Firmcheck: Why AML compliance is a firm-wide responsibility

The increased focus on Anti-Money Laundering (AML) compliance for accounting firms is forcing firms to put it higher on their priority list. Firms have been focused (and rightly so) on their core value drivers for clients, such as tax, bookkeeping and advisory services.

In contrast, AML compliance isn't a service per se, and most firms aren't charging for the time they spend on it either, meaning it's just another painful compliance 'thing' they must contend with. But despite it being something required for compliance, it can actually be a valuable component of your firm operations.

When you've got a strong AML process in place, it becomes a critical component of protecting your firm, and the integrity of the financial system. As a bonus, the information gathered can also help you identify areas to add value to the clients you serve.

On day 1 of our recent digital AML summit, Mastering AML: People and Processes, we heard from a range of experts in the field about how AML can be effectively integrated into day-to-day operations across your practice. Spoiler alert, if you make sure the entire firm's relevant staff are engaged in understanding the AML compliance process, it goes a long way towards making it more valuable (and not just a checkbox exercise).

Adding client value with AML

"AML is not intended to be a full-time job for a senior member of the firm... it’s a firm-wide responsibility that needs to be integrated into the fabric of the firm's operations," explained David Winch, Founder of MLRO Support Ltd. 

"The primary purpose of AML compliance is, of course, compliance itself. But it also systematises the collection and collation of client information, serving a pivotal role in understanding and assisting clients effectively."

While some firms see AML as a headache that gets in the way of client services, firms taking a proactive approach are repositioning it as an essential element of in-depth and responsible client engagement. These AML interactions can improve client relationships by giving you a clear picture of their financial activities. Ensuring all engagements work well for both sides of the client relationship. 

"Don't treat AML as like that separate box in the corner, only to be opened when a regulator comes in and asks. Actually, use it as an active tool to find snippets that can help your customers," says Glenn Collins, Head of ACCA in the UK.

To drive value for the wider firm, AML needs to move beyond just the designated Money Laundering Reporting Officer (MLRO) or compliance teams. Every employee, from partners to junior staff, can play a role in keeping the firm compliant and reap the reward of overall better customer relationships as a result.

Creating AML policies that work

Our research among firms finds that many don’t know what’s required to be truly AML compliant. "For small firms or solo practitioners, AML responsibilities may seem overwhelming, even a one-man band needs to have a policies and procedures document, a firm-wide risk assessment, and a training record," David notes. 

While standard approaches exist, and templates from the supervisory bodies are abundant. It’s important to adapt any AML templates to fit your firm's operations and client base because every practice is unique.

• Understand the basics: You're probably already familiar with the AML regulations in some capacity, but ensure you understand your specific supervisory body requirements. Whilst they are based on the same legal requirements, some supervisory bodies have a stronger focus on certain areas of AML compliance.

• Assess your firm's risk: Make sure you conduct a comprehensive risk assessment to identify the specific AML risks your firm is facing, considering factors like client types, service offerings, and geographic exposure – this is your firm-wide risk assessment.

• Make it specific: As we've already mentioned, everything needs to be tailored to your firm. Make sure that your client risk assessments and AML workflows work for your firm, and also meet the legal AML requirements you have. Your firm's policies, procedures and controls document should detail your firm's approach to client due diligence, monitoring, reporting suspicious activities, who is responsible and how they are carried out.

• Outline key procedures: Outline clear, actionable procedures that staff can follow. Making sure you have step-by-step guidance for client onboarding, ongoing monitoring, and reporting is an easy way to ensure consistency in your AML process. Ensuring your staff are actively engaging in your policies, procedures and controls document is also key – it's not something that is done once, and locked away in a filing cabinet.

• Training and communication: Ensure that all staff members are trained on the AML policies, procedures and controls for your firm. And, that they understand their roles and responsibilities within the framework.

Make it easy for your clients

In our recent 'Landscape of AML Compliance' research report, one of the biggest challenges firms faced was collecting ID documents from clients; both new and existing ones.

When it comes to managing ongoing compliance, your clients can either be the wind in your sails or a thorn in your side. While there is no expectation for you to make them experts in AML legislation, it is helpful if they understand the why behind some of the questions they get asked, and the documents they are asked to provide.

If you can normalise the data collection of the AML processes, for example, you make it less of a barrier for your clients too. “You need to actually tell them what you're doing,” says Glenn. “Explain the role of the legislation, why you’re asking for this information and how it’s a standard practice.” 

If you can show your clients how this helps their interests, changing the process from just another bureaucratic hurdle to a valuable exercise in their best interests (remember how we said you could use this information to offer extra services?).

Why ongoing reviews matter

All the policies and goodwill in the world won’t do your firm a bit of good if they’re not used. This is the essence of going from a tick-box mindset to a more proactive mindset. 

"You need to have mechanisms in place to monitor compliance with your policies and procedures, identifying and rectifying any lapses," says David. After all, AML is a dynamic 'thing'. Rules change, your client's businesses change, and how they engage with your firm changes. All of this requires an ongoing focus.

This is why every policy, procedure and controls document needs to be unique because it needs to articulate how you deal with the evolving landscape with your client, and what this means for your AML management.

Key moments to check in on your processes include: 

• Whenever there are updates or changes in AML legislation or guidance from relevant regulatory bodies.

• Any findings or recommendations from internal compliance reviews or external audits.

• If your firm undergoes significant changes in its business model, client base, service offerings, or operational structure.

• Periodic updates to reflect changes in the threat landscape, client behaviour, or the firm's risk profile.

• If your firm identifies a breach in compliance or a failure in its AML processes.

• Changes in personnel responsible for AML compliance, such as the Money Laundering Reporting Officer (MLRO).

• Major geopolitical or economic events, such as the imposition of new sanctions or the emergence of new high-risk jurisdictions (a great example in recent years of this was the new Sanctions imposed on Russia as a result of the Ukraine War).

While your MLRO will take a leadership role in supervising these policies, it takes a team to track, flag and execute these issues, for example noticing suspicious client behaviour or gaps in the process.

Organise your AML management

Our recent research found that firms who adopt AML software are twice as likely to have completed both firm-wide and client-specific risk assessments, putting them in a stronger position from both a compliance and risk management perspective.

Whilst that's a big tick in favour of technology, we've also found that those who aren't using technology typically have more inconsistent AML processes, or have less confidence in their AML compliance.

To get more insights on the current state of AML, download our latest report 'The Landscape Of AML Compliance In 2024' or catch up on our virtual AML Summit 2024 to hear from experts in the field, and get some additional CPD points in the process.

(NB: This article doesn't constitute legal advice and is only intended for general informational purposes. Always consult with a legal expert or compliance consultant for guidance specific to your firm).