A Client and Matter Risk Assessment (CMRA) is an important and practical document which assists firms in considering the money laundering and terrorist financing risks posed by a client or matter. It should be accessible to anybody working with a particular client or matter. Ideally the CMRA would be completed by the fee-earner working on the matter.
In addition to a firmwide risk assessment (FWRA), SRA and CLC regulated practices must have client and matter level risk assessments in place for every client and most matters (LSAG Chapter 5 and Regulations 18 and 28).
Having a client matter risk assessment in place is a requirement under regulation 28(12) and (13) of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (‘MLRs’). This has been a legal requirement since 26 June 2017.
Law firms must take steps to identify the money laundering and terrorist financing risks posed by a particular customer (or ‘client’) and matter.Firms must carry out a written client and matter risk assessment.
A client matter risk assessment should (1) identify and assess the risks posed by an individual client (2) should focus on the specific risk factors that a matter presents, beyond, or different to, the client risks already identified.
A firm’s client and matter risk assessment will help the firm determine the level and frequency of ongoing monitoring needed for a client or matter. Ongoing monitoring is a requirement under regulation 28(11) of the MLR. The MLR requires the firm to scrutinise transactions throughout the course of a business relationship, including the source of funds, where necessary.
A client and matter risk assessment template can be an effective tool to assess risk if used properly.
The SRA in particular have been vocal in identifying good and poor use of client and matter risk assessment templates based on the proactive SRA AML audits. The difference between good and poor use is how a firm changes the CMRA template to suit its needs.
The SRA conducted an AML related thematic review in 2023 on client matter risk assessments which identified that this is an area where improvement is required by firms. The findings from the thematic are set out in a report published in October 2023. A warning notice on client and matter risk assessments was also published at the same time because of the failings the SRA identified when it came to CMRAs. Significant fines are being issued by the SRA to firms who fail to have in place an appropriate CMRA.
The SRA have created an AML client matter risk assessment template that firms might choose to use. Supporting notes on how to complete the client and matter risk assessment template have also been published.
The CMRA is an important document which should be regularly reviewed, kept up to date and approved by senior management. If your firm uses the services of an external company or individual for an independent AML audit then you should expect, as part of that service, for your AML client matter risk assessment to be reviewed. The assessor will need to check that it is consistent with your Firmwide Risk Assessment as well as your AML Policy.
CDDmonitor delivers today’s law firms an unrivalled capability to help tackle the threats presented by money launderers, fraudsters and terrorist financiers.
Developed for law firms in recognition of their need to address the latest anti-money laundering regulations, and operational challenges
CDDmonitor enables firms to set and control ensure that their AML processes are in line with the firm’s Practice-wide Risk Assessment and AML policy.
For law firms with more than two or three staff and more than a handful of clients, it is extremely difficult, if not impossible, to monitor compliance solely using paper-based records. One popular strategy to AML compliance is just to perform an ID check (manual or electronic) on clients but this alone is not sufficient to comply with the latest AML regulations.
Delivering comprehensive reporting and dashboard functionality, CDDmonitor allows firms to quickly assess and demonstrate to regulators the overall effectiveness of the AML policies and staff. CDDmonitor’s alert filtering provides you with tools to identify, redflag or block suspicious and fraudulent activity. You can configure and selectively apply scenarios to different client categories. You can filter Alerts on various parameters, view full background information on each, delegate analysis and supervise alert resolution. Alerts can be configured on the basis of clients, counterparties, regions, employees and branches.
CDDmonitor enhances the following good practices when it comes to client and matter risk assessments
Incorporates risk ratings recording how the lawyer arrived at that rating and the thinking behind it.
The form requires fee-earners to make an active decision on the level of risk.
The CMRA can be tailored to the firm’s risk. For example, questions can be added to the CMRA template to help fee-earners identify additional risks specific to the firm’s clients.
Each client and matter that goes through the software contains a recorded risk assessment and associated certificate in a PDF format.
Depending on the settings established by the firm matters can be escalated requiring confirmation that the risk has been signed off by the MLRO or other relevant person within the firm.
Relevant sections require a clear explanation of the risk level and steps taken to mitigate the risk.
Allows for the CMRA to be reviewed reactively when additional information about the client or matter was received. For example, when funds were received on a matter to ensure it is consistent with the information the firm held.
The firm or individual lawyer can set the CMRA to be updated at key stages in a transaction. For example, prior to exchange and completion in a conveyancing matter.
The fee-earner was required to make an active assessment of the risk posed. The CMRA can, depending on the settings, automatically flag high-risk matters to the money laundering compliance officer .
The CMRA can be adjusted to reflect the risks identified in the firm’s FWRA.