Client/Matter risk assessment

The CDD process is risk-based. This means we adjust the level of due diligence to match the risks presented by the client and the matter:

1. Lower-risk matters may be subject to standard CDD only.
2. Higher-risk matters require enhanced CDD.

Our PWRA concludes that Keystone is generally low risk because we know our clients well, act for them on a repeat basis, and typically advise on mid-market matters. However, this overall profile does not remove your duty to identify and address higher-risk circumstances. Even in a low-risk firm, individual clients or matters may present material risks that require escalation.

Every matter requires a Client/Matter Risk Assessment, which has two components:

1. Risk Questionnaire - completed by the Acting Lawyer when setting up the matter. This captures objective information and generates an initial risk rating.
2. Narrative Risk Assessment - a free-form note prepared and maintained by the Acting Lawyer. This records your professional judgment, the rationale for your decisions, and any updates as the matter progresses.

Both must be completed and saved to the matter file. Training on how to complete these assessments is provided in your compliance induction, and full instructions are set out in the Compliance Induction Guide.

If the Risk Questionnaire generates a Higher Risk rating, or if you have concerns about the client or the matter, you must escalate this to the MLRO. They will review the risk rating, confirm whether enhanced measures are required, and provide guidance to ensure regulatory obligations are observed.

In addition to answering the questionnaire, you must always consider the following categories of risk:

1. Identity Risk - Could the client be misrepresenting who they are?

• This is a particular concern in property fraud cases. If the client has not been met in person, we are highly likely to require a face-to-face meeting (which may be via secure video call for overseas clients). You may also be required to review original identity documents (passport, proof of address, etc.), in line with the Passport Checking Guide. For corporate clients, you must also be satisfied that the instructing individual has the authority to act, being a director or senor manager acting on due authority of a director.

Control Risk - Do you understand the ownership and control structures?

• This includes identifying beneficial owners, persons of significant control, and any third parties who may exert influence. Complex or opaque structures should be treated as a red flag.

Matter Risk - Does the transaction or instruction make commercial sense?

• Consider whether the client's rationale is credible. Property and corporate lawyers must understand the true motivation behind sales, purchases, or reorganisations. They should have a full understanding as to the source of Client Funds. Litigators must be alert to sham disputes used to transfer funds under the guise of settlement.

General Risk - Are there broader risk indicators that require closer supervision?

• You must continually apply the firm's red flag guidance (covered in induction and set out in the Compliance Induction materials). These are typically linked to geography (high-risk jurisdictions), sectors (e.g. gambling, crypto, extractives), or behaviour (reluctance to provide information, evasive explanations). If you identify any red flags, you must record them in your narrative risk assessment and escalate appropriately to the MLRO for additional guidance if required.