Completing the client and matter risk template
Firms that are in scope of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR) must carry out a written client and matter risk assessment (risk assessment) under regulation 28 (12) and (13) of the MLR.
To help you comply with this obligation, we have developed a template that you can download and adapt for your own firm's purposes, along with supporting notes that will help you complete it. We have also pre-filled some templates - one for a low-risk example and another for a high-risk example - to help you understand how to assess a matter.
These notes will help you use the risk assessment template we have created. If you choose to use the template, you should adapt the template to suit your firm.
You should consider the factors in the template to help you to assess the money laundering risk posed by the client or transaction. The factors listed are not exhaustive. There may be other appropriate risk factors for you to consider depending on the nature of the client/transaction and your firm’s risk appetite. Your risk appetite should be documented in your firm wide risk assessment.
You must carry out and record a risk assessment for every client and matter that falls within scope of regulation 11(d) and regulation 12(1) and (2) of the MLR.
Risk assessments should be performed at the beginning of a client relationship in conjunction with performing customer due diligence. For some clients, additional information to inform the risk profile may only emerge later in the transaction or as the relationship progresses. Your risk assessment process should take into account any changes in the risk posed by the client or matter.
Under regulation 28 (12)(ii) of the MLR, the customer due diligence measure you apply, must reflect your firm wide risk assessment under regulation 18 of the MLR and the level of risk arising in any particular matter.
Under regulation 28(13) of the MLR, you must assess:
- the purpose of an account, transaction or business relationship
- the level of assets to be deposited by a customer or the size of the transactions undertaken by the customer
- the regularity and duration of the business relationship
The better you know your client and understand your instructions the better placed you will be to assess risks and spot suspicious activities.
Note: It may not be necessary to undertake a written risk assessment for every matter. A matter risk assessment is less likely to be needed where:
- matters undertaken for a given client are highly repetitive in nature. For example,
- risk remains consistent between one matter and another
- and the risk is addressed comprehensively by the client risk assessment
If, by using a risk-based approach, you do not carry out a risk assessment for every matter for a given client, you should ensure you still regularly review the client risk assessment.
Completing a risk assessment will tell you the level and extent of due diligence that is required to mitigate any risks identified in relation to your client or particular transaction.
You should review risk assessments at appropriate intervals during the client relationship, during the transaction and just before the transaction is completed to identify if anything has changed. Information you learn while acting for the client should also inform your risk assessment.
For each client and matter you must identify the clients including beneficial owners. You should:
- assess if the service you are going to provide could be used to launder money
- understand why your services are needed and whether it appears reasonable or genuine
- understand the source of funds and wealth of the client/owners
- be vigilant to red flags throughout the course of the matter, and in particular consider whether there is information that doesn’t fit with your assessment of risk
- consult your firm’s policies to decide what action you need to take to mitigate any risks identified.
- determine what information or evidence you need to collect for due diligence purposes and how this will be monitored
- document and record all steps taken.
The questions in this guidance mirror the questions on the template and provide a descriptor of what you should consider for each question. The descriptions are not exhaustive.
It is a requirement under regulation 27 & 28 of the MLR to identify and verify your client's identity using independent sources.
It is important to understand what type of client you are dealing with (for example, a natural person, a limited company, a charity etc). This is because the level of due diligence checks required under the MLRs differ based on the type of client involved.
Client name
For an individual, you should record the client’s forename(s) and surname.
Date of Birth
This is shown as DoB in the template.
2a Client Risk
Is it unusual for this type of client to instruct us?
Your view on this may differ if you have acted for the client once or multiple times.
Existing clients - You should not assume that existing clients are necessarily lower risk. There is no provision in the MLRs for waiving client due diligence requirements because of a long-standing or personal relationship.
For new clients, you should try to understand why they chose your firm. Does the client fit within the usual range of clients that typically instruct your firm? If not, does the type of client align with your firm’s risk appetite?
Your risk appetite is the level of risk your firm is willing to accept. This should be documented in your firm wide risk assessment. Your firm wide risk assessment must consider the risks your clients may pose, the geographic areas in which your firm operates, the services you offer, the types of transactions you work on and the ways you deliver services to your clients.
