Independent Anti-Money-Laundering (AML) Audits & Reports

Not always — the regulation requires independence, not necessarily external involvement. The audit must be carried out independently of those responsible for implementing AML compliance day-to-day. However, many firms choose an external AML audit to ensure true objectivity and avoid any perceived conflicts of interest.

That depends on your firm’s size, structure, and risk profile. For most small and medium-sized businesses, the process typically takes between one and three weeks from the initial document review to the delivery of the final report. Larger or more complex organisations may take longer.

Generally, AML audits are not covered by legal professional privilege, as they are compliance based rather than advice given in contemplation of litigation. That said, everything shared during the audit is treated with the strictest confidentiality, and all materials are handled securely. In addition, unlike many risk and compliance consultancy services, we are a full-service law firm and are able to provide legal advice upon which firms can rely with the benefit of legal professional privilege, and which comes with the protection of professional indemnity insurance.

While the regulations don’t specify a set frequency, most regulators would expect an independent AML audit every 12–18 months, or more often if there have been significant changes in the firm — such as rapid growth, restructuring, or a shift in your client base or service offering.

We’ll work closely with your:

• MLRO (Money Laundering Reporting Officer)
• MLCO (Money Laundering Compliance Officer)
• Heads of teams within scope of MLR
• Representatives from your compliance, finance and HR teams (if relevant)

We may also speak to team members involved in client onboarding and conduct of matters to test understanding and day-to-day procedures.

Our AML audit includes a detailed, independent review of your AML framework, including:

• Policies, controls, and procedures
• Firm-wide and client and matter risk assessments
• Client due diligence (CDD) and ongoing monitoring
• Staff training and competence
• File reviews and interviews with key personnel

You’ll receive a clear, practical report setting out findings and recommendations — plus a debrief to discuss the results and next steps.

In addition, we can carry out a survey of employees/fee earners (the extent of the distribution is a matter for you), relating to AML awareness/knowledge (together with general risk and compliance areas if required) and include the results within the report. While this is not a requirement of the R21 independent AML audit, it does provide a snapshot of the level of compliance awareness and an insight into gaps in training/knowledge and areas that may be of concern.

Yes. We work with law firms, accountants, corporate services firms, and other regulated entities of all sizes. The audit scope is tailored to reflect your firm’s structure, risk profile and areas of focus.

Yes. The majority of our AML audits are conducted remotely, using secure online systems for document sharing and virtual meetings. Remote audits provide flexibility, convenience and less disruption to clients, without compromising the independence or quality of the review.

Yes, some preparation helps things run smoothly. Before the audit, we’ll provide a checklist of documents, which includes:

• Your AML PCPs and firm-wide risk assessment
• Training records
• Client and matter files (sample selection)
• Internal control and monitoring records

We’ll guide you through every step so you know exactly what’s needed.

We can usually start an audit within 2–4 weeks of receiving your initial enquiry, depending on availability and your preferred timing. If you need the review urgently — for example, ahead of a regulator visit or desk-based inspection — we’ll do our best to accommodate an earlier date.