emailfacebookinstagrammenutwitterweiboyoutube

Risk assessments as wide as your firm

Firm-wide risk assessments are not to be taken lightly – they’re comprehensive exercises that need to be updated regularly, according to Beth Mayman, head of risk and compliance services at Access Legal.

Beth Mayman, head of risk and compliance services|Access Legal|

The best way to look at a firm-wide risk assessment (FWRA) is seeing it as the core of your firm’s anti-money laundering (AML) strategy. As a firm, you are to identify, assess and document your risks on your risk register but for AML you must consider these more deeply in your FWRA. This sets up how your policies will be written, how procedures will take place within your firm and how your clients and matters are assessed daily.

What is an FWRA?

The FWRA is a document that all law firms that fall within the scope of money laundering regulations need to complete, whereby the money laundering reporting officer (MLRO) will assess what level of money laundering risk a firm faces and how it can mitigate that risk.

The FWRA needs to cover the five mandatory risk factors, which are:

  • Client risk
  • Transactional risk
  • Geographical risk
  • Product/service risk
  • Delivery channel risk

How to do a firm wide risk assessment – key considerations

  1. Can you use a firm-wide risk assessment template?

No, this is not how a FWRA works, was designed to be, nor will it be accepted by the regulator or supervising authority should they request to see it. The impact of a FWRA means it cannot be a one size fits all, cookie cutter or generic document.

As a firm you need to take the time to think why you have identified these risks – do you have any evidence to support it? how would these risks affect you as a firm, individual fee earners and your client offering? What measures can you put in place to mitigate this risk and how will you do that (we have all been there, using someone else’s approach as it might be quicker)? If it is not for your firm, it is unlikely to be effective or productive.

  1. How long should a firm wide risk assessment be?

The FWRA needs to be comprehensive, show how the firm came to these risks, ensure it is evident the firm has thought how best to mitigate the risk and how you are implementing measures via policy and training.

This is not a time to save time and words – ensure you are capturing exactly what you are doing and do yourself justice.

  1. Can the FWRA form part of the risk register?

No, the supervisory authorities want to see a separate document for the specific AML FWRA, allowing it to be reviewed and assessed by the appropriate people and supervisors.

  1. How often should an FWRA be reviewed?

The FWRA should be seen as a living and breathing document that is updated on a periodic basis. When as a management team you reflect on a period, it should also be updated when it is needed whether it is an international impact change, a local legislation for a country you operate in or awareness of a new check to be done. This document should not only be set up from what you know but should be updated from what you learn to ensure the firm is working under a current risk-based approach.

In conclusion – conducting your FWRA

Doing your FWRA is not rocket science but we do know from speaking with clients who have had thematic reviews, Lexcel assessors in and when speaking with the supervisory authorities it is top of their list for getting it right. If you follow the ethos above you will be on track for creating or updating your FWRA in line with best practice for the legal industry.

LPM Conference 2025

The LPM annual conference is the market-leading event for management leaders in SME law firms

Continuous cashflows

What strategic considerations are involved in running a sustainable and scalable subscription-based legal practice?