Money laundering and anti-money laundering regulations - Due...

Learning Outcomes

This article outlines money laundering and anti-money laundering due diligence requirements in England and Wales, including:

• The process and stages of money laundering
• The AML legal framework in England and Wales
• Timing and application of customer due diligence (CDD) measures
• Standard, simplified, and enhanced due diligence
• Risk factors and key AML terms
• Practical application of due diligence requirements for SQE1
• Firm-wide AML obligations: risk assessments, policies and procedures, internal controls, MLRO/MLCO roles, training, and record keeping
• Suspicious Activity Reports (SARs) and reporting triggers
• Regulatory thresholds for occasional transactions and transfers of funds

SQE1 Syllabus

For SQE1, you are required to understand the due diligence requirements under anti-money laundering regulations, with a focus on the following syllabus points:

• the process and stages of money laundering
• the legal framework for AML in England and Wales (including the Money Laundering Regulations and Proceeds of Crime Act)
• when and how to apply customer due diligence (CDD) measures
• the differences between standard, simplified, and enhanced due diligence
• identifying and verifying beneficial ownership
• ongoing monitoring of client relationships
• risk-based approaches and high-risk indicators
• practical steps for compliance and reporting obligations
• firm-wide risk assessments and AML policies, controls and procedures
• internal controls: MLRO, MLCO, employee screening and independent audit
• SAR process and consent timelines
• PEPs and high-risk third countries
• financial sanctions checks and licensing
• training and record retention requirements

Test Your Knowledge

Attempt these questions before reading this article. If you find some difficult or cannot remember the answers, remember to look more closely at that area during your revision.

1. What are the three stages of money laundering, and why is it important to recognise them in practice?
2. When must a solicitor apply enhanced due diligence under the Money Laundering Regulations?
3. What is a beneficial owner, and how should a solicitor verify their identity?
4. What is the difference between standard and simplified due diligence?

Introduction

Money laundering is the process of disguising the origins of criminal funds to make them appear legitimate. The UK has strict anti-money laundering (AML) regulations to prevent legal professionals and others from being used to facilitate this process. Due diligence requirements are central to AML compliance, ensuring that solicitors and law firms identify their clients, assess risks, and monitor transactions to detect and report suspicious activity. Firms in scope of the regulations include most solicitors’ practices undertaking trust and company services, conveyancing, tax advice or client account services. Non-compliance is a criminal offence and attracts regulatory enforcement.

Key Term: money laundering
Money laundering is the process of concealing the criminal origin of funds or assets to make them appear lawful.

Key Term: anti-money laundering (AML)
AML refers to laws and procedures designed to prevent, detect, and report money laundering and terrorist financing.

Key Term: Money Laundering Regulations (MLR 2017)
The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 set out preventative obligations for regulated firms, including risk assessments, CDD, ongoing monitoring, internal controls, training, and record keeping.

The Stages of Money Laundering

Money laundering typically involves three stages:

1. Placement: Introducing criminal funds into the financial system.
2. Layering: Moving funds through complex transactions to obscure their origin.
3. Legitimization: Returning the laundered funds to the legitimate economy as apparently lawful assets.

Recognising these stages helps solicitors identify suspicious activity and apply appropriate due diligence. For example, unusual cash deposits (placement), rapid transfers via multiple accounts and jurisdictions (layering), and purchases of high-value assets with opaque sources of wealth (legitimization) are common patterns.

Legal Framework for AML and Due Diligence

The main sources of AML law in England and Wales are:

• The Proceeds of Crime Act 2002 (POCA)
• The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017)
• The Terrorism Act 2000

Solicitors must comply with these laws and the guidance issued by the Solicitors Regulation Authority (SRA). The SRA is a supervisory authority for AML and requires firms to have systems and controls to manage AML risks. The Regulations also require certain approvals and controls at firm level.

Key Term: customer due diligence (CDD)
CDD is the process of identifying and verifying a client’s identity, understanding the business relationship, and monitoring transactions for AML compliance.

