Resources

Why your AML programme isn't working (and it's not the policy)

Most law firms have an AML programme. Policies, procedures, annual training, a nominated MLRO. Audit the files, though, and something's off. Checks get missed. Risk ratings are inconsistent. The policy nobody reads sits in a folder nobody visits.

The programme looks complete on paper and fails in practice.

At a recent event in Manchester, co-hosted with Amy Bell, founder of Teal Compliance and an AML expert with over 21 years in the field, we asked a room of MLROs and compliance officers to name their biggest challenges. The answers fell into the same few categories, every time.

It's not a policy gap. It's a follow-through gap

Ask MLROs about their pain points and one word dominates: lack. Lack of staff, resources, support, time.

Underneath that word, three problems repeat. People don't do what they're asked, despite the time and money spent asking, by far the top answer. There's never enough time to run the compliance role properly. And it's genuinely hard to get a straight answer from regulators on what's actually required, with 200-plus pages of LSAG guidance to interpret and few clear precedents to lean on.

That third problem gets the most airtime. It's not the core issue.

The core issue: even firms with a clear, well-designed programme aren't getting it followed. Compliance isn't failing at the policy stage. It's failing at execution.

Six cogs. All of them need to turn.

Amy frames it as a machine with six parts. Stop any one and the whole thing breaks down.

 

Cog 1

Clarity 

Does your compliance team understand what's required, not just the rules but how to exercise judgment and apply risk appetite to a real file? Running a compliance function is its own skill set, and most MLROs get the role without formal training in it.

Cog 2

Capacity

Is the function resourced for the work it actually does? File volume times average handling time will always undercount. It ignores seasonal spikes, remediation, and the time edge cases take to escalate.

Cog 3

Communication

Do your policies tell people what to do, in what order, and when to escalate, or do they just restate the law? Training that doesn't change behaviour is a tick-box exercise, and fee earners can tell the difference.

Cog 4

Commitment

Distributing a policy and securing agreement to it are different things. Lawyers keep an explicit promise far more reliably than a general instruction. Asking someone to confirm they understand what's expected costs nothing and does most of the work.

Cog 5

Consistency

Most firms run file reviews. Fewer investigate why the same issue keeps recurring. Fewer still have the capacity set aside to fix what the review finds. Spotting the problem and fixing it are two different jobs.

Cog 6

Culture

The biggest gear, and the one most often left out. Culture is what leadership tolerates, rewards, and ignores, not a values statement. If the firm's biggest biller gets waved past the same disciplinary conversation everyone else has, no amount of policy repairs that.

Invest in five of the six and skip culture, and the programme still fails.


What comes next

This isn't an argument against having policies. It's a case for treating the programme as a system, not a document.

The next two posts cover how to fix it: rebuilding the programme properly (audit, redesign, delivery), then proving its holding (monitoring, technology, and the culture conversation most firms avoid).


About First AML

First AML comes from the perspective of both a technology provider, but also as compliance professionals. Prior to releasing First AML’s all-in-one AML workflow platform, we processed over 2,000,000 AML cases ourselves. Understanding the acute problem that faces firms these days as they try to scale their own AML, is in our DNA.

That's why First AML now powers thousands of compliance experts around the globe to reduce the time and cost burden of complex and international entity KYC. Source stands out as a leading solution for organisations with complex or international onboarding needs. It provides streamlined collaboration and ensures uniformity in all AML practices.

Keen to find out more? Book a demo today!

Related