Role permissions
There are two permissions that can be applied to user roles in the administration area. These permissions are ‘AML/CFT Compliance Officer’ and ‘AML/CFT Senior Level Approval’, as per figure 1.
Figure 1
The ‘AML/CFT Compliance Officer’ privilege allows the user to delete CDD records (if they were created in error), to mark CDD records as having been reviewed, and to add a review note as per figure 2.
Figure 2
The ‘AML/CFT Senior Level Approval’ privilege allows users with the privilege to be selected as the person who approved the firm to do work for a PEP (politically exposed person) in the ‘Edit Client’ dialogue, as per figure 3.
Figure 3
Practice settings
Administration Tab>Practice Settings
Figure 4
Each firm can set how long CDD records stay valid, in days, weeks, months or years. When a CDD record expires this can be reported on using the CDD Report.
The option to automatically affiliate receipt payers changes the default setting of the tick box on the trust receipt form. It is unlikely that this will be set to ‘on,’ but the option is there should it be required.
If a Disbursement Payment is made from a non-captured matter the system will automatically create a “Red Flag” against that client if this is set to “Yes”.
The CDD warning can be triggered by a client name or address change by setting this to “Yes”
A Risk Rating must be set to complete CDD on a party by setting this to "Yes"
Each firm can set whether a new captured matter activity will automatically trigger CDD on a party where CDD has previously been completed - options are "Always", "Never" or can be set "Only when CDD was completed more than X amount of days, weeks, months or years ago"
EIDV Settings - if integrated with APLYiD or GBG - select identity types to use when creating identity records for electronically verified ID documents.
Various AML Related System Codes
There are several areas containing user definable codes that need to be set up under the Administration tab>Manage Codes, as per figure 5 (below).
- Customer On-boarding Types
- Document Categories
- Due Diligence result codes
- Identity Verification Types
- Red Flag statuses
- Risk Rating Types
These codes will assist with the management of CDD, prescribed transaction and suspicious activity reporting review and reporting.
figure 5.
Customer On-boarding Types
This allows users to state how CDD was completed for the party. This may have been, for example via face-to-face, obtaining certified copies of documents or via an electronic verification programme. This information is displayed under the AMF/CFT CDD tab as per figure 6 at client level.
figure 6.
Document Categories
This allows users to flag each document that is managed (whether that be to a client or a matter) with a category. This allows for easier searching to locate the required document(s) later, for example Proof of Address, Bank Statement, Passport. Several document categories can also be linked into a “Group”. Again, this allows for easier searching.
A group called Compliance could be set up, within this group documents categorised Proof of Address, Bank Statement and Passport type could be found for a party. This filter works to allow the removal of documents that do not meet the search criteria. Also see the Identity and Compliance Documents section further on in this manual for more details.
If a firm is using Electronic IDV and this is linked into OnePractice, then the incoming document can be automatically tagged with an appropriate Document Category.
Due Diligence Result Codes
These have two main uses – firstly, so that users can see what the outcome of CDD was on the party under the AML/CFT CDD tab, as per figure 7.
The other main use of the CDD result code is a filter on the Customer Due Diligence report, as per the report selection in figure 8. The report is located under the Report List on the Home Tab.
figure 7.
figure 8.
Identification Verification Types
This allows for the details of specific types of ID to be loaded against parties. Each field on a form of ID can be set as optional, not applicable or required. If a user loads the details of a passport against a client, a firm can determine which fields must be completed - for example, ‘Expiry Date’ can be set as required.
The fields available per ID type are Reference #, Issued Date, Expiry Date, Place of Birth and Date of Birth. See figure 9 below for an example of how to set up ID Information Types and figure 10 to see how the results are displayed against a party under the Identity tab
figure 9.
figure 10.
Red Flag Statuses
These are used for on-screen viewing under the Red Flags tab against each party, see figure 11 of an item’s status and for report filtering, see figure 12.
figure 11.
figure 12.