You should consider if a new client exposes the firm to new risks and how those risks will be managed. These considerations should be documented on the risk assessment.
Do you have any concerns about the client?
If you have any concerns about the client or associates linked to the client or transaction (if you are aware of any), you should record them on the risk assessment. These should be monitored and reviewed regularly, according to the level of risk.
Please see ongoing monitoring section below for more information.
Do you have any concerns about this client, agent or third parties?
Under paragraph 3.1 of the SRA Code of Conduct for Solicitors, if your client is represented by an intermediary, agent or representative (for example, a third party representing the client), you must only accept instructions from someone properly authorised to provide instructions on the client’s behalf. The third party’s authority to act must be evidenced and recorded.
You must also comply with regulation 28(10) of the MLR and identify and verify the intermediary's identity.
You should record details of any concerns you may have regarding your client based on the information you have reviewed. For example, if it is not reasonable for the third party to provide instructions. You should also record any actions that will be taken to address any issues identified.
Please see section 2d for guidance on identifying and verification requirements.
Is the client a designated person/entity?
A designated person is an individual, entity or ship that is subject to sanctions. The Office of Financial Sanctions Implementation (OFSI) maintains a Consolidated List of designated persons. Please see the questions in section 3b for guidance on sanctions.
2b. Jurisdiction risk
When assessing jurisdiction risk, you should consider if it is reasonable for a client in that location to instruct your firm.
Consider if there are any known ‘red flags’ relating to the location of the client. This should apply locally, regionally, nationally or internationally. For example, a local area known for criminal activity (such as drug trade or terrorism), an international jurisdiction known for high levels of corruption or tax havens.
You should also consider if the client is based in a high-risk jurisdiction or a high-risk third country. Please refer to the enhanced due diligence section for guidance on high-risk jurisdictions and high-risk third countries.
You should also consider if there are any concerns arising from geographical connections the client may have. For example, business affiliates or third parties living in or has links to high-risk jurisdictions high-risk third countries or sanctioned countries.
Record any issues or red flags considered or identified in the space provided.
Where is the client based?
For individuals, this means where the client is resident. For an entity, you should consider the jurisdiction it was incorporated and the laws it may be subject to. You should also consider the entities address for the purposes of the client relationship as relevant for this question.
Are there any overseas elements?
You should answer yes to this question if your client, beneficial owners, any third parties or entities linked to the transaction are based abroad.
If your client/ beneficial owners are an overseas entity (incorporated outside of the United Kingdom) and the anticipated work involves buying, selling, leasing or otherwise transferring property, you should check their overseas entity status on Companies House. Please refer to the guidance on the Companies House website for more information.
If the transaction involves overseas elements, please see section 3b for guidance on high-risk third countries and high-risk countries.
You should also consider if you will be receiving funds from overseas.
2c. Delivery channel risk
When assessing delivery channel risks, you should consider if you will meet the client in person or not. If you are not meeting the client face-to-face, are you comfortable that there is a legitimate reason for this?
You should record details of the steps you will take to ensure that the client is who they claim to be.
2d. Due Diligence review
What steps have you taken to verify the client or instructing third party’s identity?
Provide details of the steps you have taken to verify the client or any instructing third party’s identity in the space provided.
Under the MLRs you must identify and verify your client’s identity. For an individual, this means verifying the client’s name, date of birth and current address using independent sources.
If you have been unable to identify and verify these details, you should consider whether there is a good reason for this. Section 6.14.7 of the Legal Sector Affinity Group (LSAG) guidance provides examples of clients that may not be able to provide standard identification documentation.
In cases where the checks you have carried out flag concerns about the client, these should be reviewed and noted. You should record any steps you take to address those concerns in the client section of the risk assessment.
You should record any issues you experience when identifying and verifying your client’s identity and address.
Refer to section 6.12 onwards of the LSAG guidance for more information on identifying and verifying clients.
Is there any adverse media about the client or beneficial owners?
