BestAI — AI Workflow & Security
All Case StudiesProfessional Services

The AML Risk Assessment You've Been Putting Off

How AI helps lawyers and accountants draft AML/CFT risk assessments and compliance narratives — turning a dreaded compliance task into a structured, defensible document.

4 min readUpdated 2026-03-15Based on Claude Sonnet 4 / GPT-4o

The Real Problem

You're a property lawyer in Tauranga. A new client wants to purchase a residential property through a family trust. The settlor is a New Zealand citizen, but two of the beneficiaries live in Singapore. The funds for the purchase are coming from an Australian bank account held by one of the offshore beneficiaries.

Under the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (AML/CFT Act), this transaction triggers enhanced Customer Due Diligence (CDD). You need to verify the identities of the settlor, trustees, and beneficial owners. You need to understand the source of funds. And you need to document your risk assessment — not just tick the boxes, but write a coherent narrative explaining why you've assessed the risk level the way you have.

This is where most small firm lawyers get stuck. The verification part is manageable — you know how to check passports and run searches. But the narrative risk assessment — the written document that explains your reasoning, documents the risk factors, and justifies your approach — is genuinely difficult to write well.

The AML/CFT regime has a 22.9% cost impact on small law firms, and much of that cost is time spent on compliance documentation rather than client work. Biennial audits are required, and auditors specifically look at the quality of your risk assessments. A superficial risk assessment that reads like a form with fields filled in doesn't demonstrate the "risk-based approach" the legislation requires.

Lawyers describe the regime as "tick box" and form-driven, which creates a dangerous paradox: the compliance feels mechanical, but the auditors expect thoughtful analysis. Many practitioners know they're not doing it well enough, but they don't have the time or expertise to write better risk narratives.

Why Existing Tools Don't Solve This

AMLHUB is the market-leading AML compliance platform for New Zealand lawyers and accountants. It handles electronic identity verification, PEP and sanctions screening, and CDD workflow management. First AML (now Vigilance) offers similar verification services with a focus on corporate structures.

These tools are genuinely good at what they do. They streamline the verification process and create audit trails. If you're not using one of them, you should be.

But here's the gap: none of them write the risk assessment narrative for you. They verify identities and flag risk factors. They don't synthesise those risk factors into a coherent written assessment that explains your professional reasoning. They give you the data — you still have to write the analysis.

The DIA's AML/CFT guidance specifically requires reporting entities to document "the reasons for the risk rating" and demonstrate that their assessment is "proportionate to the level of risk." That requires written reasoning, not just a completed form.

How AI Solves This

After you've completed your CDD checks (using AMLHUB, Vigilance, or your own processes), you provide the key details to your AI assistant via WhatsApp or your workspace:

"New matter: Trust purchase, 42 Oceanview Drive, Tauranga. Settlor: NZ citizen, resident, verified via RealMe. Two beneficiaries based in Singapore — NZ citizens living abroad. Source of funds: Australian bank account held by beneficiary #2, employment income, verified via bank statements and employment contract. Purchase price $985,000. No PEPs, no adverse media."

The AI drafts a structured risk assessment narrative:

Risk Assessment — [Trust Name] — Property Purchase

Matter Summary: Purchase of residential property at 42 Oceanview Drive, Tauranga ($985,000) by [Trust Name]. Settlor: [Name], NZ citizen and resident. Trustees: [Names]. Beneficial owners include two individuals resident in Singapore.

Risk Factors Identified:

  • Offshore beneficiaries (Singapore — medium risk jurisdiction per DIA country guidance)
  • Cross-border fund transfer from Australian financial institution
  • Trust structure (inherent complexity in identifying beneficial ownership)

Mitigating Factors:

  • All beneficial owners are NZ citizens with verifiable identity documents
  • Singapore is a FATF member jurisdiction with a robust AML framework
  • Source of funds clearly traced to employment income with supporting documentation
  • Australian source bank is a regulated ADI subject to AUSTRAC oversight
  • Purchase price is consistent with the Tauranga residential market and the purchaser's documented income

Overall Risk Rating: Medium

Rationale: While the cross-border elements and trust structure elevate the inherent risk above standard residential conveyancing, the clearly documented source of funds, the jurisdictional profiles (Singapore and Australia are both FATF-compliant), and the verified identities of all beneficial owners reduce the residual risk. Enhanced CDD has been completed. Ongoing monitoring will include [specific measures].

You review the draft, adjust the language to match your professional voice, add any firm-specific details, and save it to the matter file. What would have taken you 45 minutes of staring at a blank screen takes 10 minutes of review and editing.

The Result

  • Risk assessments are actually written — instead of being perpetually "on the to-do list"
  • Consistent quality — every narrative follows a structured format that auditors recognise
  • Time savings of 30-40 minutes per complex matter — on risk assessment drafting alone
  • Audit-ready documentation — narratives that demonstrate genuine risk-based reasoning, not just form-filling
  • Your professional judgement is preserved — the AI drafts, you review and approve

What AI Can't Do Here

  • AI does not perform CDD checks — identity verification, PEP screening, and sanctions checks must be done through proper channels (AMLHUB, Vigilance, or manual processes)
  • AI does not determine risk ratings — it proposes a rating based on the factors you provide, but the professional judgement is yours
  • AI-generated narratives must be reviewed by a qualified professional — you are the reporting entity, not the AI
  • AI cannot access DIA's classified risk guidance or restricted databases
  • This does not replace your AML compliance programme — it assists with one specific documentation task within that programme

Who This Is For

  • Small law firms (1-5 partners) handling conveyancing, trust, and commercial transactions with AML obligations
  • Accounting practices that are reporting entities under the AML/CFT Act
  • Practitioners who pass their biennial audits but know their risk assessment documentation could be stronger
  • Any professional who has ever spent an hour staring at a blank risk assessment template wondering what to write

Want This for Your Business?

Book a 45-minute workflow review and we'll show you exactly how this applies to your specific situation — no obligation, no fluff.

Book Your AI Workflow Review

More Professional Services Case Studies

The Client Who Needed a Lawyer at 7:30pm

How AI handles after-hours enquiries for small law firms — qualifying potential clients, answering initial questions, and booking consultations while you're at home.

Read case study

The Same 12 Questions, 300 Times a Year

How AI handles repetitive client questions during tax season — freeing accountants from the email treadmill so they can focus on actual advisory work.

Read case study

3 Billable Hours Out of 8

How AI triages email, drafts responses, and summarises threads — helping lawyers and accountants reclaim the 62% of their day lost to admin.

Read case study

When Your Senior Partner Retires, What Leaves With Them?

How AI captures institutional knowledge in small accounting and law firms — so client relationships, pricing logic, and practice know-how survive staff transitions.

Read case study