By Legal Futures Associate InfoTrack
Client matter risk assessments (CMRAs) have moved from back‑office paperwork to the frontline of regulatory scrutiny for conveyancers. Recent SRA reviews show that, alongside firm‑wide risk assessments and AML policies, regulators now examine CMRAs in detail – not just whether they exist, but how they’re used and what they record.
In our recent Digital Conveyancing Masterclass, Law Society‑accredited risk and compliance specialist Tracey Thompson described the CMRA as “the most important compliance document on the file.” Done properly, it’s your permanent record of what you were thinking, why you judged risk as you did, and how that shaped due diligence.
Why CMRAs really matter
From Tracey’s work with around 100 firms a year, a clear pattern emerges: weaknesses in CMRAs are a common feature of SRA findings and “suggestions for improvement” after AML inspections. Problems range from superficial completion and missing documents to mismatched risk ratings. If risk isn’t documented, regulators assume it didn’t happen – and memory won’t stand up three years later. A defensible file shows that reasoning clearly in the CMRA.
Start early and treat it as a working document
A CMRA shouldn’t be a one‑off exercise completed at exchange or completion. It must be opened as soon as the client is onboarded and revisited as information emerges. Early assessments may be provisional, but as source‑of‑funds or overseas details come in, risk ratings and due diligence should be updated with clear version history and who made each change. Regulators expect to see that journey.
Common pitfalls the SRA is finding
Tracey highlighted recurring issues:
- CMRAs missing entirely, particularly on “low‑risk” matters.
- Boxes ticked before checks are completed.
- High‑risk indicators but overall “low‑risk” ratings with no explanation.
- Over‑reliance on personal knowledge instead of evidence.
- Identical narratives across files suggesting pre‑populated text.
All these signal a tick‑box mindset rather than genuine analysis.
Using the SRA template as a benchmark
The SRA’s 2023 CMRA template and warning notice provide a clear benchmark. Its structure – targeted questions, narrative boxes and defined risk rating sections – promotes consistent, evidenced reasoning. What matters is the quality of thought recorded. Narrative sections should explain why a certain risk rating and due diligence level were chosen, directly linked to identified factors.
Technology should support, not replace, judgment
Digital tools for ID verification, screening and workflow automation increase efficiency but can’t replace human judgment. Regulators assess your firm’s decisions, not the system used. Pre‑populated answers and cloned narratives undermine evidence of real assessment. That’s why we built our CMRA tool within eCOS: to surface key questions, capture narrative explanations and keep a clear audit trail of every change, while leaving fee earners firmly in control of the risk call.
Align risk factors and due diligence
Each CMRA must link to your firm‑wide risk assessment. Factors such as cash purchases, complex ownership, overseas funding, and PEP or sanction exposure should affect both risk rating and due diligence level. Each file should clearly state:
- Client and matter risk ratings, with reasons.
- Due diligence level (simplified, standard, or enhanced) and rationale.
- Any escalation or second opinions.
Short, specific narratives suffice – for example, noting a remote client with standard checks versus an overseas‑funded transaction requiring enhanced due diligence and MLRO approval.
Turning the CMRA into a genuine risk tool
Ultimately, the message is “think first, tick second”. When treated as a living document revisited throughout the file, the CMRA becomes a powerful tool for risk management, protection and regulatory defence. With tools like eCOS supporting structured completion, firms can embed that mindset into daytoday workflows, not just policies on paper. To explore Tracey Thompson’s realworld examples and see the CMRA tool in action, you can watch the full webinar on demand here.
See how eCOS can strengthen your CMRA process – book a demo today.
