Use our AML Audit Help Desk to help you prepare for your AML Firmwide Risk Assessment (FWRA).
Under Regulation 18(1) MLR 2017 (as amended), all SRA regulated firms are required to carry out and maintain a documented firmwide risk assessment to identify and assess the risk of money laundering and terrorist financing to which the firm is subject. The AML firmwide risk assessment must be relevant given the size and nature of your firm, and take into consideration:
Regulation 18A of the money laundering regulations requires law firms to identify the risk of proliferation financing. This can either be considered separately or within your FWRA. Most firms now appear to include it in their firmwide risk assessment. Further AML guidance on how to carry out a proliferation financing risk assessment can be found in the Legal Sector Affinity Group guidance.
The purpose of a FWRA is to help SRA-regulated firms identify the money laundering risks that the firm is, or could be, exposed to, and consider how any risks could be mitigated. Ultimately, it should assist your firm to take a risk-based approach to preventing money laundering.
Having a firmwide risk assessment in place should also enhance compliance by assisting law firms in developing appropriate AML policies, controls and procedures. Fee earners will need to refer to your firmwide risk assessment when assessing risk at client and matter level. More information on client/matter risk assessments can be found here. A well drafted AML firmwide risk assessment will also play a role in enhancing the chances of having a successful outcome, if and when your firm is selected, for an SRA AML Audit.
It is an important document which should be regularly reviewed, kept up to date and approved by senior management. Lexsure, via CDDmonitor, offers suggested updates firmwide risk assessments with the monthly AML Policy Notification Service. If your firm uses the services of an external company or individual for an independent AML audit then you should expect, as part of that service, for your AML firmwide risk assessment to be reviewed.
As part of the SRA’s supervisory activities, the assessors review firmwide risk assessments during their AML inspections to firms and desk-based AML audits.
Often when conducting independent AML audits Lexsure finds that the majority of firms have a firmwide risk assessment in place. Lexsure has also witnessed an improvement in the quality of FWRAs which reflects the thought, effort and time that many MLROs and firms put into this key document.
Lexsure do however come across a meaningful proportion of firmwide risk assessments that would fall short of what the SRA would expect if they had carried out an AML audit. This is concerning given the requirement to have a FWRA has now been in force since 2017. There has therefore been plenty of time for firms to get their AML firmwide risk assessments property drafted. The SRA have promised to take ‘robust action’ against those firms who do not have a firmwide risk assessment in place.
The SRA has created a FWRA template to aid regulated firms in completing a firmwide risk assessment. It is worth pointing out that firms should use the provided firmwide risk assessment template as a starting point. The firm will need to make amendments to ensure that it matches their particular circumstances. The Lexsure AML Audit Team has found that just copying and pasting the SRA firmwide risk assessment can be indicative of a weak compliance culture and of non-compliance with the SRA’s regulatory requirements in respect of anti-money laundering, combating terrorist financing and sanctions.