In the world of AML compliance, the Client Matter Risk Assessment is often viewed as the final hurdle before a file can truly get moving. For many fee earners, it is a chore, a list of questions to be “cleared” so the real work can start.
According to recent SRA thematic reviews and industry insights, this “tick-box” culture is becoming a primary target for regulators. The danger is no longer just about failing to do the assessment; it’s in doing it so mechanically that the professional judgment of the fee earner is entirely erased.
The Illusion of Compliance
Many firms still rely on paper-based forms based on the SRA’s own template. Some firms think that simply having a similar form online provided by their case management or search provider is the way forward. While these provide a helpful benchmark, they carry an inherent risk: they encourage a binary mindset. Is the client a PEP? Tick. Is the funding from a high-risk jurisdiction? Tick. As an AML auditor, as soon as I see a tick boxes I know the firm is going down the wrong path.
The problem? A tick is not a rationalisation. When an SRA or FCA AML auditor looks at a file three years from now, a “No” tick tells them nothing about why you reached that conclusion. A tick box template, digital or paper, is a starting point, but it becomes a trap when it fails to prompt the fee earner to input their logic. If you identify a high-risk factor but give the matter an overall “Low” rating without a narrative explanation, the regulator assumes the risk wasn’t actually considered. In their eyes, if the logic isn’t documented, the thinking never happened.
The Digital Trap: A Tick Doesn’t Mean “Assessed”
You might think that moving away from paper to a sleek, digitised CMRA solves the problem. It doesn’t. Not if the digital version simply replicates the flaws of the paper one.
Some of the best digital tools do offer guidance of suggested answers or narrative.
A digital client matter risk assessment that allows a fee earner to breeze through a form in 30 seconds without forcing them to stop and type out their reasoning is just a high-tech version of the paper trap. Technology should surface the risk factors, but the fee earner must remain the one who interprets them.
Why Narrative Logic is Your Best Defence
The goal of a CMRA isn’t to prove that a file is “Low Risk.” The goal is to prove that you understood the risk. To stay on the right side of the regulator, your assessments must move from “ticking” to “telling”:
- Version History is Vital: Risk isn’t static. A CMRA should trigger updates. You would not necessarily have the source of funds information at the outset transaction. Your CMRA should reflect the deferral of the issue and the update, including who updated it.
- The “Why” Matters More than the “What”: If you are acting for a remote client but decide they are medium risk, write down why (e.g., “Client known to firm for 10 years, identity verified via biometric software”).
- Link to the Firm-Wide Risk Assessment (FWRA): Your matter assessment shouldn’t exist in a vacuum. It must reflect the risks your firm identified in its overarching policy. I have seen some technologies that can take the fee earner to the relevant section of the FWRA.
Conclusion: Think First, Tick Second, Tick Never
The SRA now, and the FCA in the future are not just looking for the presence of a form; they are looking for the “intellectual journey” of the assessment. The “tick” is a dead end and offers no protection when the regulator comes knocking.