How international law firms can simplify AML and know-your-client (KYC) compliance with a single framework
Do any of these situations apply to your law firm?
- Your firm is subject to varying AML and KYC laws across multiple jurisdictions.
- Your firm practices across some jurisdictions that are subject to AML and KYC laws, and others that are not.
- Your firm is not yet subject to any AML or KYC laws.
If you fall into the first or second category, your firm should apply a common framework for complying with AML and KYC laws — then add specific steps as needed to address specific regional requirements. Even if your firm is in the third category, it should still consider voluntarily implementing a framework for several reasons.
Below we look at the core elements of an effective AML and KYC compliance framework as well as additional considerations for specific jurisdictions.
1. Dedicated workflows that enable efficient collection and review of required information
Carrying out AML and KYC checks requires a carefully designed process that enables your firm to gather, review, and store the information necessary to undertake checks before deciding whether to accept a new client or matter.
Your AML/KYC workflow is just one part of a broader client onboarding process and workflow that also involves a data quality review, risk assessment, and conflict review.
It can be challenging to manage client onboarding and AML/KYC compliance without a well-designed process and software solution to automate, manage, and support that process from end to end. Intapp Intake was built to help your firm create workflows for intake and risk assessment.
With the addition of Intapp’s external forms feature to Intapp Intake, your firm can now also separately and securely collect sensitive information in an external environment. Clients can simply log in to the environment to upload any requested documents — without the risk of sharing their private personal details over email. That data is then pulled into the firm’s internal environment for review and workflow processing.
Your firm can also set up notifications to remind users of required actions, while data integrations between Intapp Intake and other software support a more streamlined and effective user experience.
When you combine external forms, Intapp Intake, and Intapp Conflicts, your firm can manage conflicts-of-interest reviews, client matter engagement, and AML/KYC reviews all within an integrated, intuitive platform.
2. Reliable data, including third-party data
An effective AML and KYC risk framework validates information submitted by clients against reliable data. In particular, third-party data from trusted sources helps your firm verify the legitimacy of a prospective new client.
This data also supports a more comprehensive understanding of the potential client and a more accurate client record created in your system. Examples of third-party data that your firm needs for AML and KYC checks are financial data, registered addresses, global ultimate parent company name and structure, and sanctions data.
When integrated with data sources such as S&P Global, Dun & Bradstreet, and Moody’s, Intapp Intake pulls firmographic information from these sources, including details like a client’s registered address, legal structure, and global parent company. Your professionals can view relevant third-party information directly in the Intapp Intake solution — saving time that would otherwise be spent switching between applications and browsers.
With this data, Intapp Intake also serves as a single source of auditability of the full client and matter lifecycle. In addition, integrated data informs the business logic for the intake form and workflow, enhancing efficiency and reducing the need for external research and data re-entry.
3. Risk-based approach to client due diligence
With a risk-based approach to client due diligence, your firm should adjust the stringency of its AML and KYC reviews based on the level of risk that a client and matter presents. That is, your firm gathers baseline information on each client and assigns a risk score.
The risk score and risk categorization determine the extent to which your firm will gather more information, conduct additional research, or — in some cases — escalate to your compliance team or Office of General Counsel for further review and discussion.
It is important to develop a sound approach and methodology to risk scoring within your firm because the risk scores guide your firm in dividing its time among review tasks. Risk scores enable you to devote the highest levels of review and priority to high-risk or higher-risk rated clients or matters and less time to low-risk matters.
With Intapp Intake, your firm can implement a risk-based approach to client due diligence. For example, with the software, you can set up dynamic, risk-based questionnaires that adjust the questions based on initial responses. The software also enables your firm to define risk-scoring rules and adjust them over time, evolving with the ever-changing risk landscape and regulations.
4. Ongoing monitoring to uncover changes that create new risks
Firms tend to dedicate high levels of review to new business — yet often overlook the risks that can emerge with their existing clients. This can be a critical mistake. Ongoing monitoring of existing clients to identify new risks or suspicious activity is both highly advisable and often a requirement of AML and KYC legislation.
