Skip to main content

Anti-money laundering and counter-terrorist financing policy — Customisation Guide

Guide lists every customisation point in the AML and CFT Policy

Written by Katie Airey

Until the Getting Started Wizard is live, use this guide to identify the information your firm needs to provide and edit as required. When a toggle option is presented, copy the option that applies and paste it into the policy, replacing the bracketed placeholder.

At a glance

• Total customisation points: 22

• Personalised fields (firm-specific text to insert): 14

• Applicability toggles (choose which option applies): 8


Section 3.1 — Governance and nominated officers

[MLRO] — Personalised Field

Question: Who is the firm's Money Laundering Reporting Officer (MLRO)?

Guidance: Insert the name of the firm's MLRO. This person must be of sufficient seniority and independence to make decisions on suspicious activity reports.

[deputy MLRO] — Personalised Field

Question: Who is the firm's deputy MLRO?

Guidance: Insert the name of the deputy MLRO. MLR 2017 reg 21(3) requires the firm to nominate a deputy to act during the MLRO's absence.

[MLCO] — Personalised Field

Question: Who is the firm's Money Laundering Compliance Officer (MLCO)?

Guidance: Insert the name of the MLCO. This person has overall responsibility for the firm's compliance with the MLR, including training programmes and record-keeping.

[COLP] — Personalised Field

Question: Who is the firm's Compliance Officer for Legal Practice (COLP)?

Guidance: Insert the name of the firm's COLP. The COLP has ultimate responsibility for all aspects of compliance within the firm.


Section 3.2 — AML policies, controls and procedures

[policy location] — Personalised Field

Question: Where can staff access the firm's current internal policies?

Guidance: Insert the location where staff can access the firm's policies, such as the compliance portal, shared drive, or intranet.


Section 3.3 — Internal controls

[independent audit function] — Applicability Toggle

Question: Has the firm established an independent audit function for AML compliance?

Guidance: Regulation 21(1)(c) MLR requires the firm to consider whether an independent audit function is appropriate. Select ONE of the following options and follow instructions where prompted.

Options:

▸ Option A — No: The firm has not established an independent audit function because the size and nature of the firm makes this inappropriate, and the firm's systems of management and governance including the work of the MLRO, MLCO and COLP make it unnecessary.

▸ Option B — Yes: The firm has established an independent audit function. INSERT DETAILS OF INDEPENDENT AUDIT FUNCTION.

[AML review frequency] — Applicability Toggle

Question: How frequently does the MLRO/MLCO review AML records, risk assessments, and compliance activity?

Guidance: Select the frequency that matches your firm's review cycle.

Options:

▸ Option A: Quarterly

▸ Option B: Bi-annual

▸ Option C: Annual

[ECL applicability] — Applicability Toggle

Question: Does the Economic Crime Levy (ECL) apply to the firm?

Guidance: The ECL applies to entities regulated under the MLR with UK revenue exceeding £10.2 million per annum (Part 3 Finance Act 2022).

Options:

▸ Option A — Yes: The firm's annual turnover exceeds £10.2 million and we are registered for ECL.

▸ Option B — No: The firm's annual turnover is below £10.2 million. ECL does not currently apply.


Section 3.5 — Risk assessments

[risk assessment storage location] — Personalised Field

Question: Where does the firm store client-level AML risk assessments?

Guidance: Insert where the firm records and stores client-level risk assessments. Examples: case management system, compliance folder, dedicated AML register.


Section 3.7 — Customer due diligence

[cash limit] — Personalised Field

Question: What is the firm's cash acceptance limit?

Guidance: Insert the maximum amount of cash the firm will accept from any client in any 28-day period. This must align with the Client Care Policy.

[CDD records location] — Personalised Field

Question: Where must completed CDD forms and identity evidence be filed?

Guidance: Insert where completed CDD forms and copies of identity evidence must be saved. Examples: client file in the case management system, a dedicated CDD folder.

[overseas entities section] — Applicability Toggle

Question: Does the firm act for overseas entities acquiring UK property?

Guidance: The Economic Crime (Transparency and Enforcement) Act 2022 requires overseas entities to register with Companies House before buying, selling or transferring UK property or land. Select ONE of the following options and follow instructions where prompted.

