Are US law firms required to have AML programs?

Most law firms are not yet subject to full BSA AML program rules, but FinCEN has pursued expanded coverage and criminal laws prohibit knowingly facilitating laundering.

Do accountants have AML obligations?

CPAs must avoid assisting fraud and should apply client acceptance standards; some firm activities may trigger MSB or other registrations.

What is the Corporate Transparency Act?

It requires many US entities to report beneficial ownership information to FinCEN, reducing anonymous shell companies used for illicit finance.

Should professionals screen clients against OFAC?

Risk-based sanctions screening is prudent, especially for international clients and high-risk engagements.

Can professionals file FinCEN SARs?

Most do not today, but banks may file SARs involving professional facilitators; professionals should understand tipping-off rules when working with financial institutions.

How can professionals prepare for expanded AML rules?

Adopt written client acceptance policies, red flag training, documentation standards, and escalation committees before mandates arrive.

AML Compliance for Lawyers, Accountants, and Other Professionals

Lawyers, accountants, trust and company service providers, and other professionals have long been described as gatekeepers in the global AML system. In the United States, statutory AML program requirements for many professions remain narrower than for banks—but the direction of travel is clear, and several rules already bite today.

This guide explains current US expectations, emerging FinCEN rulemaking, and practical steps professionals should take to avoid facilitating illicit finance—whether or not you are yet a full BSA “financial institution.”

Gatekeepers in the US AML story

The BSA historically imposed AML programs primarily on financial institutions. However, Title III of the USA PATRIOT Act authorized Treasury to require AML programs for persons involved in real estate closings, formation of legal entities, and managing client funds—among others.

FinCEN has pursued sector-specific rules (for example, residential real estate reporting, investment adviser proposals) and emphasizes that professionals must not knowingly assist laundering.

Even without a formal program requirement, professionals face criminal exposure under money laundering statutes for willful blindness.

Lawyers: where AML touches legal practice

Most US law firms are not yet subject to the same AML program rules as banks, but risk areas include:

Client trust accounts (IOLTA) holding client funds
Real estate transactions involving shell entities
Formation of entities in high-risk jurisdictions
Representing clients despite obvious red flags of criminal proceeds

State bar ethics rules require competence and honesty; facilitating transactions known to be illicit violates criminal law independent of AML regulations.

Monitor FinCEN anti-money laundering regulations for investment advisers and historical proposed rules for lawyers as the regulatory perimeter expands.

Accountants and CPAs

Accounting firms face scrutiny when they:

Prepare financial statements obscuring illicit sources
Set up structures without knowing customer due diligence
Facilitate tax strategies inconsistent with legitimate business activity

The AICPA and state boards emphasize fraud detection standards; PCAOB inspections for audit firms highlight AML-adjacent risks in client acceptance.

CPAs serving MSBs or fintechs should ensure those clients have credible BSA programs—see What Is AML Compliance?.

Trust and company service providers

Formation agents, registered agents, and corporate service providers are priority FATF categories. The Corporate Transparency Act (CTA) and FinCEN’s beneficial ownership reporting rule increase transparency of US entities, reducing—but not eliminating—shell company abuse.

Professionals who form entities should verify client identity, understand business purpose, and escalate suspicious requests (nominee directors, no economic substance).

Entity customers your firm serves trigger CDD beneficial ownership obligations at financial institutions—Customer Due Diligence (CDD).

Real estate professionals

FinCEN has issued rules requiring reporting of certain residential real estate transfers involving legal entities and trusts, shifting some diligence burden to settlement agents and advisors.

Cash purchases, complex LLC chains, and rapid flips remain classic SAR typologies in bank monitoring—professionals should not structure deals to evade reporting.

When professionals interact with MSBs

If you operate a law or accounting practice that transmits client funds (escrow-like arrangements), evaluate MSB / money transmitter status and FinCEN registration. Read Who Must Comply with BSA/AML?.

PEPs and high-net-worth clients

Professionals serving politicians, government officials, or wealthy foreign clients should apply risk-based checks aligned with PEP concepts—even if not legally mandated, reputational and criminal risks are real.

See Politically Exposed Persons (PEPs) and Am I a PEP?.

