Legacy AML processes could land you and your firm in hot water

Published

Harriet Holmes

AML Services Manager

How do you verify your clients? The Legal Sector Affinity Group guidance (LSAG) gives us a guide as to what may be acceptable, noting that verification of documents or information should come from a reliable source independent of the client, and you should consider the following: 

  • Obtaining or viewing original documents;

  • Viewing copies of documents (including certification); 

  • Conducting electronic verification; 

  • Obtaining information from other regulated persons. 

Identification vs verification

Money laundering regulations set stages to identify and verify a client. Obtaining a certified document means you have identified the client. However, depending on the wording of the certification, you may still need to verify their identity–anyone can take documents and have them certified. It does not have to be the person to whom they truly belong. 

In reality, relying on Notaries potentially puts firms at risk, as the National Risk Assessment highlighted in paragraph 10.13: research suggests that notary services could be exploited for money laundering by willingly or unwittingly verifying forged documents. 

 In practice, law firms follow the government's guide for certifying a document; however, verification that solely obtains a certified document is likely to be non-compliant.

In July 2021, a law firm was deemed not to have complied with the money laundering regulations when it obtained a certified ID. The ID documents were certified true copies of the originals but the individual's identity was not verified. Subsequently, the matter was found fraudulent. 

Risk management

How can you manage this risk in practice? Firstly, you should ensure that internal guidance explicitly refers to certification and provide the exact wording required to achieve compliance. 

Secondly, you should consider who you rely on to carry out the certification. We often see examples where the identity and credentials of the certifier are impossible to obtain–for example, an employee of the Post Office. 

When establishing your verification process, you must carefully consider the following questions:

  • How will you verify the certifier? 

  • What training has that certifier received? 

  • Are you confident they understand the significance of certification? 

  • Is there a risk that they may not be independent or could be influenced?

It is best practice for firms to limit who can be relied upon for certification - i.e., which occupations are acceptable to meet your requirements? Limit the list to professionals, solicitors, barristers, doctors and individuals you can verify independently; distinguish the list from those adequate for countersigning passports. It is a common error to conflate the two.

You must be confident that you can locate the certifier again in the future and that they understand the significance of certification. Clients may try to encourage you to expand the list of acceptable certifiers for their convenience, but this can leave you open to risk later down the line. 

Before technology, manual certification was a good mitigation step. However, advancements in technology have made alternative methods of verification available to help law firms mitigate the risks associated with manual client verification processes.

Subscribe to our newsletter

Subscribe to our monthly newsletter for recaps and recordings of our webinars, invitations for upcoming events and curated industry news. We’ll also send our guide to Digital ID Verification as a welcome gift.

Our Privacy Policy sets out how the personal data collected from you will be processed by us.