In January, we spoke to Matt Taylor and Erin Gavin, experts in anti-money laundering at global risk consultancy, Protiviti. The topic was the requirements of the UK’s Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 (MLR2017) transposed under the EU 4th Anti-Money Laundering Directive (4AMLD), which has brought law firms into scope for the respective AML requirements. MLR 2017 went into effect from 26 June 2017 and supervisory authorities within the legal sector allowed for a transitional period for legal professionals to adopt the new requirements. 

Screen Shot 2020-01-27 at 09.11.18

Matt Taylor

Matt Taylor, Managing Director in Protiviti’s Risk and Compliance team, specialises in helping organisations design and implement sustainable risk management arrangements. After working with many UK law firms, he stated “The message from the SRA that they are coming is clear. Just like the banks have had to for many years, law firms have had to establish their AML risk management processes in an accelerated time period.”

Why it matters now

More than two years on from MLR2017, the Solicitors Regulation Authority (SRA) has become very active in performing regulatory visits, as well as reviews and thematic assessments to ensure the circa 7,000 law firms regulated by the SRA have adopted these AML requirements. SRA reviews have demonstrated that many firms have not fully adopted all requirements, missing key components such as firm wide risk assessments, appropriate policies and procedures to protect the firm from being used to facilitate money laundering (ML) or terrorist financing (TF), as well as having an independent audit of the AML programme and controls conducted.

To underscore the level of concern in this area, the SRA issued a warning notice in May 2019 to highlight that although AML is a high priority risk area for the SRA, high levels of non-compliance have been noted across the legal sector. Additionally, the SRA’s newly established anti-money laundering unit is conducting 400 reviews of other law firms to check compliance with the regulations. Protiviti’s Erin Gavin added:

“This year, the SRA is promising much more proactive supervision, with more systematic visits and in-depth reviews. This may be a new experience for many law firms, which need to be in a position to respond to the SRA to prove they have the required controls in place. This is where the risk assessment is critical as a cornerstone of the AML programme.”

To date, some 26 firms have been placed into a disciplinary review process as an outcome of SRA reviews with some leading to individual solicitors being struck off or suspended from practising. Paul Philip, SRA Chief Executive, said: “The stakes are too high for solicitors to be anything but fully committed to preventing money laundering and the crime its supports.”

Acting in a timely manner is critical for law firms to serve their clients effectively

As some of the MLR 2017 AML requirements are relatively new to the legal sector, it has taken time to understand and adopt the requirements, designate AML resources, and define roles and responsibilities to develop, implement and maintain AML programmes.

Firms now have a variety of requirements to adhere to including: conducting an AML/TF risk assessment; develop/update AML policies and procedures and controls; provide training to staff; complying with new customer due diligence requirements; disclosing suspicious activity and filing SARs, where appropriate; and adhering to data protection and record retention requirements.

Activities such as the performance of a ML/TF risk assessment, updating of policies and procedures as well as an independent audit of the control environment should also be revisited periodically to ensure the ML/TF risks posed to the firm are accurately identified and mitigated through the AML programme and controls in place.

How Protiviti can help law firms’ compliance

Erin explained why Protiviti has a unique position on financial crime: “Helping our clients embed and navigate through regulatory change is core to what we do. Protiviti has experience in assisting legal sector firms with the implementation of the MLR2017 requirements as well as the ongoing testing and validation of operational effectiveness.”

Protiviti’s AML expertise, pragmatic approach to risk- based AML programmes and experience with change and implementation allows us to understand the compliance journey your firm faces. Get in touch with Matt or Erin to discuss our anti-money laundering and financial crime risk solutions.


Erin Gavin, Associate Director, Protiviti

To read more and reach the Protiviti team click here


Screen Shot 2020-01-27 at 09.10.45

Matt Taylor
Managing Director Risk & Compliance

Protiviti, The Shard,
32 London Bridge Street
London SE1 9SG
Tel: 020 7930 8808