Adverse media and client intake

Screening prospective clients against sanctions lists and negative news is increasingly standard at large firms. Smaller practices can use commercial tools for high-risk matters.

Adverse Media Screening outlines AML-grade approaches.

Suspicious activity reporting angles

While many professionals do not file FinCEN SARs today, banks file SARs naming professionals who appear to facilitate laundering. FinCEN SAR narratives sometimes trigger follow-on investigations.

Understand SAR confidentiality and tipping-off if you work alongside financial institutions—FinCEN SAR Filing.

Document retention and engagement letters

Maintain engagement files documenting identity verification, scope limitations, and reasons for declination. Align retention with professional standards and litigation holds—see AML Record Retention for BSA parallels.

Building a proportionate compliance program

Even before formal rules apply:

Publish a risk-based client acceptance policy
Train partners on red flags (cash-intensive businesses, secrecy requests)
Document escalation to compliance committees
Screen against OFAC for relevant engagements
Refuse or exit relationships with inexplicable fund flows

Payment processors and fintech clients will ask about your gatekeeper controls during vendor diligence—Payment Processor Compliance reflects similar KYB expectations.

Looking ahead

Congress and FinCEN continue expanding AML coverage to close real estate, legal, and accounting gaps identified in FATF mutual evaluations. Early adoption beats rushed retrofitting after enforcement.

Engagement letters and scope limitations

Define AML-relevant scope boundaries in writing when clients refuse beneficial ownership transparency. Declination protects the firm better than silent continuation.

Client trust accounts and IOLTA vigilance

Attorneys holding client funds must reconcile trust accounts meticulously. Unexplained balances resembling pooling or rapid pass-through mirror MSB typologies even when no transmission license is intended.

Accounting firms preparing valuations for shell acquisitions should question lack of operating substance and walk away when answers are implausible.

Professional liability insurers now ask AML-adjacent questions on renewal applications—weak client acceptance policies may affect coverage.

Continuing education credits for AML red flags help partners recognize trade-based laundering indicators in consulting engagements.

Collaborate with financial institutions when serving as escrow agents; banks may request your client identification standards during diligence.

Building a proportionate compliance committee

Mid-size firms benefit from quarterly compliance committees documenting high-risk client acceptances, declinations, and remediation of red flag training gaps. Minutes become evidence of tone at the top when regulators evaluate willfulness.

Real estate closings and beneficial ownership transparency

Residential real estate reporting rules increase data available to FinCEN, but professionals still must avoid structuring transactions to evade reporting. Attorneys and accountants should train closers on red flags involving all-cash LLC purchases and nominee owners. Firms should maintain declination logs demonstrating consistent client acceptance decisions under pressure from lucrative engagements.

Insurance and indemnity requests

Clients may offer indemnities for AML risk—risk committees should evaluate whether indemnities excuse inadequate CDD or merely allocate civil liability after the fact. National firms should align PEP and sanctions policies across state offices to avoid inconsistent acceptance. Boutique practices should still document risk assessments even when client counts are small—examiners evaluate program quality, not headcount. Referral networks among professionals can spread high-risk clients—screen introducers, not only end clients. Update client acceptance training when FinCEN publishes new profession-specific advisories.

Get started with Legaltalent

Building a defensible AML program takes the right policies, evidence, and tooling—not spreadsheets held together with hope. Legaltalent helps US fintechs and financial services firms automate KYC, sanctions screening, PEP checks, adverse media, and audit-ready recordkeeping in one platform.

Start your free trial and see how compliant onboarding and monitoring can scale with your business.

Practical next steps for your compliance program

Regulators expect documented policies, trained staff, and evidence that controls run in production—not slide decks. Map each obligation to an owner, a control, and a record type. Run tabletop exercises for SAR decisions, sanctions hits, and EDD escalations. When examiners or auditors arrive, they will ask for samples: show that your process is consistent, risk-based, and improving over time.

Technology should reduce manual error, not replace accountability. Automate identity verification, list screening, and case management, but keep human review for edge cases. Periodically validate vendor match quality and tune thresholds so you neither flood analysts with false positives nor miss material risk.