It is good practice to consider and assess any negative/adverse media or press coverage on your client. This can be checked by conducting a search on the client (e.g. via a web search). This may be flagged by your e-verification provider if you use one.
Where concerns are highlighted, you should consider the reliability of the source, recentness, relevance and seriousness of any allegations before proceeding with the transaction. You should undertake further research or put in place controls appropriate to any risks identified.
2e. Entities
You should complete this section of the form if your client or a beneficial owner of your client is not an individual. Use the first box to provide details about the entity. For example, who are the beneficial owners, shareholders and or controllers?
You should use the second box to describe the steps you have taken to identify and verify any beneficial owners.
For entities, what steps have you taken to identify and verify ultimate beneficial owners?
Under regulation 28(3) of the MLR, where the client is a legal person, trust, company, foundation or similar legal entity you must identify the client and take reasonable measures to understand the ownership and control structure of that legal person, trust, company, foundation or similar legal arrangement.
For a company, you should obtain the following information.
- Company name and number
- Company address
- The law to which the company is subject
- Full names of boards of directors
- Ownership and control structure of the company
- Names of beneficial owners/shareholders (with percentages held or other key controlling parties)
- Information to evidence it is listed on the regulated market, where necessary
For a trust, the information below should be obtained.
- Trust name
- The law to which the trust is subject to
- Full name of trustees
- Full name of settlor and or the beneficiaries
- Indicate whether trustees, settlor or beneficial owners is the client
- Indicate whether the beneficial owner is the settlor, beneficiary, or trustee
- Nature and purpose of the trust
- Is the trust registered with HMRC?
You should consider if you experience difficulties in identifying and verifying directors, beneficial owners or controllers. Some structures (not limited to companies) are designed to facilitate anonymity. Consider if you are dealing with a structure that is unnecessarily complex or if the individuals appear reluctant to provide you with documentation. Such issues should be documented in the risk assessment.
Have you identified any reportable discrepancies?
If the information you hold on the person of significant control of a company or a registrable beneficial owner of an overseas entity is significantly different to the information recorded by Companies House, you are required to report it to Companies House under regulation 30A of the MLR.
Companies House has guidance available on its website. Section 6.14.10 of the LSAG guidance also has helpful information.
If you answered yes to this section. Provide details of your findings along actions you will take to address the concerns.
If applicable, have you checked the register of overseas entities?
Overseas entities who bought, want to buy, sell or transfer property or land in the UK, must register with Companies House.
If your client/ beneficial owners are an overseas entity (incorporated outside of the United Kingdom) seeking the above services, you should check their overseas entity status on Companies House. Please refer to the guidance on the Companies House website for more information.
Do we usually carry out this type of work?
Consider if the matter is within your area of expertise and your firm’s risk appetite. It is important to consider this because if you do not fully understand the risks in a transaction, you cannot manage the risks.
Your risk appetite is the level of risk your firm is willing to accept. This should be documented in your FWRA.
If the transaction relates to an area that falls outside of your firm’s usual parameters, you should consider if this exposes your firm to new risks and how those risks will be managed.
This should be documented on the risk assessment.
Does the matter involve creating a complex structure?
Criminals can use complex structures as a way of obscuring the source of funds in a transaction or their ownership. If the matter involves creating a complex structure, it is important that you consider if there is a genuine purpose for this. Complex structures can be used to launder money or disguise ownership.
Your assessment of whether a structure is unusual or unduly complex should be based on the risk of money laundering it poses. You should consider what you know about your client, the client’s business, if the matter is in line with your previous dealings with the client and if it makes sense for the transaction to be structured in this way.
Your considerations should be documented on the risk assessment.
Does it involve a cash intensive industry?
Cash intensive businesses have a high cash turnover, for example nail bars and takeaway restaurants. Non-business entities may also fall into this group, for example, charities.
Cash-intensive businesses are riskier because there is a greater risk of disguising illegal funds within legitimate payments.
If your client is a cash intensive business, you should record how this risk will be mitigated.
Does it involve a high-risk industry?