Under MLR 2017, firms must:

• complete a firm-wide written risk assessment (Reg 18), considering services offered, delivery channels, client types and sectors, and the SRA’s sector risk assessment
• establish written, senior-management-approved AML policies, controls and procedures proportionate to the firm (Reg 19), including how CDD is conducted, ongoing monitoring, record keeping, reporting, and controls for new technology and unusual or complex transactions
• implement internal controls (Reg 21), including appointment of a nominated officer (MLRO) and, where appropriate, a Money Laundering Compliance Officer (MLCO), employee screening, an independent audit function, and the ability to respond fully and rapidly to law enforcement inquiries about business relationships within the previous five years
• ensure beneficial owners, officers and managers are approved by the SRA under the Regulations; acting without approval is a criminal offence (Reg 26)

Key Term: Money Laundering Reporting Officer (MLRO)
The MLRO is the person in a firm responsible for receiving internal reports of suspicious activity and making external reports to the NCA.

Key Term: Money Laundering Compliance Officer (MLCO)
The MLCO oversees the firm’s compliance with AML regulatory requirements, liaises with the SRA on AML matters and ensures policies, controls, procedures and training are effective.

When to Apply Customer Due Diligence

CDD must be carried out in the following situations:

• When establishing a business relationship with a client
• When carrying out an occasional transaction that amounts to €15,000 or more, whether in a single operation or several operations which appear linked
• When carrying out an occasional transfer of funds exceeding €1,000 (as defined in the Regulations)
• When there is suspicion of money laundering or terrorist financing
• When there are doubts about the accuracy or adequacy of previously obtained client identification

CDD involves identifying the client, verifying their identity using reliable, independent sources, and understanding the purpose and intended nature of the relationship. Verification must occur before the relationship is established or the transaction is performed. In low-risk cases where interruption of normal business would be disproportionate, verification may be completed during the establishment of the relationship, but never for occasional transactions. If CDD cannot be completed, the firm must not proceed, must terminate any existing relationship, and should consider whether to submit a SAR.

Key Term: Suspicious Activity Report (SAR)
A SAR is a report made to the NCA when there is knowledge or suspicion of money laundering or terrorist financing.

Worked Example 1.1

A solicitor is instructed by a new client to purchase a property for £500,000. The client is not known to the firm. What steps must the solicitor take before proceeding?

Answer:
The solicitor must apply CDD by identifying and verifying the client’s identity using reliable documents (e.g., passport and proof of address), understanding the purpose of the transaction, and assessing the risk of money laundering. Verification must be completed before exchange or completion; if the client is not met face-to-face, consider EDD measures. If unable to complete CDD, do not proceed and consider a SAR.

Identifying Beneficial Owners

When the client is a company, partnership, or trust, solicitors must identify any beneficial owner—an individual who ultimately owns or controls more than 25% of the entity or exercises significant control.

Key Term: beneficial owner
A beneficial owner is a person who ultimately owns or controls a client entity, such as a company, partnership, or trust.

For companies and LLPs, reasonable measures must be taken to understand and verify the ownership and control structure. For UK corporates, obtain and verify:

• legal name and registration number
• registered office and principal place of business
• governing law and constitutional documents
• names of directors or senior managers responsible for operations
• details of any individual who ultimately owns or controls more than 25% of shares or voting rights, or exercises ultimate control over management

UK corporates must provide specified information on request when forming a business relationship (Reg 43). Checking Companies House (including the PSC register) is expected, but information must be assessed critically and supplemented where needed. For partnerships, identify any person entitled to or controlling more than a 25% share of capital, profits or voting rights, or otherwise exercising control. For trusts, identify the settlor, trustees, beneficiaries (or class of beneficiaries where not yet determined), and any person with control over the trust (e.g. the power to appoint or remove trustees or beneficiaries). If a trust beneficiary is a company, apply corporate beneficial ownership tests to that company.

Key Term: politically exposed person (PEP)
A PEP is an individual with a prominent public function (e.g., senior politician, judge, senior military officer or state-owned enterprise senior management), or their family member or close associate, who presents a higher risk for money laundering.

