Skip to Main Content



There has been much emphasis recently on the risks to law firms from cybercrime that the risk of money laundering to the legal profession appears to have taken a back seat. The services provided by law firms can make them attractive targets for those wishing to launder the proceeds of crime.

Law firms must comply with anti-money laundering legislation and the risk of money laundering to the legal professional is constantly on the Law Society of Northern Ireland’s (the Society) radar. Furthermore, the UK will be the subject of a mutual evaluation by the Financial Action Task Force (FATF) in 2018, which will assess the efficacy of the UK’s prevention of money laundering and counter terrorist financing measures and this will include an assessment of the legal profession.

On 26 June 2017 the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) came into force and those of you working in the regulated sector must ensure that you are familiar with new regulations so that you are ready for what the new changes the MLR 2017 brings.

What do the changes mean for you?

The changes will need you to reassess your prevention of money laundering and counter terrorist financing policies and procedures and how you apply your client due diligence measures. The new regulations are very detailed and set out below is a summary of the key changes:

Risk Assessments

Regulation 18 of the MLR 2017 provides that you should produce a written risk assessment that identifies and assesses the risk of money laundering and terrorist financing to the business, taking into consideration a number of factors including your client base, services offered and geographic reach. The risk assessment should be made available to the Society upon request.

We have prepared a template document to assist you with the implementation of this process which can be downloaded from the bottom of this page.

Policies and Procedures

In addition to the above, you are required to implement systems and controls to prevent money laundering and to counter terrorist financing (Regulation 19).

If you have not already done so, check to ensure that your policies and procedures are MLR 2017 compliant by ensuring that they include details of the officer responsible for compliance with the new legislation, where appropriate this should be a board member. However, the officer for compliance with MLR 2017 can be the same person as the Nominated Officer and Money Laundering Reporting Officer (MLRO), and you are required to provide details of the person responsible for this role to the Society. You also need to include (where relevant) details of the deputy MLRO. In addition, the policies and procedures should include the correct reporting bodies, namely the National Crime Agency, not the Serious Organised Crime Agency (or even the National Criminal Intelligence Service). You should also be checking whether there have been changes in key staff such as the MLRO and/or their deputy that need to be reflected in the policies and procedures.

Internal Controls

Regulation 21 provides that you need to include provisions about how all relevant employees and agents are screened prior to employment and regularly during their employment. The screening process means assessing their skills and expertise in carrying out their roles effectively, together with assessing the individuals conduct and integrity.

Do not forget to review your policies and procedures regularly, or at the very least annually. Regulation 21(1)(c) provides that you should implement an independent audit function to assess the efficacy of your policies and procedures.

The policies and procedures must be made available to all relevant employees who in turn must familiarise themselves with these polices. They also apply to all branch offices conducting relevant business. Any changes made must be communicated to all relevant employees including any branch offices.

Client Due Diligence

The requirements to conduct client due diligence still apply and Regulation 27 provides that there is a requirement to carry out a risk assessment of each client or matter which must be evidenced.

Client due diligence does not only apply to all new clients to the firm, including individuals purporting to act on behalf of the client, but also your existing clients or when relevant circumstances of your clients have changed. By using a risk based approach you must ensure that you can evidence the measures that you have taken.

We set out below a brief reminder of the need to carry out client due diligence:-

· verify the identity of your client;

· verify the identity of the beneficial owner who is not the client

· assess and obtain information on the purpose and intended nature of the business relationship

Carrying out client due diligence is appropriate before:

· you establish a business relationship with a client or deal with a one-off transaction for a client

· where there is reason to believe inadequate client due diligence has been carried out on an existing client

· if a client’s details have changed (such as their name or address)

· if the client has not been in regular contact with you (`say more than two or three years); or

· where there is a suspicion money laundering or terrorist financing

Do not forget the requirements of enhanced due diligence (Regulation 33) for clients such those that you do not meet face-to-face, or clients that pose a higher risk of money laundering or terrorist financing for instance politically exposed persons (PEPs) including domestic PEPs (Regulation 35).

You are advised to take adequate measures to compensate for the higher risk clients for instance obtaining additional identification documentation, and/or you may choose to carry out electronic verification through a third party who can confirm the validity of the identification documents provided by your client. However, the liability to verify the identity of your clients rests with you and you must have a written arrangement with that provider.

In addition to verifying the identity of your clients, you should consider verifying their source of funds. Whilst you are not expected to interrogate your clients about their financial status it is important to understand your client's source of wealth and source of funds, as part of knowing your client and the client due diligence process and this forms part of the ongoing monitoring process.

Education and Awareness

Education and awareness are key measures to counter the growing threat of money laundering and it is a mandatory requirement (Regulation 24). All relevant staff should receive training about the threat of money laundering and terrorist financing to law firms, guidance on how to detect it and training on the firm’s policies and procedures. With the implementation of the MLR 2017 it is recommended that all relevant employees should attend an appropriate training course as soon as possible.


Who to contact at Willis Towers Watson

Members are encouraged to download the PDF document at the bottom of this page which contains the contact details for Willis Towers Watson.



In this section

The Law Society of Northern Ireland website use cookies. By continuing to browse the site you are agreeing to our use of cookies. For more details about cookies and how to manage them see our cookie policy

Accept and close