10 AML Red Flags for DNFBPs

Elaine Ramsay
Mar 14
2 min read

A quick sense-check before your next supervisory review

The following issues are commonly identified during AML/CFT supervisory reviews. If several apply to your firm, it may be worth reviewing your framework.

1. Risk Assessment Exists but Has Not Been Updated

Your risk assessment still reflects the firm as it operated several years ago and has not been updated to reflect current clients, services, or guidance.

2. Compliance Programme Does Not Reflect Practice

Procedures described in the programme do not match what staff actually do when onboarding clients or handling trust account funds.

3. Risk Ratings Are Applied but Not Revisited

Clients are risk-rated at onboarding but there is no process to reconsider risk when a new matter arises or circumstances change.

4. Source of Funds or Source of Wealth Is Not Consistently Considered

CDD is completed, but there is limited documentation explaining where funds originate, particularly in higher-risk matters.

5. Beneficial Ownership Is Not Fully Mapped

Trusts, companies, or other entities are recorded, but the individuals who ultimately own or control them are not clearly identified.

6. Monitoring Focuses Only on Onboarding

CDD is completed at the start of the relationship but there is limited monitoring of transactions or activity during the course of the matter.

7. High-Risk Clients Are Not Actively Managed

Clients assessed as higher risk remain on the same monitoring level as lower-risk clients.

8. Independent Audit Findings Have Not Been Fully Addressed

An audit has been completed but recommendations have not been fully implemented or documented.

9. Staff Are Uncertain About Suspicious Activity Reporting

Lawyers and staff may recognise unusual activity but are unsure when and how to escalate concerns internally.

10. AML Documentation Is Difficult to Produce Quickly

If asked by a supervisor, the firm would struggle to quickly provide its current risk assessment, compliance programme, monitoring records, and training documentation.

A Practical Question

If a supervisory review were to occur tomorrow, could your firm demonstrate that its AML/CFT framework is current, implemented, and operating in practice?

Elaine Ramsay

AML / CFT Consultant

The AML Space

Christchurch, New Zealand

Supporting law firms with practical AML/CFT reviews, risk assessments, compliance programmes, and audit preparation.

10 AML Red Flags for DNFBPs

A quick sense-check before your next supervisory review

The following issues are commonly identified during AML/CFT supervisory reviews. If several apply to your firm, it may be worth reviewing your framework.

1. Risk Assessment Exists but Has Not Been Updated

Your risk assessment still reflects the firm as it operated several years ago and has not been updated to reflect current clients, services, or guidance.

2. Compliance Programme Does Not Reflect Practice

Procedures described in the programme do not match what staff actually do when onboarding clients or handling trust account funds.

3. Risk Ratings Are Applied but Not Revisited

Clients are risk-rated at onboarding but there is no process to reconsider risk when a new matter arises or circumstances change.

4. Source of Funds or Source of Wealth Is Not Consistently Considered

CDD is completed, but there is limited documentation explaining where funds originate, particularly in higher-risk matters.

5. Beneficial Ownership Is Not Fully Mapped

Trusts, companies, or other entities are recorded, but the individuals who ultimately own or control them are not clearly identified.

6. Monitoring Focuses Only on Onboarding

CDD is completed at the start of the relationship but there is limited monitoring of transactions or activity during the course of the matter.

7. High-Risk Clients Are Not Actively Managed

Clients assessed as higher risk remain on the same monitoring level as lower-risk clients.

8. Independent Audit Findings Have Not Been Fully Addressed

An audit has been completed but recommendations have not been fully implemented or documented.

9. Staff Are Uncertain About Suspicious Activity Reporting

Lawyers and staff may recognise unusual activity but are unsure when and how to escalate concerns internally.

10. AML Documentation Is Difficult to Produce Quickly

If asked by a supervisor, the firm would struggle to quickly provide its current risk assessment, compliance programme, monitoring records, and training documentation.

A Practical Question

If a supervisory review were to occur tomorrow, could your firm demonstrate that its AML/CFT framework is current, implemented, and operating in practice?

Elaine Ramsay

AML / CFT Consultant

The AML Space

Christchurch, New Zealand

Supporting law firms with practical AML/CFT reviews, risk assessments, compliance programmes, and audit preparation.

Recent Posts

Comments