The client's sector or area of work is also a significant risk factor, in particular if it is as area with a higher risk of corruption or being used for money laundering. For example, the arms trade, casinos, or trade in high-value items such as art or precious metals.
If your client operates in a high-risk sector, you should record how this risk will be mitigated.
Does the matter involve a risk of proliferation financing?
The MLR statutory instrument introduced in September 2022 brought in the amendments 16A, 18A and 19A of the MLRs in relation to proliferation financing (PF).
Under regulations 18A -19A of the MLRs, all firms in scope of the MLR must carry out a firm wide risk assessment incorporating PF and include PF in their policies, controls and procedures.
PF is defined in regulation 16(A)(9) of the MLRs as ‘the act of providing funds or financial services for use, in whole or in part, in the manufacture, acquisition, development, export, trans-shipment, brokering, transport, transfer, stockpiling of, or otherwise in connection with the possession or use of, chemical, biological, radiological or nuclear weapons, including the provision of funds or financial services in connection with the means of delivery of such weapons and other CBRN-related goods and technology, in contravention of a relevant financial sanctions obligation’.
Section 18.10 of the LSAG guidance contains a list of factors to be considered when assessing PF risks.
Are there any there any other Anti-Money Laundering (AML) or Counter Terrorist Financing risks?
The risk factors in this template are not exhaustive. It is therefore important that you consider other appropriate risk factors particular to each matter/client to assess other money laundering or terrorist financing risks that may be present.
Have you checked the source of funds for this transaction?
Source of funds means the money that is being used to fund the transaction in question. It is essential that you understand the nature, background and circumstances of the client, including their financial position. This allows you to assess whether the service/transaction is in keeping with your understanding of their background and circumstances.
Regulation 28(11)(a) of the MLRs requires firms to undertake a source of funds check where necessary.
A source of funds check should consider how the client accumulated the funds for the transaction. This will need to go beyond the location of the funds and consider how the client obtained that money (for example, was it salary, or a gift?).
You must ensure that the funds are not the proceeds of crime. This means that it is not enough to know that the funds are coming from a UK bank account or having sight of the client’s bank account statements showing that the funds are available. You need to go back as far as is needed to build a clear picture of how the client accumulated their money for the transaction. For some, it may be as little as six months, for others it might require looking back several years.
You should provide details of the checks you have conducted and any documentation you may have obtained. If you do not consider it necessary to check the source of funds in a transaction, the reason should be documented in the box provided.
If the client is a PEP, you must apply a source of wealth check under regulation 35 of the MLR. A source of wealth check must also be completed for PEPs. This is covered in the source of wealth section further below.
Identifying the source of funds in a transaction is one of the most valuable checks you can do to protect your firm from the risk of money laundering and terrorist financing. It is important to document the source of funds checks conducted on each client or matter and the conclusions derived from these checks. Full guidance on source of funds is available in section 6.17 of the LSAG guidance.
Is the matter transactional?
This question is asking if money will be exchanged or transferred from one party to another.
Does the transaction arrange for the movement of funds or assets?
The requirement to do source of funds checks might apply even if no money is coming through your client account. If the service is not transactional, it is important to establish whether it could facilitate the movement of funds or assets. For example, a firm instructed to draw up a contract to transfer assets from one party to another party will not receive funds in their client account but will be facilitating the movement of assets.
Under section 328 of the Proceeds of Crime Act 2002, an offence is committed if a person enters into, or becomes concerned, in an arrangement they know or suspect facilitates (by whatever means) the:
- acquisition
- retention
- use or
- control of criminal property, by or on behalf of another.
Are we receiving funds from overseas?
You must take extra care when dealing with funds from geographic locations that are subject to sanctions, a high-risk third country, or otherwise associated with a higher risk of money laundering, corruption or criminality (for example, drug trade or terrorism).
Please see section 3b for guidance on countries subject to sanctions, high-risk third countries and high-risk jurisdictions.
Are we receiving funds from third parties?
Where you have identified that funds are coming from a third party you should understand their relationship to your client. This will help you decide if their involvement makes sense in the transaction.
