Risk-Based Approach to AML: Practical Guide for UK Firms

What is a risk-based approach to AML?

A risk-based approach to AML means the firm applies controls in proportion to the money laundering and terrorist financing risk. Higher-risk clients or matters need deeper checks, stronger evidence, more senior review, and more frequent monitoring. Lower-risk work may justify lighter measures, but only if the rationale is recorded.

The UK Money Laundering Regulations require firms to identify and assess risk and apply customer due diligence measures. The legislation is available at legislation.gov.uk.

The risk factors to consider

For a UK accountancy or law firm, risk usually comes from a mix of:

• Client type and behaviour.
• Ownership and control.
• Services provided.
• Source of funds and source of wealth.
• Geography and sanctions exposure.
• Delivery channel, such as remote onboarding.
• Transaction size, urgency, and complexity.
• Previous concerns or adverse information.

How the approach works in practice

Risk level	Typical response
Lower risk	Standard checks, concise rationale, normal review cycle.
Medium risk	More evidence, clearer review notes, defined triggers.
Higher risk	Enhanced due diligence, senior approval, stronger source-of-funds/source-of-wealth checks, closer monitoring.

The file should show why the decision was reasonable at the time.

What good evidence looks like

A strong risk-based file explains:

1. What risk factors were considered.
2. Which factors increased or reduced risk.
3. What evidence was reviewed.
4. Which due diligence level was selected.
5. Who approved higher-risk work.
6. When the risk rating will be reviewed.

Common failure mode

The common failure is treating the risk-based approach as a label. "Client is low risk" is not enough. A reviewer should be able to see why the firm reached that conclusion and what would cause it to change.

Official reference

• Money Laundering Regulations 2017

This guide is general information and is not legal advice.