Show Your Workings: Evidencing AML compliance through technology and process

By Paula Algar,  Senior Consultant for Pinnacle

The Challenge

In my recent attempts to help my son prepare for first exams, the importance of ‘showing your workings’ was recalled to mind – not just for maths papers, but equally for law firms in achieving AML compliance.  MLD 4[1]  crystallised some prescriptive elements (such as the CDD checks required for corporate bodies), but also the obligation to complete subjective risk assessment at firm, client and potential matter level and to document related decisions and rationale.

Law firms’ compliance with the regulations is more vital than ever.  The SRA released a warning notice[2] in May 2019, flagging “…high levels of non-compliance with the [2017] regulations, and that firms have not updated their policies since the new regulations came into force.” This followed two previous proactive compliance monitoring exercises undertaken by the SRA, the latest of which resulted in 44% of the firms subject to review being placed into disciplinary processes.  The Authority has since confirmed its intention to investigate the AML regulatory compliance of 400 additional firms, as an “initial sample”.  In their own words, “The SRA will not tolerate firms that are cavalier about preventing money laundering, putting their practices and society at risk.”

Pinnacle have undertaken many risk process reviews and related Intapp software implementations for law firms ranging from the Magic Circle to boutique, specialist partnerships.  Our consultants have many years’ experience in previous law firm roles; we therefore have a deep understanding of the pressures endemic in today’s legal industry to deliver more to clients for less and to do so quickly and effectively.  We also appreciate the challenge presented by the need to balance client satisfaction and billable hours with regulatory duties.  Slick, robust compliance with client and instruction acceptance protocols is a decisive factor – in winning new work, protecting the firm and minimising time wasted ‘off-boarding’ clients and matters which pose unacceptable risk.

Proving Compliance

Pinnacle believe that tailored AML and CDD process and software tools are integral to:

  • communicating regulatory and policy obligations across the firm;
  • enforcing compliance, including management of global regulatory variations;
  • record-keeping;
  • enabling ongoing monitoring; and
  • making best use of data e.g. enabling re-use.

Policy and process must meet regulatory requirements and reflect the compulsory firm-wide risk assessment, but will have little value if not sufficiently visible to those who are subject to its provisions.  Appropriate software tools such as Intapp Intake (Open) can play a key role in directing fee earners and support staff through the stages of AML and CDD compliance, making particular tasks mandatory, providing firm policy-specific guidance, ensuring correct storage of evidence documents and recording risk assessment findings and thought processes.

In my experience, many firms risk assess the clients they act for and the matters they accept, and likewise, complete appropriate due diligence.  The most widespread failing lies in record-keeping and documentation of issues identified, decisions made, and resulting actions taken to mitigate risk and achieve compliance.  The SRA found that 31% of files reviewed had no written evidence that the level of risk was assessed.

While working in a City firm’s business acceptance team, I contributed to our provision of compliance evidence for a routine SRA monitoring visit: considerable effort (and angst) was saved by our ability to share documented AML policy and process, together with software tools which clearly enforced both and captured any risks identified, decisions made and associated rationale.  In short, via software user guides and overviews, we were able to demonstrate that the relevant regulatory provisions were promoted by and were central to our process, and furthermore confirm reasoning for specific decisions on individual files.

The SRA’s previous review exercises identified a number of firms who had not taken any clear action to implement practice change following MLR 4;  the position may have since improved, but every firm should consider whether their existing AML processes and software tools comply with the regulations themselves in terms of enforcement and record-keeping, and not simply in the direct prevention of money laundering involvement.

How we can help

Pinnacle’s areas of expertise include legal risk management and business development technology, practice management systems, change management, data integration and reporting.  We can provide support in the following ways:


Firms can leverage our experience across the market via comprehensive AML process review.  While every firm’s risk exposure differs, we can advise on key process aspects and work with you to identify both your current strengths and candidates for change (via routes including Intapp Intake implementation/development).  We can also guide you towards process aspects suitable for automation, to enable your resources to focus on meaningful analysis rather than data gathering and entry.


Your existing client data may hold key information regarding your current compliance position.  We can review and potentially report on the as-is CDD position, and guide you towards focus areas.


Based on our broad industry experience, Pinnacle has developed an Intapp Intake AML/CDD module for use with firms’ existing Intapp Intake new business acceptance workflows.  The product is easily integrated, and can be implemented without customisation, or configured to meet firm-specific requirements.


We recognise that driving forward compliance-related change is difficult in a fee-earning environment.  Our change management specialists can work with you to deliver successful, firm-wide AML projects with deep engagement and effective buy-in.

Paula Algar is a Senior Consultant for Pinnacle, with 16 years’ previous law firm experience primarily in Risk Management (also Finance, Knowhow and IT roles).  Paula specialises in legal risk process review and requirements analysis/solution design primarily for Intapp UBA implementations or reconfigurations.


[1] As implemented by The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017