You should also verify that person’s identity and check the funds are not the proceeds of crime. In higher risk situations, source of wealth checks may be necessary.
Will this matter be funded by digital assets? eg crypto
The anonymity of some digital assets such as cryptocurrencies pose a risk of money laundering and terrorist financing.
If a transaction will be funded by digital assets, you need to conduct appropriate checks to ensure that the funds involved are not the proceeds of crime.
3a. Product/service risk
Based on the client’s profile, does it make sense for the client to instruct us on this transaction?
You should consider your knowledge and understanding of your client and the matter you have been instructed on before answering this question.
3b. Enhanced Due Diligence
It is important to assess if your client presents a high risk of money laundering or terrorist financing. You must apply enhanced due diligence when dealing with a high-risk client or matter.
Regulation 33(1) of the MLR sets out the circumstances when enhanced due diligence and enhanced ongoing monitoring must be applied. Enhanced due diligence must be applied in addition to the client due diligence measures required in regulation 28 of the MLRs. Enhanced due diligence will also apply in any circumstances you consider to be high-risk in your firm wide risk assessment. If a client is considered high risk in your firm wide risk assessment, but not considered high risk in your client risk assessment you should explain why.
When assessing whether there is a high risk of money laundering or terrorist financing you must consider the risk factors listed under regulation 33(6) of the MLRs. Section 6.19 of the LSAG guidance provides details of when to apply enhanced due diligence.
If you tick yes to any of the questions in this section, you:
- should speak with the nominated person at your firm before you proceed. For example, the Head of department, Money Laundering Compliance or Reporting Officer
- record that this is a high-risk client along with details of the additional measures that will be taken to mitigate the risk(s) identified.
For politically exposed persons (PEPs), you must obtain senior management approval before establishing or continuing a business relationship with PEP. Further guidance on PEPs is detailed below.
If the client is not an individual, is the structure complex or unusual?
Criminals can use complex structures as a way of obscuring the source of funds in a transaction or their ownership. Your assessment of whether a structure is unusual or unduly complex should be based on the risk of money laundering it poses. You should be mindful of structures that allow controls to be bypassed or have multiple layers which may disguise ownership.
Please see the question ‘does the matter involve creating a complex structure?’ in section 3 for more information.
Does the client own, manage or direct a business or activity that falls within a higher risk sector?
Some sectors carry a higher risk of money laundering, this may be because they carry an increased risk of bribery, corruption and money laundering for example.
Section 5.6.1.3 of the LSAG guidance contains guidance on identifying higher risk sectors.
Does the matter involve a client, a beneficial owner or other party linked to the transaction, manage or direct a business or activity that is cash intensive?
Please see section 3 ‘does it involve a cash intensive industry?’ for guidance on cash intensive businesses.
Does the matter involve a client, a beneficial owner or any party established in a high-risk third country or high-risk jurisdiction?
High-risk third countries
High-risk third countries are listed at schedule 3ZA of the MLR . The MLRs prescribe steps you must take if your client or any party to a transaction is established in a high risk third country.
Section 6.19.1 of the LSAG guidance provides more details on high-risk third countries.
High-risk jurisdictions
Resources to help you consider whether a country is a high-risk jurisdiction include:
- Transparency International's corruption perception index
- The Basel AML Index
- CIA World Factbook
- FATF Jurisdictional Information
- The Know Your Country rating table
Sections 5.6.2.1 and 5.6.2.3 of the LSAG guidance provide useful guidance and useful links for high-risk jurisdictions you should consider.
Is the client a PEP, a family member or a close associate of a PEP?
The FCA has produced guidance ( FG 17/6) on identifying politically exposed persons (PEPs).
If you act for a PEP or an entity which may be owned/controlled by PEPs, you should address this in your risk assessment. You should also document any steps you may take to guard against the risks. Regulation 35(1) of the MLRs requires you to have appropriate risk management systems and procedures to determine whether a client or beneficial owner is a PEP.
