Money laundering and anti-money laundering regulations - Cli...

Learning Outcomes

This article explains the distinction between standard client due diligence (CDD) and enhanced due diligence (EDD) under UK anti-money laundering law, when each is required, the practical steps involved, and the legal and ethical duties of solicitors under the Money Laundering Regulations 2017 and Proceeds of Crime Act 2002. It also covers simplified due diligence in low-risk cases, identification and verification of beneficial owners of companies, partnerships and trusts, management of politically exposed person (PEP) risks, and the suspicious activity reporting workflow (including consent, notice and moratorium periods). In addition, it outlines firm-wide AML responsibilities such as risk assessment, policies, controls and procedures, training, internal reporting lines (MLRO/MLCO), record-keeping, and the interface with professional conduct (confidentiality, tipping off, undertakings, sanctions), with application to SQE1-style scenarios.

SQE1 Syllabus

For SQE1, you are required to understand the anti-money laundering (AML) regime as it applies to legal practice, with a focus on the following syllabus points:

• the purpose and scope of anti-money laundering legislation, including the Money Laundering Regulations 2017 and Proceeds of Crime Act 2002
• the requirements for client due diligence (CDD) and enhanced due diligence (EDD)
• when and how to identify beneficial owners
• the circumstances triggering EDD (e.g. high-risk countries, politically exposed persons, non-face-to-face onboarding, unusual/complex transactions)
• the reporting obligations of solicitors and the interface with professional conduct duties
• the consequences of failing to comply with AML requirements and SRA enforcement
• simplified due diligence, its eligibility and evidential requirements
• firm-wide AML risk assessment (reg 18), policies, controls and procedures (reg 19), internal controls including MLRO/MLCO, employee screening, independent audit, and training (regs 21, 24)
• ongoing monitoring and record keeping requirements (reg 28(11), reg 40) and responsiveness to law enforcement enquiries (reg 21(8))
• the NCA consent regime (notice period, moratorium) and managing client communication without tipping off
• awareness of the UK financial sanctions regime and Criminal Finances Act 2017 obligations alongside AML duties

Test Your Knowledge

Attempt these questions before reading this article. If you find some difficult or cannot remember the answers, remember to look more closely at that area during your revision.

1. What is the main difference between standard client due diligence (CDD) and enhanced due diligence (EDD)?
2. Name two situations where enhanced due diligence is mandatory under the Money Laundering Regulations 2017.
3. What steps must a solicitor take if they suspect a client is engaged in money laundering?
4. True or false? A solicitor may inform a client that a suspicious activity report (SAR) has been made about them.

Introduction

Money laundering is the process of disguising the origins of criminal property to make it appear legitimate. Solicitors are at risk of being used to facilitate money laundering, especially when handling client funds or complex transactions. The UK anti-money laundering regime imposes strict requirements on legal professionals to prevent and detect such activity. Central to this regime are the concepts of client due diligence (CDD) and enhanced due diligence (EDD), which are essential for SQE1.

The Anti-Money Laundering Framework

Solicitors must comply with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (the "Money Laundering Regulations") and the Proceeds of Crime Act 2002 (POCA). These laws require a risk-based approach to identifying and verifying clients, monitoring transactions, and reporting suspicions.

The SRA supervises AML compliance in legal services and monitors sector risks. Firms and sole practitioners must ensure their beneficial owners, officers and managers are approved under the Regulations; acting without approval is a criminal offence. Failure to comply with the Regulations, including record-keeping and due diligence duties, can amount to criminal conduct and regulatory breaches leading to sanctions, fines and disciplinary action.

Under the Regulations, firms must undertake a firm-wide AML risk assessment (reg 18) covering their services, delivery channels, client base and geographic exposure (including high-risk jurisdictions) and maintain an up-to-date written record. Firms must also implement proportionate, senior-management-approved policies, controls and procedures (reg 19) addressing risk management, due diligence, reporting, record-keeping, new technology, and complex, unusually large, or unusual transactions.

Internal controls (reg 21) include appointing a nominated officer (often the Money Laundering Reporting Officer, MLRO) to receive internal reports and liaise with the NCA, and — where appropriate — appointing a Money Laundering Compliance Officer (MLCO) to oversee compliance. Firms must screen relevant employees for skills, knowledge, conduct and integrity, establish an independent audit function to test AML policies and procedures, and be able to respond rapidly to law enforcement enquiries about business relationships maintained during the previous five years. Regular AML training is mandatory (reg 24).

Key Term: money laundering
Money laundering is the process of concealing, disguising, or converting criminal property to make it appear to come from a legitimate source.