Options:

▸ Option A — Yes: The Economic Crime (Transparency and Enforcement) Act 2022 requires overseas entities to register with Companies House. INSERT PROCEDURE.

▸ Option B — No: The firm does not act for overseas entities acquiring UK property. This section is not applicable.


Section 3.8 — Levels of CDD

[standard CDD procedure] — Personalised Field

Question: Describe how standard CDD is carried out in the firm.

Guidance: Describe the firm's standard procedure for carrying out customer due diligence, including the steps for verifying identity, the approved methods, and when CDD must be completed.

[SDD approach] — Applicability Toggle

Question: What is the firm's approach to simplified due diligence (SDD)?

Guidance: Select whether the firm permits SDD under Regulation 37 MLR for lower-risk clients, or requires standard CDD in all cases. Select ONE of the following options and follow instructions where prompted.

Options:

▸ Option A — Permitted: INSERT FIRM'S SDD REQUIREMENTS.

▸ Option B — Standard required: The firm requires at least standard identification in all cases unless the MLRO or MLCO agrees otherwise.

[EDD procedure] — Personalised Field

Question: Describe the firm's enhanced due diligence (EDD) procedures.

Guidance: Insert the firm's procedure for carrying out enhanced due diligence. Include additional verification steps, senior management approval requirements, and enhanced monitoring arrangements.


Section 3.10 — Beneficial ownership

[beneficial ownership approach] — Applicability Toggle

Question: How does the firm handle beneficial ownership verification?

Guidance: Select whether beneficial ownership checks are carried out centrally or delegated to fee earners.

Options:

▸ Option A — Centralised: Checks on beneficial owners are carried out centrally by the MLRO or the MLCO before work commences on any matter.

▸ Option B — Fee earner decision: The fee earner with conduct of the matter is responsible for identifying and verifying beneficial owners and must record the outcome in the client file before work commences.

[reliance approach] — Applicability Toggle

Question: Does the firm permit reliance on third-party CDD?

Guidance: Select whether the firm permits reliance on CDD carried out by third parties under Regulation 39 MLR. The firm remains liable if the third party fails to comply.

Options:

▸ Option A — No reliance: The firm does not rely on third parties to carry out CDD on its behalf. All CDD must be carried out by the firm directly.

▸ Option B — Reliance permitted: The firm may rely on CDD carried out by a third party where permitted under Regulation 39 MLR. Any reliance must be approved by the MLRO and a written agreement obtained confirming the third party will provide CDD documents on request. The firm remains liable if the third party fails to comply.


Section 3.11 — Record keeping

[record retention period] — Personalised Field

Question: How many years does the firm retain files?

Guidance: Insert the number of years the firm retains complete files, including CDD records. Legal minimum under Regulation 40 MLR is 5 years. Must align with Retention and Data Protection policies.

[passporting section] — Applicability Toggle

Question: Does the firm have international offices requiring client passporting procedures?

Guidance: Select whether the firm has international offices requiring procedures for transferring clients between jurisdictions. Select one of the following options and follow instructions where prompted.

Options:

▸ Option A — Yes: Where a client is transferred from one of the firm's offices in another jurisdiction, the receiving office must carry out a fresh risk assessment and verify that the originating office's CDD meets UK requirements. INSERT FIRM'S PROCEDURE FOR TRANSFERRING CLIENTS BETWEEN JURISDICTIONS.

▸ Option B — No: This does not apply to the firm.


Section 3.12 — Politically exposed persons

[PEP identification procedure] — Personalised Field

Question: What is the firm's procedure for identifying PEPs?

Guidance: Describe the firm's procedure for identifying politically exposed persons, their family members and known close associates. Include the screening tools used and screening frequency.


Section 4.1 — Reporting suspicious circumstances

[NCA reporting timescale] — Personalised Field

Question: Within what timescale must the MLRO report externally to the NCA?

Guidance: Insert the firm's internal timescale for the MLRO to make an external report to the NCA after receiving a formal internal report. Default: within 24 hours of receiving a formal internal report.


Section 4.5 — Technology

[AML technology details] — Personalised Field

Question: What AML technology does the firm use?

Guidance: Insert details of screening tools, electronic verification services, PEP/adverse media watchlists, and safeguards for assessing the reliability and independence of the technology.

Did this answer your question?