD involves:
- identifying and verifying the client’s identity using reliable, independent sources (as soon as practicable and, in low-risk, non-disruptive circumstances, verification may be completed during onboarding)
- identifying and verifying any beneficial owner (for example, those owning or controlling more than 25% of a company, LLP, or trust)
- understanding the purpose and intended nature of the business relationship
CDD must be completed:
- before establishing a business relationship
- when carrying out an occasional transaction of €15,000 or more
- when carrying out an occasional transfer of funds exceeding €1,000 (electronic payment services on behalf of a payer through a payment service provider)
- when there is suspicion of money laundering or terrorist financing
- when there are doubts about previously obtained client identification or the adequacy of information
Where the client is a corporate body, the solicitor should obtain and verify its name, registration number, registered office (and principal place of business), and, where the body is not listed on a regulated market, the law to which it is subject, its constitution, and the names of the board of directors or senior management. Since 2020, firms must report discrepancies between CDD information and the public beneficial ownership register to Companies House (the “PSC” register) when identified in the course of CDD.
Key Term: client due diligence (CDD)
CDD is the process of identifying and verifying the identity of clients and beneficial owners, and assessing the purpose of the business relationship.
Standard, Simplified, and Enhanced Due Diligence
Standard due diligence applies in most cases. Solicitors must obtain and verify the client’s identity and, for companies or trusts, the beneficial owners. Where a client acts through representatives, obtain evidence of the representative’s authority and verify their identity.
Simplified due diligence (SDD) may be applied where the risk of money laundering is demonstrably low, such as when dealing with UK public authorities or listed companies on regulated markets. SDD is not automatic: firms must determine low risk based on their risk assessment and the specific factors in Regulation 37(3). Even when using SDD, firms must monitor for suspicious activity and be ready to apply standard or enhanced measures if risks change.
Key Term: simplified due diligence
Simplified due diligence is a reduced level of CDD permitted where the risk of money laundering is low.Key Term: enhanced due diligence
Enhanced due diligence (EDD) is a higher level of CDD required in higher-risk situations, such as dealing with politically exposed persons (PEPs) or clients from high-risk countries.
EDD must be applied when:
- the client or transaction is high risk (e.g., complex or unusually large transactions, unusual patterns, or no apparent legal/economic purpose)
- the client is a politically exposed person (PEP), or a family member or close associate of a PEP
- the client or counterparty is established in a high-risk third country
- the client has provided false or stolen identification, or the business relationship is not conducted face-to-face
- other risk indicators exist (e.g., payments from unknown third parties, multiple or foreign accounts, non-institutional lenders)
EDD involves obtaining additional information, verifying the source of funds and wealth, senior management approval to proceed, and increased ongoing monitoring.
A PEP is an individual entrusted with prominent public functions (heads of state or government, ministers, members of parliament, senior judicial bodies, courts of auditors, central bank boards, ambassadors and senior military officers, and senior management of state-owned enterprises). Family members typically include spouse/civil partner, children (and their spouses/civil partners), and parents; known close associates include those with close business relationships. When dealing with a PEP, firms must obtain senior management approval, establish source of wealth and source of funds, and conduct enhanced ongoing monitoring.
Worked Example 1.1
A solicitor is instructed to purchase a property for a new client based in a country identified as high risk for money laundering. The client is a senior government official.
Question: What due diligence measures must the solicitor apply?
Answer:
The solicitor must apply enhanced due diligence, including verifying the client’s identity, establishing the source of funds and wealth, obtaining senior management approval to proceed, and conducting enhanced ongoing monitoring of the relationship.
Worked Example 1.2
A client asks a solicitor to return £100,000 previously deposited for a transaction that has fallen through, but requests that the funds be split and sent to several overseas accounts. The solicitor is suspicious.
Question: What should the solicitor do?
Answer:
The solicitor must make a disclosure to the firm’s nominated officer. If the nominated officer decides to submit a SAR to the NCA, the solicitor must not proceed with the transaction until authorised to do so.
