Understanding Client AML Risk Assessments — What You Really Need to Know

From conversations with clients, one area which is frequently a source of confusion is the client risk assessment – what it actually is, what it should include, and why it matters.

To help demystify this area and support businesses who may be struggling with how to approach an AML risk assessment, we wanted to share a quick and practical guide to ensure you can handle this process with confidence in your day-to-day work.

What Is a Client Risk Assessment?

In short, this is your opportunity — and legal obligation — to ask the question, does this client or transaction pose a risk of money laundering or terrorist financing?

This isn’t just about overseas buyers or luxury properties.  It applies to every client and should be done before beginning a business relationship or progressing a transaction.

A client risk assessment is not a tick-box form — it’s your judgment, backed by reasoning and evidence.

Why is an AML risk assessment so important

It is important for many reasons including:

  • It’s a legal requirement under Regulation 18 of the Money Laundering Regulations 2017.
  • It guides whether you carry out standard, simplified, or enhanced due diligence.
  • It shows HMRC that your approach is risk-based, which is what they’re looking for.
  • And — maybe most importantly — it protects you.  If something suspicious comes to light later, a well-documented AML risk assessment shows you acted reasonably and professionally at the time.

What to Think About When Assessing AML Risk

Here’s what you need to be thinking about:

Who is the client?

  • Are they an individual or acting on behalf of someone else?
  • Are they a company, trust, or overseas entity?
  • Are they a politically exposed person or PEP or connected to one?
  • Are they reluctant to provide information or rushing the deal?

What is the nature of the transaction?

  • Is it unusually high or low value for the market?
  • Are there any unusual features of the deal — for example is it a cash purchase, a fast completion, is there third-party involvement?

Where are they or the funds coming from?

  • Is the client or applicant based in a high-risk country, or is the money coming from one?
  • Is the structure of the transaction making it hard to follow the money?

How is it being funded?

  • Can the client provide clear evidence of their source of funds?
  • Is there a loan, gift, or third-party contribution that needs checking?

What to Record

You don’t need pages of detail — but what you do record should be clear, consistent, and justifiable. We recommend including the following: 

  • Date of assessment
  • Client name and basic transaction information
  • Risk rating (is it low/medium/high)
  • Why you awarded that rating
  • What level of due diligence you applied
  • Any additional checks or actions taken

Once you have this information, it should be stored securely in your CDD file and made available to HMRC if they ask during an inspection.

Key Takeaway

Don’t overcomplicate it — be honest in your reasoning, document it well, and be prepared to update your aml risk assessment if anything changes mid-transaction.                      

Getting this step right not only helps you meet your legal obligations — it also helps you spot red flags early and protect your business.

If you’d like more guidance on this topic, how to mitigate an aml risk or any other AML compliance matter, FCS Compliance offers a range of services tailored to the property sector.  Feel free to get in touch if you’d like to explore how we can support your business.