Worked Example 1.2

A UK private company client is owned 60% by an offshore parent company and 40% by three UK individuals (each holding 13.3%). The instructing person is a UK-based finance manager. How should the firm identify beneficial ownership and authority?

Answer:
Verify the UK company’s existence and registration, its directors/senior managers, and obtain evidence of the finance manager’s authority to instruct. Identify and verify the three UK individuals as they collectively do not meet the >25% threshold individually, but still consider control roles. Assess the offshore parent’s ownership chain to identify any individual(s) ultimately owning or controlling more than 25% at higher tiers. If opacity or high-risk jurisdiction features are present, apply EDD. Record the ownership/control structure and keep CDD evidence.

Types of Due Diligence

AML regulations require a risk-based approach. The level of due diligence depends on the risk presented by the client or transaction.

Key Term: simplified due diligence (SDD)
SDD is a reduced level of due diligence applied where, following documented risk assessment, the client and transaction present a low risk of money laundering or terrorist financing.

Key Term: enhanced due diligence (EDD)
EDD is a strengthened level of due diligence required where higher risk factors are present, involving additional information, checks and monitoring.

Standard Due Diligence

Standard CDD is applied in most cases and involves:

• Identifying and verifying the client’s identity
• Identifying and verifying any beneficial owners
• Understanding the purpose and intended nature of the business relationship
• Ongoing monitoring of the relationship

For individuals, use reliable, independent documents. Sector guidance from the Legal Sector Affinity Group considers it good practice to obtain either one government-issued document confirming name and address or name and date of birth, or one government-issued document confirming full name plus a supporting document confirming name and address or date of birth. For companies, verify existence and registration details, governing law and constitution, and senior management. Confirm the authority of the instructing person to bind the entity. For partnerships, obtain details of constituent individuals and management; for well-known partnerships with extensive public information, proportionate verification may suffice, subject to risk assessment.

Simplified Due Diligence

Simplified due diligence (SDD) may be applied where the risk of money laundering is low, such as when the client is a UK public authority or a company listed on a regulated market. SDD allows for reduced verification, but only after a documented risk assessment. SDD eligibility must be evidenced; for a UK-listed plc, confirm the listing on the regulated market. The presence of a single low-risk factor does not automatically justify SDD; consider all relevant factors and ensure no high-risk indicators are present.

Enhanced Due Diligence

Enhanced due diligence (EDD) is required in higher-risk situations, including:

• When the client is not physically present for identification and risk cannot be mitigated by reliable electronic verification or equivalent measures
• When the client or beneficial owner is a PEP, their family member, or close associate
• When the client or transaction involves a high-risk third country specified by HM Treasury
• When the client has provided false or stolen identification and the firm decides to continue the relationship
• When a transaction is complex or unusually large, shows an unusual pattern, or has no apparent economic or legal purpose
• Other situations indicating heightened risk, such as payments from unknown third parties or unusual delivery channels

Key Term: high-risk third country
A jurisdiction specified by HM Treasury where significant AML/CFT deficiencies present heightened risk; EDD is mandatory for business relationships or transactions involving such countries.

EDD involves obtaining additional information, verifying the source of funds and source of wealth, obtaining senior management approval to proceed, and increasing ongoing monitoring.

Key Term: source of funds
The origin of the specific funds used in a transaction (e.g., proceeds of a property sale, salary, business profits).

Key Term: source of wealth
The origin of a client’s overall wealth (e.g., long-term accumulation from business activity or investments), indicating how the client acquired total assets.

For PEP-related matters, firms must have senior management approval to establish or continue the relationship, take adequate measures to establish source of funds and source of wealth, and conduct enhanced ongoing monitoring. Family members typically include spouse or civil partner, children and their spouses/civil partners, and parents; close associates include persons with close business relationships.

Worked Example 1.3

A client wishes to invest £2 million in UK property. The client is a national of a country identified as high-risk for money laundering, and the funds are routed through several offshore companies. What due diligence is required?

