AML and KYC: Implementing Best Practice in Financial Institutions and Law Firms

22nd May 2019 1538 - Blog Posts

Operating in a global economy, financial institutions and law firms are under increased scrutiny by regulators. A heightened regulatory landscape has created extra burdens – and subsequently excessive costs – for compliance teams around the world.  In a bid to reduce risk, regulators have increased demands in order to satisfy their reporting frameworks.

This article will look at the importance of AML and KYC to financial institutions and law firms, and how best to implement best practice to adhere to the increasing regulatory demands imposed on them. We also review how technology such as AML portals can support firms to reduce cost, processing time and resources.

The Challenges

The UK’s AML regime was amended in June 2017 in order to implement the Fourth Money Laundering Directive (MLD4) which has consequently added to an increasing volume of work expected from compliance departments around the world.  KYC checks already addressed firms’ responsibilities to comply with sanction regulations as well as to combat the likes of corruption, fraud, money laundering and terrorist financing; and the new amended UK AML rules do not deviate from these but rather add to them.  Financial institutions and law firms alike are responsible for developing their own, risk-based responses to compliance, but the deferring policies and requirements imposed on each individual institution can make these KYC checks particularly time consuming.

In a nutshell, anti-money laundering regulations require firms to comply with the following regulatory obligations –

  • Have a complete AML/ KYC programme implemented
  • Have adequate resources in place to monitor and enforce compliance with the relevant requirements
  • Put in place adequate controls and oversight over the AML programme
  • Respond to any changes quickly and produce comprehensive reports
  • Comply with latest data security rules
  • Provide full audit trails

At first glance, this may seem simple enough.  However, we are seeing an increase in firms failing to adequately meet these requirements and there are a number of reasons for this including decision making, out of date technology and the global landscape in which they operate.

Now, the updated 5AML is due to come into force this year, how will that affect your firm? See our latest article on 5AML: Click here

Decision Making

In house compliance departments or AML financial crime advisory teams are usually in charge of setting up KYC policies.  Unfortunately, in many cases, this can mean that though there is a strong policy which meets all regulatory obligations, it is simply impossible to implement as those in charge of the day to day implementation were not consulted at the start of the policy drafting exercise.

Another mistake many firms make is to adhere to the common misconception that policy setting only needs to be updated sporadically – or worse still: that policy setting is a one-off exercise.  The regulatory landscape is a constantly evolving environment that cannot be ignored, and it is more often than not, those executing the day to day implementation of the policies that will be more acutely aware of this.

If organisations want to avoid both the disconnect between policy drafting and execution and the disconnect between policy and regulation, they would be wise to involve not only those at the top of the organisation in the drafting process but also those further down the chain.

MaxComply - Lawson Conner

Out-of-Date Technology

KYC tasks are repetitive in nature which often lead to data inconsistencies, inaccuracies, and a duplication of processes.  Compliance departments are also tasked with performing KYC checks on a number of different systems, both internal and external, which inevitably lead to the implementation of manual solutions with the purpose of bridging end-to-end operational procedures.  AML compliance also requires extensive documentation requests and verification, as well as proof of identity. All together, these out-dated processes not only frustrate the client (or client to be) but create an environment prone to high risk factors.  These processes can take a considerable amount of time to fulfil and satisfy the regulators’ requirements.  AML software may not be available or adequate. As a result, the cost of being compliant is escalating rapidly as financial institutions and law firms try to stay ahead of terrorists and fraudsters.

The Global Landscape

Organisations with a global footprint usually have their policies drafted from headquarters.  This unfortunately leaves out local regulatory nuances that can be a problem further down the line and mean that certain KYC procedures cannot be implemented in offices in every country.  Regulation is a fast-moving area and jurisdictions are constantly updating their mandates and obligations.  For any global firm it is imperative that a coherent and well-implemented global KYC and AML framework is in place.


Overcoming the challenges set out above will not be easy.  To tackle the archaic technology problems firms can introduce in-house shared ledger facilities (see our recent white paper here), though setting these up and managing the necessary infrastructure will be no easy feat and can take time and prove to be disruptive, at least to begin with.

There is no denying that automating processes can help ensure that financial institutions and law firms comply with regulations around the world; and regulatory technology “RegTech” is now offering solutions.  However, in order to maximise the potential of RegTech within an organisation and enable AML compliance very much depends on the skilled use of the technology – and of course specialist knowledge.  To successfully reap the benefits of such solutions, organisations will require the correct knowledge, expertise, AML software and skills to operate them – this is why we are seeing an increasing number of firms turning to external service providers.

As described above, the KYC and AML processes prove to be a real challenge within organisations.  The processes are arduous, time-consuming and prone to high risk factors.  In many organisations regional teams follow a common process, but a lack of communication across each office can lead to a host of problems – processes are often duplicated and multiple requests are made to the same entity via different routes, negatively impacting clients.  Even with an in-house shared ledger facility, the real benefits can be missed.  Populating a database is the first step, but how the algorithms are then used to extract that data, check and update it, analyse and communicate it efficiently requires expert know-how.  A trusted service provider can not only set up a shared ledger facility but also manage it to ensure that all regions communicate with one and other by sharing the same analysed information.

No matter what technology is in place, there will still be a need for a human touch.  Whilst RegTech can improve efficiency, cost and speed by automating a manual process and help to streamline and simplify it; the main benefit will be the ongoing monitoring of a client.  AML software can monitor not only the client after an on-boarding exercise but the regulatory scene worldwide.  Software can identify updates in regulations and sanction lists, but it will take a skilled person to highlight and analyse these.

RegTech is undoubtedly shaking the foundations of how organisations comply with regulatory obligations.  New and innovative technology will no doubt come to the market in the following years, but it should be seen as simply the great tool that it is.  To realise its full potential, financial institutions and law firms are minded to ensure that they also employ those with the correct manual skills, expertise and know-how globally.  Instructing a trusted global service provider that can combine the implementation of the technology with the manual analysis and review of the captured local data, will give any organisation the best possible tools to ensure full compliance with regulatory KYC and AML obligations on a global scale.

Support when you require it most

Lawson Conner provide unparalleled global support to law firms and financial institutions around the world, particularly in financial crime prevention, anti-money laundering and KYC due diligence. MaxComply, our KYC and AML software solution, is comprehensive and easy to use for regulatory compliance and for keeping up to date logs.  We are available to work with you by either supporting you with our AML software offering or by providing you with a trusted fully outsourced global AML service. Recent projects have shown that our software can significantly reduce AML processing time, while reducing compliance risks. The solution is offered as standalone software SaaS version or as mSaaS version (managed compliance) where all AML processes and projects are outsourced to us.

Joe Woodbury
Director, Investment Management Solutions

D: +44 (0) 203 696 2560