Understanding Compliance & Regulations

Using AML Complete is part of your broader responsibility to comply with Anti-Money Laundering (AML) regulations. This section explains some key compliance concepts related to the system and your obligations as an IAB supervised member.

Your Firm Risk Assessment (FRA)

A Firm Risk Assessment (FRA) is a crucial document that outlines the Money Laundering and Terrorist Financing (MLTF) risks specific to your practice. AML Complete uses the information you enter about your practice, clients, and services to help generate a summary of these risks.

What is its purpose?

• To help you understand the specific MLTF risks your practice faces.
• To inform the development of your practice's AML policies and procedures.
• To design controls to effectively manage and mitigate identified risks.
• To demonstrate your understanding and management of risks to the IAB.

Your Responsibility

While AML Complete assists in summarising risks based on your input, **maintaining the FRA is your responsibility**. You must:

• Regularly review and update your FRA (at least annually).
• Update the FRA whenever significant changes occur in your business (e.g., taking on new types of clients, offering new services, changes in practice structure).
• Ensure the information within AML Complete accurately reflects your practice to keep the FRA summary relevant.

Data Protection (GDPR)

You will be entering potentially sensitive information about your practice, staff, and clients into AML Complete. Sharing this data with the IAB through the system is permissible under the General Data Protection Regulation (GDPR).

This is because the IAB acts as a Professional Body Supervisor (PBS) under the MLTF Regulations 2017. The data collected via AML Complete is used lawfully by the IAB for its statutory supervision purposes, which includes monitoring compliance and assessing risk across its membership.

You still have a responsibility to handle your client and staff data in compliance with GDPR principles within your own practice.

Integrity Screening (DBS Checks)

As part of AML regulations (specifically Regulation 26) and IAB membership requirements, checks are needed to ensure that individuals acting as Beneficial Owners, Officers, or Managers (BOOMs) of supervised firms have not been convicted of relevant criminal offences.

• The IAB requires evidence of a recent Basic Disclosure and Barring Service (DBS) check (typically within 6 months) for BOOMs as part of the approval process for AML supervision.
• You will need to record details related to BOOMs in the Setting Up Your Practice section of AML Complete.
• Ensure you have the necessary documentation and information regarding DBS checks for all relevant individuals in your practice.

For detailed requirements regarding DBS checks, refer to the IAB Membership FAQs or contact the Membership team.

IAB's Use of AML Complete Data

The IAB uses the data collected through AML Complete for several supervisory purposes:

• To maintain a database of AML risk information for individual practices.
• To gain aggregated insights into risks and trends across the entire membership.
• To identify areas where members may need further guidance, training, or support.
• To facilitate document sharing (e.g., AML policies) for review or sampling.
• To support inspection processes by providing readily accessible practice information.

It is therefore vital that the information you provide is accurate, complete, and kept up-to-date.