AML and data protection—law firms
AML and data protection—law firms

The following Practice Compliance practice note provides comprehensive and up to date legal information covering:

  • AML and data protection—law firms
  • The data protection regime
  • How is data protection regulated?
  • GDPR
  • Who is the regulator?
  • What is personal data?
  • Lawful ground for processing
  • Processing personal data for non-AML/CTF purposes
  • Information requirements
  • Protecting and retaining CDD data
  • More...

IP COMPLETION DAY: 11pm (GMT) on 31 December 2020 marks the end of the Brexit transition/implementation period entered into following the UK’s withdrawal from the EU. At this point in time (referred to in UK law as ‘IP completion day’), key transitional arrangements come to an end and significant changes begin to take effect across the UK’s legal regime. This document contains guidance on subjects impacted by these changes. Before continuing your research, see Practice Note: What does IP day mean for Practice Compliance?

STOP PRESS: Draft Legal Sector Affinity Group (LSAG) AML guidance was published on 20 January 2021. It awaits approval by HM Treasury and any content may be amended before the final version is published with the Treasury's approval. This document reflects HM Treasury approved LSAG AML guidance published in 2018 and will be updated in due course.

This document reflects the UK GDPR regime. References and links to the GDPR refer to the UK GDPR (Retained Regulation (EU) 2016/679) unless expressly stated otherwise.

The provisions of General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA 2018) create some challenges under the anti-money laundering (AML) and counter-terrorist financing (CTF) regime, including:

  1. complying with information requirements

  2. the requirement not to use personal data collected for AML/CTF reasons for other purposes

  3. protecting the client data you collect during the client due diligence (CDD) process

Popular documents