Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017

As many of us will be aware, new anti-money laundering regulations are due to come into effect on the 26th June. The purpose of this email is to highlight key issues and changes as applicable to the Scottish Legal Sector.

We recommend all firms review their AML controls to ensure continued compliance with the law in this important area of practice.

What is changing – new requirements

  • There is a move towards extending the risk-based approach to AML compliance - giving our members more scope to vary the level of due diligence and monitoring they apply to particular clients or transactions - although the 2017 Regulations are more prescriptive in terms of what practice units should be considering in their risk assessments.
  • Please see the below table of specific changes (please note this table is not exhaustive, and is intended simply to highlight some key areas)

Table of Specific Changes:

Specific Requirement / Summary of Change
A firm level risk assessment will become mandatory / You will be required to assess and record the risk of your practice, taking account of your clients, location, services offered, transactions, and how you deliver your services.
You will need to provide this risk assessment to the Law Society of Scotland if requested to do so.
Further information on this can be found here
Customer due diligence (CDD) / The draft regulations provide a list of circumstances in which CDD must be applied and a list of factors that must be taken into account in determining when CDD measures need to be applied to existing customers.
There is also a list of information / documents that must be obtained when undertaking CDD on a body corporate, which includes 'the law to which it is subject and its memorandum of association or other governing documents'.
Firms will also be required to identify and verify the identity of a person acting on behalf of the customer.
Enhanced due diligence (EDD) / The draft regulations provide a list of circumstances in which EDD measures must be applied, which includes where a transaction or business relationship involves a person established in a 'high risk third country'.
There is also a list of factors that must be taken into account in assessing whether a high risk of money laundering exists and the extent of EDD measures that should be applied. This includes, for example, 'whether the customer is a legal person or arrangement that is a vehicle for holding personal assets'.
Dependent upon their size and business, practice units must / Appoint a board level named individual responsible for AML compliance. This is a new role, and may or may not be the same person as the existing MLRO position.
Screen staff and agents.
Establish an independent audit function.
(We are currently seeking further information about these requirements from HM Treasury, though please note that the 2017 Regulations state that these requirements will arise “where appropriate with regard to the size and nature” of your business)
There is now a requirement to cease acting for a client / Where you cannot apply appropriate customer due diligence.
Civil Penalties / The 2017 Regulations provide for the imposition of further penalties for non-compliance. These include:-
Imposing restrictions on a solicitor performing a management function.
The power to impose a penalty of such an amount as appropriate – NB, the Fourth Anti Money Laundering Directive identifies a fine of “at least twice the amount of the benefit derived from the breach where that benefit can be determined, or at least €1,000,000”.
The Definition of a “Politically Exposed Person” (PEP) has been extended / To include domestic (UK-based) PEPs as well as overseas PEPs.
You will need to consider whether your practice unit’s PEP population will increase because of this.
Enhanced due diligence will be required in connection with domestic PEPs.
Register of Beneficial Ownership of trusts / Trustees must maintain accurate and up to date records of all beneficial owners of a trust.
Fit and proper testing / Those who are beneficial owners, managers or officers of a practice unit will need to be approved as such by the Society as AML supervisor. Approval will also be required where non-solicitors hold these offices. (We are reviewing how this may be implemented with HM Treasury).
Information to enable risk assessment by the Law Society of Scotland / To enable the LSS to meets its obligations under the new regulations practices units will be asked to provide more information to the LSS on your practice including the nature of clients, services provided, policies/procedures/controls and key statistics such as how many Suspicious Activity Reports (SARs) have been submitted to the National Crime Agency (NCA).
Guidance about this will be issued in due course.
Data Protection / Any personal data obtained may only be used for the purposes of preventing money laundering and terrorist financing.
Subject to your client’s express consent or the terms of any other enactment, no other use may be made of personal data.
You will need to confirm to new customers that any personal data received from the customer will be processed only for the purposes of preventing money laundering and terrorist financing.
Pooled Client Accounts / Dependent upon the risk associated with your practice, you may need to provide your bank with information, on request, on the identity of the persons on whose behalf monies are held in your client account.
Further guidance on this will be issued in due course, including on the question of how the risk associated with your practice will be determined, and by who.

Please also be aware that the fundamental tenets of AML compliance within the legal sector remain unchanged. You must still:

  • Undertake AML Risk Assessments of clients and transactions
  • Undertake Client Due Diligence - know your clients, their background and the provenance of the funds in your client account
  • Put in place AML Policies & Procedures
  • Identify Politically Exposed Persons (PEPs) and apply enhanced due diligence
  • Appoint a Money Laundering Reporting Officer
  • Provide relevant AML training for your partners and staff
  • Keep adequate records of AML related activities

Additionally - your obligations under the Proceeds of Crime Act 2002 remain unchanged:

  • The requirement to report suspicious activity to the National Crime Agency
  • Avoid "Tipping Off"

For more information on these basic requirements and practical information on how your practice unit can comply please refer to the Money Laundering & Counter Terrorist Financing section of the Law Society of Scotland’s website:

All the above information can also be found on the LSS website at:

The Law Society of Scotland will continue to issue further communications on this important topic as further information becomes available. Please look out for:

  • LSS Journal Articles
  • LSS Website updates
  • Webinars
  • Mailshots

We are also working closely with other legal sector professional bodies and supervisors to revise, update and amalgamate existing legal sector specific AML guidance into one UK-wide set of guidance. This work has started and will be delivered as quickly as possible.