Worked Example 1.3
You act for a UK private company limited by shares. The instructing director owns 10% of the shares. Companies House shows two PSCs: one individual with 60% and one corporate with 30%, each with voting rights.
Question: What CDD steps are required for beneficial ownership?
Answer:
Identify and verify the company, the instructing director, and the beneficial owners (the individual PSC with 60% and the corporate PSC with 30%). Obtain documents evidencing ownership and control, verify the PSCs’ identities using reliable sources, assess any indirect control, and report any discrepancy between CDD findings and the PSC register.
Worked Example 1.4
You act for a FTSE-listed plc on a straightforward commercial lease. Your risk assessment indicates low ML risk.
Question: Can simplified due diligence be applied?
Answer:
Yes, SDD may be appropriate for a UK-listed plc, provided your firm documents the low-risk assessment, obtains evidence of listing on a regulated market, and continues to monitor the relationship for any suspicious activity or risk changes.
Ongoing Monitoring
Firms must monitor business relationships on an ongoing basis to ensure transactions are consistent with the solicitor’s knowledge of the client and to identify any unusual or suspicious activity. Monitoring includes scrutiny of transactions to ensure they align with the client’s profile, updating CDD when trigger events occur (e.g., changes in control or beneficiaries, new high-risk jurisdictions, unexpected payment routes), and reassessing risk if circumstances change. Regulation 28(11) requires ongoing monitoring; firms should ensure they can identify when enhanced measures become necessary.
Reporting Suspicious Activity
If a solicitor knows or suspects, or has reasonable grounds to suspect, that a person is engaged in money laundering or terrorist financing, they must make a disclosure (Suspicious Activity Report, or SAR) to the firm’s nominated officer (MLRO). The MLRO must then consider whether to report the matter to the National Crime Agency (NCA).
Key Term: Suspicious Activity Report (SAR)
A SAR is a report made to the nominated officer or NCA when there is knowledge or suspicion of money laundering or terrorist financing.
When a SAR is submitted seeking consent (commonly referred to as a “DAML” request), the NCA has a 7 working day notice period to respond. If consent is refused, there is a 31-calendar-day moratorium period during which the firm must not proceed with the prohibited act; this moratorium can be extended on application, up to a maximum of 217 days in total. During any notice or moratorium period, maintain strict confidentiality and avoid tipping off.
Worked Example 1.5
You suspect a client’s funds derive from fraud. You submit a DAML SAR. The NCA does not respond within 7 working days. Two days later, the client presses you to proceed with payment.
Question: What can you do?
Answer:
If consent is not refused within 7 working days, “deemed consent” applies and you may proceed, provided no new suspicions arise and you continue to comply with internal approvals and monitoring. If consent had been refused, you would have to wait for the moratorium to expire or be lifted.
Tipping Off and Confidentiality
It is a criminal offence to disclose to a client or third party that a SAR has been made or that a money laundering investigation is underway, if that disclosure is likely to prejudice the investigation. This is known as "tipping off".
Key Term: tipping off
Tipping off is the offence of informing a person that a SAR has been made or that an investigation is ongoing, where this may prejudice the investigation.Key Term: nominated officer (MLRO)
The nominated officer (or MLRO) is the person appointed by a firm to receive internal reports of suspicious activity and make external disclosures to the NCA.
The duty of confidentiality owed to clients is preserved by law: disclosures made under POCA do not breach confidentiality. However, solicitors must be careful not to reveal a SAR or investigation status to the client (e.g., by explaining that a payment is delayed “because we submitted a SAR”). The UK financial sanctions list is public, so discussing a person’s designated status does not amount to tipping off; nonetheless, if acting for designated persons, firms must obtain appropriate licences to receive reasonable legal fees.
Certain defences may apply to the failure-to-disclose offence (s.330), including legal professional privilege (privileged circumstances), lack of training (where the employee did not know or suspect and had not been trained), or a reasonable excuse. These are specific and limited: reliance on them requires careful legal analysis.
Exam Warning
Disclosing to a client that you have made a SAR, or that their matter is under investigation, is a criminal offence. Always maintain strict confidentiality after making a disclosure.
