Money Laundering Regulations 2017—systems and controls requirements—law firms
Money Laundering Regulations 2017—systems and controls requirements—law firms

The following Practice Compliance guidance note provides comprehensive and up to date legal information covering:

  • Money Laundering Regulations 2017—systems and controls requirements—law firms
  • Is it mandatory to implement systems and controls under the MLR 2017?
  • What systems and controls are required?
  • Proportionality and approval
  • Who is responsible for compliance?
  • Risk-based approach to systems and controls
  • Systems and control changes under the MLR 2017
  • Communication of policies outside the UK
  • Group-level policies
  • Monitoring and review

This Practice Note explains the regulatory requirement to implement systems and controls to mitigate and manage effectively the risks of money laundering and terrorist financing as set out in the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017), SI 2017/692 which came into force on 26 June 2017, as amended by the Money Laundering and Terrorist Financing (Amendment) Regulations 2019, SI 2019/1511 from 10 January 2020.

Practice Note: Money Laundering Regulations 2017—systems and controls map—law firms lists the requirements for policies, controls and procedures in regs 19–40 and signposts relevant tools, guidance and precedents in LexisNexis®.

Is it mandatory to implement systems and controls under the MLR 2017?

If the MLR 2017 apply to your firm, you must:

  1. establish and maintain policies, controls and procedures to mitigate and manage effectively the risks of money laundering and terrorist financing identified in your firm-wide risk assessment

  2. regularly review and update those policies, controls and procedures

  3. maintain a written record of:

    1. those policies, controls and procedures—see Precedent: Register of AML and CTF policies, plans and procedures

    2. any changes to those policies, controls and procedures

    3. the steps taken to communicate those policies, controls and procedures or any changes to them within your business

For guidance on whether the MLR 2017 apply to your firm, see Practice Note: