money laundering regulations 2017 – risk assessments

by | Jul 6, 2017 | All Blog Posts

Legal and professional services firms need to undertake risk assessments when they consider their approach to compliance as a result of new regulations.

From June 26th the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) came into force, requiring firms who are subject to the MLR 2017 regulations to apply a comprehensive risk based approach to the risks of money laundering and terrorism financing. The underpinning of this risk based approach is a risk assessment flowing from a country level risk assessment at government level, through to supervisory body risk assessments – e.g. Law Society and Solicitors Regulatory Authority – and, ultimately, down a firm based risk assessment.

In 2015 the UK conducted its most recent risk assessment, with the next full assessment due to be completed by HM Treasury by summer 2018. The UK supervisory authorities are also conducting their review of relevant persons (firms), examining the specific vertical each firm works in and what they should be looking at within the context of their risk assessment. This work is ongoing, with each Supervisory Authority working to different timelines. These factors are likely to have a profound impact on the approach legal and professional services firms take when conducting their own risk assessments as part of their overall risk based approach. Significant changes to Know Your Customer (KYC) policies and operations are inevitable.


Over the course of the last few years there has been a lot of focus within the professional and legal services sector on the EU 4th Anti-Money Laundering Directive which was adopted in 2015. MLR 2017 is the UK’s response to the directive, amending an array of UK legislation and introducing the most widespread change to the UK’s anti-money laundering law in more than a decade. The directive and the resulting MLR 2017 are consistently clear in their message – firms should apply a systemic risk based approach to the money laundering and terrorist financing risk within all their business relationships.

factors within risk assessments

Risk assessments being conducted by a firm must take into account multiple factors such as who are their customers, the countries that they operate in, geographic region, the products and services that they offer, delivery channels and transactions offered. This has to be documented and firms must keep written records up to date with all the steps taken.

Risk assessments must take into account multiple factors to ensure compliance #mlr2017 Click To Tweet


As we have determined, both Supervisory authorities and relevant persons must undertake risk assessments. Supervisory authorities, of course, have a wider remit than relevant persons, so it is not possible for relevant persons to simply copy and paste the findings of the risk assessment undertaken by the supervisory authorities, in fact such an approach flies in the face of both the letter and spirit of the new regulations. They must however, take into account relevant information made available to them from their supervisory body.

This opens up a very real problem – if both sets of risk assessments were to be completed by June 26th 2017, how are the relevant persons meant to draw upon the work carried out by the supervisory authorities? Whether this issue has been fully considered by authorities is unknown, but it could very well be the case that there are discrepancies between the risk assessments as a result; firms seeking compliance today, may have to change their approach tomorrow when their supervisory body issues more detailed guidance.

For small firms or those that have not undertaken a risk assessment in the past, the process is likely to be quite daunting. The Money Laundering Reporting Officer (MLRO), or Head of Compliance is responsible for ensuring that the process is adhered to, and my advice would be to speak your supervisory authority at the earliest opportunity. They are best placed to advise what information should be taken into account by a firm conducting its own risk assessment.

Office for Professional Body Anti-Money Laundering Supervision to be introduced 2018 #mlr2017 Click To Tweet

Next year will see the implementation of the supervisor of supervisors. The Office for Professional Body Anti-Money Laundering Supervision (OPBAS) will seek to standardise the approaches taken by the professional body supervisors. The government had decided that having a multitude of supervisors could  result in an inconsistent and often confusing supervisory landscape, streamlining the approach by co-ordinating each of the 25 professional body supervisors under a single supervisory framework is hoped to mitigate such concern. Time will tell.

in closing

Risk assessments are likely to be a new experience for many small firms. It is important when carrying out these assessments that senior managers responsible for compliance  have the status and experience to be able to push through necessary implementations and ensure that the assessment is carried out to the requisite standard.

In relation to the National Risk Assessment and supervisory risk assessment, enshrining such measures are welcome additions to bolster the UK’s continuing fight against money laundering and terrorist financing. These assessments will give the much needed guidance to firms conducting their own risk assessments; defining what is important and must be implemented. In a similar vein, the creation of OPBAS should introduce standardisation in guidance and enforcement of all money laundering supervisory bodies.

on demand webinar

AML regulation update for professional services

In this informative 30 minute webinar, encompass VP Operations, Alex Ford, covers the main points you and your compliance teams need to know about the new changes to Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) regulation for professional service firms.

Graeme Port | Encompass Management Team

about Graeme Port


Graeme Port is a product management professional with over 15 years’ experience in the compliance and credit risk industries. He has particular expertise in the underlying data supporting the business critical decisions made by both the credit and compliance risk functions within financial services firms.

Before joining encompass in early 2016, Graeme’s career spanned multiple roles at information giant Equifax, from sales and credit risk to product management and, latterly, representing Equifax at the Business Information Providers Association.