Recordkeeping and Training
Firms must keep records of CDD, ongoing monitoring, risk assessments, and all transactions for at least five years from the end of the business relationship or transaction (Regulation 40). Records must be sufficient to reconstruct transactions and demonstrate compliance. Where reliance is placed on third-party CDD, retain evidence of that reliance and be prepared to provide supporting documents promptly.
Firms must provide regular AML training to relevant employees (Regulation 24) and keep records of training delivered. Training should cover the law on money laundering and terrorist financing, the firm’s policies and procedures, the data protection requirements applicable to AML processing, indicators of suspicious activity (“red flags”), escalation routes, and how to avoid tipping off. Inadequate training can lead to individual and firm-level breaches; in some circumstances, lack of training may be relevant to the statutory defence to failure to disclose in the regulated sector, though it is not a general shield against liability.
Key Term: recordkeeping
Recordkeeping is the requirement to retain documents and information relating to CDD, transactions, and training for a specified period.
Penalties for Non-Compliance
Failure to comply with the Money Laundering Regulations, including inadequate CDD, failing to report suspicious activity, or tipping off, can result in criminal prosecution, fines, and regulatory sanctions. POCA offences carry significant custodial sentences and fines. Separately, the SRA may take disciplinary action for breaches of its Standards and Regulations (e.g., acting without integrity or honesty, failing to maintain trust and act fairly), which can lead to fines, practising restrictions, referral to the Solicitors Disciplinary Tribunal, suspension, or striking off.
Under the Criminal Finances Act 2017, firms face strict liability for failure to prevent the criminal facilitation of tax evasion by employees or associated persons. Reasonable prevention procedures—typically documented as part of AML policies—are the only defence. The UK financial sanctions regime can also lead to civil monetary penalties for breaches and criminal prosecutions in serious cases. Firms must screen clients and counterparties against sanctions lists and, if dealing with designated persons, comply with reporting and licensing requirements.
Summary
| Obligation | Requirement |
|---|---|
| Risk assessment | Written, firm-wide, regularly reviewed |
| Internal controls | Policies, procedures, nominated officer, staff training, audit, screening |
| Client due diligence (CDD) | Identify and verify clients and beneficial owners; apply EDD or SDD as appropriate |
| Ongoing monitoring | Review transactions and relationships for consistency and suspicious activity |
| Reporting | Make SARs to nominated officer and NCA when suspicion arises; consider DAML |
| Tipping off | Do not disclose SARs or investigations to clients or third parties |
| Recordkeeping | Retain CDD, transaction, and training records for at least five years |
Key Point Checklist
This article has covered the following key knowledge points:
- The Money Laundering Regulations impose strict obligations on solicitors and law firms to prevent money laundering and terrorist financing.
- Firms must conduct written risk assessments and implement proportionate internal controls, including MLRO/MLCO appointments, screening, and audit.
- Client due diligence (CDD) is required before establishing a business relationship or carrying out certain transactions; beneficial ownership must be identified and verified.
- Enhanced due diligence (EDD) is mandatory in high-risk situations, such as dealing with PEPs or high-risk countries; simplified due diligence (SDD) may be used only where risk is demonstrably low.
- Ongoing monitoring is essential; firms must update CDD if events trigger reassessment and watch for unusual patterns or transactions.
- Suspicious Activity Reports (SARs) must be made to the nominated officer and, if appropriate, to the NCA; understand DAML timelines and moratoriums.
- Tipping off is a criminal offence—never disclose a SAR or investigation to a client; maintain confidentiality and understand privileged circumstances.
- Firms must keep records of CDD, transactions, and training for at least five years; training must be regular and documented.
- The SRA may take disciplinary action for AML breaches; POCA offences carry criminal penalties; firms must also comply with the Criminal Finances Act 2017 and UK sanctions.
Key Terms and Concepts
- money laundering
- criminal property
- risk-based approach
- client due diligence (CDD)
- simplified due diligence
- enhanced due diligence
- Suspicious Activity Report (SAR)
- tipping off
- nominated officer (MLRO)
- recordkeeping