When there is a PEP relationship (including where a PEP is a beneficial owner of a
client and where a client or its beneficial owner are a family member or known close
associate of a PEP), the MLRs specify that you must take the following steps to
deal with the heightened risk:
- have senior management approval for establishing a business relationship with a PEP or an entity beneficially owned by a PEP
- take adequate measures to establish the source of funds and source of wealth which are involved in the business relationship
- conduct closer ongoing monitoring of the business relationship and
- consider which aspects of your enhanced due diligence protocol are appropriate for the PEP in question.
Will this matter involve a country subject to sanctions?
Sanctions are restrictive measures imposed by the government to achieve a specific foreign policy or national security objective. You can find out which countries are subject to UK sanctions via the government’s website .
Do you have any concerns that the client, a beneficial owner or any parties linked to the transaction is subject to financial sanctions or has links to a country subject to sanctions?
You must not accept payment from a designated person unless you:
- have been granted a licence to do so by the Office of Financial Sanctions Implementation (OFSI) or
- are doing so under the terms of a general licence.
Designated persons/entities are defined in section 2a of this guidance under the question ‘Is the client a designated person/entity?’
You can refer to OFSI’s guidance for more information on the UK’s sanctions regime. We have also published guidance to help you understand your obligations and our expectations.
Is the transaction unusually complex or large? Does this transaction form part of an unusual pattern of transactions? Does the transaction lack an apparent economic or legal purpose?
Criminals can use complexity as a way of obscuring the source of funds in a transaction or their ownership. If the matter involves an unusually complex transaction, it is important that you consider if there is a legitimate reason for this.
You should consider if the transactions fits with transactions previously undertaken by the firm, the firm’s expertise and the firm’s risk appetite to take on unusual work if applicable.
If the transaction forms part of an unusual pattern of business or lacks an apparent economic reason, you should consider if you should proceed with the transaction.
Your considerations and any subsequent decisions should be documented on the risk assessment in the space provided.
3c. Risk level and justification
Considering the information you have, you should decide and record if the client and matter poses a low, medium or high risk. You should record your reason for these risk ratings in the box below. This will assist you to monitor any changes in the client’s profile when a review is completed at an appropriate time in the future.
Source of wealth
For high-risk matters, provide details of source of wealth checks you have conducted and the reason you are happy to proceed with the transaction.
Source of wealth is the origin of all the money a person has accumulated over their lifetime. You should take measures to understand the activities that have contributed toward the individual's total wealth. For example, does it make sense for a client to have accumulated their wealth from their professional activities? If not, have they inherited money, sold assets, or received an investment windfall? This information gives an indication of the amount of wealth your customer would be expected to have and a picture of how they acquired it.
The level of risk presented by the client should determine the extent of due diligence that is required to mitigate any identified risks.
You should indicate the level of due diligence that would be required.
Simplified due diligence – Simplified due diligence is the lowest form of due diligence. This is only applicable where there is little, or no risk of your client being involved in money laundering.
Regulation 37(3) of the MLRs sets out a list of factors to be considered in determining whether a situation poses a lower risk of money laundering or terrorist financing.
You should document why your customer is eligible for simplified due diligence and obtain evidence to support this.
Standard due diligence – This refers to the client due diligence measures to identify and verify your client in regulation 28 of the MLRs. The measures required will vary depending on the type of client involved.
This level of due diligence should be applied to low-risk matters (where simplified due diligence is not applicable) and medium risk matters.
Please refer to section 6 of the LSAG guidance for guidance on client due diligence requirements.
Enhanced due diligence
Please see section 3b for guidance on enhanced due diligence.
Date and Signature
The form should be signed and dated by the person completing it.
Ongoing monitoring is mandatory under regulation 28(11) of the MLRs. It is an essential part of risk management because any communication could bring with it a change in the risk profile of matter risk, client risk, or both. This is why risk assessments should be re-evaluated at appropriate intervals. This will alert you to update the risk profile of the client which may change over time (for example, where there is a change in beneficial ownership, a change in the nature of the client’s business or change of address etc).