Client Due Diligence (CDD)

CDD is the baseline process for verifying the identity of clients and understanding the nature of the business relationship. It must be performed before establishing a business relationship or carrying out an occasional transaction above €15,000 (or equivalent). CDD is also required where there is a transfer of funds exceeding €1,000 that is an occasional transaction, where money laundering or terrorist financing is suspected, or where the veracity/adequacy of previously obtained identity information is doubted.

Key Term: client due diligence (CDD)
CDD means identifying and verifying the client’s identity using reliable, independent sources, and understanding the purpose and intended nature of the business relationship.

CDD involves:

• Identifying the client and verifying their identity (e.g. passport, driving licence, company documents)
• Identifying any beneficial owner if the client is not a natural person
• Understanding the purpose and intended nature of the business relationship or transaction
• Conducting ongoing monitoring to ensure transactions are consistent with the solicitor’s knowledge of the client
• Verifying that the person instructing on behalf of a client entity is authorised to do so
• Taking reasonable measures to understand the ownership and control structure of non-natural persons (e.g. companies, LLPs, trusts)

For individuals, identity is typically verified with government-issued photo ID plus corroborating evidence of address or date of birth from reliable sources. For companies, verify existence (name, registration number, registered office/principal place of business), governing law and constitutional documents, and names of the board or those responsible for operations. For UK bodies corporate and LLPs, firms must obtain proof of registration (e.g. Companies House extract) and may rely on the legal requirement that UK corporates provide specified information when forming a business relationship (reg 43). Always check that the instructing officer has authority to act.

Key Term: beneficial owner
A beneficial owner is the individual who ultimately owns or controls a client, such as someone with more than 25% of shares or voting rights in a company, or the settlor, trustee, or beneficiary of a trust.

Beneficial ownership must be identified and, on a risk-sensitive basis, verified. For companies, look for individuals who own or control (directly or indirectly) more than 25% of shares or voting rights, or who exercise ultimate management control; this includes ownership through parent companies and bearer share holdings. For partnerships, identify any individual entitled to or controlling more than 25% of capital/profits or voting rights, or those exercising management control. For trusts, identify the settlor, trustees, beneficiaries (or class where undetermined), and any controllers (e.g. persons with power to appoint/remove trustees or beneficiaries). In multi-layered structures, a risk-based approach is needed to determine how far up the chain to probe; many firms seek to identify the ultimate beneficial owners of parent entities.

CDD timing is critical. Identity must be verified before a business relationship is established or an occasional transaction carried out. Verification can be completed during the establishment of a relationship only where there is little risk, it is necessary not to interrupt normal business, and the matter is not an occasional transaction. If CDD cannot be completed in time, the firm must not proceed, must terminate any existing relationship, and should consider reporting to the NCA if suspicious.

Simplified due diligence may be applied where, following risk assessment, the relationship or transaction presents a low risk of money laundering or terrorist financing. Factors supporting low risk include clients listed on regulated markets in specified jurisdictions, and certain regulated institutions and public authorities. The presence of a factor does not automatically mean low risk; eligibility must be evidenced, and the firm must continue to monitor the relationship for changes. For listed companies, confirmation of stock exchange listing is usually sufficient, and beneficial owner identification may not be required.

Enhanced Due Diligence (EDD)

EDD is a more rigorous process required in higher-risk situations. The Money Laundering Regulations specify when EDD must be applied, including:

• When the client or transaction is linked to a high-risk third country
• When the client is a politically exposed person (PEP), or a family member or close associate of a PEP
• When the client provides false or stolen identification documents
• When the transaction is unusually large, complex, or has no apparent economic or legal purpose, or there is an unusual pattern of transactions
• When the business relationship is conducted without face-to-face contact
• Where higher risk is identified by the firm’s risk assessment or by sector guidance (e.g. SRA/LSAG)

Key Term: enhanced due diligence (EDD)
EDD is a set of additional checks and measures applied to higher-risk clients or transactions, including obtaining extra information, verifying the source of funds, and enhanced ongoing monitoring.

EDD measures may include:

• Obtaining further independent documentation to verify identity (e.g. certified copies, independent corporate records, electronic verification from reliable sources)
• Establishing and corroborating the source of funds and source of wealth
• Obtaining senior management approval to proceed
• Conducting enhanced ongoing monitoring of the relationship (more frequent reviews, tighter transaction scrutiny, updated risk profiles)
• Examining, as far as reasonably possible, the background and purpose of transactions to assess appropriateness and detect red flags

Key Term: politically exposed person (PEP)
A PEP is an individual entrusted with prominent public functions (other than middle-ranking or junior officials), including heads of state/government, ministers, MPs, senior judges, senior central bank officials, ambassadors, high-ranking military officers, and senior executives of state-owned enterprises. Family members include spouse/civil partner, children and their spouses/civil partners, and parents. Known close associates include persons with close business relationships.

