Money Laundering Regulations 2017—ongoing monitoring—law firms
Money Laundering Regulations 2017—ongoing monitoring—law firms

The following Practice Compliance guidance note provides comprehensive and up to date legal information covering:

  • Money Laundering Regulations 2017—ongoing monitoring—law firms
  • What is ongoing monitoring?
  • When is ongoing monitoring required?
  • Why is it necessary?
  • How to conduct ongoing monitoring
  • Low risk clients/matters
  • High risk clients/matters
  • Reviewing existing CDD records
  • What is not required?

As part of your client due diligence (CDD) measures, you must conduct ongoing monitoring of your business relationships.

This Practice Note explains the ongoing monitoring requirements contained in the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017), SI 2017/692, which came into force on 26 June 2017, as amended by the Money Laundering and Terrorist Financing (Amendment) Regulations 2019, SI 2019/1511 from 10 January 2020.

What is ongoing monitoring?

Ongoing monitoring is made up of two limbs:

  1. scrutinising transactions throughout the course of the business relationship (including, where necessary, the source of funds) to ensure they are consistent with what you know about the client, their business and risk profile, and

  2. undertaking reviews of existing records and keeping the documents or information obtained for the purpose of applying CDD measures up-to-date (while taking into consideration your obligation to keep clients' personal data accurate and up to date under the data protection regime—see Practice Note: AML and data protection—law firms)

From 25 May 2018, firms are subject to the General Data Protection Regulation (GDPR). You need to consider how to balance the requirements of the MLR 2017 and GDPR. The MLR 2017 states that firms must make provision for data protection policies in relation to AML. Firms must also train their staff in relevant data