When should a Law Firm Repeat Client Due Diligence?
At The Strategic Partner, we are frequently asked how often a firm is required to repeat Client Due Diligence and if there is a time limit imposed.
The answer is not easily found in the regulations or the guidance provided and it is necessary to consider a number of areas to find a path that keeps your firm on the right side of the regulations.
We can accept that for some firms, the burden to repeat CDD on clients who you know and have known your firm or individuals in the firm for a long time is frustrating particularly where you consider such clients to be low risk.
The reality is, as with all AML related risk assessments, not doing something increases your risk and taking action to ‘Know Your Clients’ reduces your risk. For example, if a client of the firm brings on a new BOOM (Business Owner Officer or Manager) and that BOOM is a high risk or is domiciled in a high risk or sanctioned country, your client’s risk profile has changed. If you do not ask the questions your firm will not be aware of new developments and if your client does not tell you and you carry on with a low risk assessment, you put the firm at risk and in breach of the requirements of the AML regulations.
So, what does the guidance say?
The regulation and guidance say you must “renew and re-evaluate CDD at appropriate intervals (including during the course of a given transaction)”.
It goes on to say “You should operate a system of regular review and renewal of CDD and take a risk-based approach to such activity. You should consider reviewing (although not necessarily redoing) the CDD upon each new matter. Where there has been a significant gap between instructions (anything above a year may be considered a significant gap in relation to those clients or transactions assessed as higher-risk), you should consider refreshing the CDD”
Regulation 27 advises firms to apply or reapply CDD to existing clients on a risk-based approach when the client’s circumstances has changed.
This is not a direct instruction to undertake due diligence annually, as some firms do and it could be said is unhelpful in terms of providing a time frame when CDD should happen.
The answer is easier when it comes to circumstances about the client as the regulations and guidance advises that CDD should be re-applied when: –
- There is any indication that the identity of the client or beneficial owner has changed.
- You handle transactions that are not reasonably consistent with your knowledge of the client.
- There is any change in the purpose or nature of the relationship.
- There is any other matter which may affect your assessment of the money laundering or terrorist financing risk concerning the client.
Returning to the question of time frames, as noted, this is not so easy to answer but an indication MAY also be found in the amended regulation which provides that CDD must be re-applied when a practice has a legal duty, in the course of a year, to contact a client under the International Tax Compliance Regulations 2015 or to review information relevant to their client risk assessment and concerning beneficial ownership information.
It is appreciated that it is not a direct instruction to repeat due diligence annually, but the inference is there.
The important point to make is that the firm has a requirement to risk assess their clients and to ensure that their risk profile has not changed and where it has increased to high risk, to undertake enhanced due diligence.
A year for some is a reasonable amount of time for someone or a company to change and therefore our guidance is annually to make further checks. Some firms may feel that a year increases the frequency to a level that is not tolerable and may wish to extend that period, others are quite content with that regularity.
What this comes down to is a question of risk and what level of risk your firm is prepared to take.
The longer a firm leaves repeating CDD the more likely it is that one of the issues noted above about the client has changed and if you are not aware of this change as you have not updated your CDD, then your firm does not meet the requirement of the regulations.
In terms of guidance, we are seeing most firms moving to a 12 month review of CDD.
One element we consider to be clear is that when opening a new matter for an existing client you must undertake a matter risk assessment and this itself will guide the firm on whether to reapply CDD.
About The Strategic Partner and Our Services
At The Strategic Partner, we work with firms and their MLRO’s, MLCO’s, COLP’s and COFA’s to assist them with the management of risk, compliance and regulation through our two compliance solutions and we can provide individual training and guidance.
We always provide bespoke, best practice services and solutions as we recognise that every law firm is different. It is essential to provide guidance, consultancy, written documents, training and procedures that meet the exact requirement of the firm to overcome rather than provision templated solutions.
You can view our compliance services by clicking on the links below. Our solutions are cost-effective and provide firms with the necessary solutions to comply with the:
• Codes of Conduct
• SRA Accounts Rules
• Regulations including AML
• Other legalisation that affects law firm
These are comprehensive packages set at affordable prices for all firms.
For more information about our Risk, Regulation & Compliance Services, you can call us on 0203 911 9710 or you can email us at firstname.lastname@example.org. Links to our brochures are as follows:-