Where a PEP (or their family member/close associate) is the client or a beneficial owner, firms must obtain senior management approval to establish/continue the relationship, take adequate measures to establish source of wealth and source of funds, and conduct enhanced monitoring (reg 35). EDD is also expected for non-face-to-face onboarding, with additional steps to mitigate impersonation risk (e.g. stronger electronic identity verification, certified documentation, liveness or biometric checks).

When to Apply CDD vs. EDD

Solicitors must assess the risk of money laundering for each client and transaction. Standard CDD is sufficient for most clients, but EDD is mandatory where higher risks are identified by law or in the firm’s risk assessment. Consider client profile, geography, delivery channel (face-to-face vs remote), product/service risks (e.g. complex trust/company services), and transactional features (size, frequency, purpose).

Worked Example 1.1

A solicitor is instructed by a new client to purchase a property for £2 million. The client is a company registered in a high-risk jurisdiction, and the funds are coming from multiple overseas accounts.

Question: What due diligence steps must the solicitor take?

Answer:
The solicitor must apply EDD. This includes verifying the company’s identity, identifying and verifying the beneficial owners, establishing the source of funds, obtaining senior management approval, and conducting ongoing enhanced monitoring.

Worked Example 1.2

A client is a UK national and long-standing customer. They now wish to transfer £100,000 to a new business partner in another country. The client provides all requested identification documents.

Question: Is standard CDD sufficient?

Answer:
If there are no other risk factors, standard CDD is sufficient. However, if the destination country is high-risk or the transaction is unusual for the client, EDD may be required.

Worked Example 1.3

A UK discretionary trust instructs a solicitor to acquire an investment portfolio. One of the beneficiaries is a senior government minister from a non-UK country.

Question: What due diligence applies?

Answer:
The presence of a PEP as beneficiary triggers EDD obligations. The firm must identify the trust’s beneficial owners (settlor, trustees, beneficiaries/classes, and controllers), obtain senior management approval, and take adequate measures to establish source of wealth and source of funds for the trust assets. Enhanced monitoring is required.

Worked Example 1.4

A new client engages the firm entirely remotely via an online portal. They submit scans of ID documents but decline a video call and provide inconsistent utility bill details.

Question: How should the firm proceed?

Answer:
This is a non-face-to-face relationship with indicators of false or stolen identification. Apply EDD, including robust electronic identity verification from reliable sources, obtain certified documents, and conduct liveness/biometric checks. If concerns persist, do not proceed, consider suspicion and report internally to the MLRO.

Worked Example 1.5

A corporate client proposes a series of intercompany transfers, each below typical reporting thresholds, with no clear economic purpose.

Question: What due diligence is required?

Answer:
EDD is required due to unusual patterns and lack of apparent economic purpose. The firm should examine the background and purpose of the transfers, corroborate source of funds, obtain senior management approval, and apply enhanced monitoring. If suspicion arises, report to the MLRO.

Ongoing Monitoring and Record Keeping

CDD and EDD are not one-off checks. Solicitors must undertake ongoing monitoring of business relationships to ensure transactions are consistent with their knowledge of the client, the client’s business and risk profile. This involves scrutinising transactions, ensuring CDD information is kept up to date, and refreshing due diligence when trigger events occur (e.g. change of ownership/beneficial owners, geographic footprint, delivery channel, or product/service risk).

Firms must keep copies of CDD documents and supporting transaction records sufficient to reconstruct transactions. Records must be kept for at least five years from the end of the business relationship or completion of the occasional transaction. Firms must also be able to respond fully and rapidly to law enforcement enquiries about whether they maintained a relationship with any person in the past five years and the nature of that relationship.

Worked Example 1.6

A longstanding client company changes control: a new parent in another jurisdiction acquires 80% of shares.

Question: What steps must the firm take?

Answer:
Refresh CDD. Identify and verify the new beneficial owners and understand the ownership/control structure up to the ultimate parent. Reassess risk (including jurisdictional risk) and apply EDD if higher risk factors are present. Update the client’s risk profile and monitoring plan.

Reporting Suspicious Activity

If a solicitor knows or suspects that a client is engaged in money laundering, they must make a disclosure to their firm’s nominated officer (often called the Money Laundering Reporting Officer, MLRO). The nominated officer must then consider whether to submit a suspicious activity report (SAR) to the National Crime Agency (NCA).

Key Term: suspicious activity report (SAR)
A SAR is a report made to the NCA when there is knowledge or suspicion of money laundering or terrorist financing.

