8 – AML, Data Protection, Risk Register and Business Continuity

Anti money laundering

Law firms are a target for criminals who wish to turn the proceeds of criminal activity into laundered money.

We can help you understand and mitigate the risks posed by the activities you carry out. You will need to produce a firm risk assessment. Read our guidance on anti money laundering which includes a template for your firm’s policy.

Your compliance with the Money Laundering Regulations is a key role for us as an AML supervisor.

Data protection

Law firms hold large amounts of personal data. You need to make sure that you are doing everything possible to protect it.

Most organisations pay a data protection fee. The fee depends on your firm’s size and turnover.

The Information Commissioner’s Office provides resources to help you create your firm’s data protection policy.

Risk register

You should create and maintain a risk register, including important dates for your firm. Check our risk register template for ideas on your annual responsibilities.

You should then have a risk assessment register.  This will help you to log and evidence any risks to the firm, as well s documenting any breaches. It can act as a prompt to review your risk activities.

Business continuity

A business continuity plan can help you continue to operate as normal in the event of serious disruption. This could include:

  • the death or long-term absence of a key member of staff, including the owner
  • loss of business premises due to fire, flood or other reason
  • loss of IT systems through technical failure or cybercrime