Answer:
The solicitor must apply EDD by obtaining more information about the client and beneficial owners across the corporate chain, verifying the source of funds for the specific investment and the client’s source of wealth, obtaining senior management approval, and conducting enhanced ongoing monitoring. The involvement of a high-risk third country and complex routing through offshore structures triggers EDD under the Regulations.

Ongoing Monitoring and Record Keeping

Solicitors must monitor client relationships on an ongoing basis to ensure transactions are consistent with the client’s profile and risk assessment. Ongoing monitoring includes scrutinising transactions, checking consistency with the client’s business and risk profile, keeping CDD information up to date, and reviewing risk levels when relevant changes occur. Any suspicious activity must be reported to the firm’s nominated officer (MLRO), who may file a Suspicious Activity Report (SAR) with the National Crime Agency (NCA).

Key Term: Money Laundering Reporting Officer (MLRO)
The MLRO is the person in a firm responsible for receiving internal reports of suspicious activity and making external reports to the NCA.

If a SAR is submitted, the NCA has seven working days (the notice period) to respond. During this period, the potentially prohibited act must not be carried out, though other work on the matter may continue if it does not further the suspected laundering. If the NCA consents or does not respond within seven days, deemed consent arises and the act can proceed. If consent is refused, a 31-day moratorium applies during which the act must not proceed; after 31 days, if no restraint action is taken, the firm may proceed. Care must be taken not to tip off the client or others that a SAR has been made.

Key Term: Suspicious Activity Report (SAR)
A SAR is a report made to the NCA when there is knowledge or suspicion of money laundering or terrorist financing.

Records of CDD, risk assessments, and transactions must be kept for at least five years from the end of the business relationship or the completion of the occasional transaction. Firms must be able to respond fully and rapidly to law enforcement inquiries about whether they have maintained a business relationship with any person within the previous five years and the nature of that relationship.

Firms must also provide regular AML training to relevant employees and maintain training records. Employees must be aware of the law on money laundering and terrorist financing, recognise suspicious transactions, and know internal reporting procedures. Failure to train can be a regulatory breach and may be relevant to defences for certain POCA offences.

Key Term: Money Laundering Compliance Officer (MLCO)
The MLCO oversees the firm’s AML compliance framework, including risk assessments, policies, controls, procedures, and training, and acts as the SRA’s primary AML contact.

Worked Example 1.4

A fee-earner suspects that a client’s funds used to pay completion monies may be derived from fraud. The MLRO is on leave and no deputy MLRO has been appointed. What should the fee-earner do?

Answer:
Internal reporting must reach the MLRO or an alternative nominated officer. If no alternative arrangements exist, the solicitor should report suspicions directly to the NCA to avoid delay that might permit money laundering. The firm should then review its internal controls and appoint a deputy MLRO or equivalent to avoid future gaps.

Risk-Based Approach and Red Flags

AML regulations require solicitors to assess the risk of money laundering for each client and matter. Factors increasing risk include:

• Clients from high-risk jurisdictions
• Complex ownership structures or extensive use of offshore entities
• Unusual payment methods (e.g., large cash payments)
• Reluctance to provide identification or information
• Transactions with no apparent economic or legal purpose
• Business conducted in unusual circumstances (e.g., exclusively non face-to-face without robust electronic verification)
• Payments from unknown or unconnected third parties
• Frequent changes to transaction parties or funding sources without clear business rationale

Firms must conduct a firm-wide written risk assessment and document matter-level risk assessments. The SRA monitors compliance and may request to see a firm’s risk assessment; inadequate assessments attract enforcement. National and sector risk assessments identify legal services areas most exposed to laundering risk, including trust and company services, conveyancing and client account services.

Exam Warning

Failing to apply EDD when required (e.g., for PEPs or high-risk countries) is a common error and may result in regulatory action. Always document your risk assessment and the rationale for the level of due diligence applied.