Key Term: Money Laundering Reporting Officer (MLRO)
The MLRO (nominated officer) is responsible for receiving internal reports of suspicion, making enquiries, deciding whether to report to the NCA, and managing consent and the firm’s approach to work to avoid tipping off or prejudicing investigations.

Internal reports must reach the MLRO; telling a line manager alone is insufficient. If the MLRO is absent and no alternative is appointed, solicitors may need to report directly to the NCA to avoid prejudice. After a SAR is submitted requesting consent to proceed with a potentially prohibited act, the NCA has seven working days (the notice period) to respond. During the notice period, the act must not be carried out, though other work on the file that does not prejudice the investigation may continue. If the NCA refuses consent, a 31-day moratorium follows during which the act must not be carried out. After that period, consent is deemed if no further response is given, and the act may proceed. Managing client expectations during these periods must be done carefully to avoid tipping off.

Solicitors must not inform the client that a SAR has been made, as this constitutes the offence of "tipping off" under POCA.

Key Term: tipping off
Tipping off is the prohibited act of informing a client or third party that a SAR or money laundering investigation is underway, which may prejudice the investigation.

Worked Example 1.7

A conveyancing matter stalls because funds appear unusual and the MLRO has submitted a SAR requesting consent to proceed with completion.

Question: What can the firm do while awaiting the NCA’s decision?

Answer:
Do not carry out the potentially prohibited act (e.g. completion/transfer of funds) during the seven-day notice period; other non-prejudicial steps (e.g. searches, correspondence) can continue. If consent is refused, the firm must not complete during the 31-day moratorium. Provide neutral explanations to the client that do not reveal the existence of a SAR to avoid tipping off.

Ethical and Professional Conduct Considerations

Solicitors must balance their duty of confidentiality to clients with their legal obligations to report suspicions of money laundering. Disclosure to the MLRO or NCA is permitted by law and does not breach client confidentiality. Professional obligations under the SRA Principles and Code also require integrity, acting in the best interests of each client, and avoiding actions that mislead others. AML responsibilities intersect with client care: identify who the client is (and who is instructing) at the outset, ensure competence and timely service, and manage risks of undue influence in property or trust matters.

Firms must maintain effective systems and controls, ensure staff receive regular AML training and maintain records of training, and supervise staff appropriately. Where AML risks are identified, it may be necessary to refuse instructions or cease acting to comply with the law and Code. Solicitors should also be aware of related regimes:

• Criminal Finances Act 2017: corporate offence of failure to prevent the criminal facilitation of tax evasion — firms must have reasonable prevention procedures, risk assessments and training; due diligence should consider tax evasion risks posed by associated persons.
• UK financial sanctions regime: do not deal with designated persons without an OFSI licence; there is a duty to inform OFSI where you know or reasonably suspect a designated person or sanctions breach. Sanctions status is public information; discussing it does not amount to tipping off.

Exam Warning

If a solicitor informs a client that a SAR has been made, this is a criminal offence (tipping off), even if the solicitor believes they are acting in the client’s best interests.

Revision Tip

Always check whether the client or transaction involves high-risk countries, PEPs, or unusual features. If in doubt, apply EDD and seek guidance from your firm’s MLRO.

Summary

Key Point Checklist

This article has covered the following key knowledge points:

• Money laundering is the process of disguising criminal property as legitimate funds.
• Solicitors must comply with the Money Laundering Regulations 2017 and POCA 2002.
• Client due diligence (CDD) is required for all clients; enhanced due diligence (EDD) is mandatory in higher-risk situations.
• EDD is triggered by factors such as high-risk countries, PEPs, complex transactions, or non-face-to-face relationships.
• Solicitors must identify and verify clients and beneficial owners, and monitor transactions.
• Simplified due diligence may be applied in low-risk cases, but eligibility must be evidenced and monitoring continues.
• Firms must maintain a written AML risk assessment, policies, controls and procedures, and internal controls (MLRO/MLCO, screening, audit).
• Suspicions of money laundering must be reported to the MLRO and may require a SAR to the NCA; manage consent, notice and moratorium periods.
• Tipping off a client about a SAR is a criminal offence.
• The duty of confidentiality does not prevent solicitors from making required disclosures under AML law.
• AML training, record keeping for at least five years, and the ability to respond rapidly to law enforcement enquiries are mandatory.
• Be aware of related obligations under the UK financial sanctions regime and the Criminal Finances Act 2017.

Key Terms and Concepts

• money laundering
• client due diligence (CDD)
• beneficial owner
• enhanced due diligence (EDD)
• suspicious activity report (SAR)
• tipping off
• politically exposed person (PEP)
• Money Laundering Reporting Officer (MLRO)