About CQS Conveyancing

Technology Impact Assessment: Let’s Talk AML Software

by

Simon Seaton
in

Most firms today rely on slick AML tools to handle ID checks and source-of-wealth. Platforms like Thirdfort and CDDmonitor (digital CMRA) have quickly become the norm. But the rules have changed. Recent HM Treasury guidance and LSAG advisory notes have quietly reshaped what “good” looks like, and many firms haven’t caught up.

It is no longer enough to simply use these tools. You must now document your understanding of them.

The “Outsourcing” Trap

Many firms fall into the trap of thinking that because they use a reputable software provider, the provider carries the AML compliance risk. This is a misconception.

Regulators like the SRA and FCA are clear: You cannot outsource your responsibility. When an FCA AML audit assessor walks through your door, they aren’t there to inspect the software; they are there to inspect your documented understanding of that software’s assurance levels, data sources, and inherent limitations.

What is a Technology Impact Assessment (TIA)?

A TIA is a deep-dive governance document tailored to a specific technology provider. It serves as the “Missing Regulator-Ready Pack” that bridges the gap between the software’s technical capabilities and your firm’s regulatory obligations.

A robust TIA covers three critical areas:

  1. Technical Architecture: Do you understand how the biometric liveness checks or OCR (Optical Character Recognition) technology actually works?
  2. Data Mapping: Can you identify exactly where the data comes from? (e.g., Experian, Credit Reference Agencies, or Government Databases).
  3. Risk Mitigation: Do you have pre-written protocols for when the technology goes down or for managing “False Positives”?

Why Your Firm-Wide Risk Assessment (FWRA) Isn’t Enough

Most Firm-Wide Risk Assessments are too generic. If your FWRA simply says “we use Thirdfort for ID checks,” it may fail under intense scrutiny. A TIA allows you to “plug in” specific, granular wording into your FWRA that reflects the reality of your digital processes.

The Benefits of a Formal TIA:

  • Audit Readiness: Move from a “AML checklist” exercise to a strategic shield.
  • Operational Continuity: Clear protocols for manual overrides and tech downtime.
  • Regulatory Confidence: Demonstrates to the SRA/FCA that you have a sophisticated understanding of your digital tools.

Don’t Wait for the Audit

Compliance is often seen as a hurdle, but a well-executed TIA is actually a business enabler. It allows your team to use powerful tools with the confidence that the firm is fully protected.

If you are currently using AML technology without a dedicated Technology Impact Assessment, now is the time to close that gap. In the eyes of the regulator, if it isn’t documented, it didn’t happen. If you have an Independent AML Audit booked you should ask your assessor to look into this.

Ready to secure your compliance?

Get a regulator-ready TIA and FWRA “Plug-in” guide within 48 hours. Visit Policy-Templates.com to learn more about our Single Tool and Multi-Tool Enterprise Packs.