New AML Certificate Employee Screening Questions: Are you ready?

The Law Society of Scotland’s Anti Money Laundering (AML) certificate portal opens on 18 May 2026 and closes on 26 June 2026. Every Scottish firm in scope of the Money Laundering Regulations has to submit one, and the Money Laundering Reporting Officer (MLRO) is the only person who can press the button.

This year, the certificate has been simplified and centres around the Legal Sector Affinity Group (LSAG) Key Compliance Principles. Most of the structure will feel familiar, but two questions are worth pausing on. A confident Yes depends on what your firm has been doing in practice – not only on what the policy document sets out.

Question one: are your partners and senior managers properly registered, with a criminal record check behind each one?

This is one of the early questions on the certificate (KCP1 in the Key Compliance Principles). It asks whether the firm has registered and kept up-to-date its current Beneficial Owners, Officers and Managers, often shortened to BOOMs, with the Society, and whether each of those registrations is supported by a Disclosure Scotland check or equivalent. 

BOOMs covers partners, directors, members, the MLRO, the Money Laundering Compliance Officer (MLCO) where you have one, and anyone with significant beneficial ownership. The Regulations don’t allow anyone with certain convictions to hold one of these roles, which is why a criminal record check has to sit behind every registration. Acting as a BOOM without the required approval is a criminal offence under the Regulations.

A quick exercise worth doing before submission: pull the list of everyone in a BOOM role today, and for each name, ensure you have submitted an up-to-date Disclosure Scotland check or equivalent. Anyone who can’t be matched to a check is a gap to note in the comment box, with a plan to close it.

Worth knowing: Disclosure Scotland (Scotland) and DBS (England and Wales) can both be run digitally through Amiqus rather than separately with each agency, which removes the manual step of running the check and uploading the result back in.

Question two: are you screening relevant staff before they join, and continuing to screen them at regular intervals during employment?

This is the one some firms may find harder to answer. Key Compliance Principle 35 asks a single Yes or No: has the practice screened relevant employees both at the pre-employment stage and on an ongoing basis?

Many firms run an identity check when someone joins, take up references, and for some roles add a criminal record check. The second half is where things tend to fall away. A solicitor who joined the firm years ago may not have been rechecked since. They’ve been promoted, they may now be directly responsible for client onboarding, and, given the regulatory position, they should have been rechecked at regular intervals. This may include criminal convictions, but also financial standing, regulatory findings, sanctions exposure, or anything else that bears on fitness and propriety, as per LSAG Section 9.4. The same logic the Regulations apply to clients applies to the people inside the firm with access to client money, client data, and onboarding systems.

LSAG guidance is clear that the depth of screening should be proportionate to the role. A partner who signs off CDD may need a different level of check from a paralegal who handles onboarding, who needs a different check from a marketing assistant. The point isn’t to screen everyone the same way. The point is to have decided who counts as a relevant employee for AML purposes, and to have a defensible process for each group.

For a confident Yes, an MLRO or HR lead needs to be able to demonstrate:

  •  A written process for screening new joiners, covering identity, criminal record checks where the role calls for it, references, and where relevant credit, sanctions, adverse media and other checks
  • Re-screening at regular intervals and when someone’s role changes – for example a paralegal moving into client onboarding, or a solicitor promoted to partner who is now a BOOM or responsible for further AML checks, both need a fresh check at the new level

Clear, concise records must be kept that show the screening has actually happened, not just been written into policy.

Staff screening sits where different responsibilities meet

How this plays out depends on the size and shape of the firm.

  • For partners/solicitors, this is regulatory exposure that lands on you personally. Under Law Society of Scotland rules, solicitors carry the obligations of the Regulations directly. 
  • For the MLRO, this is your signature on the certificate. The staff screening question is yours to answer and the evidence behind a Yes must  be something you can show if challenged. In smaller firms the MLRO is often also a partner, which means both perspectives sit with the same person.
  • For HR, or whoever handles it, this is the operational reality. In some firms that’s a dedicated HR team. In others it’s a practice manager, an office manager, or the partner who picked up onboarding because someone had to. Either way, this is where screening actually gets done day to day, where joiners come through the door, and where the records the MLRO will need at the next certificate are kept.

Getting clarity on what’s being checked, when, and by whom is critical.

How Amiqus fits

One platform for the full lifecycle

Amiqus handles staff screening from day one through to ongoing monitoring in one place. That includes photo ID verification with liveness checks – the kind that confirm a real person is presenting a document, not a photo of one – digital criminal record checks through Disclosure Scotland for Scotland-based candidates and DBS for those in England and Wales, automated reference gathering, credit reports, and continuous monitoring against sanctions, politically exposed persons lists, and adverse media.

The evidence sits in one place and can be exported. So when next year’s certificate comes round, the answer is already documented.

Government-certified for Right to Work and identity

Amiqus is a UK government-certified Identity Service Provider, accredited under the Digital Identity and Attributes Trust Framework and listed on the Digital Verification Services register. Our digital Right to Work and identity checks meet the standards Home Office, HMRC and the Disclosure and Barring Service rely on. For firms hiring anywhere in the UK, the same platform handles staff screening, criminal record checks and Right to Work in one workflow.

Bulk upload and send

Bulk upload and send lets you launch checks across a whole list of names in one action rather than working through them individually. Useful when running a Disclosure check on every existing BOOM, bringing on a new cohort of joiners, or running an annual refresh across the firm.

The Amiqus wallet

Amiqus wallet lets each candidate or employee reuse their verified details across checks rather than re-entering them every time. For the person, that means a faster, less repetitive experience the second and third time they’re asked for something. For the firm, it makes annual re-verification genuinely lightweight rather than a fresh round of admin.

Separate environments for staff and client data

Firms are often cautious about running staff checks and client checks through the same system, for good data protection reasons. We can set up a separate Amiqus environment for staff screening alongside your existing client onboarding account, at no extra cost, with its own user access for the HR team. Staff records stay separate from client records, and the people who need access to one don’t get sight of the other.

Before 26 June

If you hit either of these questions and pause, that pause is worth taking seriously. A No with a clear explanation and a plan to fix it is a stronger position than a Yes you can’t fully evidence.

If you’d like to talk through what a proportionate staff screening process looks like for your firm, or how to get from where you are now to a confident Yes on next year’s certificate, get in touch. We work with partners and MLROs  across the Scottish profession and are happy to share what’s working in firms of comparable size and risk profile.

Already an Amiqus client?

Speak to your relationship manager or contact [email protected] 

New to Amiqus?

Talk to us

See the latest blogs & articles from our team

2026-05_uk-sanctions-lettings
AML
15 May, 2026

The sanctions rules changed. Here’s what your letting agency needs to do now.

sof-pendo
AML
30 April, 2026

Moving beyond the document request: A new approach to Source of Funds

Illustration women shaking hands in front of laptop screen showing candidate profiles.
Amiqus
21 April, 2026

Candidate vetting process: how to screen new hires effectively

Get in touch

Book a call for more information about our solutions, custom pricing, implementation or integration and answer detailed technical or compliance questions

Talk to us