AML Health Check: A quick self-assessment for reporting entities

This short checklist is designed to help law firms quickly assess whether their AML/CFT framework remains aligned with current supervisory expectations.

1. Risk Assessment

• Has your AML/CFT Risk Assessment been reviewed to reflect the 2024 National Risk Assessment and recent DIA guidance?

• Does it accurately reflect the types of clients, services, and transactions your firm actually undertakes?

• Is there a clear connection between your identified risks and the controls described in your Compliance Programme?

  
  

2. Compliance Programme

• Does the Compliance Programme reflect how the firm actually operates in practice, not just what is written on paper?

• Are procedures clear on when standard, simplified, or enhanced CDD should be applied?

• Does the programme clearly describe monitoring and escalation procedures?

  
  

3. Customer Due Diligence (CDD)

• Are beneficial ownership and control persons consistently identified and verified?

• Is there a documented approach for source of funds and source of wealth where appropriate?

• Are non-face-to-face clients and overseas clients treated with the appropriate level of scrutiny?

  
  

4. Ongoing Monitoring

• Does the firm actively monitor high-risk clients, transactions, and matters, rather than relying solely on onboarding checks?

• Are risk ratings periodically reviewed, particularly when new matters arise?

• Can the firm demonstrate how unusual activity would be identified and escalated internally?

  
  

5. Independent Audit

• Has the firm’s AML/CFT independent audit been completed within the last three years?

• Have audit findings been addressed and documented?

• Is there evidence that the Risk Assessment and Compliance Programme have been updated following the audit?

  
  

6. Staff Training and Awareness

• Do lawyers and staff understand which legal services trigger AML obligations?

• Is training conducted regularly and documented?

• Do staff know how to recognise and escalate suspicious activity?

  
  

7. Governance and Oversight

• Is there clear oversight from the AML Compliance Officer and senior management?

• Are AML obligations embedded in the firm’s daily practice, rather than treated as a compliance exercise?

  
  

A Simple Test

If a supervisor asked your firm to demonstrate its AML framework today, could you quickly show:

• your current Risk Assessment

• your Compliance Programme

• CDD records supporting recent transactions

• training records

• monitoring and escalation decisions

If not, it may be time for a review.

Need a Practical Review?

Elaine Ramsay

AML / CFT Consultant

The AML Space

Christchurch, New Zealand

Helping law firms ensure their AML/CFT frameworks are practical, aligned with DIA expectations, and workable in day-to-day practice.