You should review the risk assessment if important new facts emerge or at key stages in the business relationship.
You should be looking out for new instructions that do not fit the profile of the client and/or are not consistent with previous work you have undertaken for the client.
Record details of:
- how you have monitored identified risks since the form was initially completed
- any changes discovered since the form was completed
- any changes to the risk level for the client and the matter and
- how the client and matter will be monitored on ongoing basis, if necessary
The form should be signed and dated by the person reviewing the risk assessment.
The risk assessment should be reviewed as many times as is necessary for the level of risk applicable to the client and or the matter.
We conducted a thematic review in 2023 on client and matter risk assessments which identified that this is an area where improvement is required by some firms. Our findings from the thematic are set out in our report published in October 2023. A warning notice on client and matter risk assessments was also published at the same time because of the failings we identified in this area.
We have also created a client and matter risk assessment template and guidance notes on how to use the template to support firms with meeting their obligations. If you choose to use the template, you should adapt the template to suit your firm.
We have published two pre-filled templates to provide examples of how our client and matter risk assessment template should be used when risk assessing clients and matters.
Template 1 was completed for a low-risk client and involves a high-risk matter that was reduced to medium risk following a review of due diligence.
Template 2 was completed for a high-risk client involving a high-risk matter.
Both scenarios are made up and do not contain any confidential information. They are designed to support you on how to use our template for your clients and matters.
The appendices have been created as an aid and should not be used as an endorsement of a rating for a specific type of client or matter. Each client and matter should be assessed based on its individual circumstance. When risk assessing clients and matters you should document your rationale on how you arrived at the rating.
Template 1 – Low-risk client and medium-risk matter
ABC LLP is a law firm based in Bristol. The firm offers various services including conveyancing.
According to its firm wide risk assessment, the firm's conveyancing transactions typically range between £260,000 and £790,000. The firm consider conveyancing to be high risk for money laundering. The firm's typical client base is local to Bristol.
The firm wide risk assessment is required under Regulation 18 of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. The client and matter risk assessment for this matter flows from the risks identified in the firm's firm-wide risk assessment.
The firm have been approached by Jane Elisabeth Smith (the client) to assist in the purchase of a property.
The client is new to the firm and lives in Birmingham. The client is employed full time and earns £32,275 annually. The client is a first-time buyer purchasing a residential property for £250,000 in Birmingham. £225,000 of the purchase will be funded by a mortgage from a high street bank and the remaining £25,000 will be from the client's savings.
The chronology below sets out how the template client and matter risk assessment was completed:
18 May 2023
- The client instructs the firm.
22 May 2023
- The fee earner conducts the initial client and matter risk assessment and completes sections one to four of the client and matter risk assessment.
- In the initial risk assessment the fee earner notes the following:
- The client is a nurse and earns a salary of approximately £32,000.
- The client is not local to the firm and is based in Birmingham. While the firm's client base is ordinarily local to the firm, the fee earner does not note any concerns with this client instructing the firm as the firm previously acted for the client's sister who has referred the client to the firm.
- The client will not be met face to face, but electronic due diligence checks will be carried out with a video call.
- The client is a first-time buyer and wishes to instruct the firm to buy a house.
- The transaction will be funded largely by mortgage, plus a deposit of £25,000 from the client's savings.
- The fee earner considers the client to be low risk for money laundering and the matter as medium risk.
- The reason for these ratings are that while purchases are considered high risk in the firm's firm-wide risk assessment, source of funds checks will be carried out to help mitigate the risks.
- The fee earner notes that the matter will be funded by a mortgage and that the client is in full-time employment. As the fee earner determines there are no concerning factors in this transaction, using a risk-based approach the rating is reduced to medium.
- The fee earner also notes the client has been referred by an existing client. The client will be subject to identification and verification checks to mitigate any risks. The value of the transaction is normal for the firm and the funding of the transaction makes sense based on the client's financial circumstances.
- As there are no high-risk factors, the fee earner determines the client is low risk and that standard due diligence checks will be applied.
1 June 2023
- The fee earner meets the client virtually.
