A Client and Matter Risk Assessment (CMRA) is a regulatory requirement for evaluating money laundering and terrorist financing risks associated with a client or matter. It aids in determining the appropriate level of due diligence (CDD) required under the Money Laundering Regulations 2017 (MLR 2017). Each client and matter must have a documented risk assessment, which can be combined or separate based on practicality.
Firms must have a practical process for assessing risk at both the client and matter levels. This process needs to be consistently followed and documented. During AML inspections, the presence of appropriate risk assessments for each client and matter is an area where firms are scrutinised. While most firms have such processes in place, many are failing to follow them, exposing themselves to potential money laundering risk, therefore, potential fines by the SRA.
Good practice in filling the CMRA include documenting the rationale behind risk ratings, requiring active decisions on due diligence levels, customising the CMRA to the firm’s specific risks, and reviewing the CMRA at key transaction stages. Poor practices include assessing client and matter risks in isolation, using standard templates that discourage risk analysis, relying solely on e-verification systems, and failing to review or complete the CMRA before providing advice or receiving funds.
Contact us
Most firms have fallen short in employing an adequate CMRA in recent surveys by the SRA. Audit Compliance can help your firm in tailoring the CMRA form and covering the relevant questions posed by the CMRA.
References:
SRA Client and Matter Risk Assessments (CMRAs)