Practical Steps for Compliance

To comply with AML due diligence requirements, solicitors should:

• Conduct a written firm-wide AML risk assessment and a documented risk assessment for each client/matter
• Establish and maintain senior-management-approved AML policies, controls and procedures proportionate to the firm
• Apply appropriate CDD measures based on the risk assessment
• Identify and verify beneficial owners where relevant and confirm authority of instructing persons
• Apply EDD for high-risk clients, PEPs, and high-risk countries, including senior management approval and verification of source of funds and source of wealth
• Monitor client relationships and transactions on an ongoing basis and update CDD
• Report suspicious activity to the MLRO and, if appropriate, to the NCA; manage consent and moratorium periods and avoid tipping off
• Keep records of CDD, risk assessments, and transactions for five years and ensure the firm can respond quickly to law enforcement inquiries
• Appoint and support MLRO and MLCO roles, screen relevant employees and operate an independent AML audit function
• Provide regular AML training to relevant employees and retain training records
• Check UK financial sanctions lists and, where acting for designated persons, obtain OFSI licences for fees; notify OFSI if knowledge or reasonable suspicion arises
• Consider obligations under the Criminal Finances Act 2017 (failure to prevent facilitation of tax evasion), ensuring reasonable prevention procedures extend to associated persons

Worked Example 1.5

A solicitor is approached by a new client who wishes to pay a large retainer in cash and is unwilling to provide proof of identity. What should the solicitor do?

Answer:
The solicitor should refuse to proceed until satisfactory identification is provided. Large cash payments and reluctance to provide ID are red flags. If suspicion arises, the solicitor should report to the MLRO and consider making a SAR. Do not accept the funds or open a client account for the matter without completing CDD.

Worked Example 1.6

You are instructed by a client incorporated in a sanctioned jurisdiction. The instructing director confirms the company is named on the UK sanctions list and asks if you can accept funds and proceed upon payment of your fees.

Answer:
Conduct sanctions checks. Acting requires an appropriate OFSI licence to receive reasonable legal fees; without a licence, dealing with funds is prohibited. Inform OFSI if you know or reasonably suspect the person is designated or has committed sanctions offences. Discussing sanctioned status does not constitute tipping off. Apply EDD if proceeding and maintain enhanced monitoring.

Key Point Checklist

This article has covered the following key knowledge points:

• Money laundering involves placement, layering, and legitimization of criminal funds.
• Solicitors must comply with AML laws, including POCA and the Money Laundering Regulations.
• Firms must complete firm-wide AML risk assessments and maintain senior-management-approved AML policies, controls and procedures.
• Customer due diligence (CDD) is required when starting a business relationship, for occasional transactions of €15,000 or more, for transfers of funds exceeding €1,000, or when suspicion or doubt arises.
• Standard, simplified, and enhanced due diligence apply depending on risk; eligibility for SDD must be evidenced and is not automatic.
• Beneficial owners must be identified and verified for entities; confirm the authority of instructing persons.
• Enhanced due diligence is required for PEPs, high-risk countries, false/stolen ID, non face-to-face high-risk onboarding, and complex or unusual transactions.
• Ongoing monitoring and record keeping are mandatory; keep records for five years and be able to respond quickly to law enforcement inquiries.
• SARs must be submitted where knowledge or suspicion arises; manage consent and moratorium periods and avoid tipping off.
• Internal controls include appointing MLRO and MLCO, screening relevant employees, and operating an independent audit function; training is required and must be recorded.
• Financial sanctions must be checked; licences may be needed to receive legal fees for designated persons.
• The Criminal Finances Act 2017 imposes a corporate offence of failing to prevent facilitation of tax evasion; firms must have reasonable prevention procedures.

Key Terms and Concepts

• money laundering
• anti-money laundering (AML)
• Money Laundering Regulations (MLR 2017)
• customer due diligence (CDD)
• simplified due diligence (SDD)
• enhanced due diligence (EDD)
• beneficial owner
• politically exposed person (PEP)
• high-risk third country
• source of funds
• source of wealth
• Suspicious Activity Report (SAR)
• Money Laundering Reporting Officer (MLRO)
• Money Laundering Compliance Officer (MLCO)