- The electronic identification and verifications checks are carried out and no concerns are identified.
- The client provides evidence of her income and savings on 20 July 2023 as well as evidence of the mortgage proceeds.
- The client and matter risk assessment form is updated on 23 July 2023 to reflect this.
- The form notes that identification and verification checks were fine and that the client has supplied pay slips to show how she accumulated the savings.
- The fee earner notes that the client currently lives with her parents enabling her to save the deposit.
- During the monitoring of the matter, the fee earner notes nothing has changed since the start of the matter. The value of the property and funds involved have remained consistent. The fee earner does not consider it necessary to change the risk level of the matter.
- The risk assessment is reviewed pre-exchange on 22 August 2023 and no changes were noted.
- The matter completes on 29 August 2023.
Template 2 – high-risk client, high-risk matter
Template 2 was completed for a high-risk client involving a high-risk matter.
123 LLP is a law firm based in Oldtown. According to its firm wide risk assessment , the firm offers various services including commercial conveyancing. Some of the firm's clients have links to overseas entities. The transactions undertaken at the firm typically range between £500,000 and £3,000,000. The firm consider conveyancing transactions to be high risk for money laundering.
The client, XYZ Limited, is a limited company registered in England. XYZ Limited is a new client to the firm and operates as a nail salon in Oldtown. XYZ Limited has two directors, Mr C and Mr T. Mr C owns 100% of the shares in XYZ Limited. Mr T is a manager at XYZ Limited. XYZ Limited wish to purchase a commercial premises for £550,000. XYZ Limited are purchasing the property with funds derived from Mr C's business in Dubai, DUB Ltd. The client and transaction profile are normal for 123 LLP and they are experienced in such matters.
27 February 2023
- Mr C instructs the firm on behalf of the company on 27 February 2023
2 March 2023
- Mr T attended the firm in person.
- The initial client and matter risk assessment was conducted on 2 March 2023.
- The fee earner notes the following in sections one to four of the client and matter risk assessment.
- The client is looking to purchase a larger premises as the business is expanding. The owner of the salon (Mr C) often travels between the UK and abroad. The firm are dealing with Mr C's brother Mr T who is the manager at the salon and a director in the company. The firm have obtained authority from Mr C to deal with Mr T on the company's behalf.
- The fee earner notes Mr C has links to the UAE and that funding for the purchase is coming from Mr C';s UAE-based salon DUB Ltd.
- The firm are awaiting ID and verification documents.
- The fee earner notes that the client is a cash-intensive business and source of funds check will be completed.
- In the enhanced due diligence section, the fee earner notes the matter involves a cash-intensive business and that the matter involves a party established in a high-risk third country. For this reason on 3 March 2023 the fee earner escalates the matter to the firm's nominated officer.
- The client and matter risk assessment notes that the nominated officer suggests the matter can proceed providing the fee earner can determine the legitimacy of the business in Dubai. The fee earner is required to obtain satisfactory source of funds and source of wealth checks. As well as carry out adverse media checks.
- The matter and client are both judged to be high risk.
- The reasons for this rating are the links to a high-risk third country (Dubai) and that the salon is considered a cash-intensive business.
- The fee earner notes that open-source research shows the client has a chain of beauty shops/salons in the UAE.
- The matter will be subject to enhanced due diligence and enhanced ongoing monitoring.
14 March 2023
- The fee earner meets Mr C virtually.
- Client due diligence and source of funds/wealth check were obtained.
- The fee earner completes section five of the client and matter risk assessment form and notes receiving the accountants reports for both the clients UK based and UAE company. The fee earner notes both accountants are regulated.
- The accountant's report for the company in the UAE shows a turnover of approximately £1 million annually, the UAE company has been trading for some time and the fee earner is satisfied with the source of funds and how the wealth has been accumulated.
- The fee earner considers the matter to remain high risk.
29 May 2023
- Client due diligence and source of funds checks are completed.
- The client and matter risk assessment is updated, the fee earner notes the bank statements are consistent with the information provided by the client and the accountants.
5 June 2023
- The matter completes