It’s important to update your existing client and matter information on a regular basis based on their risk rating. This process should include ensuring up-to-date versions of any documentation that can expire, such as passport copies, utility bills, and corporate documentation.
Intapp Intake enables firms to continuously monitor active clients and engagements for evolving risk factors, including the client’s inclusion on any sanctions lists. If Intapp Intake’s automatic monitoring uncovers an issue, the software automatically alerts designated users or departments.
Firms can then use the Intapp external forms feature to securely request new files or have the client validate and update information. For example, if a client’s organizational structure changes, Intapp Intake will trigger a new AML/KYC workflow, sending requests for information to external users.
AML and KYC requirements across the globe
AML/KYC requirements across the globe vary and continue to evolve. Once your firm establishes a core framework for handling AML and KYC review, what additional elements might be necessary for offices in particular regions?
Below, we take a brief look at select regional requirements, recent developments, and potential changes.
EMEA
The EMEA region has been subject to AML/KYC regulations for many years. These regulations have continued to develop in scope and complexity, requiring compliance departments to ensure they are sufficiently invested in operational and technology changes to fulfill AML/KYC obligations.
In recent years, there has been increased focus on collaboration and transparency across the region. The E.U.’s fifth anti-money-laundering directive aims to mitigate the risks inherent in cross-border financial transactions by introducing an enhanced level of due diligence for high-risk countries and increased transparency in beneficial ownership.
In addition, the E.U.’s sixth anti-money-laundering directive requires member states to keep beneficial ownership information in a central register, ensuring it is accessible and accurate, and regularly check this information against sanctions lists to identify any risks. This requirement is something law firms can meet with Intapp solutions.
U.S.
For years, experts warned professional service firms in the U.S. that they needed to start preparing for money laundering regulations. During 2022, those warnings became impossible to ignore, when the U.S. House of Representatives proposed the Establishing New Authorities for Businesses Laundering and Enabling Risks to Security (ENABLERS) Act. This bipartisan legislation was aimed at so-called gatekeepers and would have expanded anti-money-laundering (AML) surveillance — which is required of financial institutions — to professional services firms, requiring accounting and law firms to collect, monitor, and report specific types of client information.
Scandals like the Pandora Papers and money-laundering activities of Russian oligarchs had convinced lawmakers that AML obligations shouldn’t stop with banks. Under the Act, lawyers, accountants, and advisors would have been required to have heightened reporting, increased client screening, enhanced anti-money-laundering programs, and other KYC provisions typically applying to financial intermediaries.
The U.S. Senate, though, blocked the bill. Despite this, many U.S. law firms have introduced proactive AML/KYC checks and operational measures to review their client and matter engagements.
APAC
In September 2024, the Australian Commonwealth Attorney-General introduced a bill in Parliament that would amend Australia’s 2006 AML law. If enacted, the law would go into effect in 2026 and would extend AML compliance requirements to Australian law firms and other professional service providers.
These proposed updates to the AML/CTF (anti-money-laundering/counterterrorism financing) regulatory framework are just one example of a growing number of compliance obligations facing Australian law firms.
Key requirements of the proposed legislation include enrollment with the Australian Transaction Reports and Analysis Centre (AUSTRAC), appointing a dedicated AML/CTF compliance officer, and adopting an AML/CTF program. Such a program must involve conducting comprehensive client risk assessments, screening potential clients, keeping records, and reporting any suspicious matters.
Under the proposed law, governing bodies would have enforcement powers and would be responsible for overseeing compliance efforts, with independent reviews expected in the future.
Effective change management, adequate resourcing, and leveraging advanced technological solutions are essential to navigating these evolving obligations. Integrating these systems, including conflict and onboarding modules, early on can enhance monitoring and compliance while safeguarding data security.
Gain more than just software with Intapp
When you choose to implement Intapp Compliance solutions — whether external forms, Intapp Intake, or Intapp Conflicts — our experienced solution consultants will also advise you on how to most effectively design your processes and risk assessment system. We have helped many firms around the world — including international law firms whose offices are subject to different AML laws.
If you would like to learn more about how Intapp can support your firm in implementing AML and KYC processes, please contact us.