The AML compliance challenge impacting law firm bottom lines

Many law firms have a centralised client onboarding process supported by standardised AML policies. In these systems, client-facing staff or partners collect essential client information. The compliance team then reviews it according to the firm’s AML risk appetite, policies, and applicable AML regulations. Compliance teams typically include junior analysts overseen by a few specialised lawyers and compliance experts, which are both costly and increasingly in demand. While this orthodox approach is common, it presents a clear AML compliance challenge: firms must adopt higher-than-necessary standards for due diligence. This is referred to as the global gold standard approach.

Trade-offs in compliance systems

Firms must balance cost, complexity, and processing speed to optimise their compliance teams. A nuanced system that assesses client risk, differentiates regulated and non-regulated work, and applies relevant local AML rules, requires a larger team of specialised compliance professionals. But without robust ongoing auditing and monitoring, these systems increase the likelihood of regulatory breaches.

So, firms often adopt a global gold standard approach to simplify administration and reduce costs for centralised compliance teams. However, this shifts the workload to partners and fee earners, causing delays in client onboarding. For larger firms, these delays often accumulate into millions of hours annually. This represents a significant yet rarely quantified ‘soft cost’ that impacts the bottom line.

The need for a risk-based triage system

Compliance teams often spend a disproportionate amount of time on low-risk clients. This lack of triage creates an AML compliance challenge for in-house compliance teams and client-facing teams. It also causes delays in billable work and AML queries take up fee-earning time. It’s an uncomfortable truth that the gold standard approach is only sustainable because everyone is doing it.

The problem is that most law firms lack a structure that supports a triage process. The orthodox approach to centralised AML compliance makes this impossible. An overly rigid client onboarding process designed to ensure global AML compliance and a continuous flow of new clients places immense pressure on compliance teams. This pressure makes it difficult to assess each client’s risk profile thoroughly before determining the appropriate level of due diligence.

An effective risk-based triage system uses a traffic-light framework to categorise clients into low, medium, or high-risk groups based on predefined risk criteria. This enables firms to allocate resources efficiently and ensures that high-risk clients receive the scrutiny they require. 

If the findings indicate a low risk, the compliance team can clear the client through with minimal oversight. For medium-risk cases, the client’s report can be sent to the AML team for further evaluation. If the analyst determines a case to be high risk after their review, they may require additional verification based on the specific risks identified. This broader view ensures that potential risks are identified early so appropriate actions are taken such as monitoring, reporting, or escalating issues for further investigation.

The impact on risk culture   

AML is a process. When that process is done thousands of times per year and is by design onerous because it applies higher standards than are legally applicable, people switch off. It’s an uncomfortable truth, but it is human nature. 

This AML compliance challenge is further exacerbated by the orthodox approach firms take: centralised compliance teams applying the gold standard. It’s too easy for fee-earning teams to disengage, to forget the importance of AML checks and why they need to do them, and to see this as the responsibility of the centralised AML team, rather than their own. 

In the SRA’s prosecution of Clyde and Co. for AML systems failures, it’s telling that the partner involved admitted to the Solicitors Disciplinary Tribunal that he had probably become “too detached” from the due diligence process. That detachment cost him personally and the firm £500,000. 

When due diligence becomes onerous and exceeds internationally applicable local requirements and markets, fee earners disengage from client risk assessments. They see it as a task to offload to compliance without meaningful involvement. This limits their ability to provide valuable insights into a client’s assessment. It also reduces their understanding of risks associated with their clients.

By undermining the effectiveness of ongoing monitoring, firms are exposed to much higher levels of direct money laundering risk: namely, the risk that in the course of a matter, a client engages and causes the firm to engage in a primary money laundering offence. 

A strong risk culture requires everyone to understand the importance of risk management. The focus should be on its protective value rather than just the costs of compliance and checklists. Streamlining client onboarding by tailoring due diligence to risk profiles reduces delays while meeting regulatory standards. When fee earners see the AML process tailored to meaningful risks, they’re more likely to view the process as valuable.

This AML compliance challenge presents firms with the opportunity to refine their processes and provide clearer guidance to their teams. By aligning compliance systems with actual risk, firms can reduce inefficiencies and mitigate the regulatory and reputational costs associated with non-compliance.

This excerpt is from our new eBook co-authored with Pinsent Masons.