Anti Money Laundering Regulations (MLR) 2017
It is a regulatory requirement for most firms to carry out an ‘Independent Audit of AML Policies, Controls and Procedures’ and is essential to comply with Regulation 21 of the Anti-Money Laundering Regulations. Failure to undertake this audit results in failure to comply with the Regulations and it remains your responsibility to the SRA to ensure this is done effectively.
The problem for many firms is how to satisfy the ‘independence’ requirement of Regulation 21 (1) (c) of the MLR 2017. You are allowed to carry out an audit internally, but it should not be carried out by the MLRO or the MLCO, or anyone else responsible for maintaining the AML function within the firm. Typically, in-house employees with sufficient expertise, who would be capable of undertaking an audit of this type are those who have day-to-day responsibility for designing, implementing and monitoring the application of the firm‘s anti-money laundering policies and procedures. Therefore, it could be difficult to comply with the ‘independent’ requirement under Regulation 21 or the MLR 2017.
We recognise this issue, and our service provides firms with a truly independent audit and report which meets regulatory requirements and is specifically designed to comply with the requirement of the MLR 2017. It is recommended that a law firm performs such a review every 2 years although large firms may consider that annually is more appropriate.
Law Firm Compliance
The Strategic Partner works with firms of all sizes, from the smaller high street or niche firms through to the large multi-office and multinational firms.
Our service provides firms with a completely independent audit and ensures the review is completed and reported on in accordance with the regulatory requirements.
Our Regulation 21 Independent Audit includes: –
- Discovery meeting to scope out and agree to the approach and focus of the review.
- Policies have been written to document how the firm complies with the MLRO 2017.
- A review and analysis of the firm’s High Risk and Suspicious Activity Register
- Interviews with staff to consider the practical application of a firm’s AML PCPs and to establish understanding and knowledge.
- Optional file reviews to consider the application of a firm’s AML PCP requirements at case/matter level
- A formal report detailing the information obtained in the review, the current approach adopted by the firm and identifying any gaps with a series of recommendations and solutions
- Presentation of the findings to the partners
- A Directors/Partners Report to evidence the requirement of Regulation 21 of the MLR 2017:-
- PCP Analysis
- Analysis of trends
The regulation 21 independent audit extension will further include a review of the approach adopted by the firm for compliance with AML regulations.
Is your firm complaint?
Talk to us today
Our goal is to work with the firm to help them build a robust risk management profile that is independently assessed and receives recognition and credibility from the firm’s Professional Indemnity Insurer.
To further bolster a firm’s approach to overall risk control, regulation and compliance, The Strategic Partner has developed two services that can be utilised as part of a fully outsourced solution. Full details of each service can be viewed by clicking the links below, but a summary of each service is as follows:-
Our Risk, Regulation and Compliance Service has been designed to provide law firms of all sizes with a compliant environment, using bespoke, documented and implemented procedures that evidences how a firm tackles and manages risk, compliance and regulation. Our experience and focus provide law firms with the required and necessary support and expertise.
Our Risk, Compliance & AML Guidance and Administration Service provides law firms with a cost-effective solution to outsource the management of the firm’s registers and to provide day-to-day compliance guidance to the staff. It provides law firms and their staff with direct access to a dedicated Compliance Manager, who will provide case-level guidance and accept receipt of notifications, through which they will also manage and update the various compliance registers.