Risk assessment

Customer Due Diligence is the core legal obligation under MLR 2017 to identify clients, verify their identity using reliable independent sources, and understand the purpose and intended nature of the business relationship. Standard CDD applies to most clients. Where risk is elevated, Enhanced Due Diligence (EDD) is required instead.

Enhanced Due Diligence is a more thorough level of client verification required when a relationship presents a higher risk of money laundering or terrorist financing. EDD steps typically include verifying the source of funds, establishing source of wealth, obtaining senior management approval before onboarding, and applying more frequent ongoing monitoring.

A supervisory authority is the body responsible for overseeing AML compliance within a particular sector. For accountants not belonging to a professional body, the supervisory authority is HMRC. Members of recognised professional bodies (ICAEW, ACCA, CIMA, and others) are supervised by those bodies instead. For law firms in England and Wales, the supervisory authority is the Solicitors Regulation Authority (SRA), with parallel regulators in Scotland and Northern Ireland. Supervisory authorities set standards, conduct reviews, and can impose sanctions.