top of page

Making Ongoing Monitoring Work in Legal Practice

If there’s one part of client due diligence (CDD) that I’ve found law firms in the UK consistently struggle with, it’s ongoing monitoring. Unlike the more straightforward steps of identification and verification, ongoing monitoring is harder to define, harder to automate, and (most importantly) harder to prove you've done.


AML Sorted advice for Australian Lawyers on CDD and ongoing monitoring to align with Tranche 2 Reforms for AML and CTF

But if you’re in legal practice, and especially if you’re preparing for Tranche 2 in Australia, it’s time to bring this often-forgotten part of the AML regime into the spotlight.



What Is Ongoing Monitoring, Really?


Ongoing monitoring is the third step in the CDD process (after ID&V and understanding nature and purpose). It means keeping your eyes open throughout the matter for anything that changes (or doesn’t make sense) and being prepared to act if something does.


In banking, this is fairly simple. You open a bank account, monitor transactions electronically, and trigger alerts if something odd happens. But in law, our relationships with clients are different. They’re not arms-length. We speak to them directly. We’re actively involved in the deal or transaction.


So, it’s not about passively watching data. It’s about being professionally curious and noticing when something doesn’t fit the pattern.


Why It Matters


One of the most common defences when AML compliance fails is “It all looked normal at the start”.


But the reality is, criminal typologies often involve changes mid-way through a transaction, such as:

  • A new party is introduced

  • A different funder steps in at the last minute

  • A payment is suddenly redirected

  • Ownership or structure is tweaked just before completion


The first two steps of CDD help you establish a baseline. Ongoing monitoring is about spotting when things no longer match that baseline.


The Real Challenge: Evidence


Let’s say you’re keeping your radar on. You're thinking about AML throughout the matter.

Great. But here’s the tricky part: how do you prove it?


AML Sorted helps lawyers with evidencing for their ongoing monitoring

This is where many firms fall down, and where regulators can be unforgiving. If it’s not written down, it didn’t happen.


So the challenge is, how can you build ongoing monitoring into your day-to-day workflows, without creating unnecessary admin?


Practical Tip: Embed It in Transaction Milestones


One effective method is to align ongoing monitoring checks with key points in the transaction, such as:

  • When funds are received into trust

  • When funds are paid out

  • When completion statements are approved

  • When new documents or instructions arrive


Add a simple step to pause and reflect and ask yourselves:

Has anything changed since we last reviewed the AML position? 


Are we still comfortable to proceed?


You can even build this into your instructions to cashiers or finance teams e,g.,:

Tick to confirm you’ve reviewed AML considerations and nothing material has changed.


Not only does this act as a helpful nudge, it creates a record that ongoing monitoring took place.


Building Controls That Work


In practice, ongoing monitoring is less about creating new forms and more about creating friction in the right places, natural pause points where lawyers can stop and check:


Is everything still what we expected?


Some firms add a compliance checklist to their file closing process. Others build short prompts into their matter management software or payment instruction templates. Some use periodic file reviews to spot anomalies.


There’s no one right way, but doing nothing isn’t an option.


AML Sorted explains what Australian lawyers need to do to comply with AUSTRAC AML / CTF Reforms

What If Nothing Changes?


Of course, not all matters change. In many cases, things run exactly as planned. But even then, your file should show you checked. That moment of review (even a short note like “Reviewed AML position – no changes”) can make all the difference during an audit.


Remember: criminals often wait until the last minute to change the plan. If you’ve built a moment to reflect before that point, you’re far more likely to catch it.


Don’t Rely on the Banks


A common misconception is that if the money has come through a reputable bank, the due diligence must be done. 


Under AML law, your firm still has its own obligations. Just because the bank allowed a transfer doesn’t mean the funds are clean, plus the bank won’t tell you if they’ve filed an SMR.


So don’t assume someone else has done the checking. 


If it’s your transaction, it’s your risk.


Final Thoughts


Ongoing monitoring might feel like a grey area, but it doesn’t need to be. With a few small process changes, you can turn it into a visible, auditable part of your CDD program.


I’d start with your trigger points. Build in questions that prompt a moment of pause. Train your teams to recognise red flags mid-matter, not just at the start. And above all, record it.

Because in AML, being able to show your thinking is just as important as doing the thinking.






We are literally here to support, guide and implement you and your firm with the processes and back up so please get in touch. 







Amy Bell is a solicitor and CEO of AML Sorted

bottom of page