Useful Red Flag Status codes to consider:
| Code: | Description: |
| INV | Requires Investigation |
| NOTE | Worth Noting |
| PREP | Prescribed – Reported |
| SUS | Suspicious – to report |
Risk Rating Types
With new legislation effective from 1 June 2025, reporting entities (including law firms) will need to complete a risk rating of their clients and maintain this as per existing ongoing CDD requirements. Set risk rating types that comply with your firm's Risk Assessment and Compliance Programme. For example, use 'Low', 'Medium' and 'High'
Party Types - Set the Due Diligence Requirement
When a party is created (either a client or a non-client) in the database a party type is specified, e.g., Individual, Trust, Company, Family. These party types can be maintained under the Administration Tab by clicking on the ‘Parties’ button, first icon on the left, see figure 13 (below).
figure 13.
Each party type can be set with a default requirement for Customer Due Diligence (CDD), and the CDD level that is required. Depending on a firm’s Risk Assessment and Compliance Programme, the firm may have elected not to complete CDD on certain types of clients until it becomes necessary due to the client undertaking a captured activity.
figure 14.
In figure 15, the only client types that will have CDD performed at the outset are Individual Non-Resident, Company Overseas and Trust (and Offshore Trust) and the required CDD level will be Enhanced. All other types of clients will only require CDD when a matter is created that is a captured activity, and the CDD level will be Standard. Refer to the section “Fee Types” (below) for further detail on this.
figure 15.
This ability may lead a firm to create more client types than previously, as it may be useful for policy variation as to client types, or statistical analysis and reporting necessitated by the AML/CFT legislation. For example, Off-shore Trust, Off-shore Company, and Off-shore Individual could be set up as client types if the Compliance Programme treats international clients differently to national clients.
If work is regularly completed for government departments or other entity types where Simplified CDD is appropriate, then appropriate party types may be set up for these clients.
To set the default CDD handling on a party type just double-click the party type and the dialogue in figure 14 will display.
Fee Types - is it a Captured Activity
Every matter that is created in OnePractice is assigned to a fee type. Each fee type (service offered by a firm) is set by each firm to specify whether it is a ‘Captured Activity’ for the purposes of the AML/CFT Act. Each fee type can also be set so that any matter created under it can have the dollar value of the transaction loaded against it, to assist with Annual Reporting to the DIA. Fee types are set under the Administration Tab>Manage Codes>Fee Types, see figure 16.
figure 16.
Setting the Captured Activity flag on individual matters based on Fee Type will be most useful for firms who decide to only complete CDD when it becomes necessary due to performing a captured activity for the client (with the exception of creating certain entities i.e., creating a company or a trust).
For fee types where “Enable AML/CFT Value” has been set to YES, then an additional field will be displayed when creating or editing matters, see figure 17. This information is used on the AML/CFT Dashboard and may be useful in assisting with the collection of data for the DIA Annual Report. It may be useful to use this field to record the value of a transaction where the total value of that transaction is not passing through the firms trust account.
figure 17.
Affiliated Party Types
The AML/CFT legislation has necessitated the need for a class of relationship for those parties who are either party to the client (e.g. a partner in a partnership, or a member of a family) or are otherwise very closely linked to the client (the settlor, trustee or beneficiary of a trust, a beneficial company owner, someone instructing a firm on a matter, power of attorney and the like) where CDD may need to be performed on the related party in order for the CDD on the client to be complete. OnePractice uses the term ‘Affiliated Party’ to describe these closely related parties.
Affiliate relationship codes can be maintained under the Administration Tab by clicking on the ‘Parties’ button, first icon on the left and scrolling to the bottom, see figure 18.
figure 18.
figure 19.
All existing relationship types display here. A firm can create new relationship codes or change existing ones to be affiliation codes also. Double-clicking a row displays figure 19.
There is a tick box to make the Relationship Code an Affiliated Relationship Type. There is also a tick box to specify whether affiliated parties of this type are to inherit the CDD requirement from the client they are affiliated to. If an existing relationship code is changed to be an affiliated code, then any pre-existing relationships using that code will become affiliated.
The example in figure 19 is the Director of a Company, and this data will want to be seen on the Affiliated Parties tab. CDD on parties of this type must be completed for the CDD on the company client to be complete.